395 lines
13 KiB
Ruby
395 lines
13 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'spec_helper'
|
|
|
|
RSpec.describe Projects::DeployKeysController do
|
|
let(:project) { create(:project, :repository) }
|
|
let(:user) { create(:user) }
|
|
let(:admin) { create(:admin) }
|
|
|
|
before do
|
|
project.add_maintainer(user)
|
|
|
|
sign_in(user)
|
|
end
|
|
|
|
describe 'GET index' do
|
|
let(:params) do
|
|
{ namespace_id: project.namespace, project_id: project }
|
|
end
|
|
|
|
context 'when html requested' do
|
|
it 'redirects to project settings with the correct anchor' do
|
|
get :index, params: params
|
|
|
|
expect(response).to redirect_to(project_settings_repository_path(project, anchor: 'js-deploy-keys-settings'))
|
|
end
|
|
end
|
|
|
|
context 'when json requested' do
|
|
let(:project2) { create(:project, :internal) }
|
|
let(:project_private) { create(:project, :private) }
|
|
|
|
let(:deploy_key_internal) { create(:deploy_key) }
|
|
let(:deploy_key_actual) { create(:deploy_key) }
|
|
let!(:deploy_key_public) { create(:deploy_key, public: true) }
|
|
|
|
let!(:deploy_keys_project_internal) do
|
|
create(:deploy_keys_project, project: project2, deploy_key: deploy_key_internal)
|
|
end
|
|
|
|
let!(:deploy_keys_project_actual) do
|
|
create(:deploy_keys_project, project: project, deploy_key: deploy_key_actual)
|
|
end
|
|
|
|
let!(:deploy_keys_project_private) do
|
|
create(:deploy_keys_project, project: project_private, deploy_key: create(:another_deploy_key))
|
|
end
|
|
|
|
context 'when user has access to all projects where deploy keys are used' do
|
|
before do
|
|
project2.add_developer(user)
|
|
end
|
|
|
|
it 'returns json in a correct format' do
|
|
get :index, params: params.merge(format: :json)
|
|
|
|
expect(json_response.keys).to match_array(%w(enabled_keys available_project_keys public_keys))
|
|
expect(json_response['enabled_keys'].count).to eq(1)
|
|
expect(json_response['available_project_keys'].count).to eq(1)
|
|
expect(json_response['public_keys'].count).to eq(1)
|
|
end
|
|
end
|
|
|
|
context 'when user has no access to all projects where deploy keys are used' do
|
|
it 'returns json in a correct format' do
|
|
get :index, params: params.merge(format: :json)
|
|
|
|
expect(json_response['available_project_keys'].count).to eq(0)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'POST create' do
|
|
let(:deploy_key_content) { attributes_for(:deploy_key)[:key] }
|
|
|
|
def create_params(title = 'my-key')
|
|
{
|
|
namespace_id: project.namespace.path,
|
|
project_id: project.path,
|
|
deploy_key: {
|
|
title: title,
|
|
key: deploy_key_content,
|
|
deploy_keys_projects_attributes: { '0' => { can_push: '1' } }
|
|
}
|
|
}
|
|
end
|
|
|
|
it 'creates a new deploy key for the project' do
|
|
expect { post :create, params: create_params }.to change(project.deploy_keys, :count).by(1)
|
|
|
|
expect(response).to redirect_to(project_settings_repository_path(project, anchor: 'js-deploy-keys-settings'))
|
|
end
|
|
|
|
it 'redirects to project settings with the correct anchor' do
|
|
post :create, params: create_params
|
|
|
|
expect(response).to redirect_to(project_settings_repository_path(project, anchor: 'js-deploy-keys-settings'))
|
|
end
|
|
|
|
context 'when the deploy key has an invalid title' do
|
|
it 'shows an alert with the validations errors' do
|
|
post :create, params: create_params(nil)
|
|
|
|
expect(flash[:alert]).to eq("Title can't be blank, Deploy keys projects deploy key title can't be blank")
|
|
end
|
|
end
|
|
|
|
context 'when the deploy key is not supported SSH public key' do
|
|
let(:deploy_key_content) { 'bogus ssh public key' }
|
|
|
|
it 'shows an alert with a help link' do
|
|
post :create, params: create_params
|
|
|
|
expect(assigns(:key).errors.count).to be > 1
|
|
expect(flash[:alert]).to eq('Deploy Key must be a <a target="_blank" rel="noopener noreferrer" ' \
|
|
'href="/help/user/ssh#supported-ssh-key-types">supported SSH public key.</a>')
|
|
end
|
|
end
|
|
|
|
