2019-07-31 22:56:46 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
2014-09-02 18:07:02 +05:30
|
|
|
require 'spec_helper'
|
|
|
|
|
|
2020-07-28 23:09:34 +05:30
|
|
|
RSpec.describe SearchService do
|
2020-04-22 19:07:51 +05:30
|
|
|
let_it_be(:user) { create(:user) }
|
2014-09-02 18:07:02 +05:30
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
let_it_be(:accessible_group) { create(:group, :private) }
|
|
|
|
|
let_it_be(:inaccessible_group) { create(:group, :private) }
|
|
|
|
|
let_it_be(:group_member) { create(:group_member, group: accessible_group, user: user) }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
let_it_be(:accessible_project) { create(:project, :repository, :private, name: 'accessible_project') }
|
|
|
|
|
let_it_be(:note) { create(:note_on_issue, project: accessible_project) }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
let_it_be(:inaccessible_project) { create(:project, :repository, :private, name: 'inaccessible_project') }
|
2020-04-08 14:13:33 +05:30
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
let(:snippet) { create(:snippet, author: user) }
|
2017-09-10 17:25:29 +05:30
|
|
|
let(:group_project) { create(:project, group: accessible_group, name: 'group_project') }
|
|
|
|
|
let(:public_project) { create(:project, :public, name: 'public_project') }
|
2014-09-02 18:07:02 +05:30
|
|
|
|
2021-01-29 00:20:46 +05:30
|
|
|
let(:page) { 1 }
|
2020-05-24 23:13:21 +05:30
|
|
|
let(:per_page) { described_class::DEFAULT_PER_PAGE }
|
2022-01-26 12:08:38 +05:30
|
|
|
let(:valid_search) { "what is love?" }
|
2020-05-24 23:13:21 +05:30
|
|
|
|
2021-01-29 00:20:46 +05:30
|
|
|
subject(:search_service) { described_class.new(user, search: search, scope: scope, page: page, per_page: per_page) }
|
2020-04-08 14:13:33 +05:30
|
|
|
|
2014-09-02 18:07:02 +05:30
|
|
|
before do
|
2018-11-18 11:00:15 +05:30
|
|
|
accessible_project.add_maintainer(user)
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#project' do
|
|
|
|
|
context 'when the project is accessible' do
|
|
|
|
|
it 'returns the project' do
|
2022-01-26 12:08:38 +05:30
|
|
|
project = described_class.new(user, project_id: accessible_project.id, search: valid_search).project
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(project).to eq accessible_project
|
|
|
|
|
end
|
2017-09-10 17:25:29 +05:30
|
|
|
|
|
|
|
|
it 'returns the project for guests' do
|
|
|
|
|
search_project = create :project
|
|
|
|
|
search_project.add_guest(user)
|
|
|
|
|
|
2022-01-26 12:08:38 +05:30
|
|
|
project = described_class.new(user, project_id: search_project.id, search: valid_search).project
|
2017-09-10 17:25:29 +05:30
|
|
|
|
|
|
|
|
expect(project).to eq search_project
|
|
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when the project is not accessible' do
|
|
|
|
|
it 'returns nil' do
|
2022-01-26 12:08:38 +05:30
|
|
|
project = described_class.new(user, project_id: inaccessible_project.id, search: valid_search).project
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(project).to be_nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when there is no project_id' do
|
|
|
|
|
it 'returns nil' do
|
2022-01-26 12:08:38 +05:30
|
|
|
project = described_class.new(user, search: valid_search).project
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(project).to be_nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#group' do
|
|
|
|
|
context 'when the group is accessible' do
|
|
|
|
|
it 'returns the group' do
|
2022-01-26 12:08:38 +05:30
|
|
|
group = described_class.new(user, group_id: accessible_group.id, search: valid_search).group
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(group).to eq accessible_group
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when the group is not accessible' do
|
|
|
|
|
it 'returns nil' do
|
2022-01-26 12:08:38 +05:30
|
|
|
group = described_class.new(user, group_id: inaccessible_group.id, search: valid_search).group
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(group).to be_nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when there is no group_id' do
|
|
|
|
|
it 'returns nil' do
|
2022-01-26 12:08:38 +05:30
|
|
|
group = described_class.new(user, search: valid_search).group
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(group).to be_nil
|
|
|
|
|
end
|
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
describe '#show_snippets?' do
|
|
|
|
|
context 'when :snippets is \'true\'' do
|
|
|
|
|
it 'returns true' do
|
2017-09-10 17:25:29 +05:30
|
|
|
show_snippets = described_class.new(user, snippets: 'true').show_snippets?
