debian-mirror-gitlab/spec/helpers/routing/pseudonymization_helper_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

289 lines
8.7 KiB
Ruby
Raw Normal View History

2021-11-11 11:23:49 +05:30
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe ::Routing::PseudonymizationHelper do
let_it_be(:group) { create(:group) }
let_it_be(:subgroup) { create(:group, parent: group) }
let_it_be(:project) { create(:project, group: group) }
2021-11-18 22:05:49 +05:30
let_it_be(:subproject) { create(:project, group: subgroup) }
2021-11-11 11:23:49 +05:30
let_it_be(:issue) { create(:issue, project: project) }
2022-07-23 23:45:48 +05:30
let_it_be(:merge_request) { create(:merge_request, source_project: project) }
2021-11-11 11:23:49 +05:30
2022-01-26 12:08:38 +05:30
let(:subject) { helper.masked_page_url(group: group, project: project) }
2021-11-11 11:23:49 +05:30
before do
stub_feature_flags(mask_page_urls: true)
end
shared_examples 'masked url' do
it 'generates masked page url' do
2022-01-26 12:08:38 +05:30
expect(subject).to eq(masked_url)
2021-11-11 11:23:49 +05:30
end
end
describe 'when url has params to mask' do
context 'with controller for MR' do
2021-12-11 22:18:48 +05:30
let(:masked_url) { "http://localhost/namespace#{group.id}/project#{project.id}/-/merge_requests/#{merge_request.id}" }
let(:request) do
double(:Request,
path_parameters: {
controller: "projects/merge_requests",
action: "show",
namespace_id: group.name,
project_id: project.name,
id: merge_request.id.to_s
},
protocol: 'http',
host: 'localhost',
query_string: '')
end
2021-11-11 11:23:49 +05:30
before do
2021-12-11 22:18:48 +05:30
allow(helper).to receive(:request).and_return(request)
2021-11-11 11:23:49 +05:30
end
it_behaves_like 'masked url'
end
context 'with controller for issue' do
2021-12-11 22:18:48 +05:30
let(:masked_url) { "http://localhost/namespace#{group.id}/project#{project.id}/-/issues/#{issue.id}" }
let(:request) do
double(:Request,
path_parameters: {
controller: "projects/issues",
action: "show",
namespace_id: group.name,
project_id: project.name,
id: issue.id.to_s
},
protocol: 'http',
host: 'localhost',
query_string: '')
end
2021-11-11 11:23:49 +05:30
before do
2021-12-11 22:18:48 +05:30
allow(helper).to receive(:request).and_return(request)
2021-11-11 11:23:49 +05:30
end
it_behaves_like 'masked url'
end
context 'with controller for groups with subgroups and project' do
2021-12-11 22:18:48 +05:30
let(:masked_url) { "http://localhost/namespace#{subgroup.id}/project#{subproject.id}"}
2022-01-26 12:08:38 +05:30
let(:group) { subgroup }
let(:project) { subproject }
2021-12-11 22:18:48 +05:30
let(:request) do
double(:Request,
path_parameters: {
controller: 'projects',
action: 'show',
namespace_id: subgroup.name,
id: subproject.name
},
protocol: 'http',
host: 'localhost',
query_string: '')
end
2021-11-11 11:23:49 +05:30
before do
2021-12-11 22:18:48 +05:30
allow(helper).to receive(:request).and_return(request)
2021-11-11 11:23:49 +05:30
end
it_behaves_like 'masked url'
end
context 'with controller for groups and subgroups' do
2021-12-11 22:18:48 +05:30
let(:masked_url) { "http://localhost/groups/namespace#{subgroup.id}/-/shared"}
2022-01-26 12:08:38 +05:30
let(:group) { subgroup }
2021-12-11 22:18:48 +05:30
let(:request) do
double(:Request,
path_parameters: {
controller: 'groups',
action: 'show',
id: subgroup.name
},
protocol: 'http',
host: 'localhost',
query_string: '')
end
2021-11-11 11:23:49 +05:30
before do
2021-12-11 22:18:48 +05:30
allow(helper).to receive(:request).and_return(request)
2021-11-11 11:23:49 +05:30
end
it_behaves_like 'masked url'
end
context 'with controller for blob with file path' do
2021-12-11 22:18:48 +05:30
let(:masked_url) { "http://localhost/namespace#{group.id}/project#{project.id}/-/blob/:repository_path" }
let(:request) do
double(:Request,
path_parameters: {
controller: 'projects/blob',
action: 'show',
namespace_id: group.name,
project_id: project.name,
id: 'master/README.md'
},
protocol: 'http',
host: 'localhost',
query_string: '')
end
before do
allow(helper).to receive(:request).and_return(request)
end
it_behaves_like 'masked url'
end
context 'when assignee_username is present' do
let(:masked_url) { "http://localhost/dashboard/issues?assignee_username=masked_assignee_username" }
