debian-mirror-gitlab/spec/requests/api/settings_spec.rb

456 lines
20 KiB
Ruby
Raw Normal View History

2019-12-26 22:10:19 +05:30
# frozen_string_literal: true
2015-09-11 14:41:01 +05:30
require 'spec_helper'
2020-07-28 23:09:34 +05:30
RSpec.describe API::Settings, 'Settings' do
2015-09-11 14:41:01 +05:30
let(:user) { create(:user) }
2020-01-01 13:55:28 +05:30
2020-03-13 15:44:24 +05:30
let_it_be(:admin) { create(:admin) }
2015-09-11 14:41:01 +05:30
describe "GET /application/settings" do
2016-09-13 17:45:13 +05:30
it "returns application settings" do
2015-09-11 14:41:01 +05:30
get api("/application/settings", admin)
2018-12-13 13:39:08 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2015-09-11 14:41:01 +05:30
expect(json_response).to be_an Hash
expect(json_response['default_projects_limit']).to eq(42)
2018-03-17 18:26:18 +05:30
expect(json_response['password_authentication_enabled_for_web']).to be_truthy
2020-08-09 18:53:13 +05:30
expect(json_response['repository_storages_weighted']).to eq({ 'default' => 100 })
2019-09-04 21:01:54 +05:30
expect(json_response['password_authentication_enabled']).to be_truthy
2017-08-17 22:00:37 +05:30
expect(json_response['plantuml_enabled']).to be_falsey
expect(json_response['plantuml_url']).to be_nil
2019-12-26 22:10:19 +05:30
expect(json_response['default_ci_config_path']).to be_nil
expect(json_response['sourcegraph_enabled']).to be_falsey
expect(json_response['sourcegraph_url']).to be_nil
2021-01-29 00:20:46 +05:30
expect(json_response['secret_detection_token_revocation_url']).to be_nil
expect(json_response['secret_detection_revocation_token_types_url']).to be_nil
2019-12-26 22:10:19 +05:30
expect(json_response['sourcegraph_public_only']).to be_truthy
2017-08-17 22:00:37 +05:30
expect(json_response['default_project_visibility']).to be_a String
expect(json_response['default_snippet_visibility']).to be_a String
expect(json_response['default_group_visibility']).to be_a String
2018-03-17 18:26:18 +05:30
expect(json_response['rsa_key_restriction']).to eq(0)
expect(json_response['dsa_key_restriction']).to eq(0)
expect(json_response['ecdsa_key_restriction']).to eq(0)
expect(json_response['ed25519_key_restriction']).to eq(0)
2018-11-08 19:23:39 +05:30
expect(json_response['performance_bar_allowed_group_id']).to be_nil
2019-10-12 21:52:04 +05:30
expect(json_response['allow_local_requests_from_hooks_and_services']).to be(false)
expect(json_response['allow_local_requests_from_web_hooks_and_services']).to be(false)
expect(json_response['allow_local_requests_from_system_hooks']).to be(true)
2018-11-08 19:23:39 +05:30
expect(json_response).not_to have_key('performance_bar_allowed_group_path')
expect(json_response).not_to have_key('performance_bar_enabled')
2020-01-01 13:55:28 +05:30
expect(json_response['snippet_size_limit']).to eq(50.megabytes)
2020-06-23 00:09:42 +05:30
expect(json_response['spam_check_endpoint_enabled']).to be_falsey
expect(json_response['spam_check_endpoint_url']).to be_nil
2020-11-24 15:15:51 +05:30
expect(json_response['wiki_page_max_content_bytes']).to be_a(Integer)
2021-01-29 00:20:46 +05:30
expect(json_response['require_admin_approval_after_user_signup']).to eq(true)
2015-09-11 14:41:01 +05:30
end
end
describe "PUT /application/settings" do
2018-11-08 19:23:39 +05:30
let(:group) { create(:group) }
2016-11-03 12:29:30 +05:30
context "custom repository storage type set in the config" do
before do
2018-10-15 14:42:47 +05:30
# Add a possible storage to the config
storages = Gitlab.config.repositories.storages
.merge({ 'custom' => 'tmp/tests/custom_repositories' })
2016-11-03 12:29:30 +05:30
allow(Gitlab.config.repositories).to receive(:storages).and_return(storages)
2020-06-23 00:09:42 +05:30
stub_feature_flags(sourcegraph: true)
2016-11-03 12:29:30 +05:30
end
2020-08-09 18:53:13 +05:30
it "coerces repository_storages_weighted to an int" do
put api("/application/settings", admin),
params: {
repository_storages_weighted: { 'custom' => '75' }
}
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['repository_storages_weighted']).to eq({ 'custom' => 75 })
end
context "repository_storages_weighted value is outside a 0-100 range" do
[-1, 101].each do |out_of_range_int|
it "returns a :bad_request for #{out_of_range_int}" do
put api("/application/settings", admin),
params: {
repository_storages_weighted: { 'custom' => out_of_range_int }
}