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(show_snippets).to be_truthy
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
context 'when :snippets is not \'true\'' do
|
|
|
|
|
it 'returns false' do
|
2017-09-10 17:25:29 +05:30
|
|
|
show_snippets = described_class.new(user, snippets: 'tru').show_snippets?
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(show_snippets).to be_falsey
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when :snippets is missing' do
|
|
|
|
|
it 'returns false' do
|
2017-09-10 17:25:29 +05:30
|
|
|
show_snippets = described_class.new(user).show_snippets?
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(show_snippets).to be_falsey
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#scope' do
|
|
|
|
|
context 'with accessible project_id' do
|
|
|
|
|
context 'and allowed scope' do
|
|
|
|
|
it 'returns the specified scope' do
|
2022-01-26 12:08:38 +05:30
|
|
|
scope = described_class.new(user, project_id: accessible_project.id, scope: 'notes', search: valid_search).scope
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(scope).to eq 'notes'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'and disallowed scope' do
|
|
|
|
|
it 'returns the default scope' do
|
2022-01-26 12:08:38 +05:30
|
|
|
scope = described_class.new(user, project_id: accessible_project.id, scope: 'projects', search: valid_search).scope
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(scope).to eq 'blobs'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'and no scope' do
|
|
|
|
|
it 'returns the default scope' do
|
2022-01-26 12:08:38 +05:30
|
|
|
scope = described_class.new(user, project_id: accessible_project.id, search: valid_search).scope
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(scope).to eq 'blobs'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'with \'true\' snippets' do
|
|
|
|
|
context 'and allowed scope' do
|
|
|
|
|
it 'returns the specified scope' do
|
2017-09-10 17:25:29 +05:30
|
|
|
scope = described_class.new(user, snippets: 'true', scope: 'snippet_titles').scope
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(scope).to eq 'snippet_titles'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'and disallowed scope' do
|
|
|
|
|
it 'returns the default scope' do
|
2017-09-10 17:25:29 +05:30
|
|
|
scope = described_class.new(user, snippets: 'true', scope: 'projects').scope
|
2014-09-02 18:07:02 +05:30
|
|
|
|
2020-05-24 23:13:21 +05:30
|
|
|
expect(scope).to eq 'snippet_titles'
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
context 'and no scope' do
|
|
|
|
|
it 'returns the default scope' do
|
2017-09-10 17:25:29 +05:30
|
|
|
scope = described_class.new(user, snippets: 'true').scope
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2020-05-24 23:13:21 +05:30
|
|
|
expect(scope).to eq 'snippet_titles'
|
2017-08-17 22:00:37 +05:30
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'with no project_id, no snippets' do
|
|
|
|
|
context 'and allowed scope' do
|
|
|
|
|
it 'returns the specified scope' do
|
2017-09-10 17:25:29 +05:30
|
|
|
scope = described_class.new(user, scope: 'issues').scope
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(scope).to eq 'issues'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'and disallowed scope' do
|
|
|
|
|
it 'returns the default scope' do
|
2017-09-10 17:25:29 +05:30
|
|
|
scope = described_class.new(user, scope: 'blobs').scope
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(scope).to eq 'projects'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'and no scope' do
