debian-mirror-gitlab/spec/requests/api/internal/base_spec.rb

1130 lines
38 KiB
Ruby
Raw Normal View History

2019-12-26 22:10:19 +05:30
# frozen_string_literal: true
2014-09-02 18:07:02 +05:30
require 'spec_helper'
2019-12-04 20:38:33 +05:30
describe API::Internal::Base do
2018-11-08 19:23:39 +05:30
set(:user) { create(:user) }
2014-09-02 18:07:02 +05:30
let(:key) { create(:key, user: user) }
2018-11-08 19:23:39 +05:30
set(:project) { create(:project, :repository, :wiki_repo) }
2017-08-17 22:00:37 +05:30
let(:secret_token) { Gitlab::Shell.secret_token }
2018-03-17 18:26:18 +05:30
let(:gl_repository) { "project-#{project.id}" }
let(:reference_counter) { double('ReferenceCounter') }
2014-09-02 18:07:02 +05:30
2017-09-10 17:25:29 +05:30
describe "GET /internal/check" do
2014-09-02 18:07:02 +05:30
it do
2018-03-17 18:26:18 +05:30
expect_any_instance_of(Redis).to receive(:ping).and_return('PONG')
2019-02-15 15:39:39 +05:30
get api("/internal/check"), params: { secret_token: secret_token }
2014-09-02 18:07:02 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2015-04-26 12:48:37 +05:30
expect(json_response['api_version']).to eq(API::API.version)
2018-03-17 18:26:18 +05:30
expect(json_response['redis']).to be(true)
end
it 'returns false for field `redis` when redis is unavailable' do
expect_any_instance_of(Redis).to receive(:ping).and_raise(Errno::ENOENT)
2019-02-15 15:39:39 +05:30
get api("/internal/check"), params: { secret_token: secret_token }
2018-03-17 18:26:18 +05:30
expect(json_response['redis']).to be(false)
2015-04-26 12:48:37 +05:30
end
2019-07-07 11:18:12 +05:30
context 'authenticating' do
it 'authenticates using a header' do
get api("/internal/check"),
headers: { API::Helpers::GITLAB_SHARED_SECRET_HEADER => Base64.encode64(secret_token) }
expect(response).to have_gitlab_http_status(200)
end
it 'returns 401 when no credentials provided' do
get(api("/internal/check"))
expect(response).to have_gitlab_http_status(401)
end
end
2015-04-26 12:48:37 +05:30
end
2016-09-29 09:46:39 +05:30
describe 'GET /internal/two_factor_recovery_codes' do
it 'returns an error message when the key does not exist' do
post api('/internal/two_factor_recovery_codes'),
2019-02-15 15:39:39 +05:30
params: {
secret_token: secret_token,
key_id: 12345
}
2016-09-29 09:46:39 +05:30
expect(json_response['success']).to be_falsey
expect(json_response['message']).to eq('Could not find the given key')
end
it 'returns an error message when the key is a deploy key' do
deploy_key = create(:deploy_key)
post api('/internal/two_factor_recovery_codes'),
2019-02-15 15:39:39 +05:30
params: {
secret_token: secret_token,
key_id: deploy_key.id
}
2016-09-29 09:46:39 +05:30
expect(json_response['success']).to be_falsey
expect(json_response['message']).to eq('Deploy keys cannot be used to retrieve recovery codes')
end
it 'returns an error message when the user does not exist' do
key_without_user = create(:key, user: nil)
post api('/internal/two_factor_recovery_codes'),
2019-02-15 15:39:39 +05:30
params: {
secret_token: secret_token,
key_id: key_without_user.id
}
2016-09-29 09:46:39 +05:30
expect(json_response['success']).to be_falsey
expect(json_response['message']).to eq('Could not find a user for the given key')
expect(json_response['recovery_codes']).to be_nil
end
context 'when two-factor is enabled' do
it 'returns new recovery codes when the user exists' do
allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(true)
allow_any_instance_of(User)
.to receive(:generate_otp_backup_codes!).and_return(%w(119135e5a3ebce8e 34bd7b74adbc8861))
post api('/internal/two_factor_recovery_codes'),
2019-02-15 15:39:39 +05:30
params: {
secret_token: secret_token,
key_id: key.id
}
2016-09-29 09:46:39 +05:30
expect(json_response['success']).to be_truthy
expect(json_response['recovery_codes']).to match_array(%w(119135e5a3ebce8e 34bd7b74adbc8861))
end
end
context 'when two-factor is not enabled' do
it 'returns an error message' do
allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(false)
post api('/internal/two_factor_recovery_codes'),
2019-02-15 15:39:39 +05:30
params: {
secret_token: secret_token,
key_id: key.id
}
2016-09-29 09:46:39 +05:30
expect(json_response['success']).to be_falsey
expect(json_response['recovery_codes']).to be_nil
end
end
end
describe "POST /internal/lfs_authenticate" do
before do
2018-03-17 18:26:18 +05:30
project.add_developer(user)
2016-09-29 09:46:39 +05:30
end
context 'user key' do
it 'returns the correct information about the key' do
2018-11-18 11:00:15 +05:30
lfs_auth_key(key.id, project)
2016-09-29 09:46:39 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2016-09-29 09:46:39 +05:30
expect(json_response['username']).to eq(user.username)
expect(json_response['repository_http_path']).to eq(project.http_url_to_repo)
2019-07-07 11:18:12 +05:30
expect(json_response['expires_in']).to eq(Gitlab::LfsToken::DEFAULT_EXPIRE_TIME)
2019-02-15 15:39:39 +05:30
expect(Gitlab::LfsToken.new(key).token_valid?(json_response['lfs_token'])).to be_truthy
2016-09-29 09:46:39 +05:30
end
2018-11-18 11:00:15 +05:30
it 'returns the correct information about the user' do
lfs_auth_user(user.id, project)