expect(response).to have_gitlab_http_status(:bad_request)
end
end
end
2016-11-03 12:29:30 +05:30
it "updates application settings" do
put api("/application/settings", admin),
2019-02-15 15:39:39 +05:30
params: {
2019-12-26 22:10:19 +05:30
default_ci_config_path: 'debian/salsa-ci.yml',
2019-02-15 15:39:39 +05:30
default_projects_limit: 3,
2019-07-07 11:18:12 +05:30
default_project_creation: 2,
2019-02-15 15:39:39 +05:30
password_authentication_enabled_for_web: false,
2020-08-09 18:53:13 +05:30
repository_storages_weighted: { 'custom' => 100 },
2019-02-15 15:39:39 +05:30
plantuml_enabled: true,
plantuml_url: 'http://plantuml.example.com',
2019-12-26 22:10:19 +05:30
sourcegraph_enabled: true,
sourcegraph_url: 'https://sourcegraph.com',
sourcegraph_public_only: false,
2019-02-15 15:39:39 +05:30
default_snippet_visibility: 'internal',
2020-07-28 23:09:34 +05:30
restricted_visibility_levels: 'public',
2019-02-15 15:39:39 +05:30
default_artifacts_expire_in: '2 days',
help_page_text: 'custom help text',
help_page_hide_commercial_content: true,
help_page_support_url: 'http://example.com/help',
2021-01-03 14:25:43 +05:30
help_page_documentation_base_url: 'https://docs.gitlab.com',
2019-02-15 15:39:39 +05:30
project_export_enabled: false,
rsa_key_restriction: ApplicationSetting::FORBIDDEN_KEY_VALUE,
dsa_key_restriction: 2048,
ecdsa_key_restriction: 384,
ed25519_key_restriction: 256,
enforce_terms: true,
terms: 'Hello world!',
performance_bar_allowed_group_path: group.full_path,
2021-01-29 00:20:46 +05:30
diff_max_patch_bytes: 300_000,
2019-07-07 11:18:12 +05:30
default_branch_protection: ::Gitlab::Access::PROTECTION_DEV_CAN_MERGE,
2019-10-12 21:52:04 +05:30
local_markdown_version: 3,
allow_local_requests_from_web_hooks_and_services: true,
2019-12-21 20:55:43 +05:30
allow_local_requests_from_system_hooks: false,
push_event_hooks_limit: 2,
2020-01-01 13:55:28 +05:30
push_event_activities_limit: 2,
2020-05-24 23:13:21 +05:30
snippet_size_limit: 5,
issues_create_limit: 300,
2020-06-23 00:09:42 +05:30
raw_blob_request_limit: 300,
spam_check_endpoint_enabled: true,
2020-07-28 23:09:34 +05:30
spam_check_endpoint_url: 'https://example.com/spam_check',
disabled_oauth_sign_in_sources: 'unknown',
2020-11-24 15:15:51 +05:30
import_sources: 'github,bitbucket',
wiki_page_max_content_bytes: 12345
2019-02-15 15:39:39 +05:30
}
2018-03-17 18:26:18 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-12-26 22:10:19 +05:30
expect(json_response['default_ci_config_path']).to eq('debian/salsa-ci.yml')
2016-11-03 12:29:30 +05:30
expect(json_response['default_projects_limit']).to eq(3)
2019-07-07 11:18:12 +05:30
expect(json_response['default_project_creation']).to eq(::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS)
2018-03-17 18:26:18 +05:30
expect(json_response['password_authentication_enabled_for_web']).to be_falsey
2020-08-09 18:53:13 +05:30
expect(json_response['repository_storages_weighted']).to eq({ 'custom' => 100 })
2017-08-17 22:00:37 +05:30
expect(json_response['plantuml_enabled']).to be_truthy
expect(json_response['plantuml_url']).to eq('http://plantuml.example.com')
2019-12-26 22:10:19 +05:30
expect(json_response['sourcegraph_enabled']).to be_truthy
expect(json_response['sourcegraph_url']).to eq('https://sourcegraph.com')
expect(json_response['sourcegraph_public_only']).to eq(false)
2017-08-17 22:00:37 +05:30
expect(json_response['default_snippet_visibility']).to eq('internal')
expect(json_response['restricted_visibility_levels']).to eq(['public'])
expect(json_response['default_artifacts_expire_in']).to eq('2 days')
2017-09-10 17:25:29 +05:30
expect(json_response['help_page_text']).to eq('custom help text')
expect(json_response['help_page_hide_commercial_content']).to be_truthy
expect(json_response['help_page_support_url']).to eq('http://example.com/help')
2021-01-03 14:25:43 +05:30
expect(json_response['help_page_documentation_base_url']).to eq('https://docs.gitlab.com')
2018-03-17 18:26:18 +05:30
expect(json_response['project_export_enabled']).to be_falsey
expect(json_response['rsa_key_restriction']).to eq(ApplicationSetting::FORBIDDEN_KEY_VALUE)
expect(json_response['dsa_key_restriction']).to eq(2048)
expect(json_response['ecdsa_key_restriction']).to eq(384)
expect(json_response['ed25519_key_restriction']).to eq(256)
2018-10-15 14:42:47 +05:30
expect(json_response['enforce_terms']).to be(true)
expect(json_response['terms']).to eq('Hello world!')
