2017-08-17 22:00:37 +05:30
|
|
|
require 'rails_helper'
|
|
|
|
|
|
|
|
describe API::Snippets do
|
|
|
|
let!(:user) { create(:user) }
|
|
|
|
|
|
|
|
describe 'GET /snippets/' do
|
|
|
|
it 'returns snippets available' do
|
|
|
|
public_snippet = create(:personal_snippet, :public, author: user)
|
|
|
|
private_snippet = create(:personal_snippet, :private, author: user)
|
|
|
|
internal_snippet = create(:personal_snippet, :internal, author: user)
|
|
|
|
|
|
|
|
get api("/snippets/", user)
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(200)
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(response).to include_pagination_headers
|
|
|
|
expect(json_response).to be_an Array
|
|
|
|
expect(json_response.map { |snippet| snippet['id']} ).to contain_exactly(
|
|
|
|
public_snippet.id,
|
|
|
|
internal_snippet.id,
|
|
|
|
private_snippet.id)
|
|
|
|
expect(json_response.last).to have_key('web_url')
|
|
|
|
expect(json_response.last).to have_key('raw_url')
|
2018-11-08 19:23:39 +05:30
|
|
|
expect(json_response.last).to have_key('visibility')
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'hides private snippets from regular user' do
|
|
|
|
create(:personal_snippet, :private)
|
|
|
|
|
|
|
|
get api("/snippets/", user)
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(200)
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(response).to include_pagination_headers
|
|
|
|
expect(json_response).to be_an Array
|
|
|
|
expect(json_response.size).to eq(0)
|
|
|
|
end
|
2018-03-17 18:26:18 +05:30
|
|
|
|
|
|
|
it 'returns 404 for non-authenticated' do
|
|
|
|
create(:personal_snippet, :internal)
|
|
|
|
|
|
|
|
get api("/snippets/")
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(401)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not return snippets related to a project with disable feature visibility' do
|
|
|
|
project = create(:project)
|
|
|
|
create(:project_member, project: project, user: user)
|
|
|
|
public_snippet = create(:personal_snippet, :public, author: user, project: project)
|
|
|
|
project.project_feature.update_attribute(:snippets_access_level, 0)
|
|
|
|
|
|
|
|
get api("/snippets/", user)
|
|
|
|
|
|
|
|
json_response.each do |snippet|
|
|
|
|
expect(snippet["id"]).not_to eq(public_snippet.id)
|
|
|
|
end
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe 'GET /snippets/public' do
|
|
|
|
let!(:other_user) { create(:user) }
|
|
|
|
let!(:public_snippet) { create(:personal_snippet, :public, author: user) }
|
|
|
|
let!(:private_snippet) { create(:personal_snippet, :private, author: user) }
|
|
|
|
let!(:internal_snippet) { create(:personal_snippet, :internal, author: user) }
|
|
|
|
let!(:public_snippet_other) { create(:personal_snippet, :public, author: other_user) }
|
|
|
|
let!(:private_snippet_other) { create(:personal_snippet, :private, author: other_user) }
|
|
|
|
let!(:internal_snippet_other) { create(:personal_snippet, :internal, author: other_user) }
|
|
|
|
|
|
|
|
it 'returns all snippets with public visibility from all users' do
|
|
|
|
get api("/snippets/public", user)
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(200)
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(response).to include_pagination_headers
|
|
|
|
expect(json_response).to be_an Array
|
|
|
|
expect(json_response.map { |snippet| snippet['id']} ).to contain_exactly(
|
|
|
|
public_snippet.id,
|
|
|
|
public_snippet_other.id)
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(json_response.map { |snippet| snippet['web_url']} ).to include(
|
2017-08-17 22:00:37 +05:30
|
|
|
"http://localhost/snippets/#{public_snippet.id}",
|
|
|
|
"http://localhost/snippets/#{public_snippet_other.id}")
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(json_response.map { |snippet| snippet['raw_url']} ).to include(
|
2017-08-17 22:00:37 +05:30
|
|
|
"http://localhost/snippets/#{public_snippet.id}/raw",
|
|
|
|
"http://localhost/snippets/#{public_snippet_other.id}/raw")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'GET /snippets/:id/raw' do
|
|
|
|
let(:snippet) { create(:personal_snippet, author: user) }
|
|
|
|
|
|
|
|
it 'returns raw text' do
|
|
|
|
get api("/snippets/#{snippet.id}/raw", user)
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(200)
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(response.content_type).to eq 'text/plain'
|
|
|
|
expect(response.body).to eq(snippet.content)
|
|
|
|
end
|
|
|
|
|
2019-02-13 22:33:31 +05:30
|
|
|
it 'forces attachment content disposition' do
|
|
|
|
get api("/snippets/#{snippet.id}/raw", user)
|
|
|
|
|
|
|
|
expect(headers['Content-Disposition']).to match(/^attachment/)
|
|
|
|
end
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
it 'returns 404 for invalid snippet id' do
