debian-mirror-gitlab/spec/initializers/settings_spec.rb

# frozen_string_literal: true

require 'spec_helper'
require_relative '../../config/initializers/1_settings' unless defined?(Settings)

RSpec.describe Settings do
  describe '#ldap' do
    it 'can be accessed with dot syntax all the way down' do
      expect(Gitlab.config.ldap.servers.main.label).to eq('ldap')
    end

    # Specifically trying to cause this error discovered in EE when removing the
    # reassignment of each server element with Settingslogic.
    #
    #   `undefined method `label' for #<Hash:0x007fbd18b59c08>`
    #
    it 'can be accessed in a very specific way that breaks without reassigning each element with Settingslogic' do
      server_settings = Gitlab.config.ldap.servers['main']
      expect(server_settings.label).to eq('ldap')
    end
  end

  describe '#host_without_www' do
    context 'URL with protocol' do
      it 'returns the host' do
        expect(described_class.host_without_www('http://foo.com')).to eq 'foo.com'
        expect(described_class.host_without_www('http://www.foo.com')).to eq 'foo.com'
        expect(described_class.host_without_www('http://secure.foo.com')).to eq 'secure.foo.com'
        expect(described_class.host_without_www('https://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon')).to eq 'gravatar.com'

        expect(described_class.host_without_www('https://foo.com')).to eq 'foo.com'
        expect(described_class.host_without_www('https://www.foo.com')).to eq 'foo.com'
        expect(described_class.host_without_www('https://secure.foo.com')).to eq 'secure.foo.com'
        expect(described_class.host_without_www('https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon')).to eq 'secure.gravatar.com'
      end
    end

    context 'URL without protocol' do
      it 'returns the host' do
        expect(described_class.host_without_www('foo.com')).to eq 'foo.com'
        expect(described_class.host_without_www('www.foo.com')).to eq 'foo.com'
        expect(described_class.host_without_www('secure.foo.com')).to eq 'secure.foo.com'
        expect(described_class.host_without_www('www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon')).to eq 'gravatar.com'
      end

      context 'URL with user/port' do
        it 'returns the host' do
          expect(described_class.host_without_www('bob:pass@foo.com:8080')).to eq 'foo.com'
          expect(described_class.host_without_www('bob:pass@www.foo.com:8080')).to eq 'foo.com'
          expect(described_class.host_without_www('bob:pass@secure.foo.com:8080')).to eq 'secure.foo.com'
          expect(described_class.host_without_www('bob:pass@www.gravatar.com:8080/avatar/%{hash}?s=%{size}&d=identicon')).to eq 'gravatar.com'

          expect(described_class.host_without_www('http://bob:pass@foo.com:8080')).to eq 'foo.com'
          expect(described_class.host_without_www('http://bob:pass@www.foo.com:8080')).to eq 'foo.com'
          expect(described_class.host_without_www('http://bob:pass@secure.foo.com:8080')).to eq 'secure.foo.com'
          expect(described_class.host_without_www('http://bob:pass@www.gravatar.com:8080/avatar/%{hash}?s=%{size}&d=identicon')).to eq 'gravatar.com'
        end
      end
    end
  end

  describe "#weak_passwords_digest_set" do
    subject { described_class.gitlab.weak_passwords_digest_set }

    it 'is a Set' do
      expect(subject).to be_kind_of(Set)
    end

    it 'contains 4500 password digests' do
      expect(subject.length).to eq(4500)
    end

    it 'includes 8 char weak password digest' do
      expect(subject).to include(digest("password"))
    end

    it 'includes 16 char weak password digest' do
      expect(subject).to include(digest("progressivehouse"))
    end

    it 'includes long char weak password digest' do
      expect(subject).to include(digest("01234567890123456789"))
    end

    it 'does not include 7 char weak password digest' do
      expect(subject).not_to include(digest("1234567"))
    end

    it 'does not include plaintext' do
      expect(subject).not_to include("password")
    end

    def digest(plaintext)
      Digest::SHA256.base64digest(plaintext)
    end
  end
end
-												New upstream version 12.5.4
											
										
										
											2019-12-26 22:10:19 +05:30
+								# frozen_string_literal: true
-												Imported Upstream version 8.10.5+dfsg
											
										
										
											2016-08-24 12:49:21 +05:30
+								require 'spec_helper'
-												New upstream version 10.7.3+dfsg
											
										
										
											2018-05-09 12:01:36 +05:30
+								require_relative '../../config/initializers/1_settings' unless defined?(Settings)
-												Imported Upstream version 8.4.0+dfsg
											
										
										
											2016-01-29 22:53:50 +05:30
-												New upstream version 13.2.1
											
										
										
											2020-07-28 23:09:34 +05:30
+								RSpec.describe Settings do
-												New upstream version 10.5.5+dfsg
											
										
										
											2018-03-17 18:26:18 +05:30
+								  describe '#ldap' do
 								    it 'can be accessed with dot syntax all the way down' do
 								      expect(Gitlab.config.ldap.servers.main.label).to eq('ldap')
 								    end
-												New upstream version 9.5.4+dfsg
											
										
										
											2017-09-10 17:25:29 +05:30
-												New upstream version 10.5.5+dfsg
											
										
										