expect(response).to have_gitlab_http_status(200)
expect(json_response['username']).to eq(user.username)
expect(json_response['repository_http_path']).to eq(project.http_url_to_repo)
2019-02-15 15:39:39 +05:30
expect(Gitlab::LfsToken.new(user).token_valid?(json_response['lfs_token'])).to be_truthy
2018-11-18 11:00:15 +05:30
end
it 'returns a 404 when no key or user is provided' do
lfs_auth_project(project)
expect(response).to have_gitlab_http_status(404)
end
2016-09-29 09:46:39 +05:30
it 'returns a 404 when the wrong key is provided' do
2018-11-18 11:00:15 +05:30
lfs_auth_key(key.id + 12345, project)
expect(response).to have_gitlab_http_status(404)
end
it 'returns a 404 when the wrong user is provided' do
lfs_auth_user(user.id + 12345, project)
2016-09-29 09:46:39 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2016-09-29 09:46:39 +05:30
end
end
context 'deploy key' do
let(:key) { create(:deploy_key) }
it 'returns the correct information about the key' do
2018-11-18 11:00:15 +05:30
lfs_auth_key(key.id, project)
2016-09-29 09:46:39 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2016-09-29 09:46:39 +05:30
expect(json_response['username']).to eq("lfs+deploy-key-#{key.id}")
expect(json_response['repository_http_path']).to eq(project.http_url_to_repo)
2019-02-15 15:39:39 +05:30
expect(Gitlab::LfsToken.new(key).token_valid?(json_response['lfs_token'])).to be_truthy
2016-09-29 09:46:39 +05:30
end
end
end
2014-09-02 18:07:02 +05:30
describe "GET /internal/discover" do
2018-11-18 11:00:15 +05:30
it "finds a user by key id" do
2019-02-15 15:39:39 +05:30
get(api("/internal/discover"), params: { key_id: key.id, secret_token: secret_token })
2014-09-02 18:07:02 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2014-09-02 18:07:02 +05:30
2015-04-26 12:48:37 +05:30
expect(json_response['name']).to eq(user.name)
2014-09-02 18:07:02 +05:30
end
2018-11-18 11:00:15 +05:30
it "finds a user by username" do
2019-02-15 15:39:39 +05:30
get(api("/internal/discover"), params: { username: user.username, secret_token: secret_token })
2018-11-18 11:00:15 +05:30
expect(response).to have_gitlab_http_status(200)
expect(json_response['name']).to eq(user.name)
end
2019-07-07 11:18:12 +05:30
it 'responds successfully when a user is not found' do
2020-01-01 13:55:28 +05:30
get(api('/internal/discover'), params: { username: 'noone', secret_token: secret_token })
expect(response).to have_gitlab_http_status(200)
expect(response.body).to eq('null')
end
it 'response successfully when passing invalid params' do
get(api('/internal/discover'), params: { nothing: 'to find a user', secret_token: secret_token })
2019-07-07 11:18:12 +05:30
expect(response).to have_gitlab_http_status(200)
expect(response.body).to eq('null')
end
2014-09-02 18:07:02 +05:30
end
2018-03-17 18:26:18 +05:30
describe "GET /internal/authorized_keys" do
context "using an existing key's fingerprint" do
it "finds the key" do
2019-02-15 15:39:39 +05:30
get(api('/internal/authorized_keys'), params: { fingerprint: key.fingerprint, secret_token: secret_token })
2018-03-17 18:26:18 +05:30
expect(response.status).to eq(200)
expect(json_response["key"]).to eq(key.key)
end
end
context "non existing key's fingerprint" do
it "returns 404" do
2019-02-15 15:39:39 +05:30
get(api('/internal/authorized_keys'), params: { fingerprint: "no:t-:va:li:d0", secret_token: secret_token })
2018-03-17 18:26:18 +05:30
expect(response.status).to eq(404)
end
end
context "using a partial fingerprint" do
it "returns 404" do
2019-02-15 15:39:39 +05:30
get(api('/internal/authorized_keys'), params: { fingerprint: "#{key.fingerprint[0..5]}%", secret_token: secret_token })
2018-03-17 18:26:18 +05:30
expect(response.status).to eq(404)
end
end
context "sending the key" do
it "finds the key" do
2019-02-15 15:39:39 +05:30
get(api('/internal/authorized_keys'), params: { key: key.key.split[1], secret_token: secret_token })
2018-03-17 18:26:18 +05:30
expect(response.status).to eq(200)
expect(json_response["key"]).to eq(key.key)
end
it "returns 404 with a partial key" do
2019-02-15 15:39:39 +05:30
get(api('/internal/authorized_keys'), params: { key: key.key.split[1][0...-3], secret_token: secret_token })
2018-03-17 18:26:18 +05:30
expect(response.status).to eq(404)
end
it "returns 404 with an not valid base64 string" do
2019-02-15 15:39:39 +05:30
get(api('/internal/authorized_keys'), params: { key: "whatever!", secret_token: secret_token })
2018-03-17 18:26:18 +05:30
expect(response.status).to eq(404)
end
end
end
2017-09-10 17:25:29 +05:30
describe "POST /internal/allowed", :clean_gitlab_redis_shared_state do
2014-09-02 18:07:02 +05:30
context "access granted" do
2018-03-17 18:26:18 +05:30
around do |example|
Timecop.freeze { example.run }
2017-08-17 22:00:37 +05:30
end
2018-03-17 18:26:18 +05:30
before do
project.add_developer(user)
2017-08-17 22:00:37 +05:30
end
context 'with env passed as a JSON' do
2019-07-07 11:18:12 +05:30
let(:gl_repository) { Gitlab::GlRepository::WIKI.identifier_for_subject(project) }
2018-03-17 18:26:18 +05:30
2018-05-09 12:01:36 +05:30
it 'sets env in RequestStore' do
obj_dir_relative = './objects'
alt_obj_dirs_relative = ['./alt-objects-1', './alt-objects-2']
