debian-mirror-gitlab/spec/services/application_settings/update_service_spec.rb

520 lines
19 KiB
Ruby
Raw Normal View History

2019-07-31 22:56:46 +05:30
# frozen_string_literal: true
2018-10-15 14:42:47 +05:30
require 'spec_helper'
2020-07-28 23:09:34 +05:30
RSpec.describe ApplicationSettings::UpdateService do
2019-07-07 11:18:12 +05:30
include ExternalAuthorizationServiceHelpers
2018-11-08 19:23:39 +05:30
let(:application_settings) { create(:application_setting) }
2018-10-15 14:42:47 +05:30
let(:admin) { create(:user, :admin) }
let(:params) { {} }
subject { described_class.new(application_settings, admin, params) }
before do
# So the caching behaves like it would in production
stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
2018-12-13 13:39:08 +05:30
# Creating these settings first ensures they're used by other factories
application_settings
2018-10-15 14:42:47 +05:30
end
describe 'updating terms' do
context 'when the passed terms are blank' do
2019-03-02 22:35:43 +05:30
let(:params) { { terms: '' } }
2018-10-15 14:42:47 +05:30
it 'does not create terms' do
expect { subject.execute }.not_to change { ApplicationSetting::Term.count }
end
end
context 'when passing terms' do
2019-03-02 22:35:43 +05:30
let(:params) { { terms: 'Be nice! ' } }
2018-10-15 14:42:47 +05:30
it 'creates the terms' do
expect { subject.execute }.to change { ApplicationSetting::Term.count }.by(1)
end
it 'does not create terms if they are the same as the existing ones' do
create(:term, terms: 'Be nice!')
expect { subject.execute }.not_to change { ApplicationSetting::Term.count }
end
it 'updates terms if they already existed' do
create(:term, terms: 'Other terms')
subject.execute
expect(application_settings.terms).to eq('Be nice!')
end
2021-02-22 17:27:13 +05:30
it 'only queries once when the terms are changed' do
2018-10-15 14:42:47 +05:30
create(:term, terms: 'Other terms')
expect(application_settings.terms).to eq('Other terms')
subject.execute
expect(application_settings.terms).to eq('Be nice!')
expect { 2.times { application_settings.terms } }
.not_to exceed_query_limit(0)
end
end
end
2018-11-08 19:23:39 +05:30
2019-10-12 21:52:04 +05:30
describe 'updating outbound_local_requests_whitelist' do
context 'when params is blank' do
let(:params) { {} }
2021-01-29 00:20:46 +05:30
it 'does not add to allowlist' do
2019-10-12 21:52:04 +05:30
expect { subject.execute }.not_to change {
application_settings.outbound_local_requests_whitelist
}
end
end
context 'when param add_to_outbound_local_requests_whitelist contains values' do
before do
application_settings.outbound_local_requests_whitelist = ['127.0.0.1']
end
let(:params) { { add_to_outbound_local_requests_whitelist: ['example.com', ''] } }
2021-01-29 00:20:46 +05:30
it 'adds to allowlist' do
2019-10-12 21:52:04 +05:30
expect { subject.execute }.to change {
application_settings.outbound_local_requests_whitelist
}
expect(application_settings.outbound_local_requests_whitelist).to contain_exactly(
'127.0.0.1', 'example.com'
)
end
end
2021-01-29 00:20:46 +05:30
context 'when param outbound_local_requests_allowlist_raw is passed' do
2019-10-12 21:52:04 +05:30
before do
application_settings.outbound_local_requests_whitelist = ['127.0.0.1']
end
2021-01-29 00:20:46 +05:30