											2018-03-17 18:26:18 +05:30
+								    # Specifically trying to cause this error discovered in EE when removing the
 								    # reassignment of each server element with Settingslogic.
 								    #
 								    #   `undefined method `label' for #<Hash:0x007fbd18b59c08>`
 								    #
 								    it 'can be accessed in a very specific way that breaks without reassigning each element with Settingslogic' do
 								      server_settings = Gitlab.config.ldap.servers['main']
 								      expect(server_settings.label).to eq('ldap')
-												New upstream version 9.5.4+dfsg
											
										
										
											2017-09-10 17:25:29 +05:30
+								    end
 								  end
-												Imported Upstream version 8.4.0+dfsg
											
										
										
											2016-01-29 22:53:50 +05:30
+								  describe '#host_without_www' do
 								    context 'URL with protocol' do
 								      it 'returns the host' do
-												New upstream version 9.5.4+dfsg
											
										
										
											2017-09-10 17:25:29 +05:30
+								        expect(described_class.host_without_www('http://foo.com')).to eq 'foo.com'
 								        expect(described_class.host_without_www('http://www.foo.com')).to eq 'foo.com'
 								        expect(described_class.host_without_www('http://secure.foo.com')).to eq 'secure.foo.com'
-												New upstream version 10.5.5+dfsg
											
										
										
											2018-03-17 18:26:18 +05:30
+								        expect(described_class.host_without_www('https://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon')).to eq 'gravatar.com'
-												Imported Upstream version 8.4.0+dfsg
											
										
										
											2016-01-29 22:53:50 +05:30
-												New upstream version 9.5.4+dfsg
											
										
										
											2017-09-10 17:25:29 +05:30
+								        expect(described_class.host_without_www('https://foo.com')).to eq 'foo.com'
 								        expect(described_class.host_without_www('https://www.foo.com')).to eq 'foo.com'
 								        expect(described_class.host_without_www('https://secure.foo.com')).to eq 'secure.foo.com'
 								        expect(described_class.host_without_www('https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon')).to eq 'secure.gravatar.com'
-												Imported Upstream version 8.4.0+dfsg
											
										
										
											2016-01-29 22:53:50 +05:30
+								      end
 								    end
 								    context 'URL without protocol' do
 								      it 'returns the host' do
-												New upstream version 9.5.4+dfsg
											
										
										
											2017-09-10 17:25:29 +05:30
+								        expect(described_class.host_without_www('foo.com')).to eq 'foo.com'
 								        expect(described_class.host_without_www('www.foo.com')).to eq 'foo.com'
 								        expect(described_class.host_without_www('secure.foo.com')).to eq 'secure.foo.com'
 								        expect(described_class.host_without_www('www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon')).to eq 'gravatar.com'
-												Imported Upstream version 8.4.0+dfsg
											
										
										
											2016-01-29 22:53:50 +05:30
+								      end
 								      context 'URL with user/port' do
 								        it 'returns the host' do
-												New upstream version 9.5.4+dfsg
											
										
										
											2017-09-10 17:25:29 +05:30
+								          expect(described_class.host_without_www('bob:pass@foo.com:8080')).to eq 'foo.com'
 								          expect(described_class.host_without_www('bob:pass@www.foo.com:8080')).to eq 'foo.com'
 								          expect(described_class.host_without_www('bob:pass@secure.foo.com:8080')).to eq 'secure.foo.com'
 								          expect(described_class.host_without_www('bob:pass@www.gravatar.com:8080/avatar/%{hash}?s=%{size}&d=identicon')).to eq 'gravatar.com'
-												Imported Upstream version 8.4.0+dfsg
											
										
										
											2016-01-29 22:53:50 +05:30
-												New upstream version 9.5.4+dfsg
											
										
										
											2017-09-10 17:25:29 +05:30
+								          expect(described_class.host_without_www('http://bob:pass@foo.com:8080')).to eq 'foo.com'
 								          expect(described_class.host_without_www('http://bob:pass@www.foo.com:8080')).to eq 'foo.com'
 								          expect(described_class.host_without_www('http://bob:pass@secure.foo.com:8080')).to eq 'secure.foo.com'
 								          expect(described_class.host_without_www('http://bob:pass@www.gravatar.com:8080/avatar/%{hash}?s=%{size}&d=identicon')).to eq 'gravatar.com'
-												Imported Upstream version 8.4.0+dfsg
											
										
										
											2016-01-29 22:53:50 +05:30
+								        end
 								      end
 								    end
 								  end
-												New upstream version 15.4.2+ds1
											
										
										
											2022-10-11 01:57:18 +05:30
 								  describe "#weak_passwords_digest_set" do
 								    subject { described_class.gitlab.weak_passwords_digest_set }
 								    it 'is a Set' do
 								      expect(subject).to be_kind_of(Set)
 								    end
 								    it 'contains 4500 password digests' do
 								      expect(subject.length).to eq(4500)
 								    end
 								    it 'includes 8 char weak password digest' do
 								      expect(subject).to include(digest("password"))
 								    end
 								    it 'includes 16 char weak password digest' do
 								      expect(subject).to include(digest("progressivehouse"))
 								    end
 								    it 'includes long char weak password digest' do
 								      expect(subject).to include(digest("01234567890123456789"))
 								    end
 								    it 'does not include 7 char weak password digest' do
 								      expect(subject).not_to include(digest("1234567"))
 								    end
 								    it 'does not include plaintext' do
 								      expect(subject).not_to include("password")
 								    end
 								    def digest(plaintext)
 								      Digest::SHA256.base64digest(plaintext)
 								    end
 								  end
-												Imported Upstream version 8.4.0+dfsg
											
										
										
											2016-01-29 22:53:50 +05:30
+								end