# frozen_string_literal: true require 'spec_helper' RSpec.describe Projects::HooksController, feature_category: :integrations do include AfterNextHelpers let_it_be(:project) { create(:project) } let(:user) { project.first_owner } before do sign_in(user) end describe '#index' do it 'renders index with 200 status code' do get :index, params: { namespace_id: project.namespace, project_id: project } expect(response).to have_gitlab_http_status(:ok) expect(response).to render_template(:index) end end describe '#update' do let_it_be(:hook) { create(:project_hook, project: project) } let(:params) do { namespace_id: project.namespace, project_id: project, id: hook.id } end context 'with an existing token' do hook_params = { token: WebHook::SECRET_MASK, url: "http://example.com" } it 'does not change a token' do expect do post :update, params: params.merge({ hook: hook_params }) end.not_to change { hook.reload.token } expect(response).to have_gitlab_http_status(:found) expect(flash[:alert]).to be_blank end end it 'adds, updates and deletes URL variables' do hook.update!(url_variables: { 'a' => 'bar', 'b' => 'woo' }) params[:hook] = { url_variables: [ { key: 'a', value: 'updated' }, { key: 'b', value: nil }, { key: 'c', value: 'new' } ] } put :update, params: params expect(response).to have_gitlab_http_status(:found) expect(flash[:notice]).to include('was updated') expect(hook.reload.url_variables).to eq( 'a' => 'updated', 'c' => 'new' ) end end describe '#edit' do let_it_be(:hook) { create(:project_hook, project: project) } let(:params) do { namespace_id: project.namespace, project_id: project, id: hook.id } end render_views it 'does not error if the hook cannot be found' do get :edit, params: params.merge(id: non_existing_record_id) expect(response).to have_gitlab_http_status(:not_found) end it 'assigns hook_logs' do get :edit, params: params expect(assigns[:hook]).to be_present expect(assigns[:hook_logs]).to be_empty it_renders_correctly end it 'handles when logs are present' do create_list(:web_hook_log, 3, web_hook: hook) get :edit, params: params expect(assigns[:hook]).to be_present expect(assigns[:hook_logs].count).to eq 3 it_renders_correctly end it 'can paginate logs' do create_list(:web_hook_log, 21, web_hook: hook) get :edit, params: params.merge(page: 2) expect(assigns[:hook]).to be_present expect(assigns[:hook_logs].count).to eq 1 it_renders_correctly end def it_renders_correctly expect(response).to have_gitlab_http_status(:ok) expect(response).to render_template(:edit) expect(response).to render_template('shared/hook_logs/_index') end end describe '#create' do it 'sets all parameters' do hook_params = { enable_ssl_verification: true, token: 'TEST TOKEN', url: 'http://example.com', branch_filter_strategy: 'regex', push_events: true, tag_push_events: true, merge_requests_events: true, issues_events: true, confidential_note_events: true, confidential_issues_events: true, note_events: true, job_events: true, pipeline_events: true, wiki_page_events: true, deployment_events: true, url_variables: [{ key: 'token', value: 'some secret value' }] } params = { namespace_id: project.namespace, project_id: project, hook: hook_params } expect { post :create, params: params }.to change(ProjectHook, :count).by(1) project_hook = ProjectHook.order_id_desc.take expect(project_hook).to have_attributes( **hook_params.merge(url_variables: { 'token' => 'some secret value' }) ) expect(response).to have_gitlab_http_status(:found) expect(flash[:alert]).to be_blank end it 'alerts the user if the new hook is invalid' do hook_params = { token: "TEST\nTOKEN", url: "http://example.com" } post :create, params: { namespace_id: project.namespace, project_id: project, hook: hook_params } expect(flash[:alert]).to be_present expect(ProjectHook.count).to eq(0) end end describe 'DELETE #destroy' do let!(:hook) { create(:project_hook, project: project) } let!(:log) { create(:web_hook_log, web_hook: hook) } let(:params) { { namespace_id: project.namespace, project_id: project, id: hook } } it_behaves_like 'Web hook destroyer' context 'when user does not have permission' do let(:user) { create(:user, developer_projects: [project]) } it 'renders a 404' do delete :destroy, params: params expect(response).to have_gitlab_http_status(:not_found) end end end describe '#test' do let(:hook) { create(:project_hook, project: project) } context 'when the hook executes successfully' do before do stub_request(:post, hook.url).to_return(status: 200) end it 'informs the user' do post :test, params: { namespace_id: project.namespace, project_id: project, id: hook } expect(flash[:notice]).to include('executed successfully') expect(flash[:notice]).to include('HTTP 200') end end context 'when the hook runs, but fails' do before do stub_request(:post, hook.url).to_return(status: 400) end it 'informs the user' do post :test, params: { namespace_id: project.namespace, project_id: project, id: hook } expect(flash[:alert]).to include('executed successfully but') expect(flash[:alert]).to include('HTTP 400') end end context 'when the hook fails completely' do before do allow_next(::TestHooks::ProjectService) .to receive(:execute).and_return(ServiceResponse.error(message: 'All is woe')) end it 'informs the user' do post :test, params: { namespace_id: project.namespace, project_id: project, id: hook } expect(flash[:alert]).to include('failed: All is woe') end end context 'when the endpoint receives requests above the limit', :freeze_time, :clean_gitlab_redis_rate_limiting do before do allow(Gitlab::ApplicationRateLimiter).to receive(:rate_limits) .and_return(project_testing_hook: { threshold: 1, interval: 1.minute }) end it 'prevents making test requests' do expect_next_instance_of(TestHooks::ProjectService) do |service| expect(service).to receive(:execute).and_return(ServiceResponse.success(payload: { http_status: 200 })) end 2.times { post :test, params: { namespace_id: project.namespace, project_id: project, id: hook } } expect(response.body).to eq(_('This endpoint has been requested too many times. Try again later.')) expect(response).to have_gitlab_http_status(:too_many_requests) end end end end