2018-11-08 19:23:39 +05:30
expect(json_response['performance_bar_allowed_group_id']).to eq(group.id)
2021-01-29 00:20:46 +05:30
expect(json_response['diff_max_patch_bytes']).to eq(300_000)
2019-03-02 22:35:43 +05:30
expect(json_response['default_branch_protection']).to eq(Gitlab::Access::PROTECTION_DEV_CAN_MERGE)
expect(json_response['local_markdown_version']).to eq(3)
2019-10-12 21:52:04 +05:30
expect(json_response['allow_local_requests_from_web_hooks_and_services']).to eq(true)
expect(json_response['allow_local_requests_from_system_hooks']).to eq(false)
2019-12-21 20:55:43 +05:30
expect(json_response['push_event_hooks_limit']).to eq(2)
expect(json_response['push_event_activities_limit']).to eq(2)
2020-01-01 13:55:28 +05:30
expect(json_response['snippet_size_limit']).to eq(5)
2020-05-24 23:13:21 +05:30
expect(json_response['issues_create_limit']).to eq(300)
expect(json_response['raw_blob_request_limit']).to eq(300)
2020-06-23 00:09:42 +05:30
expect(json_response['spam_check_endpoint_enabled']).to be_truthy
expect(json_response['spam_check_endpoint_url']).to eq('https://example.com/spam_check')
2020-07-28 23:09:34 +05:30
expect(json_response['disabled_oauth_sign_in_sources']).to eq([])
expect(json_response['import_sources']).to match_array(%w(github bitbucket))
2020-11-24 15:15:51 +05:30
expect(json_response['wiki_page_max_content_bytes']).to eq(12345)
2016-11-03 12:29:30 +05:30
end
2016-08-24 12:49:21 +05:30
end
2018-11-08 19:23:39 +05:30
it "supports legacy performance_bar_allowed_group_id" do
put api("/application/settings", admin),
2019-02-15 15:39:39 +05:30
params: { performance_bar_allowed_group_id: group.full_path }
2018-11-08 19:23:39 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2018-11-08 19:23:39 +05:30
expect(json_response['performance_bar_allowed_group_id']).to eq(group.id)
end
it "supports legacy performance_bar_enabled" do
put api("/application/settings", admin),
2019-02-15 15:39:39 +05:30
params: {
performance_bar_enabled: false,
performance_bar_allowed_group_id: group.full_path
}
2018-11-08 19:23:39 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2018-11-08 19:23:39 +05:30
expect(json_response['performance_bar_allowed_group_id']).to be_nil
end
2019-10-12 21:52:04 +05:30
it 'supports legacy allow_local_requests_from_hooks_and_services' do
put api("/application/settings", admin),
params: { allow_local_requests_from_hooks_and_services: true }
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-10-12 21:52:04 +05:30
expect(json_response['allow_local_requests_from_hooks_and_services']).to eq(true)
end
2020-05-24 23:13:21 +05:30
it 'disables ability to switch to legacy storage' do
put api("/application/settings", admin),
params: { hashed_storage_enabled: false }
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['hashed_storage_enabled']).to eq(true)
end
2019-07-07 11:18:12 +05:30
context 'external policy classification settings' do
let(:settings) do
{
external_authorization_service_enabled: true,
external_authorization_service_url: 'https://custom.service/',
external_authorization_service_default_label: 'default',
external_authorization_service_timeout: 9.99,
external_auth_client_cert: File.read('spec/fixtures/passphrase_x509_certificate.crt'),
external_auth_client_key: File.read('spec/fixtures/passphrase_x509_certificate_pk.key'),
external_auth_client_key_pass: "5iveL!fe"
}
end
2019-10-12 21:52:04 +05:30
2019-07-07 11:18:12 +05:30
let(:attribute_names) { settings.keys.map(&:to_s) }
it 'includes the attributes in the API' do
get api("/application/settings", admin)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-07-07 11:18:12 +05:30
attribute_names.each do |attribute|
expect(json_response.keys).to include(attribute)
end
end
it 'allows updating the settings' do
put api("/application/settings", admin), params: settings
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-07-07 11:18:12 +05:30
settings.each do |attribute, value|
expect(ApplicationSetting.current.public_send(attribute)).to eq(value)
