debian-mirror-gitlab/spec/lib/gitlab/lfs_token_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

220 lines
6.3 KiB
Ruby
Raw Normal View History

2019-02-15 15:39:39 +05:30
# frozen_string_literal: true
2016-09-29 09:46:39 +05:30
require 'spec_helper'
2020-07-28 23:09:34 +05:30
RSpec.describe Gitlab::LfsToken, :clean_gitlab_redis_shared_state do
2020-06-23 00:09:42 +05:30
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project) }
let_it_be(:deploy_key) { create(:deploy_key) }
let(:actor) { user }
let(:lfs_token) { described_class.new(actor) }
2016-10-01 15:18:49 +05:30
describe '#token' do
2019-07-07 11:18:12 +05:30
shared_examples 'a valid LFS token' do
2019-02-15 15:39:39 +05:30
it 'returns a computed token' do
token = lfs_token.token
2016-09-29 09:46:39 +05:30
expect(token).not_to be_nil
expect(token).to be_a String
2020-06-23 00:09:42 +05:30
expect(described_class.new(actor).token_valid?(token)).to be true
2016-09-29 09:46:39 +05:30
end
2019-02-15 15:39:39 +05:30
end
context 'when the actor is a user' do
2019-07-07 11:18:12 +05:30
it_behaves_like 'a valid LFS token'
2016-09-29 09:46:39 +05:30
2019-02-15 15:39:39 +05:30
it 'returns the correct username' do
expect(lfs_token.actor_name).to eq(actor.username)
end
2016-09-29 09:46:39 +05:30
2019-02-15 15:39:39 +05:30
it 'returns the correct token type' do
expect(lfs_token.type).to eq(:lfs_token)
2016-09-29 09:46:39 +05:30
end
end
2019-02-15 15:39:39 +05:30
context 'when the actor is a key' do
2020-06-23 00:09:42 +05:30
let_it_be(:actor) { create(:key, user: user) }
2019-02-15 15:39:39 +05:30
2019-07-07 11:18:12 +05:30
it_behaves_like 'a valid LFS token'
2016-09-29 09:46:39 +05:30
it 'returns the correct username' do
2019-02-15 15:39:39 +05:30
expect(lfs_token.actor_name).to eq(user.username)
2016-09-29 09:46:39 +05:30
end
it 'returns the correct token type' do
2019-02-15 15:39:39 +05:30
expect(lfs_token.type).to eq(:lfs_token)
2016-09-29 09:46:39 +05:30
end
end
context 'when the actor is a deploy key' do
2020-06-23 00:09:42 +05:30
let(:actor) { deploy_key }
2019-02-15 15:39:39 +05:30
let(:actor_id) { 1 }
before do
allow(actor).to receive(:id).and_return(actor_id)
end
2016-09-29 09:46:39 +05:30
2019-07-07 11:18:12 +05:30
it_behaves_like 'a valid LFS token'
2016-09-29 09:46:39 +05:30
it 'returns the correct username' do
2019-02-15 15:39:39 +05:30
expect(lfs_token.actor_name).to eq("lfs+deploy-key-#{actor_id}")
2016-09-29 09:46:39 +05:30
end
it 'returns the correct token type' do
2019-02-15 15:39:39 +05:30
expect(lfs_token.type).to eq(:lfs_deploy_token)
end
end
context 'when the actor is invalid' do
it 'raises an exception' do
expect { described_class.new('invalid') }.to raise_error('Bad Actor')
end
end
end
describe '#token_valid?' do
2019-09-04 21:01:54 +05:30
context 'where the token is invalid' do
context "because it's junk" do
it 'returns false' do
2020-06-23 00:09:42 +05:30
expect(lfs_token.token_valid?('junk')).to be false
2019-02-15 15:39:39 +05:30
end
end
2019-09-04 21:01:54 +05:30
context "because it's been fiddled with" do
it 'returns false' do
fiddled_token = lfs_token.token.tap { |token| token[0] = 'E' }
2020-06-23 00:09:42 +05:30
expect(lfs_token.token_valid?(fiddled_token)).to be false
2019-02-15 15:39:39 +05:30
end
end
2020-06-23 00:09:42 +05:30
context 'because it was generated with a different secret' do
2019-09-04 21:01:54 +05:30
it 'returns false' do
different_actor = create(:user, username: 'test_user_lfs_2')
different_secret_token = described_class.new(different_actor).token
2020-06-23 00:09:42 +05:30
expect(lfs_token.token_valid?(different_secret_token)).to be false
2019-02-15 15:39:39 +05:30
end
2019-09-04 21:01:54 +05:30
end
2019-02-15 15:39:39 +05:30
2019-09-04 21:01:54 +05:30
context "because it's expired" do
it 'returns false' do
expired_token = lfs_token.token
2020-06-23 00:09:42 +05:30