|
|
|
|
|
it 'returns the default scope' do
|
2017-09-10 17:25:29 +05:30
|
|
|
scope = described_class.new(user).scope
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(scope).to eq 'projects'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#search_results' do
|
|
|
|
|
context 'with accessible project_id' do
|
|
|
|
|
it 'returns an instance of Gitlab::ProjectSearchResults' do
|
2017-09-10 17:25:29 +05:30
|
|
|
search_results = described_class.new(
|
2017-08-17 22:00:37 +05:30
|
|
|
user,
|
|
|
|
|
project_id: accessible_project.id,
|
|
|
|
|
scope: 'notes',
|
|
|
|
|
search: note.note).search_results
|
|
|
|
|
|
|
|
|
|
expect(search_results).to be_a Gitlab::ProjectSearchResults
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'with accessible project_id and \'true\' snippets' do
|
|
|
|
|
it 'returns an instance of Gitlab::ProjectSearchResults' do
|
2017-09-10 17:25:29 +05:30
|
|
|
search_results = described_class.new(
|
2017-08-17 22:00:37 +05:30
|
|
|
user,
|
|
|
|
|
project_id: accessible_project.id,
|
|
|
|
|
snippets: 'true',
|
|
|
|
|
scope: 'notes',
|
|
|
|
|
search: note.note).search_results
|
|
|
|
|
|
|
|
|
|
expect(search_results).to be_a Gitlab::ProjectSearchResults
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'with \'true\' snippets' do
|
|
|
|
|
it 'returns an instance of Gitlab::SnippetSearchResults' do
|
2017-09-10 17:25:29 +05:30
|
|
|
search_results = described_class.new(
|
2017-08-17 22:00:37 +05:30
|
|
|
user,
|
|
|
|
|
snippets: 'true',
|
2020-05-24 23:13:21 +05:30
|
|
|
search: snippet.title).search_results
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(search_results).to be_a Gitlab::SnippetSearchResults
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'with no project_id and no snippets' do
|
|
|
|
|
it 'returns an instance of Gitlab::SearchResults' do
|
2017-09-10 17:25:29 +05:30
|
|
|
search_results = described_class.new(
|
2017-08-17 22:00:37 +05:30
|
|
|
user,
|
|
|
|
|
search: public_project.name).search_results
|
|
|
|
|
|
|
|
|
|
expect(search_results).to be_a Gitlab::SearchResults
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#search_objects' do
|
2021-01-29 00:20:46 +05:30
|
|
|
let(:search) { '' }
|
|
|
|
|
let(:scope) { nil }
|
2020-05-24 23:13:21 +05:30
|
|
|
|
2021-01-29 00:20:46 +05:30
|
|
|
describe 'per_page: parameter' do
|
2020-05-24 23:13:21 +05:30
|
|
|
context 'when nil' do
|
|
|
|
|
let(:per_page) { nil }
|
|
|
|
|
|
|
|
|
|
it "defaults to #{described_class::DEFAULT_PER_PAGE}" do
|
|
|
|
|
expect_any_instance_of(Gitlab::SearchResults)
|
|
|
|
|
.to receive(:objects)
|
|
|
|
|
.with(anything, hash_including(per_page: described_class::DEFAULT_PER_PAGE))
|
|
|
|
|
.and_call_original
|
|
|
|
|
|
|
|
|
|
subject.search_objects
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when empty string' do
|
|
|
|
|
let(:per_page) { '' }
|
|
|
|
|
|
|
|
|
|
it "defaults to #{described_class::DEFAULT_PER_PAGE}" do
|
|
|
|
|
expect_any_instance_of(Gitlab::SearchResults)
|
|
|
|
|
.to receive(:objects)
|
|
|
|
|
.with(anything, hash_including(per_page: described_class::DEFAULT_PER_PAGE))
|
|
|
|
|
.and_call_original
|
|
|
|
|
|
|
|
|
|
subject.search_objects
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when negative' do
|
|
|
|
|
let(:per_page) { '-1' }
|
|
|
|
|
|
|
|
|
|
it "defaults to #{described_class::DEFAULT_PER_PAGE}" do
|
|
|
|
|
expect_any_instance_of(Gitlab::SearchResults)
|
|
|
|
|
.to receive(:objects)
|
|
|
|
|