let(:params) { { outbound_local_requests_allowlist_raw: 'example.com;gitlab.com' } }
2019-10-12 21:52:04 +05:30
2021-01-29 00:20:46 +05:30
it 'overwrites the existing allowlist' do
2019-10-12 21:52:04 +05:30
expect { subject.execute }.to change {
application_settings.outbound_local_requests_whitelist
}
expect(application_settings.outbound_local_requests_whitelist).to contain_exactly(
'example.com', 'gitlab.com'
)
end
end
end
2019-09-04 21:01:54 +05:30
describe 'markdown cache invalidators' do
shared_examples 'invalidates markdown cache' do |attribute|
let(:params) { attribute }
it 'increments cache' do
expect { subject.execute }.to change(application_settings, :local_markdown_version).by(1)
end
end
it_behaves_like 'invalidates markdown cache', { asset_proxy_enabled: true }
it_behaves_like 'invalidates markdown cache', { asset_proxy_url: 'http://test.com' }
it_behaves_like 'invalidates markdown cache', { asset_proxy_secret_key: 'another secret' }
2021-03-11 19:13:27 +05:30
it_behaves_like 'invalidates markdown cache', { asset_proxy_allowlist: ['domain.com'] }
2019-09-04 21:01:54 +05:30
it_behaves_like 'invalidates markdown cache', { asset_proxy_whitelist: ['domain.com'] }
context 'when also setting the local_markdown_version' do
let(:params) { { asset_proxy_enabled: true, local_markdown_version: 12 } }
it 'does not increment' do
expect { subject.execute }.to change(application_settings, :local_markdown_version).to(12)
end
end
context 'do not invalidate if value does not change' do
let(:params) { { asset_proxy_enabled: true, asset_proxy_secret_key: 'secret', asset_proxy_url: 'http://test.com' } }
it 'does not increment' do
described_class.new(application_settings, admin, params).execute
expect { described_class.new(application_settings, admin, params).execute }.not_to change(application_settings, :local_markdown_version)
end
end
end
2018-11-08 19:23:39 +05:30
describe 'performance bar settings' do
using RSpec::Parameterized::TableSyntax
where(:params_performance_bar_enabled,
2019-12-21 20:55:43 +05:30
:params_performance_bar_allowed_group_path,
:previous_performance_bar_allowed_group_id,
:expected_performance_bar_allowed_group_id,
:expected_valid) do
true | '' | nil | nil | true
true | '' | 42_000_000 | nil | true
true | nil | nil | nil | true
true | nil | 42_000_000 | nil | true
true | 'foo' | nil | nil | false
true | 'foo' | 42_000_000 | 42_000_000 | false
true | 'group_a' | nil | 42_000_000 | true
true | 'group_b' | 42_000_000 | 43_000_000 | true
true | 'group_b/' | 42_000_000 | 43_000_000 | true
true | 'group_a' | 42_000_000 | 42_000_000 | true
false | '' | nil | nil | true
false | '' | 42_000_000 | nil | true
false | nil | nil | nil | true
false | nil | 42_000_000 | nil | true
false | 'foo' | nil | nil | true
false | 'foo' | 42_000_000 | nil | true
false | 'group_a' | nil | nil | true
false | 'group_b' | 42_000_000 | nil | true
false | 'group_a' | 42_000_000 | nil | true
nil | '' | nil | nil | true
nil | 'foo' | nil | nil | false
nil | 'group_a' | nil | 42_000_000 | true
2018-11-08 19:23:39 +05:30
end
with_them do
let(:params) do
{
performance_bar_allowed_group_path: params_performance_bar_allowed_group_path
2019-12-21 20:55:43 +05:30
}.tap do |params_hash|
# Treat nil in the table as missing
unless params_performance_bar_enabled.nil?
