2021-04-17 20:07:23 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
RSpec.shared_examples 'rejects rubygems packages access' do |user_type, status, add_member = true|
|
|
|
|
context "for user type #{user_type}" do
|
|
|
|
before do
|
|
|
|
project.send("add_#{user_type}", user) if add_member && user_type != :anonymous
|
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'returning response status', status
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
RSpec.shared_examples 'process rubygems workhorse authorization' do |user_type, status, add_member = true|
|
|
|
|
context "for user type #{user_type}" do
|
|
|
|
before do
|
|
|
|
project.send("add_#{user_type}", user) if add_member && user_type != :anonymous
|
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'returning response status', status
|
|
|
|
|
|
|
|
it 'has the proper content type' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response.media_type).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with a request that bypassed gitlab-workhorse' do
|
|
|
|
let(:headers) do
|
|
|
|
{ 'HTTP_AUTHORIZATION' => personal_access_token.token }
|
|
|
|
.merge(workhorse_headers)
|
|
|
|
.tap { |h| h.delete(Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER) }
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
project.add_maintainer(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'returning response status', :forbidden
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
RSpec.shared_examples 'process rubygems upload' do |user_type, status, add_member = true|
|
|
|
|
RSpec.shared_examples 'creates rubygems package files' do
|
|
|
|
it 'creates package files', :aggregate_failures do
|
2021-04-29 21:17:54 +05:30
|
|
|
expect(::Packages::Rubygems::ExtractionWorker).to receive(:perform_async).once
|
|
|
|
|
2021-04-17 20:07:23 +05:30
|
|
|
expect { subject }
|
|
|
|
.to change { project.packages.count }.by(1)
|
|
|
|
.and change { Packages::PackageFile.count }.by(1)
|
|
|
|
expect(response).to have_gitlab_http_status(status)
|
|
|
|
|
|
|
|
package_file = project.packages.last.package_files.reload.last
|
|
|
|
expect(package_file.file_name).to eq('package.gem')
|
|
|
|
end
|
2021-04-29 21:17:54 +05:30
|
|
|
|
|
|
|
it 'returns bad request if package creation fails' do
|
|
|
|
file_service = double('file_service', execute: nil)
|
|
|
|
|
|
|
|
expect(::Packages::CreatePackageFileService).to receive(:new).and_return(file_service)
|
|
|
|
expect(::Packages::Rubygems::ExtractionWorker).not_to receive(:perform_async)
|
|
|
|
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:bad_request)
|
|
|
|
end
|
2021-04-17 20:07:23 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context "for user type #{user_type}" do
|
|
|
|
before do
|
|
|
|
project.send("add_#{user_type}", user) if add_member && user_type != :anonymous
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with object storage disabled' do
|
|
|
|
before do
|
|
|
|
stub_package_file_object_storage(enabled: false)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'without a file from workhorse' do
|
|
|
|
let(:send_rewritten_field) { false }
|
|
|
|
|
|
|
|
it_behaves_like 'returning response status', :bad_request
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with correct params' do
|
|
|
|
it_behaves_like 'package workhorse uploads'
|
|
|
|
it_behaves_like 'creates rubygems package files'
|
|
|
|
it_behaves_like 'a package tracking event', 'API::RubygemPackages', 'push_package'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with object storage enabled' do
|
|
|
|
let(:tmp_object) do
|
|
|
|
fog_connection.directories.new(key: 'packages').files.create( # rubocop:disable Rails/SaveBang
|
|
|
|
key: "tmp/uploads/#{file_name}",
|
|
|
|
body: 'content'
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
let(:fog_file) { fog_to_uploaded_file(tmp_object) }
|
|
|
|
let(:params) { { file: fog_file, 'file.remote_id' => file_name } }
|
|
|
|
|
|
|
|
context 'and direct upload enabled' do
|
|
|
|
let(:fog_connection) do
|
|
|
|
stub_package_file_object_storage(direct_upload: true)
|
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'creates rubygems package files'
|
|
|
|
|
|
|
|
['123123', '../../123123'].each do |remote_id|
|
|
|
|
context "with invalid remote_id: #{remote_id}" do
|
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
file: fog_file,
|
|
|
|
'file.remote_id' => remote_id
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'returning response status', :forbidden
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'and direct upload disabled' do
|
|
|
|
context 'and background upload disabled' do
|
|
|
|
let(:fog_connection) do
|
|
|
|
stub_package_file_object_storage(direct_upload: false, background_upload: false)
|
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'creates rubygems package files'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'and background upload enabled' do
|
|
|
|
let(:fog_connection) do
|
|
|
|
stub_package_file_object_storage(direct_upload: false, background_upload: true)
|
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'creates rubygems package files'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
RSpec.shared_examples 'dependency endpoint success' do |user_type, status, add_member = true|
|
|
|
|
context "for user type #{user_type}" do
|
|
|
|
before do
|
|
|
|
project.send("add_#{user_type}", user) if add_member && user_type != :anonymous
|
|
|
|
end
|
|
|
|
|
|
|
|
raise 'Status is not :success' if status != :success
|
|
|
|
|
|
|
|
context 'with no params', :aggregate_failures do
|
|
|
|
it 'returns empty' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response.body).to eq('200')
|
|
|
|
expect(response).to have_gitlab_http_status(status)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with gems params' do
|
|
|
|
let(:params) { { gems: 'foo,bar' } }
|
|
|
|
let(:expected_response) { Marshal.dump(%w(result result)) }
|
|
|
|
|
|
|
|
it 'returns successfully', :aggregate_failures do
|
|
|
|
service_result = double('DependencyResolverService', execute: ServiceResponse.success(payload: 'result'))
|
|
|
|
|
|
|
|
expect(Packages::Rubygems::DependencyResolverService).to receive(:new).with(project, anything, gem_name: 'foo').and_return(service_result)
|
|
|
|
expect(Packages::Rubygems::DependencyResolverService).to receive(:new).with(project, anything, gem_name: 'bar').and_return(service_result)
|
|
|
|
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response.body).to eq(expected_response) # rubocop:disable Security/MarshalLoad
|
|
|
|
expect(response).to have_gitlab_http_status(status)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'rejects if the service fails', :aggregate_failures do
|
|
|
|
service_result = double('DependencyResolverService', execute: ServiceResponse.error(message: 'rejected', http_status: :bad_request))
|
|
|
|
|
|
|
|
expect(Packages::Rubygems::DependencyResolverService).to receive(:new).with(project, anything, gem_name: 'foo').and_return(service_result)
|
|
|
|
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response.body).to match(/rejected/)
|
|
|
|
expect(response).to have_gitlab_http_status(:bad_request)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
RSpec.shared_examples 'Rubygems gem download' do |user_type, status, add_member = true|
|
|
|
|
context "for user type #{user_type}" do
|
|
|
|
before do
|
|
|
|
project.send("add_#{user_type}", user) if add_member && user_type != :anonymous
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns the gem', :aggregate_failures do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response.media_type).to eq('application/octet-stream')
|
|
|
|
expect(response).to have_gitlab_http_status(status)
|
|
|
|
end
|
|
|
|
|
|
|
|
it_behaves_like 'a package tracking event', described_class.name, 'pull_package'
|
|
|
|
end
|
|
|
|
end
|