.with(anything, hash_including(per_page: described_class::DEFAULT_PER_PAGE))
|
|
|
|
|
.and_call_original
|
|
|
|
|
|
|
|
|
|
subject.search_objects
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when present' do
|
|
|
|
|
let(:per_page) { '50' }
|
|
|
|
|
|
|
|
|
|
it "converts to integer and passes to search results" do
|
|
|
|
|
expect_any_instance_of(Gitlab::SearchResults)
|
|
|
|
|
.to receive(:objects)
|
|
|
|
|
.with(anything, hash_including(per_page: 50))
|
|
|
|
|
.and_call_original
|
|
|
|
|
|
|
|
|
|
subject.search_objects
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context "when greater than #{described_class::MAX_PER_PAGE}" do
|
|
|
|
|
let(:per_page) { described_class::MAX_PER_PAGE + 1 }
|
|
|
|
|
|
|
|
|
|
it "passes #{described_class::MAX_PER_PAGE}" do
|
|
|
|
|
expect_any_instance_of(Gitlab::SearchResults)
|
|
|
|
|
.to receive(:objects)
|
|
|
|
|
.with(anything, hash_including(per_page: described_class::MAX_PER_PAGE))
|
|
|
|
|
.and_call_original
|
|
|
|
|
|
|
|
|
|
subject.search_objects
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2021-01-29 00:20:46 +05:30
|
|
|
describe 'page: parameter' do
|
|
|
|
|
context 'when < 1' do
|
|
|
|
|
let(:page) { 0 }
|
|
|
|
|
|
|
|
|
|
it "defaults to 1" do
|
|
|
|
|
expect_any_instance_of(Gitlab::SearchResults)
|
|
|
|
|
.to receive(:objects)
|
|
|
|
|
.with(anything, hash_including(page: 1))
|
|
|
|
|
.and_call_original
|
|
|
|
|
|
|
|
|
|
subject.search_objects
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when nil' do
|
|
|
|
|
let(:page) { nil }
|
|
|
|
|
|
|
|
|
|
it "defaults to 1" do
|
|
|
|
|
expect_any_instance_of(Gitlab::SearchResults)
|
|
|
|
|
.to receive(:objects)
|
|
|
|
|
.with(anything, hash_including(page: 1))
|
|
|
|
|
.and_call_original
|
|
|
|
|
|
|
|
|
|
subject.search_objects
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
context 'with accessible project_id' do
|
|
|
|
|
it 'returns objects in the project' do
|
2017-09-10 17:25:29 +05:30
|
|
|
search_objects = described_class.new(
|
2017-08-17 22:00:37 +05:30
|
|
|
user,
|
|
|
|
|
project_id: accessible_project.id,
|
|
|
|
|
scope: 'notes',
|
|
|
|
|
search: note.note).search_objects
|
|
|
|
|
|
|
|
|
|
expect(search_objects.first).to eq note
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'with accessible project_id and \'true\' snippets' do
|
|
|
|
|
it 'returns objects in the project' do
|
2017-09-10 17:25:29 +05:30
|
|
|
search_objects = described_class.new(
|
2017-08-17 22:00:37 +05:30
|
|
|
user,
|
|
|
|
|
project_id: accessible_project.id,
|
|
|
|
|
snippets: 'true',
|
|
|
|
|
scope: 'notes',
|
|
|
|
|
search: note.note).search_objects
|
|
|
|
|
|
|
|
|
|
expect(search_objects.first).to eq note
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'with \'true\' snippets' do
|
|
|
|
|
it 'returns objects in snippets' do
|
2017-09-10 17:25:29 +05:30
|
|
|
search_objects = described_class.new(
|
2017-08-17 22:00:37 +05:30
|
|
|
user,
|
|
|
|
|
snippets: 'true',
|
2020-05-24 23:13:21 +05:30
|
|
|
search: snippet.title).search_objects
|
2017-08-17 22:00:37 +05:30
|
|
|
|
|
|
|
|
expect(search_objects.first).to eq snippet
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'with accessible group_id' do
|
|
|
|
|
it 'returns objects in the group' do
|
2017-09-10 17:25:29 +05:30
|
|
|
search_objects = described_class.new(
|
2017-08-17 22:00:37 +05:30
|
|
|
user,
|
|
|
|
|
group_id: accessible_group.id,
|
|
|
|
|
search: group_project.name).search_objects
|
|
|
|
|
|
|
|
|
|
expect(search_objects.first).to eq group_project