2018-03-17 18:26:18 +05:30
2018-05-09 12:01:36 +05:30
expect(Gitlab::Git::HookEnv).to receive(:set).with(gl_repository, {
'GIT_OBJECT_DIRECTORY_RELATIVE' => obj_dir_relative,
'GIT_ALTERNATE_OBJECT_DIRECTORIES_RELATIVE' => alt_obj_dirs_relative
})
2018-03-17 18:26:18 +05:30
2018-05-09 12:01:36 +05:30
push(key, project.wiki, env: {
GIT_OBJECT_DIRECTORY_RELATIVE: obj_dir_relative,
GIT_ALTERNATE_OBJECT_DIRECTORIES_RELATIVE: alt_obj_dirs_relative
}.to_json)
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
end
2014-09-02 18:07:02 +05:30
end
2016-06-02 11:05:42 +05:30
context "git push with project.wiki" do
it 'responds with success' do
2016-08-24 12:49:21 +05:30
push(key, project.wiki)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2016-08-24 12:49:21 +05:30
expect(json_response["status"]).to be_truthy
2019-07-07 11:18:12 +05:30
expect(json_response["gl_project_path"]).to eq(project.wiki.full_path)
2017-08-17 22:00:37 +05:30
expect(json_response["gl_repository"]).to eq("wiki-#{project.id}")
2018-11-18 11:00:15 +05:30
expect(user.reload.last_activity_on).to be_nil
2016-08-24 12:49:21 +05:30
end
end
2016-06-02 11:05:42 +05:30
2016-08-24 12:49:21 +05:30
context "git pull with project.wiki" do
it 'responds with success' do
pull(key, project.wiki)
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2016-06-02 11:05:42 +05:30
expect(json_response["status"]).to be_truthy
2019-07-07 11:18:12 +05:30
expect(json_response["gl_project_path"]).to eq(project.wiki.full_path)
2017-08-17 22:00:37 +05:30
expect(json_response["gl_repository"]).to eq("wiki-#{project.id}")
2018-11-18 11:00:15 +05:30
expect(user.reload.last_activity_on).to eql(Date.today)
2016-06-02 11:05:42 +05:30
end
end
2014-09-02 18:07:02 +05:30
context "git pull" do
2018-03-17 18:26:18 +05:30
it "has the correct payload" do
pull(key, project)
2017-09-10 17:25:29 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
expect(json_response["status"]).to be_truthy
expect(json_response["gl_repository"]).to eq("project-#{project.id}")
2019-07-07 11:18:12 +05:30
expect(json_response["gl_project_path"]).to eq(project.full_path)
2018-03-17 18:26:18 +05:30
expect(json_response["gitaly"]).not_to be_nil
expect(json_response["gitaly"]["repository"]).not_to be_nil
expect(json_response["gitaly"]["repository"]["storage_name"]).to eq(project.repository.gitaly_repository.storage_name)
expect(json_response["gitaly"]["repository"]["relative_path"]).to eq(project.repository.gitaly_repository.relative_path)
expect(json_response["gitaly"]["address"]).to eq(Gitlab::GitalyClient.address(project.repository_storage))
expect(json_response["gitaly"]["token"]).to eq(Gitlab::GitalyClient.token(project.repository_storage))
2020-01-01 13:55:28 +05:30
expect(json_response["gitaly"]["features"]).to eq('gitaly-feature-inforef-uploadpack-cache' => 'true', 'gitaly-feature-get-tag-messages-go' => 'true', 'gitaly-feature-filter-shas-with-signatures-go' => 'true')
2018-11-18 11:00:15 +05:30
expect(user.reload.last_activity_on).to eql(Date.today)
2014-09-02 18:07:02 +05:30
end
end
context "git push" do
2018-03-27 19:54:05 +05:30
context 'project as namespace/project' do
it do
2017-09-10 17:25:29 +05:30
push(key, project)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-09-10 17:25:29 +05:30
expect(json_response["status"]).to be_truthy
expect(json_response["gl_repository"]).to eq("project-#{project.id}")
2019-07-07 11:18:12 +05:30
expect(json_response["gl_project_path"]).to eq(project.full_path)
2017-09-10 17:25:29 +05:30
expect(json_response["gitaly"]).not_to be_nil
expect(json_response["gitaly"]["repository"]).not_to be_nil
expect(json_response["gitaly"]["repository"]["storage_name"]).to eq(project.repository.gitaly_repository.storage_name)
expect(json_response["gitaly"]["repository"]["relative_path"]).to eq(project.repository.gitaly_repository.relative_path)
expect(json_response["gitaly"]["address"]).to eq(Gitlab::GitalyClient.address(project.repository_storage))
expect(json_response["gitaly"]["token"]).to eq(Gitlab::GitalyClient.token(project.repository_storage))
2020-01-01 13:55:28 +05:30
expect(json_response["gitaly"]["features"]).to eq('gitaly-feature-inforef-uploadpack-cache' => 'true', 'gitaly-feature-get-tag-messages-go' => 'true', 'gitaly-feature-filter-shas-with-signatures-go' => 'true')
2018-11-18 11:00:15 +05:30
expect(user.reload.last_activity_on).to be_nil
2017-09-10 17:25:29 +05:30
end
2017-08-17 22:00:37 +05:30
end
2018-11-20 20:47:30 +05:30
context 'when receive_max_input_size has been updated' do
2019-12-21 20:55:43 +05:30
before do
2018-11-20 20:47:30 +05:30
allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { 1 }
2019-12-21 20:55:43 +05:30
end
2018-11-20 20:47:30 +05:30
2019-12-21 20:55:43 +05:30
it 'returns custom git config' do
2018-11-20 20:47:30 +05:30
push(key, project)
expect(json_response["git_config_options"]).to be_present
2019-12-21 20:55:43 +05:30
expect(json_response["git_config_options"]).to include("uploadpack.allowFilter=true")
expect(json_response["git_config_options"]).to include("uploadpack.allowAnySHA1InWant=true")
end
context 'when gitaly_upload_pack_filter feature flag is disabled' do