params_hash[:performance_bar_enabled] = params_performance_bar_enabled
end
end
2018-11-08 19:23:39 +05:30
end
before do
if previous_performance_bar_allowed_group_id == 42_000_000 || params_performance_bar_allowed_group_path == 'group_a'
create(:group, id: 42_000_000, path: 'group_a')
end
if expected_performance_bar_allowed_group_id == 43_000_000 || params_performance_bar_allowed_group_path == 'group_b'
create(:group, id: 43_000_000, path: 'group_b')
end
application_settings.update!(performance_bar_allowed_group_id: previous_performance_bar_allowed_group_id)
end
it 'sets performance_bar_allowed_group_id when present and performance_bar_enabled == true' do
expect(application_settings.performance_bar_allowed_group_id).to eq(previous_performance_bar_allowed_group_id)
if previous_performance_bar_allowed_group_id != expected_performance_bar_allowed_group_id
expect { subject.execute }
.to change(application_settings, :performance_bar_allowed_group_id)
.from(previous_performance_bar_allowed_group_id).to(expected_performance_bar_allowed_group_id)
else
expect { subject.execute }
.not_to change(application_settings, :performance_bar_allowed_group_id)
end
end
2019-12-21 20:55:43 +05:30
it 'adds errors to the model for invalid params' do
expect(subject.execute).to eq(expected_valid)
unless expected_valid
expect(application_settings.errors[:performance_bar_allowed_group_id]).to be_present
end
end
2018-11-08 19:23:39 +05:30
end
context 'when :performance_bar_allowed_group_path is not present' do
let(:group) { create(:group) }
before do
application_settings.update!(performance_bar_allowed_group_id: group.id)
end
it 'does not change the performance bar settings' do
expect { subject.execute }
.not_to change(application_settings, :performance_bar_allowed_group_id)
end
end
context 'when :performance_bar_enabled is not present' do
let(:group) { create(:group) }
let(:params) { { performance_bar_allowed_group_path: group.full_path } }
2019-12-21 20:55:43 +05:30
it 'implicitly defaults to true' do
2018-11-08 19:23:39 +05:30
expect { subject.execute }
.to change(application_settings, :performance_bar_allowed_group_id)
.from(nil).to(group.id)
end
end
end
2019-07-07 11:18:12 +05:30
context 'when external authorization is enabled' do
before do
enable_external_authorization_service_check
end
2019-12-04 20:38:33 +05:30
it 'does not validate labels if external authorization gets disabled' do
expect_any_instance_of(described_class).not_to receive(:validate_classification_label)
described_class.new(application_settings, admin, { external_authorization_service_enabled: false }).execute
end
2021-02-22 17:27:13 +05:30
it 'does validate labels if external authorization gets enabled' do
2019-12-04 20:38:33 +05:30
expect_any_instance_of(described_class).to receive(:validate_classification_label)
described_class.new(application_settings, admin, { external_authorization_service_enabled: true }).execute
end
it 'does validate labels if external authorization is left unchanged' do
expect_any_instance_of(described_class).to receive(:validate_classification_label)
described_class.new(application_settings, admin, { external_authorization_service_default_label: 'new-label' }).execute
end
2019-07-07 11:18:12 +05:30
it 'does not save the settings with an error if the service denies access' do
expect(::Gitlab::ExternalAuthorization)
.to receive(:access_allowed?).with(admin, 'new-label') { false }
described_class.new(application_settings, admin, { external_authorization_service_default_label: 'new-label' }).execute
expect(application_settings.errors[:external_authorization_service_default_label]).to be_present
end
it 'saves the setting when the user has access to the label' do
expect(::Gitlab::ExternalAuthorization)
.to receive(:access_allowed?).with(admin, 'new-label') { true }
described_class.new(application_settings, admin, { external_authorization_service_default_label: 'new-label' }).execute
# Read the attribute directly to avoid the stub from
# `enable_external_authorization_service_check`
expect(application_settings[:external_authorization_service_default_label]).to eq('new-label')
end
it 'does not validate the label if it was not passed' do
expect(::Gitlab::ExternalAuthorization)
.not_to receive(:access_allowed?)