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'with no project_id, group_id or snippets' do
|
|
|
|
|
it 'returns objects in global' do
|
2017-09-10 17:25:29 +05:30
|
|
|
search_objects = described_class.new(
|
2017-08-17 22:00:37 +05:30
|
|
|
user,
|
|
|
|
|
search: public_project.name).search_objects
|
|
|
|
|
|
|
|
|
|
expect(search_objects.first).to eq public_project
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
end
|
2020-04-08 14:13:33 +05:30
|
|
|
|
|
|
|
|
context 'redacting search results' do
|
2020-04-22 19:07:51 +05:30
|
|
|
let(:search) { 'anything' }
|
2020-04-08 14:13:33 +05:30
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
subject(:result) { search_service.search_objects }
|
2020-04-08 14:13:33 +05:30
|
|
|
|
2020-10-24 23:57:45 +05:30
|
|
|
shared_examples "redaction limits N+1 queries" do |limit:|
|
|
|
|
|
it 'does not exceed the query limit' do
|
|
|
|
|
# issuing the query to remove the data loading call
|
|
|
|
|
unredacted_results.to_a
|
|
|
|
|
|
|
|
|
|
# only the calls from the redaction are left
|
|
|
|
|
query = ActiveRecord::QueryRecorder.new { result }
|
|
|
|
|
|
|
|
|
|
# these are the project authorization calls, which are not preloaded
|
|
|
|
|
expect(query.count).to be <= limit
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
def found_blob(project)
|
|
|
|
|
Gitlab::Search::FoundBlob.new(project: project)
|
|
|
|
|
end
|
2020-04-08 14:13:33 +05:30
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
def found_wiki_page(project)
|
|
|
|
|
Gitlab::Search::FoundWikiPage.new(found_blob(project))
|
|
|
|
|
end
|
2020-04-08 14:13:33 +05:30
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
before do
|
|
|
|
|
expect(search_service)
|
|
|
|
|
.to receive(:search_results)
|
|
|
|
|
.and_return(double('search results', objects: unredacted_results))
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def ar_relation(klass, *objects)
|
|
|
|
|
klass.id_in(objects.map(&:id))
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def kaminari_array(*objects)
|
|
|
|
|
Kaminari.paginate_array(objects).page(1).per(20)
|
2020-04-08 14:13:33 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'issues' do
|
2020-04-22 19:07:51 +05:30
|
|
|
let(:readable) { create(:issue, project: accessible_project) }
|
|
|
|
|
let(:unreadable) { create(:issue, project: inaccessible_project) }
|
|
|
|
|
let(:unredacted_results) { ar_relation(Issue, readable, unreadable) }
|
2020-04-08 14:13:33 +05:30
|
|
|
let(:scope) { 'issues' }
|
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
it 'redacts the inaccessible issue' do
|
|
|
|
|
expect(result).to contain_exactly(readable)
|
|
|
|
|
end
|
2020-04-08 14:13:33 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'notes' do
|
2020-04-22 19:07:51 +05:30
|
|
|
let(:readable) { create(:note_on_commit, project: accessible_project) }
|
|
|
|
|
let(:unreadable) { create(:note_on_commit, project: inaccessible_project) }
|
|
|
|
|
let(:unredacted_results) { ar_relation(Note, readable, unreadable) }
|
2020-04-08 14:13:33 +05:30
|
|
|
let(:scope) { 'notes' }
|
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
it 'redacts the inaccessible note' do
|
|
|
|
|
expect(result).to contain_exactly(readable)
|
|
|
|
|
end
|
2020-04-08 14:13:33 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'merge_requests' do
|
2020-04-22 19:07:51 +05:30
|
|
|
let(:readable) { create(:merge_request, source_project: accessible_project, author: user) }
|
|
|
|
|
let(:unreadable) { create(:merge_request, source_project: inaccessible_project) }