before do
stub_feature_flags(gitaly_upload_pack_filter: { enabled: false, thing: project })
end
it 'does not include allowFilter and allowAnySha1InWant in the git config options' do
push(key, project)
expect(json_response["git_config_options"]).to be_present
expect(json_response["git_config_options"]).not_to include("uploadpack.allowFilter=true")
expect(json_response["git_config_options"]).not_to include("uploadpack.allowAnySHA1InWant=true")
end
2018-11-20 20:47:30 +05:30
end
end
context 'when receive_max_input_size is empty' do
it 'returns an empty git config' do
allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { nil }
push(key, project)
expect(json_response["git_config_options"]).to be_empty
end
end
2014-09-02 18:07:02 +05:30
end
end
context "access denied" do
before do
2018-03-17 18:26:18 +05:30
project.add_guest(user)
2014-09-02 18:07:02 +05:30
end
context "git pull" do
it do
pull(key, project)
2018-11-20 20:47:30 +05:30
expect(response).to have_gitlab_http_status(401)
2015-04-26 12:48:37 +05:30
expect(json_response["status"]).to be_falsey
2018-11-18 11:00:15 +05:30
expect(user.reload.last_activity_on).to be_nil
2014-09-02 18:07:02 +05:30
end
end
context "git push" do
it do
push(key, project)
2018-11-20 20:47:30 +05:30
expect(response).to have_gitlab_http_status(401)
2015-04-26 12:48:37 +05:30
expect(json_response["status"]).to be_falsey
2018-11-18 11:00:15 +05:30
expect(user.reload.last_activity_on).to be_nil
2014-09-02 18:07:02 +05:30
end
end
end
2018-11-20 20:47:30 +05:30
context "custom action" do
let(:access_checker) { double(Gitlab::GitAccess) }
let(:payload) do
{
'action' => 'geo_proxy_to_primary',
'data' => {
'api_endpoints' => %w{geo/proxy_git_push_ssh/info_refs geo/proxy_git_push_ssh/push},
'gl_username' => 'testuser',
'primary_repo' => 'http://localhost:3000/testuser/repo.git'
}
}
end
2019-12-26 22:10:19 +05:30
let(:console_messages) { ['informational message'] }
let(:custom_action_result) { Gitlab::GitAccessResult::CustomAction.new(payload, console_messages) }
2018-11-20 20:47:30 +05:30
before do
project.add_guest(user)
expect(Gitlab::GitAccess).to receive(:new).with(
key,
project,
'ssh',
{
authentication_abilities: [:read_project, :download_code, :push_code],
2019-09-30 21:07:59 +05:30
namespace_path: project.namespace.path,
2018-11-20 20:47:30 +05:30
project_path: project.path,
redirected_path: nil
}
).and_return(access_checker)
expect(access_checker).to receive(:check).with(
'git-receive-pack',
'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master'
).and_return(custom_action_result)
end
context "git push" do
it do
push(key, project)
expect(response).to have_gitlab_http_status(300)
expect(json_response['status']).to be_truthy
expect(json_response['payload']).to eql(payload)
2019-12-26 22:10:19 +05:30
expect(json_response['gl_console_messages']).to eql(console_messages)
2018-11-20 20:47:30 +05:30
expect(user.reload.last_activity_on).to be_nil
end
end
end
2019-07-07 11:18:12 +05:30
context "console message" do
before do
project.add_developer(user)
end
context "git pull" do
context "with no console message" do
it "has the correct payload" do
pull(key, project)
expect(response).to have_gitlab_http_status(200)
expect(json_response['gl_console_messages']).to eq([])
end
end
context "with a console message" do
let(:console_messages) { ['message for the console'] }
it "has the correct payload" do
expect_next_instance_of(Gitlab::GitAccess) do |access|
expect(access).to receive(:check_for_console_messages)
.with('git-upload-pack')
.and_return(console_messages)
end
pull(key, project)
expect(response).to have_gitlab_http_status(200)
expect(json_response['gl_console_messages']).to eq(console_messages)
end
end
end
end
2014-09-02 18:07:02 +05:30
context "blocked user" do
2017-09-10 17:25:29 +05:30
let(:personal_project) { create(:project, namespace: user.namespace) }
2014-09-02 18:07:02 +05:30
before do
user.block
end
context "git pull" do
it do
pull(key, personal_project)
2018-11-20 20:47:30 +05:30
expect(response).to have_gitlab_http_status(401)
2015-04-26 12:48:37 +05:30
expect(json_response["status"]).to be_falsey
2018-11-18 11:00:15 +05:30
expect(user.reload.last_activity_on).to be_nil
2014-09-02 18:07:02 +05:30
end
end
context "git push" do
it do
push(key, personal_project)
2018-11-20 20:47:30 +05:30
expect(response).to have_gitlab_http_status(401)
2015-04-26 12:48:37 +05:30
expect(json_response["status"]).to be_falsey
2018-11-18 11:00:15 +05:30
expect(user.reload.last_activity_on).to be_nil
2018-12-13 13:39:08 +05:30
end
end
end
context 'request times out' do
context 'git push' do
it 'responds with a gateway timeout' do
personal_project = create(:project, namespace: user.namespace)
expect_next_instance_of(Gitlab::GitAccess) do |access|
expect(access).to receive(:check).and_raise(Gitlab::GitAccess::TimeoutError, "Foo")
end
push(key, personal_project)
expect(response).to have_gitlab_http_status(503)
expect(json_response['status']).to be_falsey
expect(json_response['message']).to eq("Foo")
expect(user.reload.last_activity_on).to be_nil
2014-09-02 18:07:02 +05:30
end
end
end
context "archived project" do