described_class.new(application_settings, admin, { home_page_url: 'http://foo.bar' }).execute
end
end
2019-10-12 21:52:04 +05:30
context 'when raw_blob_request_limit is passsed' do
let(:params) do
{
raw_blob_request_limit: 600
}
end
it 'updates raw_blob_request_limit value' do
subject.execute
application_settings.reload
expect(application_settings.raw_blob_request_limit).to eq(600)
end
end
2019-12-21 20:55:43 +05:30
context 'when protected path settings are passed' do
let(:params) do
{
throttle_protected_paths_enabled: 1,
throttle_protected_paths_period_in_seconds: 600,
throttle_protected_paths_requests_per_period: 100,
protected_paths_raw: "/users/password\r\n/users/sign_in\r\n"
}
end
it 'updates protected path settings' do
subject.execute
application_settings.reload
expect(application_settings.throttle_protected_paths_enabled).to be_truthy
expect(application_settings.throttle_protected_paths_period_in_seconds).to eq(600)
expect(application_settings.throttle_protected_paths_requests_per_period).to eq(100)
expect(application_settings.protected_paths).to eq(['/users/password', '/users/sign_in'])
end
end
2020-04-22 19:07:51 +05:30
2021-11-11 11:23:49 +05:30
context 'when general rate limits are passed' do
let(:params) do
{
throttle_authenticated_api_enabled: true,
throttle_authenticated_api_period_in_seconds: 10,
throttle_authenticated_api_requests_per_period: 20,
throttle_authenticated_web_enabled: true,
throttle_authenticated_web_period_in_seconds: 30,
throttle_authenticated_web_requests_per_period: 40,
throttle_unauthenticated_api_enabled: true,
throttle_unauthenticated_api_period_in_seconds: 50,
throttle_unauthenticated_api_requests_per_period: 60,
throttle_unauthenticated_enabled: true,
throttle_unauthenticated_period_in_seconds: 50,
throttle_unauthenticated_requests_per_period: 60
}
end
it 'updates general throttle settings' do
subject.execute
expect(application_settings.reload).to have_attributes(params)
end
end
2021-06-08 01:23:25 +05:30
context 'when package registry rate limits are passed' do
let(:params) do
{
throttle_unauthenticated_packages_api_enabled: 1,
throttle_unauthenticated_packages_api_period_in_seconds: 500,
throttle_unauthenticated_packages_api_requests_per_period: 20,
throttle_authenticated_packages_api_enabled: 1,
throttle_authenticated_packages_api_period_in_seconds: 600,
throttle_authenticated_packages_api_requests_per_period: 10
}
end
it 'updates package registry throttle settings' do
subject.execute
application_settings.reload
expect(application_settings.throttle_unauthenticated_packages_api_enabled).to be_truthy
expect(application_settings.throttle_unauthenticated_packages_api_period_in_seconds).to eq(500)
expect(application_settings.throttle_unauthenticated_packages_api_requests_per_period).to eq(20)
expect(application_settings.throttle_authenticated_packages_api_enabled).to be_truthy
expect(application_settings.throttle_authenticated_packages_api_period_in_seconds).to eq(600)
expect(application_settings.throttle_authenticated_packages_api_requests_per_period).to eq(10)
end
end
2021-11-11 11:23:49 +05:30
context 'when files API rate limits are passed' do
let(:params) do
{
throttle_unauthenticated_files_api_enabled: 1,
throttle_unauthenticated_files_api_period_in_seconds: 500,
throttle_unauthenticated_files_api_requests_per_period: 20,
throttle_authenticated_files_api_enabled: 1,
throttle_authenticated_files_api_period_in_seconds: 600,
throttle_authenticated_files_api_requests_per_period: 10
}
end
it 'updates files API throttle settings' do
subject.execute
application_settings.reload
expect(application_settings.throttle_unauthenticated_files_api_enabled).to be_truthy
expect(application_settings.throttle_unauthenticated_files_api_period_in_seconds).to eq(500)