context 'when the deploy key already exists' do
|
|
before do
|
|
create(:deploy_key, title: 'my-key', key: deploy_key_content, projects: [project])
|
|
end
|
|
|
|
it 'shows an alert with the validations errors' do
|
|
post :create, params: create_params
|
|
|
|
expect(flash[:alert]).to eq("Fingerprint sha256 has already been taken, " \
|
|
"Deploy keys projects deploy key fingerprint sha256 has already been taken")
|
|
end
|
|
end
|
|
end
|
|
|
|
describe '/enable/:id' do
|
|
let(:deploy_key) { create(:deploy_key) }
|
|
let(:project2) { create(:project) }
|
|
let!(:deploy_keys_project_internal) do
|
|
create(:deploy_keys_project, project: project2, deploy_key: deploy_key)
|
|
end
|
|
|
|
context 'with anonymous user' do
|
|
before do
|
|
sign_out(:user)
|
|
end
|
|
|
|
it 'redirects to login' do
|
|
expect do
|
|
put :enable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
|
|
end.not_to change { DeployKeysProject.count }
|
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
|
expect(response).to redirect_to(new_user_session_path)
|
|
end
|
|
end
|
|
|
|
context 'with user with no permission' do
|
|
before do
|
|
sign_in(create(:user))
|
|
end
|
|
|
|
it 'returns 404' do
|
|
expect do
|
|
put :enable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
|
|
end.not_to change { DeployKeysProject.count }
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
end
|
|
end
|
|
|
|
context 'with user with permission' do
|
|
before do
|
|
project2.add_maintainer(user)
|
|
end
|
|
|
|
it 'returns 302' do
|
|
expect do
|
|
put :enable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
|
|
end.to change { DeployKeysProject.count }.by(1)
|
|
|
|
expect(DeployKeysProject.where(project_id: project.id, deploy_key_id: deploy_key.id).count).to eq(1)
|
|
expect(response).to have_gitlab_http_status(:found)
|
|
expect(response).to redirect_to(namespace_project_settings_repository_path(anchor: 'js-deploy-keys-settings'))
|
|
end
|
|
|
|
it 'returns 404' do
|
|
put :enable, params: { id: 0, namespace_id: project.namespace, project_id: project }
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
end
|
|
end
|
|
|
|
context 'with admin', :enable_admin_mode do
|
|
before do
|
|
sign_in(admin)
|
|
end
|
|
|
|
it 'returns 302' do
|
|
expect do
|
|
put :enable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
|
|
end.to change { DeployKeysProject.count }.by(1)
|
|
|
|
expect(DeployKeysProject.where(project_id: project.id, deploy_key_id: deploy_key.id).count).to eq(1)
|
|
expect(response).to have_gitlab_http_status(:found)
|
|
expect(response).to redirect_to(namespace_project_settings_repository_path(anchor: 'js-deploy-keys-settings'))
|
|
end
|
|
end
|
|
end
|
|
|
|
describe '/disable/:id' do
|
|
let(:deploy_key) { create(:deploy_key) }
|
|
let!(:deploy_key_project) { create(:deploy_keys_project, project: project, deploy_key: deploy_key) }
|
|
|
|
context 'with anonymous user' do
|
|
before do
|
|
sign_out(:user)
|
|
end
|
|
|
|
it 'redirects to login' do
|
|
put :disable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
|
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
|
expect(response).to redirect_to(new_user_session_path)
|
|
expect(DeployKey.find(deploy_key.id)).to eq(deploy_key)
|
|
end
|
|
end
|
|
|
|
context 'with user with no permission' do
|
|
before do
|
|
sign_in(create(:user))
|
|
end
|
|
|
|
it 'returns 404' do
|
|
put :disable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
expect(DeployKey.find(deploy_key.id)).to eq(deploy_key)
|
|
end
|
|
end
|
|
|
|
context 'with user with permission' do
|
|
it 'returns 302' do
|
|
put :disable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
|
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
|
expect(response).to redirect_to(namespace_project_settings_repository_path(anchor: 'js-deploy-keys-settings'))
|
|
|
|
expect { DeployKey.find(deploy_key.id) }.to raise_error(ActiveRecord::RecordNotFound)
|
|
end
|
|
|
|
it 'returns 404' do
|
|
put :disable, params: { id: 0, namespace_id: project.namespace, project_id: project }