before do
2018-03-17 18:26:18 +05:30
project.add_developer(user)
2018-11-18 11:00:15 +05:30
::Projects::UpdateService.new(project, user, archived: true).execute
2014-09-02 18:07:02 +05:30
end
context "git pull" do
it do
pull(key, project)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2015-04-26 12:48:37 +05:30
expect(json_response["status"]).to be_truthy
2014-09-02 18:07:02 +05:30
end
end
context "git push" do
it do
push(key, project)
2018-11-20 20:47:30 +05:30
expect(response).to have_gitlab_http_status(401)
2015-04-26 12:48:37 +05:30
expect(json_response["status"]).to be_falsey
2014-09-02 18:07:02 +05:30
end
end
end
context "deploy key" do
let(:key) { create(:deploy_key) }
context "added to project" do
before do
key.projects << project
end
it do
archive(key, project)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2015-04-26 12:48:37 +05:30
expect(json_response["status"]).to be_truthy
2018-05-09 12:01:36 +05:30
expect(json_response["gitaly"]).not_to be_nil
expect(json_response["gitaly"]["repository"]).not_to be_nil
expect(json_response["gitaly"]["repository"]["storage_name"]).to eq(project.repository.gitaly_repository.storage_name)
expect(json_response["gitaly"]["repository"]["relative_path"]).to eq(project.repository.gitaly_repository.relative_path)
expect(json_response["gitaly"]["address"]).to eq(Gitlab::GitalyClient.address(project.repository_storage))
expect(json_response["gitaly"]["token"]).to eq(Gitlab::GitalyClient.token(project.repository_storage))
2020-01-01 13:55:28 +05:30
expect(json_response["gitaly"]["features"]).to eq('gitaly-feature-inforef-uploadpack-cache' => 'true', 'gitaly-feature-get-tag-messages-go' => 'true', 'gitaly-feature-filter-shas-with-signatures-go' => 'true')
2014-09-02 18:07:02 +05:30
end
end
context "not added to project" do
it do
archive(key, project)
2018-11-20 20:47:30 +05:30
expect(response).to have_gitlab_http_status(404)
2015-04-26 12:48:37 +05:30
expect(json_response["status"]).to be_falsey
2014-09-02 18:07:02 +05:30
end
end
end
2015-04-26 12:48:37 +05:30
context 'project does not exist' do
2018-03-27 19:54:05 +05:30
it 'returns a 200 response with status: false' do
project.destroy
pull(key, project)
2015-04-26 12:48:37 +05:30
2018-11-20 20:47:30 +05:30
expect(response).to have_gitlab_http_status(404)
2015-04-26 12:48:37 +05:30
expect(json_response["status"]).to be_falsey
end
2019-07-07 11:18:12 +05:30
it 'returns a 200 response when using a project path that does not exist' do
post(
api("/internal/allowed"),
params: {
key_id: key.id,
project: 'project/does-not-exist.git',
action: 'git-upload-pack',
secret_token: secret_token,
protocol: 'ssh'
}
)
expect(response).to have_gitlab_http_status(404)
expect(json_response["status"]).to be_falsey
end
2015-04-26 12:48:37 +05:30
end
context 'user does not exist' do
it do
pull(OpenStruct.new(id: 0), project)
2018-11-20 20:47:30 +05:30
expect(response).to have_gitlab_http_status(404)
2015-04-26 12:48:37 +05:30
expect(json_response["status"]).to be_falsey
end
end
2016-08-24 12:49:21 +05:30
context 'ssh access has been disabled' do
before do
2017-08-17 22:00:37 +05:30
stub_application_setting(enabled_git_access_protocol: 'http')
2016-08-24 12:49:21 +05:30
end
it 'rejects the SSH push' do
push(key, project)
2018-11-20 20:47:30 +05:30
expect(response.status).to eq(401)
2016-08-24 12:49:21 +05:30
expect(json_response['status']).to be_falsey
expect(json_response['message']).to eq 'Git access over SSH is not allowed'
end
it 'rejects the SSH pull' do
pull(key, project)
2018-11-20 20:47:30 +05:30
expect(response.status).to eq(401)
2016-08-24 12:49:21 +05:30
expect(json_response['status']).to be_falsey
expect(json_response['message']).to eq 'Git access over SSH is not allowed'
end
end
context 'http access has been disabled' do
before do
2017-08-17 22:00:37 +05:30
stub_application_setting(enabled_git_access_protocol: 'ssh')
2016-08-24 12:49:21 +05:30
end
it 'rejects the HTTP push' do
push(key, project, 'http')
2018-11-20 20:47:30 +05:30
expect(response.status).to eq(401)
2016-08-24 12:49:21 +05:30
expect(json_response['status']).to be_falsey
expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
end
it 'rejects the HTTP pull' do
pull(key, project, 'http')
2018-11-20 20:47:30 +05:30
expect(response.status).to eq(401)
2016-08-24 12:49:21 +05:30
expect(json_response['status']).to be_falsey
expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
end
end
context 'web actions are always allowed' do
it 'allows WEB push' do
2017-08-17 22:00:37 +05:30
stub_application_setting(enabled_git_access_protocol: 'ssh')
2018-03-17 18:26:18 +05:30
project.add_developer(user)
2016-08-24 12:49:21 +05:30
push(key, project, 'web')
expect(response.status).to eq(200)
expect(json_response['status']).to be_truthy
end
end
2017-09-10 17:25:29 +05:30
context 'the project path was changed' do
2018-03-27 19:54:05 +05:30
let(:project) { create(:project, :repository, :legacy_storage) }
2018-03-17 18:26:18 +05:30
let!(:repository) { project.repository }
2017-09-10 17:25:29 +05:30
before do
2018-03-17 18:26:18 +05:30
project.add_developer(user)
2017-09-10 17:25:29 +05:30
project.path = 'new_path'
project.save!