|
|
|
|
get api("/snippets/1234/raw", user)
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(404)
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(json_response['message']).to eq('404 Snippet Not Found')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-09-10 17:25:29 +05:30
|
|
|
describe 'GET /snippets/:id' do
|
|
|
|
let(:snippet) { create(:personal_snippet, author: user) }
|
|
|
|
|
|
|
|
it 'returns snippet json' do
|
|
|
|
get api("/snippets/#{snippet.id}", user)
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(200)
|
2017-09-10 17:25:29 +05:30
|
|
|
|
|
|
|
expect(json_response['title']).to eq(snippet.title)
|
|
|
|
expect(json_response['description']).to eq(snippet.description)
|
|
|
|
expect(json_response['file_name']).to eq(snippet.file_name)
|
2018-11-08 19:23:39 +05:30
|
|
|
expect(json_response['visibility']).to eq(snippet.visibility)
|
2017-09-10 17:25:29 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns 404 for invalid snippet id' do
|
|
|
|
get api("/snippets/1234", user)
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(404)
|
2017-09-10 17:25:29 +05:30
|
|
|
expect(json_response['message']).to eq('404 Not found')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
describe 'POST /snippets/' do
|
|
|
|
let(:params) do
|
|
|
|
{
|
|
|
|
title: 'Test Title',
|
|
|
|
file_name: 'test.rb',
|
2017-09-10 17:25:29 +05:30
|
|
|
description: 'test description',
|
2017-08-17 22:00:37 +05:30
|
|
|
content: 'puts "hello world"',
|
|
|
|
visibility: 'public'
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates a new snippet' do
|
|
|
|
expect do
|
2019-02-13 22:33:31 +05:30
|
|
|
post api("/snippets/", user), params: params
|
2017-08-17 22:00:37 +05:30
|
|
|
end.to change { PersonalSnippet.count }.by(1)
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(201)
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(json_response['title']).to eq(params[:title])
|
2017-09-10 17:25:29 +05:30
|
|
|
expect(json_response['description']).to eq(params[:description])
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(json_response['file_name']).to eq(params[:file_name])
|
2018-11-08 19:23:39 +05:30
|
|
|
expect(json_response['visibility']).to eq(params[:visibility])
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns 400 for missing parameters' do
|
|
|
|
params.delete(:title)
|
|
|
|
|
2019-02-13 22:33:31 +05:30
|
|
|
post api("/snippets/", user), params: params
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(400)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the snippet is spam' do
|
|
|
|
def create_snippet(snippet_params = {})
|
2019-02-13 22:33:31 +05:30
|
|
|
post api('/snippets', user), params: params.merge(snippet_params)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
2018-03-17 18:26:18 +05:30
|
|
|
allow_any_instance_of(AkismetService).to receive(:spam?).and_return(true)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the snippet is private' do
|
|
|
|
it 'creates the snippet' do
|
2017-09-10 17:25:29 +05:30
|
|
|
expect { create_snippet(visibility: 'private') }
|
|
|
|
.to change { Snippet.count }.by(1)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the snippet is public' do
|
|
|
|
it 'rejects the shippet' do
|
2017-09-10 17:25:29 +05:30
|
|
|
expect { create_snippet(visibility: 'public') }
|
|
|
|
.not_to change { Snippet.count }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(400)
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(json_response['message']).to eq({ "error" => "Spam detected" })
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates a spam log' do
|
2017-09-10 17:25:29 +05:30
|
|
|
expect { create_snippet(visibility: 'public') }
|
|
|
|
.to change { SpamLog.count }.by(1)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'PUT /snippets/:id' do
|
|
|
|
let(:visibility_level) { Snippet::PUBLIC }
|
|
|
|
let(:other_user) { create(:user) }
|
|
|
|
let(:snippet) do
|
|
|
|
create(:personal_snippet, author: user, visibility_level: visibility_level)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'updates snippet' do
|
|
|
|
new_content = 'New content'
|
2017-09-10 17:25:29 +05:30
|
|
|
new_description = 'New description'
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2019-02-13 22:33:31 +05:30
|
|
|
put api("/snippets/#{snippet.id}", user), params: { content: new_content, description: new_description }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(200)
|
2017-08-17 22:00:37 +05:30
|
|
|
snippet.reload
|
|
|
|
expect(snippet.content).to eq(new_content)
|
2017-09-10 17:25:29 +05:30
|
|
|
expect(snippet.description).to eq(new_description)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns 404 for invalid snippet id' do
|