expect(application_settings.throttle_unauthenticated_files_api_requests_per_period).to eq(20)
expect(application_settings.throttle_authenticated_files_api_enabled).to be_truthy
expect(application_settings.throttle_authenticated_files_api_period_in_seconds).to eq(600)
expect(application_settings.throttle_authenticated_files_api_requests_per_period).to eq(10)
end
end
2021-11-18 22:05:49 +05:30
context 'when deprecated API rate limits are passed' do
let(:params) do
{
throttle_unauthenticated_deprecated_api_enabled: 1,
throttle_unauthenticated_deprecated_api_period_in_seconds: 500,
throttle_unauthenticated_deprecated_api_requests_per_period: 20,
throttle_authenticated_deprecated_api_enabled: 1,
throttle_authenticated_deprecated_api_period_in_seconds: 600,
throttle_authenticated_deprecated_api_requests_per_period: 10
}
end
it 'updates deprecated API throttle settings' do
subject.execute
application_settings.reload
expect(application_settings.throttle_unauthenticated_deprecated_api_enabled).to be_truthy
expect(application_settings.throttle_unauthenticated_deprecated_api_period_in_seconds).to eq(500)
expect(application_settings.throttle_unauthenticated_deprecated_api_requests_per_period).to eq(20)
expect(application_settings.throttle_authenticated_deprecated_api_enabled).to be_truthy
expect(application_settings.throttle_authenticated_deprecated_api_period_in_seconds).to eq(600)
expect(application_settings.throttle_authenticated_deprecated_api_requests_per_period).to eq(10)
end
end
2021-11-11 11:23:49 +05:30
context 'when git lfs rate limits are passed' do
let(:params) do
{
throttle_authenticated_git_lfs_enabled: 1,
throttle_authenticated_git_lfs_period_in_seconds: 600,
throttle_authenticated_git_lfs_requests_per_period: 10
}
end
it 'updates git lfs throttle settings' do
subject.execute
application_settings.reload
expect(application_settings.throttle_authenticated_git_lfs_enabled).to be_truthy
expect(application_settings.throttle_authenticated_git_lfs_period_in_seconds).to eq(600)
expect(application_settings.throttle_authenticated_git_lfs_requests_per_period).to eq(10)
end
end
2020-05-24 23:13:21 +05:30
context 'when issues_create_limit is passed' do
2020-04-22 19:07:51 +05:30
let(:params) do
{
issues_create_limit: 600
}
end
it 'updates issues_create_limit value' do
subject.execute
application_settings.reload
expect(application_settings.issues_create_limit).to eq(600)
end
end
2021-02-22 17:27:13 +05:30
2022-04-04 11:22:00 +05:30
context 'when users_get_by_id_limit and users_get_by_id_limit_allowlist_raw are passed' do
let(:params) do
{
users_get_by_id_limit: 456,
users_get_by_id_limit_allowlist_raw: 'someone, someone_else'
}
end
it 'updates users_get_by_id_limit and users_get_by_id_limit_allowlist value' do
subject.execute
application_settings.reload
expect(application_settings.users_get_by_id_limit).to eq(456)
expect(application_settings.users_get_by_id_limit_allowlist).to eq(%w[someone someone_else])
end
end
2021-02-22 17:27:13 +05:30
context 'when require_admin_approval_after_user_signup changes' do
context 'when it goes from enabled to disabled' do
let(:params) { { require_admin_approval_after_user_signup: false } }
it 'calls ApproveBlockedPendingApprovalUsersWorker' do
expect(ApproveBlockedPendingApprovalUsersWorker).to receive(:perform_async)
subject.execute
end
end
context 'when it goes from disabled to enabled' do
let(:params) { { require_admin_approval_after_user_signup: true } }
it 'does not call ApproveBlockedPendingApprovalUsersWorker' do
application_settings.update!(require_admin_approval_after_user_signup: false)
expect(ApproveBlockedPendingApprovalUsersWorker).not_to receive(:perform_async)
subject.execute
end
end
end
2018-10-15 14:42:47 +05:30
end