end
it 'rejects the push' do
2018-03-17 18:26:18 +05:30
push(key, project)
2017-09-10 17:25:29 +05:30
2018-11-20 20:47:30 +05:30
expect(response).to have_gitlab_http_status(404)
2018-03-17 18:26:18 +05:30
expect(json_response['status']).to be_falsy
2017-09-10 17:25:29 +05:30
end
it 'rejects the SSH pull' do
2018-03-17 18:26:18 +05:30
pull(key, project)
2017-09-10 17:25:29 +05:30
2018-11-20 20:47:30 +05:30
expect(response).to have_gitlab_http_status(404)
2018-03-17 18:26:18 +05:30
expect(json_response['status']).to be_falsy
2017-09-10 17:25:29 +05:30
end
end
2014-09-02 18:07:02 +05:30
end
2017-08-17 22:00:37 +05:30
# TODO: Uncomment when the end-point is reenabled
# describe 'POST /notify_post_receive' do
# let(:valid_params) do
# { project: project.repository.path, secret_token: secret_token }
# end
#
# let(:valid_wiki_params) do
# { project: project.wiki.repository.path, secret_token: secret_token }
# end
#
# before do
# allow(Gitlab.config.gitaly).to receive(:enabled).and_return(true)
# end
#
# it "calls the Gitaly client with the project's repository" do
2017-09-10 17:25:29 +05:30
# expect(Gitlab::GitalyClient::NotificationService).
2017-08-17 22:00:37 +05:30
# to receive(:new).with(gitlab_git_repository_with(path: project.repository.path)).
# and_call_original
2017-09-10 17:25:29 +05:30
# expect_any_instance_of(Gitlab::GitalyClient::NotificationService).
2017-08-17 22:00:37 +05:30
# to receive(:post_receive)
#
# post api("/internal/notify_post_receive"), valid_params
#
2018-03-17 18:26:18 +05:30
# expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
# end
#
# it "calls the Gitaly client with the wiki's repository if it's a wiki" do
2017-09-10 17:25:29 +05:30
# expect(Gitlab::GitalyClient::NotificationService).
2017-08-17 22:00:37 +05:30
# to receive(:new).with(gitlab_git_repository_with(path: project.wiki.repository.path)).
# and_call_original
2017-09-10 17:25:29 +05:30
# expect_any_instance_of(Gitlab::GitalyClient::NotificationService).
2017-08-17 22:00:37 +05:30
# to receive(:post_receive)
#
# post api("/internal/notify_post_receive"), valid_wiki_params
#
2018-03-17 18:26:18 +05:30
# expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
# end
#
# it "returns 500 if the gitaly call fails" do
2017-09-10 17:25:29 +05:30
# expect_any_instance_of(Gitlab::GitalyClient::NotificationService).
2017-08-17 22:00:37 +05:30
# to receive(:post_receive).and_raise(GRPC::Unavailable)
#
# post api("/internal/notify_post_receive"), valid_params
#
2018-03-17 18:26:18 +05:30
# expect(response).to have_gitlab_http_status(500)
2017-08-17 22:00:37 +05:30
# end
#
# context 'with a gl_repository parameter' do
# let(:valid_params) do
# { gl_repository: "project-#{project.id}", secret_token: secret_token }
# end
#
# let(:valid_wiki_params) do
# { gl_repository: "wiki-#{project.id}", secret_token: secret_token }
# end
#
# it "calls the Gitaly client with the project's repository" do
2017-09-10 17:25:29 +05:30
# expect(Gitlab::GitalyClient::NotificationService).
2017-08-17 22:00:37 +05:30
# to receive(:new).with(gitlab_git_repository_with(path: project.repository.path)).
# and_call_original
2017-09-10 17:25:29 +05:30
# expect_any_instance_of(Gitlab::GitalyClient::NotificationService).
2017-08-17 22:00:37 +05:30
# to receive(:post_receive)
#
# post api("/internal/notify_post_receive"), valid_params
#
2018-03-17 18:26:18 +05:30
# expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
# end
#
# it "calls the Gitaly client with the wiki's repository if it's a wiki" do
2017-09-10 17:25:29 +05:30
# expect(Gitlab::GitalyClient::NotificationService).
2017-08-17 22:00:37 +05:30
# to receive(:new).with(gitlab_git_repository_with(path: project.wiki.repository.path)).
# and_call_original
2017-09-10 17:25:29 +05:30
# expect_any_instance_of(Gitlab::GitalyClient::NotificationService).
2017-08-17 22:00:37 +05:30
# to receive(:post_receive)
#
# post api("/internal/notify_post_receive"), valid_wiki_params
#
2018-03-17 18:26:18 +05:30
# expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
# end
# end
# end
2018-03-17 18:26:18 +05:30
describe 'POST /internal/post_receive', :clean_gitlab_redis_shared_state do
let(:identifier) { 'key-123' }
let(:valid_params) do
{
gl_repository: gl_repository,
secret_token: secret_token,
identifier: identifier,
2019-02-15 15:39:39 +05:30
changes: changes,
push_options: push_options
2018-03-17 18:26:18 +05:30
}
end
2019-07-07 11:18:12 +05:30
let(:branch_name) { 'feature' }
2018-03-17 18:26:18 +05:30
let(:changes) do
2019-07-07 11:18:12 +05:30
"#{Gitlab::Git::BLANK_SHA} 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/#{branch_name}"
2018-03-17 18:26:18 +05:30
end
2019-02-15 15:39:39 +05:30
let(:push_options) do
['ci.skip',
'another push option']
end
2018-03-17 18:26:18 +05:30
before do
project.add_developer(user)
allow_any_instance_of(Gitlab::Identifier).to receive(:identify).and_return(user)
end
it 'enqueues a PostReceive worker job' do
expect(PostReceive).to receive(:perform_async)
2019-07-07 11:18:12 +05:30
.with(gl_repository, identifier, changes, { ci: { skip: true } })
2018-03-17 18:26:18 +05:30
