debian-mirror-gitlab/spec/features/file_uploads/multipart_invalid_uploads_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe 'Invalid uploads that must be rejected', :api, :js, feature_category: :package_registry do
  include_context 'file upload requests helpers'

  let_it_be(:project) { create(:project) }
  let_it_be(:user) { project.owner }
  let_it_be(:personal_access_token) { create(:personal_access_token, user: user) }

  context 'invalid upload key', :capybara_ignore_server_errors do
    let(:api_path) { "/projects/#{project.id}/packages/nuget/" }
    let(:url) { capybara_url(api(api_path)) }
    let(:file) { fixture_file_upload('spec/fixtures/dk.png') }

    subject do
      HTTParty.put(
        url,
        basic_auth: { username: user.username, password: personal_access_token.token },
        body: body
      )
    end

    RSpec.shared_examples 'rejecting invalid keys' do |key_name:, message: nil, status: 500|
      context "with invalid key #{key_name}" do
        let(:body) { { key_name => file, 'package[test][name]' => 'test' } }

        it { expect { subject }.not_to change { Packages::Package.nuget.count } }

        it { expect(subject.code).to eq(status) }

        it { expect(subject.body).to include(message.presence || "invalid field: \"#{key_name}\"") }
      end
    end

    RSpec.shared_examples 'by rejecting uploads with an invalid key' do
      it_behaves_like 'rejecting invalid keys', key_name: 'package[test'
      it_behaves_like 'rejecting invalid keys', key_name: '[]'
      it_behaves_like 'rejecting invalid keys', key_name: '[package]test'
      it_behaves_like 'rejecting invalid keys', key_name: 'package][test]]'
      it_behaves_like 'rejecting invalid keys', key_name: 'package[test[nested]]'
    end

    # These keys are rejected directly by rack itself.
    # The request will not be received by multipart.rb (can't use the 'handling file uploads' shared example)
    it_behaves_like 'rejecting invalid keys', key_name: 'x' * 11000, message: 'Puma caught this error: exceeded available parameter key space (Rack::QueryParser::ParamsTooDeepError)'
    it_behaves_like 'rejecting invalid keys', key_name: 'package[]test', status: 400, message: 'Bad Request'

    it_behaves_like 'handling file uploads', 'by rejecting uploads with an invalid key'
  end
end
New upstream version 13.3.9 2020-11-05 12:06:23 +05:30			`# frozen_string_literal: true`

			`require 'spec_helper'`

New upstream version 15.7.8+ds1 2023-03-04 22:38:38 +05:30			`RSpec.describe 'Invalid uploads that must be rejected', :api, :js, feature_category: :package_registry do`
New upstream version 13.3.9 2020-11-05 12:06:23 +05:30			`include_context 'file upload requests helpers'`

			`let_it_be(:project) { create(:project) }`
New upstream version 15.7.8+ds1 2023-03-04 22:38:38 +05:30			`let_it_be(:user) { project.owner }`
New upstream version 13.3.9 2020-11-05 12:06:23 +05:30			`let_it_be(:personal_access_token) { create(:personal_access_token, user: user) }`

			`context 'invalid upload key', :capybara_ignore_server_errors do`
			`let(:api_path) { "/projects/#{project.id}/packages/nuget/" }`
			`let(:url) { capybara_url(api(api_path)) }`
			`let(:file) { fixture_file_upload('spec/fixtures/dk.png') }`

			`subject do`
			`HTTParty.put(`
			`url,`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`basic_auth: { username: user.username, password: personal_access_token.token },`
New upstream version 13.3.9 2020-11-05 12:06:23 +05:30			`body: body`
			`)`
			`end`

New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`RSpec.shared_examples 'rejecting invalid keys' do \|key_name:, message: nil, status: 500\|`
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`context "with invalid key #{key_name}" do`
			`let(:body) { { key_name => file, 'package[test][name]' => 'test' } }`
New upstream version 13.3.9 2020-11-05 12:06:23 +05:30
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`it { expect { subject }.not_to change { Packages::Package.nuget.count } }`
New upstream version 13.3.9 2020-11-05 12:06:23 +05:30
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`it { expect(subject.code).to eq(status) }`
New upstream version 13.3.9 2020-11-05 12:06:23 +05:30
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`it { expect(subject.body).to include(message.presence \|\| "invalid field: \"#{key_name}\"") }`
New upstream version 13.3.9 2020-11-05 12:06:23 +05:30			`end`
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`end`
New upstream version 13.3.9 2020-11-05 12:06:23 +05:30
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`RSpec.shared_examples 'by rejecting uploads with an invalid key' do`
New upstream version 13.3.9 2020-11-05 12:06:23 +05:30			`it_behaves_like 'rejecting invalid keys', key_name: 'package[test'`
			`it_behaves_like 'rejecting invalid keys', key_name: '[]'`
			`it_behaves_like 'rejecting invalid keys', key_name: '[package]test'`
			`it_behaves_like 'rejecting invalid keys', key_name: 'package][test]]'`
			`it_behaves_like 'rejecting invalid keys', key_name: 'package[test[nested]]'`
			`end`

New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`# These keys are rejected directly by rack itself.`
			`# The request will not be received by multipart.rb (can't use the 'handling file uploads' shared example)`
New upstream version 15.2.2+ds1 2022-08-13 15:12:31 +05:30			`it_behaves_like 'rejecting invalid keys', key_name: 'x' * 11000, message: 'Puma caught this error: exceeded available parameter key space (Rack::QueryParser::ParamsTooDeepError)'`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`it_behaves_like 'rejecting invalid keys', key_name: 'package[]test', status: 400, message: 'Bad Request'`
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30
New upstream version 13.3.9 2020-11-05 12:06:23 +05:30			`it_behaves_like 'handling file uploads', 'by rejecting uploads with an invalid key'`
			`end`
			`end`