end
end
end
2019-10-12 21:52:04 +05:30
context "snowplow tracking settings" do
let(:settings) do
{
snowplow_collector_hostname: "snowplow.example.com",
snowplow_cookie_domain: ".example.com",
snowplow_enabled: true,
2020-11-24 15:15:51 +05:30
snowplow_app_id: "app_id"
2019-10-12 21:52:04 +05:30
}
end
let(:attribute_names) { settings.keys.map(&:to_s) }
it "includes the attributes in the API" do
get api("/application/settings", admin)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-10-12 21:52:04 +05:30
attribute_names.each do |attribute|
expect(json_response.keys).to include(attribute)
end
end
it "allows updating the settings" do
put api("/application/settings", admin), params: settings
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-10-12 21:52:04 +05:30
settings.each do |attribute, value|
expect(ApplicationSetting.current.public_send(attribute)).to eq(value)
end
end
context "missing snowplow_collector_hostname value when snowplow_enabled is true" do
it "returns a blank parameter error message" do
put api("/application/settings", admin), params: { snowplow_enabled: true }
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
2019-10-12 21:52:04 +05:30
expect(json_response["error"]).to eq("snowplow_collector_hostname is missing")
end
it "handles validation errors" do
put api("/application/settings", admin), params: settings.merge({
snowplow_collector_hostname: nil
})
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
2019-10-12 21:52:04 +05:30
message = json_response["message"]
expect(message["snowplow_collector_hostname"]).to include("can't be blank")
end
end
end
2019-12-26 22:10:19 +05:30
context 'EKS integration settings' do
let(:attribute_names) { settings.keys.map(&:to_s) }
let(:sensitive_attributes) { %w(eks_secret_access_key) }
let(:exposed_attributes) { attribute_names - sensitive_attributes }
let(:settings) do
{
eks_integration_enabled: true,
eks_account_id: '123456789012',
eks_access_key_id: 'access-key-id-12',
eks_secret_access_key: 'secret-access-key'
}
end
it 'includes attributes in the API' do
get api("/application/settings", admin)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-12-26 22:10:19 +05:30
exposed_attributes.each do |attribute|
expect(json_response.keys).to include(attribute)
end
end
it 'does not include sensitive attributes in the API' do
get api("/application/settings", admin)
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-12-26 22:10:19 +05:30
sensitive_attributes.each do |attribute|
expect(json_response.keys).not_to include(attribute)
end
end
it 'allows updating the settings' do
put api("/application/settings", admin), params: settings
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-12-26 22:10:19 +05:30
settings.each do |attribute, value|
expect(ApplicationSetting.current.public_send(attribute)).to eq(value)
end
end
context 'EKS integration is enabled but params are blank' do
let(:settings) { Hash[eks_integration_enabled: true] }
it 'does not update the settings' do
put api("/application/settings", admin), params: settings
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
2019-12-26 22:10:19 +05:30
expect(json_response['error']).to include('eks_account_id is missing')
expect(json_response['error']).to include('eks_access_key_id is missing')
expect(json_response['error']).to include('eks_secret_access_key is missing')
end
end
end
2017-08-17 22:00:37 +05:30
context "missing plantuml_url value when plantuml_enabled is true" do
it "returns a blank parameter error message" do
2019-02-15 15:39:39 +05:30
put api("/application/settings", admin), params: { plantuml_enabled: true }
2017-08-17 22:00:37 +05:30
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
2017-08-17 22:00:37 +05:30
expect(json_response['error']).to eq('plantuml_url is missing')
2016-11-03 12:29:30 +05:30
end
2015-09-11 14:41:01 +05:30
end
2019-09-04 21:01:54 +05:30
context 'asset_proxy settings' do
it 'updates application settings' do
put api('/application/settings', admin),
params: {
asset_proxy_enabled: true,