|
|
|
|
|
let(:unredacted_results) { ar_relation(MergeRequest, readable, unreadable) }
|
2020-04-08 14:13:33 +05:30
|
|
|
let(:scope) { 'merge_requests' }
|
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
it 'redacts the inaccessible merge request' do
|
|
|
|
|
expect(result).to contain_exactly(readable)
|
|
|
|
|
end
|
2020-10-24 23:57:45 +05:30
|
|
|
|
|
|
|
|
context 'with :with_api_entity_associations' do
|
|
|
|
|
let(:unredacted_results) { ar_relation(MergeRequest.with_api_entity_associations, readable, unreadable) }
|
|
|
|
|
|
2021-01-03 14:25:43 +05:30
|
|
|
it_behaves_like "redaction limits N+1 queries", limit: 8
|
2020-10-24 23:57:45 +05:30
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'project repository blobs' do
|
|
|
|
|
let(:readable) { found_blob(accessible_project) }
|
|
|
|
|
let(:unreadable) { found_blob(inaccessible_project) }
|
|
|
|
|
let(:unredacted_results) { kaminari_array(readable, unreadable) }
|
|
|
|
|
let(:scope) { 'blobs' }
|
|
|
|
|
|
|
|
|
|
it 'redacts the inaccessible blob' do
|
|
|
|
|
expect(result).to contain_exactly(readable)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'project wiki blobs' do
|
|
|
|
|
let(:readable) { found_wiki_page(accessible_project) }
|
|
|
|
|
let(:unreadable) { found_wiki_page(inaccessible_project) }
|
|
|
|
|
let(:unredacted_results) { kaminari_array(readable, unreadable) }
|
|
|
|
|
let(:scope) { 'wiki_blobs' }
|
|
|
|
|
|
|
|
|
|
it 'redacts the inaccessible blob' do
|
|
|
|
|
expect(result).to contain_exactly(readable)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'project snippets' do
|
|
|
|
|
let(:readable) { create(:project_snippet, project: accessible_project) }
|
|
|
|
|
let(:unreadable) { create(:project_snippet, project: inaccessible_project) }
|
|
|
|
|
let(:unredacted_results) { ar_relation(ProjectSnippet, readable, unreadable) }
|
2020-05-24 23:13:21 +05:30
|
|
|
let(:scope) { 'snippet_titles' }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
|
|
|
|
it 'redacts the inaccessible snippet' do
|
|
|
|
|
expect(result).to contain_exactly(readable)
|
|
|
|
|
end
|
2020-10-24 23:57:45 +05:30
|
|
|
|
|
|
|
|
context 'with :with_api_entity_associations' do
|
2021-01-03 14:25:43 +05:30
|
|
|
it_behaves_like "redaction limits N+1 queries", limit: 13
|
2020-10-24 23:57:45 +05:30
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'personal snippets' do
|
|
|
|
|
let(:readable) { create(:personal_snippet, :private, author: user) }
|
|
|
|
|
let(:unreadable) { create(:personal_snippet, :private) }
|
|
|
|
|
let(:unredacted_results) { ar_relation(PersonalSnippet, readable, unreadable) }
|
2020-05-24 23:13:21 +05:30
|
|
|
let(:scope) { 'snippet_titles' }
|
2020-04-22 19:07:51 +05:30
|
|
|
|
|
|
|
|
it 'redacts the inaccessible snippet' do
|
|
|
|
|
expect(result).to contain_exactly(readable)
|
|
|
|
|
end
|
2020-10-24 23:57:45 +05:30
|
|
|
|
|
|
|
|
context 'with :with_api_entity_associations' do
|
2021-01-03 14:25:43 +05:30
|
|
|
it_behaves_like "redaction limits N+1 queries", limit: 4
|
2020-10-24 23:57:45 +05:30
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'commits' do
|
|
|
|
|
let(:readable) { accessible_project.commit }
|
|
|
|
|
let(:unreadable) { inaccessible_project.commit }
|
|
|
|
|
let(:unredacted_results) { kaminari_array(readable, unreadable) }
|
|
|
|
|
let(:scope) { 'commits' }
|
|
|
|
|
|
|
|
|
|
it 'redacts the inaccessible commit' do
|
|
|
|
|
expect(result).to contain_exactly(readable)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'users' do