2019-02-13 22:33:31 +05:30
|
|
|
put api("/snippets/1234", user), params: { title: 'foo' }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(404)
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(json_response['message']).to eq('404 Snippet Not Found')
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns 404 for another user's snippet" do
|
2019-02-13 22:33:31 +05:30
|
|
|
put api("/snippets/#{snippet.id}", other_user), params: { title: 'fubar' }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(404)
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(json_response['message']).to eq('404 Snippet Not Found')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns 400 for missing parameters' do
|
|
|
|
put api("/snippets/1234", user)
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(400)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the snippet is spam' do
|
|
|
|
def update_snippet(snippet_params = {})
|
2019-02-13 22:33:31 +05:30
|
|
|
put api("/snippets/#{snippet.id}", user), params: snippet_params
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
2018-03-17 18:26:18 +05:30
|
|
|
allow_any_instance_of(AkismetService).to receive(:spam?).and_return(true)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the snippet is private' do
|
|
|
|
let(:visibility_level) { Snippet::PRIVATE }
|
|
|
|
|
|
|
|
it 'updates the snippet' do
|
2017-09-10 17:25:29 +05:30
|
|
|
expect { update_snippet(title: 'Foo') }
|
|
|
|
.to change { snippet.reload.title }.to('Foo')
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the snippet is public' do
|
|
|
|
let(:visibility_level) { Snippet::PUBLIC }
|
|
|
|
|
|
|
|
it 'rejects the shippet' do
|
2017-09-10 17:25:29 +05:30
|
|
|
expect { update_snippet(title: 'Foo') }
|
|
|
|
.not_to change { snippet.reload.title }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(400)
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(json_response['message']).to eq({ "error" => "Spam detected" })
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates a spam log' do
|
2017-09-10 17:25:29 +05:30
|
|
|
expect { update_snippet(title: 'Foo') }
|
|
|
|
.to change { SpamLog.count }.by(1)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when a private snippet is made public' do
|
|
|
|
let(:visibility_level) { Snippet::PRIVATE }
|
|
|
|
|
|
|
|
it 'rejects the snippet' do
|
2017-09-10 17:25:29 +05:30
|
|
|
expect { update_snippet(title: 'Foo', visibility: 'public') }
|
|
|
|
.not_to change { snippet.reload.title }
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates a spam log' do
|
2017-09-10 17:25:29 +05:30
|
|
|
expect { update_snippet(title: 'Foo', visibility: 'public') }
|
|
|
|
.to change { SpamLog.count }.by(1)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'DELETE /snippets/:id' do
|
|
|
|
let!(:public_snippet) { create(:personal_snippet, :public, author: user) }
|
|
|
|
it 'deletes snippet' do
|
|
|
|
expect do
|
|
|
|
delete api("/snippets/#{public_snippet.id}", user)
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(204)
|
2017-08-17 22:00:37 +05:30
|
|
|
end.to change { PersonalSnippet.count }.by(-1)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns 404 for invalid snippet id' do
|
|
|
|
delete api("/snippets/1234", user)
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(404)
|
2017-08-17 22:00:37 +05:30
|
|
|
expect(json_response['message']).to eq('404 Snippet Not Found')
|
|
|
|
end
|
2018-03-17 18:26:18 +05:30
|
|
|
|
|
|
|
it_behaves_like '412 response' do
|
|
|
|
let(:request) { api("/snippets/#{public_snippet.id}", user) }
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
2017-09-10 17:25:29 +05:30
|
|
|
|
|
|
|
describe "GET /snippets/:id/user_agent_detail" do
|
|
|
|
let(:admin) { create(:admin) }
|
|
|
|
let(:snippet) { create(:personal_snippet, :public, author: user) }
|
|
|
|
let!(:user_agent_detail) { create(:user_agent_detail, subject: snippet) }
|
|
|
|
|
|
|
|
it 'exposes known attributes' do
|
|
|
|
get api("/snippets/#{snippet.id}/user_agent_detail", admin)
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(200)
|
2017-09-10 17:25:29 +05:30
|
|
|
expect(json_response['user_agent']).to eq(user_agent_detail.user_agent)
|
|
|
|
expect(json_response['ip_address']).to eq(user_agent_detail.ip_address)
|
|
|
|
expect(json_response['akismet_submitted']).to eq(user_agent_detail.submitted)
|
|
|
|
end
|
|
|
|
|
2018-11-08 19:23:39 +05:30
|
|
|
it "returns unauthorized for non-admin users" do
|
2017-09-10 17:25:29 +05:30
|
|
|
get api("/snippets/#{snippet.id}/user_agent_detail", user)
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
expect(response).to have_gitlab_http_status(403)
|
2017-09-10 17:25:29 +05:30
|
|
|
end
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|