asset_proxy_url: 'http://assets.example.com',
asset_proxy_secret_key: 'shared secret',
asset_proxy_whitelist: ['example.com', '*.example.com']
}
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-09-04 21:01:54 +05:30
expect(json_response['asset_proxy_enabled']).to be(true)
expect(json_response['asset_proxy_url']).to eq('http://assets.example.com')
expect(json_response['asset_proxy_secret_key']).to be_nil
expect(json_response['asset_proxy_whitelist']).to eq(['example.com', '*.example.com', 'localhost'])
end
it 'allows a string for asset_proxy_whitelist' do
put api('/application/settings', admin),
params: {
asset_proxy_whitelist: 'example.com, *.example.com'
}
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-09-04 21:01:54 +05:30
expect(json_response['asset_proxy_whitelist']).to eq(['example.com', '*.example.com', 'localhost'])
end
end
2019-12-04 20:38:33 +05:30
2021-01-29 00:20:46 +05:30
context 'domain_denylist settings' do
it 'rejects domain_denylist_enabled when domain_denylist is empty' do
2019-12-04 20:38:33 +05:30
put api('/application/settings', admin),
params: {
2021-01-29 00:20:46 +05:30
domain_denylist_enabled: true,
domain_denylist: []
2019-12-04 20:38:33 +05:30
}
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
2019-12-04 20:38:33 +05:30
message = json_response["message"]
2021-01-29 00:20:46 +05:30
expect(message["domain_denylist"]).to eq(["Domain denylist cannot be empty if denylist is enabled."])
2019-12-04 20:38:33 +05:30
end
2021-01-29 00:20:46 +05:30
it 'allows array for domain_denylist' do
2019-12-04 20:38:33 +05:30
put api('/application/settings', admin),
params: {
2021-01-29 00:20:46 +05:30
domain_denylist_enabled: true,
domain_denylist: ['domain1.com', 'domain2.com']
2019-12-04 20:38:33 +05:30
}
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2021-01-29 00:20:46 +05:30
expect(json_response['domain_denylist_enabled']).to be(true)
expect(json_response['domain_denylist']).to eq(['domain1.com', 'domain2.com'])
2019-12-04 20:38:33 +05:30
end
2021-01-29 00:20:46 +05:30
it 'allows a string for domain_denylist' do
2019-12-04 20:38:33 +05:30
put api('/application/settings', admin),
params: {
2021-01-29 00:20:46 +05:30
domain_denylist_enabled: true,
domain_denylist: 'domain3.com, *.domain4.com'
2019-12-04 20:38:33 +05:30
}
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:ok)
2021-01-29 00:20:46 +05:30
expect(json_response['domain_denylist_enabled']).to be(true)
expect(json_response['domain_denylist']).to eq(['domain3.com', '*.domain4.com'])
2019-12-04 20:38:33 +05:30
end
end
2019-12-26 22:10:19 +05:30
2021-01-03 14:25:43 +05:30
it 'supports legacy admin_notification_email' do
put api('/application/settings', admin),
params: { admin_notification_email: 'test@example.com' }
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['abuse_notification_email']).to eq('test@example.com')
end
2021-01-29 00:20:46 +05:30
it 'supports setting require_admin_approval_after_user_signup' do
put api('/application/settings', admin),
params: { require_admin_approval_after_user_signup: true }
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['require_admin_approval_after_user_signup']).to eq(true)
end
2019-12-26 22:10:19 +05:30
context "missing sourcegraph_url value when sourcegraph_enabled is true" do
it "returns a blank parameter error message" do
put api("/application/settings", admin), params: { sourcegraph_enabled: true }
2020-04-08 14:13:33 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
2019-12-26 22:10:19 +05:30
expect(json_response['error']).to eq('sourcegraph_url is missing')
end
end
2020-06-23 00:09:42 +05:30
context "missing spam_check_endpoint_url value when spam_check_endpoint_enabled is true" do
it "returns a blank parameter error message" do
put api("/application/settings", admin), params: { spam_check_endpoint_enabled: true }
expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response['error']).to eq('spam_check_endpoint_url is missing')
end
end
2015-09-11 14:41:01 +05:30
end
end