# Needs to be at least LfsToken::DEFAULT_EXPIRE_TIME + 60 seconds
# in order to check whether it is valid 1 minute after it has expired
2021-01-03 14:25:43 +05:30
travel_to(Time.now + described_class::DEFAULT_EXPIRE_TIME + 60) do
2020-06-23 00:09:42 +05:30
expect(lfs_token.token_valid?(expired_token)).to be false
2019-02-15 15:39:39 +05:30
end
end
end
context 'where the token is valid' do
it 'returns true' do
2020-06-23 00:09:42 +05:30
expect(lfs_token.token_valid?(lfs_token.token)).to be true
2019-02-15 15:39:39 +05:30
end
end
2019-12-21 20:55:43 +05:30
context 'when the actor is a regular user' do
context 'when the user is blocked' do
let(:actor) { create(:user, :blocked) }
it 'returns false' do
2020-06-23 00:09:42 +05:30
expect(lfs_token.token_valid?(lfs_token.token)).to be false
2019-12-21 20:55:43 +05:30
end
end
context 'when the user password is expired' do
let(:actor) { create(:user, password_expires_at: 1.minute.ago) }
it 'returns false' do
2020-06-23 00:09:42 +05:30
expect(lfs_token.token_valid?(lfs_token.token)).to be false
2019-12-21 20:55:43 +05:30
end
end
end
context 'when the actor is an ldap user' do
2021-09-30 23:02:18 +05:30
let(:actor) { create(:omniauth_user, provider: 'ldap') }
2019-12-21 20:55:43 +05:30
context 'when the user is blocked' do
2021-09-30 23:02:18 +05:30
before do
actor.block!
end
2019-12-21 20:55:43 +05:30
it 'returns false' do
2020-06-23 00:09:42 +05:30
expect(lfs_token.token_valid?(lfs_token.token)).to be false
2019-12-21 20:55:43 +05:30
end
end
context 'when the user password is expired' do
2021-09-30 23:02:18 +05:30
before do
actor.update!(password_expires_at: 1.minute.ago)
end
2019-12-21 20:55:43 +05:30
it 'returns true' do
2020-06-23 00:09:42 +05:30
expect(lfs_token.token_valid?(lfs_token.token)).to be true
2019-12-21 20:55:43 +05:30
end
end
end
2019-02-15 15:39:39 +05:30
end
end
describe '#deploy_key_pushable?' do
context 'when actor is not a DeployKey' do
it 'returns false' do
2020-06-23 00:09:42 +05:30
expect(lfs_token.deploy_key_pushable?(project)).to be false
2019-02-15 15:39:39 +05:30
end
end
context 'when actor is a DeployKey' do
2020-06-23 00:09:42 +05:30
let(:deploy_keys_project) { create(:deploy_keys_project, project: project, can_push: can_push) }
2019-02-15 15:39:39 +05:30
let(:actor) { deploy_keys_project.deploy_key }
context 'but the DeployKey cannot push to the project' do
let(:can_push) { false }
it 'returns false' do
2020-06-23 00:09:42 +05:30
expect(lfs_token.deploy_key_pushable?(project)).to be false
2019-02-15 15:39:39 +05:30
end
end
context 'and the DeployKey can push to the project' do
let(:can_push) { true }
it 'returns true' do
2020-06-23 00:09:42 +05:30
expect(lfs_token.deploy_key_pushable?(project)).to be true
2019-02-15 15:39:39 +05:30
end
end
end
end
describe '#type' do
context 'when actor is not a User' do
2020-06-23 00:09:42 +05:30
let(:actor) { deploy_key }
2019-02-15 15:39:39 +05:30
2020-06-23 00:09:42 +05:30
it 'returns :lfs_deploy_token type' do
2019-02-15 15:39:39 +05:30
expect(lfs_token.type).to eq(:lfs_deploy_token)
end
end
context 'when actor is a User' do
2020-06-23 00:09:42 +05:30
it 'returns :lfs_token type' do
2019-02-15 15:39:39 +05:30
expect(lfs_token.type).to eq(:lfs_token)
2016-09-29 09:46:39 +05:30
end
end
end
2019-07-07 11:18:12 +05:30
describe '#authentication_payload' do
it 'returns a Hash designed for gitlab-shell' do
repo_http_path = 'http://localhost/user/repo.git'
authentication_payload = lfs_token.authentication_payload(repo_http_path)
expect(authentication_payload[:username]).to eq(actor.username)
expect(authentication_payload[:repository_http_path]).to eq(repo_http_path)
expect(authentication_payload[:lfs_token]).to be_a String
expect(authentication_payload[:expires_in]).to eq(described_class::DEFAULT_EXPIRE_TIME)
end
end
2016-09-29 09:46:39 +05:30
end