|
|
|
|
|
let(:other_user) { create(:user) }
|
|
|
|
|
let(:unredacted_results) { ar_relation(User, user, other_user) }
|
|
|
|
|
let(:scope) { 'users' }
|
|
|
|
|
|
|
|
|
|
it 'passes the users through' do
|
|
|
|
|
# Users are always visible to everyone
|
|
|
|
|
expect(result).to contain_exactly(user, other_user)
|
|
|
|
|
end
|
2020-04-08 14:13:33 +05:30
|
|
|
end
|
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
2022-01-26 12:08:38 +05:30
|
|
|
|
|
|
|
|
describe '#valid_request?' do
|
|
|
|
|
let(:scope) { 'issues' }
|
|
|
|
|
let(:search) { 'foobar' }
|
|
|
|
|
let(:params) { instance_double(Gitlab::Search::Params) }
|
|
|
|
|
|
|
|
|
|
before do
|
|
|
|
|
allow(Gitlab::Search::Params).to receive(:new).and_return(params)
|
|
|
|
|
allow(params).to receive(:valid?).and_return double(:valid?)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'is the return value of params.valid?' do
|
|
|
|
|
expect(subject.valid_request?).to eq(params.valid?)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#abuse_messages' do
|
|
|
|
|
let(:scope) { 'issues' }
|
|
|
|
|
let(:search) { 'foobar' }
|
|
|
|
|
let(:params) { instance_double(Gitlab::Search::Params) }
|
|
|
|
|
|
|
|
|
|
before do
|
|
|
|
|
allow(Gitlab::Search::Params).to receive(:new).and_return(params)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns an empty array when not abusive' do
|
|
|
|
|
allow(params).to receive(:abusive?).and_return false
|
|
|
|
|
expect(subject.abuse_messages).to match_array([])
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'calls on abuse_detection.errors.full_messages when abusive' do
|
|
|
|
|
allow(params).to receive(:abusive?).and_return true
|
|
|
|
|
expect(params).to receive_message_chain(:abuse_detection, :errors, :full_messages)
|
|
|
|
|
subject.abuse_messages
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe 'abusive search handling' do
|
|
|
|
|
subject { described_class.new(user, raw_params) }
|
|
|
|
|
|
|
|
|
|
let(:raw_params) { { search: search, scope: scope } }
|
|
|
|
|
let(:search) { 'foobar' }
|
|
|
|
|
|
|
|
|
|
let(:search_service) { double(:search_service) }
|
|
|
|
|
|
|
|
|
|
before do
|
|
|
|
|
stub_feature_flags(prevent_abusive_searches: should_detect_abuse)
|
|
|
|
|
expect(Gitlab::Search::Params).to receive(:new)
|
|
|
|
|
.with(raw_params, detect_abuse: should_detect_abuse).and_call_original
|
|
|
|
|
|
|
|
|
|
allow(subject).to receive(:search_service).and_return search_service
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when abusive search but prevent_abusive_searches FF is disabled' do
|
|
|
|
|
let(:should_detect_abuse) { false }
|
|
|
|
|
let(:scope) { '1;drop%20table' }
|
|
|
|
|
|
|
|
|
|
it 'executes search even if params are abusive' do
|
|
|
|
|
expect(search_service).to receive(:execute)
|
|
|
|
|
subject.search_results
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'a search is abusive' do
|
|
|
|
|
let(:should_detect_abuse) { true }
|
|
|
|
|
let(:scope) { '1;drop%20table' }
|
|
|
|
|
|
|
|
|
|
it 'does NOT execute search service' do
|
|
|
|
|
expect(search_service).not_to receive(:execute)
|
|
|
|
|
subject.search_results
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'a search is NOT abusive' do
|
|
|
|
|
let(:should_detect_abuse) { true }
|
|
|
|
|
let(:scope) { 'issues' }
|
|
|
|
|
|
|
|
|
|
it 'executes search service' do
|
|
|
|
|
expect(search_service).to receive(:execute)
|
|
|
|
|
subject.search_results
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