2019-07-07 11:18:12 +05:30
post api('/internal/post_receive'), params: valid_params
2018-03-17 18:26:18 +05:30
end
it 'decreases the reference counter and returns the result' do
expect(Gitlab::ReferenceCounter).to receive(:new).with(gl_repository)
.and_return(reference_counter)
expect(reference_counter).to receive(:decrease).and_return(true)
2019-07-07 11:18:12 +05:30
post api('/internal/post_receive'), params: valid_params
2018-03-17 18:26:18 +05:30
expect(json_response['reference_counter_decreased']).to be(true)
end
it 'returns link to create new merge request' do
2019-07-07 11:18:12 +05:30
post api('/internal/post_receive'), params: valid_params
2018-03-17 18:26:18 +05:30
2019-12-04 20:38:33 +05:30
message = <<~MESSAGE.strip
To create a merge request for #{branch_name}, visit:
http://#{Gitlab.config.gitlab.host}/#{project.full_path}/merge_requests/new?merge_request%5Bsource_branch%5D=#{branch_name}
MESSAGE
expect(json_response['messages']).to include(build_basic_message(message))
2018-03-17 18:26:18 +05:30
end
2019-12-21 20:55:43 +05:30
it 'returns the link to an existing merge request when it exists' do
merge_request = create(:merge_request, source_project: project, source_branch: branch_name, target_branch: 'master')
post api('/internal/post_receive'), params: valid_params
message = <<~MESSAGE.strip
View merge request for feature:
#{project_merge_request_url(project, merge_request)}
MESSAGE
expect(json_response['messages']).to include(build_basic_message(message))
end
2019-12-04 20:38:33 +05:30
it 'returns no merge request messages if printing_merge_request_link_enabled is false' do
2018-03-17 18:26:18 +05:30
project.update!(printing_merge_request_link_enabled: false)
2019-07-07 11:18:12 +05:30
post api('/internal/post_receive'), params: valid_params
2018-03-17 18:26:18 +05:30
2019-12-04 20:38:33 +05:30
expect(json_response['messages']).to be_blank
2018-03-17 18:26:18 +05:30
end
2019-07-07 11:18:12 +05:30
it 'does not invoke MergeRequests::PushOptionsHandlerService' do
expect(MergeRequests::PushOptionsHandlerService).not_to receive(:new)
post api('/internal/post_receive'), params: valid_params
end
context 'when there are merge_request push options' do
before do
valid_params[:push_options] = ['merge_request.create']
end
it 'invokes MergeRequests::PushOptionsHandlerService' do
expect(MergeRequests::PushOptionsHandlerService).to receive(:new)
post api('/internal/post_receive'), params: valid_params
end
it 'creates a new merge request' do
expect do
2019-07-31 22:56:46 +05:30
Sidekiq::Testing.fake! do
post api('/internal/post_receive'), params: valid_params
end
2019-07-07 11:18:12 +05:30
end.to change { MergeRequest.count }.by(1)
end
it 'links to the newly created merge request' do
post api('/internal/post_receive'), params: valid_params
2019-12-04 20:38:33 +05:30
message = <<~MESSAGE.strip
View merge request for #{branch_name}:
http://#{Gitlab.config.gitlab.host}/#{project.full_path}/merge_requests/1
MESSAGE
expect(json_response['messages']).to include(build_basic_message(message))
2019-07-07 11:18:12 +05:30
end
it 'adds errors on the service instance to warnings' do
expect_any_instance_of(
MergeRequests::PushOptionsHandlerService
).to receive(:errors).at_least(:once).and_return(['my error'])
post api('/internal/post_receive'), params: valid_params
2019-12-04 20:38:33 +05:30
message = "WARNINGS:\nError encountered with push options 'merge_request.create': my error"
expect(json_response['messages']).to include(build_alert_message(message))
2019-07-07 11:18:12 +05:30
end
it 'adds ActiveRecord errors on invalid MergeRequest records to warnings' do
invalid_merge_request = MergeRequest.new
invalid_merge_request.errors.add(:base, 'my error')
expect_any_instance_of(
MergeRequests::CreateService
).to receive(:execute).and_return(invalid_merge_request)
post api('/internal/post_receive'), params: valid_params
2019-12-04 20:38:33 +05:30
message = "WARNINGS:\nError encountered with push options 'merge_request.create': my error"
expect(json_response['messages']).to include(build_alert_message(message))
2019-07-07 11:18:12 +05:30
end
end
2018-03-17 18:26:18 +05:30
context 'broadcast message exists' do
let!(:broadcast_message) { create(:broadcast_message, starts_at: 1.day.ago, ends_at: 1.day.from_now ) }
2019-12-04 20:38:33 +05:30
it 'outputs a broadcast message' do
2019-07-07 11:18:12 +05:30
post api('/internal/post_receive'), params: valid_params
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2019-12-04 20:38:33 +05:30
expect(json_response['messages']).to include(build_alert_message(broadcast_message.message))
2018-03-17 18:26:18 +05:30
end
end
context 'broadcast message does not exist' do
2019-12-04 20:38:33 +05:30
it 'does not output a broadcast message' do
2019-07-07 11:18:12 +05:30
post api('/internal/post_receive'), params: valid_params
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2019-12-04 20:38:33 +05:30
expect(has_alert_messages?(json_response['messages'])).to be_falsey
2018-03-17 18:26:18 +05:30
end
end
context 'nil broadcast message' do
2019-12-04 20:38:33 +05:30
