2022-03-02 08:16:31 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
|
|
RSpec.describe Ci::SecureFile do
|
|
|
|
|
before do
|
|
|
|
|
stub_ci_secure_file_object_storage
|
|
|
|
|
end
|
|
|
|
|
|
2022-06-21 17:19:12 +05:30
|
|
|
let(:sample_file) { fixture_file('ci_secure_files/upload-keystore.jks') }
|
|
|
|
|
|
|
|
|
|
subject { create(:ci_secure_file, file: CarrierWaveStringFile.new(sample_file)) }
|
|
|
|
|
|
2022-03-02 08:16:31 +05:30
|
|
|
it { is_expected.to be_a FileStoreMounter }
|
|
|
|
|
|
|
|
|
|
it { is_expected.to belong_to(:project).required }
|
|
|
|
|
|
|
|
|
|
it_behaves_like 'having unique enum values'
|
|
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
it_behaves_like 'includes Limitable concern' do
|
|
|
|
|
subject { build(:ci_secure_file, project: create(:project)) }
|
|
|
|
|
end
|
|
|
|
|
|
2023-01-13 00:05:48 +05:30
|
|
|
describe 'default attributes' do
|
|
|
|
|
before do
|
|
|
|
|
allow(Ci::SecureFileUploader).to receive(:default_store).and_return(5)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it { expect(described_class.new.file_store).to eq(5) }
|
|
|
|
|
it { expect(described_class.new(file_store: 3).file_store).to eq(3) }
|
|
|
|
|
end
|
|
|
|
|
|
2022-03-02 08:16:31 +05:30
|
|
|
describe 'validations' do
|
|
|
|
|
it { is_expected.to validate_presence_of(:checksum) }
|
|
|
|
|
it { is_expected.to validate_presence_of(:file_store) }
|
|
|
|
|
it { is_expected.to validate_presence_of(:name) }
|
|
|
|
|
it { is_expected.to validate_presence_of(:project_id) }
|
2022-08-27 11:52:29 +05:30
|
|
|
|
2022-06-21 17:19:12 +05:30
|
|
|
context 'unique filename' do
|
|
|
|
|
let_it_be(:project1) { create(:project) }
|
|
|
|
|
|
|
|
|
|
it 'ensures the file name is unique within a given project' do
|
|
|
|
|
file1 = create(:ci_secure_file, project: project1, name: 'file1')
|
|
|
|
|
expect do
|
|
|
|
|
create(:ci_secure_file, project: project1, name: 'file1')
|
|
|
|
|
end.to raise_error(ActiveRecord::RecordInvalid, 'Validation failed: Name has already been taken')
|
|
|
|
|
|
|
|
|
|
expect(project1.secure_files.where(name: 'file1').count).to be 1
|
|
|
|
|
expect(project1.secure_files.find_by(name: 'file1').id).to eq(file1.id)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'allows duplicate file names in different projects' do
|
|
|
|
|
create(:ci_secure_file, project: project1)
|
|
|
|
|
expect do
|
|
|
|
|
create(:ci_secure_file, project: create(:project))
|
|
|
|
|
end.not_to raise_error
|
|
|
|
|
end
|
|
|
|
|
end
|
2022-03-02 08:16:31 +05:30
|
|
|
end
|
|
|
|
|
|
2022-07-23 23:45:48 +05:30
|
|
|
describe 'ordered scope' do
|
|
|
|
|
it 'returns the newest item first' do
|
|
|
|
|
project = create(:project)
|
|
|
|
|
file1 = create(:ci_secure_file, created_at: 1.week.ago, project: project)
|
|
|
|
|
file2 = create(:ci_secure_file, created_at: 2.days.ago, project: project)
|
|
|
|
|
file3 = create(:ci_secure_file, created_at: 1.day.ago, project: project)
|
|
|
|
|
|
|
|
|
|
files = project.secure_files.order_by_created_at
|
|
|
|
|
|
|
|
|
|
expect(files[0]).to eq(file3)
|
|
|
|
|
expect(files[1]).to eq(file2)
|
|
|
|
|
expect(files[2]).to eq(file1)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2022-03-02 08:16:31 +05:30
|
|
|
describe '#checksum' do
|
|
|
|
|
it 'computes SHA256 checksum on the file before encrypted' do
|
|
|
|
|
expect(subject.checksum).to eq(Digest::SHA256.hexdigest(sample_file))
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#checksum_algorithm' do
|
|
|
|
|
it 'returns the configured checksum_algorithm' do
|
|
|
|
|
expect(subject.checksum_algorithm).to eq('sha256')
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#file' do
|
|
|
|
|
it 'returns the saved file' do
|
|
|
|
|
expect(Base64.encode64(subject.file.read)).to eq(Base64.encode64(sample_file))
|
|
|
|
|
end
|
|
|
|
|
end
|
2022-11-25 23:54:43 +05:30
|
|
|
|
|
|
|
|
describe '#file_extension' do
|
|
|
|
|
it 'returns the extension for the file name' do
|
|
|
|
|
file = build(:ci_secure_file, name: 'file1.cer')
|
|
|
|
|
expect(file.file_extension).to eq('cer')
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns only the last part of the extension for the file name' do
|
|
|
|
|
file = build(:ci_secure_file, name: 'file1.tar.gz')
|
|
|
|
|
expect(file.file_extension).to eq('gz')
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#metadata_parsable?' do
|
|
|
|
|
it 'returns true when the file extension has a supported parser' do
|
|
|