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
end
|
|
end
|
|
|
|
context 'with admin', :enable_admin_mode do
|
|
before do
|
|
sign_in(admin)
|
|
end
|
|
|
|
it 'returns 302' do
|
|
expect do
|
|
put :disable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
|
|
end.to change { DeployKey.count }.by(-1)
|
|
|
|
expect(response).to have_gitlab_http_status(:found)
|
|
expect(response).to redirect_to(namespace_project_settings_repository_path(anchor: 'js-deploy-keys-settings'))
|
|
|
|
expect { DeployKey.find(deploy_key.id) }.to raise_error(ActiveRecord::RecordNotFound)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'PUT update' do
|
|
let(:extra_params) { {} }
|
|
|
|
subject do
|
|
put :update, params: extra_params.reverse_merge(id: deploy_key.id,
|
|
namespace_id: project.namespace,
|
|
project_id: project)
|
|
end
|
|
|
|
def deploy_key_params(title, can_push)
|
|
deploy_keys_projects_attributes = { '0' => { can_push: can_push } }
|
|
{ deploy_key: { title: title, deploy_keys_projects_attributes: deploy_keys_projects_attributes } }
|
|
end
|
|
|
|
let(:deploy_key) { create(:deploy_key, public: true) }
|
|
let(:project) { create(:project) }
|
|
let!(:deploy_keys_project) do
|
|
create(:deploy_keys_project, project: project, deploy_key: deploy_key)
|
|
end
|
|
|
|
context 'with project maintainer' do
|
|
before do
|
|
project.add_maintainer(user)
|
|
end
|
|
|
|
context 'public deploy key attached to project' do
|
|
let(:extra_params) { deploy_key_params('updated title', '1') }
|
|
|
|
it 'does not update the title of the deploy key' do
|
|
expect { subject }.not_to change { deploy_key.reload.title }
|
|
end
|
|
|
|
it 'updates can_push of deploy_keys_project' do
|
|
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'with admin', :enable_admin_mode do
|
|
before do
|
|
sign_in(admin)
|
|
end
|
|
|
|
context 'public deploy key attached to project' do
|
|
let(:extra_params) { deploy_key_params('updated title', '1') }
|
|
|
|
it 'updates the title of the deploy key' do
|
|
expect { subject }.to change { deploy_key.reload.title }.to('updated title')
|
|
end
|
|
|
|
it 'updates can_push of deploy_keys_project' do
|
|
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
|
|
end
|
|
end
|
|
|
|
context 'when a different deploy key id param is injected' do
|
|
let(:extra_params) { deploy_key_params('updated title', '1') }
|
|
let(:hacked_params) do
|
|
extra_params.reverse_merge(id: other_deploy_key_id,
|
|
namespace_id: project.namespace,
|
|
project_id: project)
|
|
end
|
|
|
|
subject { put :update, params: hacked_params }
|
|
|
|
context 'and that deploy key id exists' do
|
|
let(:other_project) { create(:project) }
|
|
let(:other_deploy_key) do
|
|
key = create(:deploy_key)
|
|
project.deploy_keys << key
|
|
key
|
|
end
|
|
|
|
let(:other_deploy_key_id) { other_deploy_key.id }
|
|
|
|
it 'does not update the can_push attribute' do
|
|
expect { subject }.not_to change { deploy_key.deploy_keys_project_for(project).can_push }
|
|
end
|
|
end
|
|
|
|
context 'and that deploy key id does not exist' do
|
|
let(:other_deploy_key_id) { 9999 }
|
|
|
|
it 'returns 404' do
|
|
subject
|
|
|
|
expect(response).to have_gitlab_http_status(:not_found)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'with admin as project maintainer' do
|
|
before do
|
|
sign_in(admin)
|
|
project.add_maintainer(admin)
|
|
end
|
|
|
|
context 'public deploy key attached to project' do
|
|
let(:extra_params) { deploy_key_params('updated title', '1') }
|
|
|
|
context 'admin mode disabled' do
|
|
it 'does not update the title of the deploy key' do
|
|
expect { subject }.not_to change { deploy_key.reload.title }
|
|
end
|
|
end
|
|
|
|
context 'admin mode enabled', :enable_admin_mode do
|
|
it 'updates the title of the deploy key' do
|
|
expect { subject }.to change { deploy_key.reload.title }.to('updated title')
|
|
end
|
|
end
|
|
|
|
it 'updates can_push of deploy_keys_project' do
|
|
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|