let(:request) do
double(:Request,
path_parameters: {
controller: 'dashboard',
action: 'issues'
},
protocol: 'http',
host: 'localhost',
query_string: 'assignee_username=root')
end
2021-11-11 11:23:49 +05:30
before do
2021-12-11 22:18:48 +05:30
allow(helper).to receive(:request).and_return(request)
2021-11-11 11:23:49 +05:30
end
it_behaves_like 'masked url'
end
2021-12-11 22:18:48 +05:30
context 'when author_username is present' do
2022-01-26 12:08:38 +05:30
let(:masked_url) { "http://localhost/dashboard/issues?author_username=masked_author_username&scope=all&state=opened" }
2021-12-11 22:18:48 +05:30
let(:request) do
double(:Request,
path_parameters: {
controller: 'dashboard',
action: 'issues'
},
protocol: 'http',
host: 'localhost',
query_string: 'author_username=root&scope=all&state=opened')
end
2021-11-11 11:23:49 +05:30
before do
2021-12-11 22:18:48 +05:30
allow(helper).to receive(:request).and_return(request)
end
it_behaves_like 'masked url'
end
context 'when some query params are not required to be masked' do
2022-06-21 17:19:12 +05:30
let(:masked_url) { "http://localhost/dashboard/issues?author_username=masked_author_username&scope=all&state=masked_state&tab=2" }
2021-12-11 22:18:48 +05:30
let(:request) do
double(:Request,
path_parameters: {
controller: 'dashboard',
action: 'issues'
},
protocol: 'http',
host: 'localhost',
2022-06-21 17:19:12 +05:30
query_string: 'author_username=root&scope=all&state=opened&tab=2')
2021-12-11 22:18:48 +05:30
end
before do
2022-06-21 17:19:12 +05:30
stub_const('Routing::PseudonymizationHelper::MaskHelper::QUERY_PARAMS_TO_NOT_MASK', %w[scope tab].freeze)
2021-12-11 22:18:48 +05:30
allow(helper).to receive(:request).and_return(request)
end
it_behaves_like 'masked url'
end
context 'when query string has keys with the same names as path params' do
2022-01-26 12:08:38 +05:30
let(:masked_url) { "http://localhost/dashboard/issues?action=masked_action&scope=all&state=opened" }
2021-12-11 22:18:48 +05:30
let(:request) do
double(:Request,
path_parameters: {
controller: 'dashboard',
action: 'issues'
},
protocol: 'http',
host: 'localhost',
query_string: 'action=foobar&scope=all&state=opened')
end
before do
allow(helper).to receive(:request).and_return(request)
2021-11-11 11:23:49 +05:30
end
it_behaves_like 'masked url'
end
end
describe 'when url has no params to mask' do
2022-05-07 20:08:51 +05:30
let(:original_url) { 'http://localhost/-/security/vulnerabilities' }
let(:request) do
double(:Request,
path_parameters: {
controller: 'security/vulnerabilities',
action: 'index'
},
protocol: 'http',
host: 'localhost',
query_string: '',
original_fullpath: '/-/security/vulnerabilities',
original_url: original_url)
end
2021-11-11 11:23:49 +05:30
2022-05-07 20:08:51 +05:30
before do
allow(helper).to receive(:request).and_return(request)
end
2021-12-11 22:18:48 +05:30
2022-05-07 20:08:51 +05:30
it 'returns unchanged url' do
expect(subject).to eq(original_url)
2021-11-11 11:23:49 +05:30
end
end
2021-11-18 22:05:49 +05:30
describe 'when it raises exception' do
context 'calls error tracking' do
2021-12-11 22:18:48 +05:30
let(:request) do
double(:Request,
path_parameters: {
controller: 'dashboard',
action: 'issues'
},
protocol: 'http',
host: 'localhost',
query_string: 'assignee_username=root',
original_fullpath: '/dashboard/issues?assignee_username=root')
end
2021-11-18 22:05:49 +05:30
before do
2021-12-11 22:18:48 +05:30
allow(helper).to receive(:request).and_return(request)
2021-11-18 22:05:49 +05:30
end
it 'sends error to sentry and returns nil' do
2021-12-11 22:18:48 +05:30
allow_next_instance_of(Routing::PseudonymizationHelper::MaskHelper) do |mask_helper|
allow(mask_helper).to receive(:mask_params).and_raise(ActionController::RoutingError, 'Some routing error')
end
2021-11-18 22:05:49 +05:30
expect(Gitlab::ErrorTracking).to receive(:track_exception).with(
ActionController::RoutingError,
url: '/dashboard/issues?assignee_username=root').and_call_original
2022-01-26 12:08:38 +05:30
expect(subject).to be_nil
2021-11-18 22:05:49 +05:30
end
end
end
2021-11-11 11:23:49 +05:30
describe 'when feature flag is disabled' do
before do
stub_feature_flags(mask_page_urls: false)
end
it 'returns nil' do
2022-01-26 12:08:38 +05:30
expect(subject).to be_nil
2021-11-11 11:23:49 +05:30
end
end
end