|
|
file = build(:ci_secure_file, name: 'file1.cer')
|
|
|
|
|
expect(file.metadata_parsable?).to be true
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns false when the file extension does not have a supported parser' do
|
|
|
|
|
file = build(:ci_secure_file, name: 'file1.foo')
|
|
|
|
|
expect(file.metadata_parsable?).to be false
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#metadata_parser' do
|
|
|
|
|
it 'returns an instance of Gitlab::Ci::SecureFiles::Cer when a .cer file is supplied' do
|
|
|
|
|
file = build(:ci_secure_file, name: 'file1.cer')
|
|
|
|
|
expect(file.metadata_parser).to be_an_instance_of(Gitlab::Ci::SecureFiles::Cer)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns an instance of Gitlab::Ci::SecureFiles::P12 when a .p12 file is supplied' do
|
|
|
|
|
file = build(:ci_secure_file, name: 'file1.p12')
|
|
|
|
|
expect(file.metadata_parser).to be_an_instance_of(Gitlab::Ci::SecureFiles::P12)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns an instance of Gitlab::Ci::SecureFiles::MobileProvision when a .mobileprovision file is supplied' do
|
|
|
|
|
file = build(:ci_secure_file, name: 'file1.mobileprovision')
|
|
|
|
|
expect(file.metadata_parser).to be_an_instance_of(Gitlab::Ci::SecureFiles::MobileProvision)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'returns nil when the file type is not supported by any parsers' do
|
|
|
|
|
file = build(:ci_secure_file, name: 'file1.foo')
|
|
|
|
|
expect(file.metadata_parser).to be nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe '#update_metadata!' do
|
2023-03-04 22:38:38 +05:30
|
|
|
it 'assigns the expected metadata when a parsable .cer file is supplied' do
|
2022-11-25 23:54:43 +05:30
|
|
|
file = create(:ci_secure_file, name: 'file1.cer',
|
2023-01-13 00:05:48 +05:30
|
|
|
file: CarrierWaveStringFile.new(fixture_file('ci_secure_files/sample.cer')))
|
2022-11-25 23:54:43 +05:30
|
|
|
file.update_metadata!
|
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
file.reload
|
|
|
|
|
|
2022-11-25 23:54:43 +05:30
|
|
|
expect(file.expires_at).to eq(DateTime.parse('2022-04-26 19:20:40'))
|
|
|
|
|
expect(file.metadata['id']).to eq('33669367788748363528491290218354043267')
|
|
|
|
|
expect(file.metadata['issuer']['CN']).to eq('Apple Worldwide Developer Relations Certification Authority')
|
|
|
|
|
expect(file.metadata['subject']['OU']).to eq('N7SYAN8PX8')
|
|
|
|
|
end
|
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
it 'assigns the expected metadata when a parsable .p12 file is supplied' do
|
|
|
|
|
file = create(:ci_secure_file, name: 'file1.p12',
|
|
|
|
|
file: CarrierWaveStringFile.new(fixture_file('ci_secure_files/sample.p12')))
|
|
|
|
|
file.update_metadata!
|
|
|
|
|
|
|
|
|
|
file.reload
|
|
|
|
|
|
|
|
|
|
expect(file.expires_at).to eq(DateTime.parse('2022-09-21 14:56:00'))
|
|
|
|
|
expect(file.metadata['id']).to eq('75949910542696343243264405377658443914')
|
|
|
|
|
expect(file.metadata['issuer']['CN']).to eq('Apple Worldwide Developer Relations Certification Authority')
|
|
|
|
|
expect(file.metadata['subject']['OU']).to eq('N7SYAN8PX8')
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'assigns the expected metadata when a parsable .mobileprovision file is supplied' do
|
|
|
|
|
file = create(:ci_secure_file, name: 'file1.mobileprovision',
|
|
|
|
|
file: CarrierWaveStringFile.new(
|
|
|
|
|
fixture_file('ci_secure_files/sample.mobileprovision')
|
|
|
|
|
))
|
|
|
|
|
file.update_metadata!
|
|
|
|
|
|
|
|
|
|
file.reload
|
|
|
|
|
|
|
|
|
|
expect(file.expires_at).to eq(DateTime.parse('2023-08-01 23:15:13'))
|
|
|
|
|
expect(file.metadata['id']).to eq('6b9fcce1-b9a9-4b37-b2ce-ec4da2044abf')
|
|
|
|
|
expect(file.metadata['platforms'].first).to eq('iOS')
|
|
|
|
|
expect(file.metadata['app_name']).to eq('iOS Demo')
|
|
|
|
|
expect(file.metadata['app_id']).to eq('match Development com.gitlab.ios-demo')
|
|
|
|
|
end
|
|
|
|
|
|
2022-11-25 23:54:43 +05:30
|
|
|
it 'logs an error when something goes wrong with the file parsing' do
|
|
|
|
|
corrupt_file = create(:ci_secure_file, name: 'file1.cer', file: CarrierWaveStringFile.new('11111111'))
|
|
|
|
|
message = 'Validation failed: Metadata must be a valid json schema - not enough data.'
|
|
|
|
|
expect(Gitlab::AppLogger).to receive(:error).with("Secure File Parser Failure (#{corrupt_file.id}): #{message}")
|
|
|
|
|
corrupt_file.update_metadata!
|
|
|
|
|
end
|
|
|
|
|
end
|
2022-03-02 08:16:31 +05:30
|
|
|
end
|