it 'does not output a broadcast message' do
2018-03-17 18:26:18 +05:30
allow(BroadcastMessage).to receive(:current).and_return(nil)
2019-07-07 11:18:12 +05:30
post api('/internal/post_receive'), params: valid_params
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2019-12-04 20:38:33 +05:30
expect(has_alert_messages?(json_response['messages'])).to be_falsey
2018-03-17 18:26:18 +05:30
end
end
context 'with a redirected data' do
it 'returns redirected message on the response' do
project_moved = Gitlab::Checks::ProjectMoved.new(project, user, 'http', 'foo/baz')
project_moved.add_message
2019-07-07 11:18:12 +05:30
post api('/internal/post_receive'), params: valid_params
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2019-12-04 20:38:33 +05:30
expect(json_response['messages']).to include(build_basic_message(project_moved.message))
2018-03-17 18:26:18 +05:30
end
end
context 'with new project data' do
it 'returns new project message on the response' do
project_created = Gitlab::Checks::ProjectCreated.new(project, user, 'http')
project_created.add_message
2019-07-07 11:18:12 +05:30
post api('/internal/post_receive'), params: valid_params
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2019-12-04 20:38:33 +05:30
expect(json_response['messages']).to include(build_basic_message(project_created.message))
2018-03-17 18:26:18 +05:30
end
end
context 'with an orphaned write deploy key' do
it 'does not try to notify that project moved' do
allow_any_instance_of(Gitlab::Identifier).to receive(:identify).and_return(nil)
2019-07-07 11:18:12 +05:30
post api('/internal/post_receive'), params: valid_params
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
end
end
end
describe 'POST /internal/pre_receive' do
let(:valid_params) do
{ gl_repository: gl_repository, secret_token: secret_token }
end
it 'decreases the reference counter and returns the result' do
expect(Gitlab::ReferenceCounter).to receive(:new).with(gl_repository)
.and_return(reference_counter)
expect(reference_counter).to receive(:increase).and_return(true)
2019-02-15 15:39:39 +05:30
post api("/internal/pre_receive"), params: valid_params
2018-03-17 18:26:18 +05:30
expect(json_response['reference_counter_increased']).to be(true)
end
end
2018-03-27 19:54:05 +05:30
def gl_repository_for(project_or_wiki)
case project_or_wiki
when ProjectWiki
2019-07-07 11:18:12 +05:30
Gitlab::GlRepository::WIKI.identifier_for_subject(project_or_wiki.project)
2018-03-27 19:54:05 +05:30
when Project
2019-07-07 11:18:12 +05:30
Gitlab::GlRepository::PROJECT.identifier_for_subject(project_or_wiki)
2018-03-27 19:54:05 +05:30
else
nil
2017-08-17 22:00:37 +05:30
end
2016-09-13 17:45:13 +05:30
end
2016-08-24 12:49:21 +05:30
def pull(key, project, protocol = 'ssh')
2015-04-26 12:48:37 +05:30
post(
2014-09-02 18:07:02 +05:30
api("/internal/allowed"),
2019-02-15 15:39:39 +05:30
params: {
key_id: key.id,
project: project.full_path,
gl_repository: gl_repository_for(project),
action: 'git-upload-pack',
secret_token: secret_token,
protocol: protocol
}
2017-09-10 17:25:29 +05:30
)
end
2017-08-17 22:00:37 +05:30
def push(key, project, protocol = 'ssh', env: nil)
2018-11-08 19:23:39 +05:30
params = {
2015-04-26 12:48:37 +05:30
changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master',
2014-09-02 18:07:02 +05:30
key_id: key.id,
2018-03-27 19:54:05 +05:30
project: project.full_path,
gl_repository: gl_repository_for(project),
2017-09-10 17:25:29 +05:30
action: 'git-receive-pack',
secret_token: secret_token,
protocol: protocol,
env: env
2018-11-08 19:23:39 +05:30
}
2019-02-15 15:39:39 +05:30
post(
api("/internal/allowed"),
params: params
)
2017-09-10 17:25:29 +05:30
end
2014-09-02 18:07:02 +05:30
def archive(key, project)
2015-04-26 12:48:37 +05:30
post(
2014-09-02 18:07:02 +05:30
api("/internal/allowed"),
2019-02-15 15:39:39 +05:30
params: {
ref: 'master',
key_id: key.id,
project: project.full_path,
gl_repository: gl_repository_for(project),
action: 'git-upload-archive',
secret_token: secret_token,
protocol: 'ssh'
}
2014-09-02 18:07:02 +05:30
)
end
2016-09-29 09:46:39 +05:30
2018-11-18 11:00:15 +05:30
def lfs_auth_project(project)
post(
api("/internal/lfs_authenticate"),
2019-02-15 15:39:39 +05:30
params: {
secret_token: secret_token,
project: project.full_path
}
2018-11-18 11:00:15 +05:30
)
end
def lfs_auth_key(key_id, project)
2016-09-29 09:46:39 +05:30
post(
api("/internal/lfs_authenticate"),
2019-02-15 15:39:39 +05:30
params: {
key_id: key_id,
secret_token: secret_token,
project: project.full_path
}
2016-09-29 09:46:39 +05:30
)
end
2018-11-18 11:00:15 +05:30
def lfs_auth_user(user_id, project)
post(
api("/internal/lfs_authenticate"),
2019-02-15 15:39:39 +05:30
params: {
user_id: user_id,
secret_token: secret_token,
project: project.full_path
}
2018-11-18 11:00:15 +05:30
)
end
2019-12-04 20:38:33 +05:30
def build_alert_message(message)
{ 'type' => 'alert', 'message' => message }
end
def build_basic_message(message)
{ 'type' => 'basic', 'message' => message }
end
def has_alert_messages?(messages)
messages.any? do |message|
message['type'] == 'alert'
end
end
2014-09-02 18:07:02 +05:30
end