debian-mirror-gitlab/spec/requests/api/rubygem_packages_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe API::RubygemPackages do
  using RSpec::Parameterized::TableSyntax

  let_it_be(:project) { create(:project) }
  let_it_be(:personal_access_token) { create(:personal_access_token) }
  let_it_be(:user) { personal_access_token.user }
  let_it_be(:job) { create(:ci_build, :running, user: user) }
  let_it_be(:deploy_token) { create(:deploy_token, read_package_registry: true, write_package_registry: true) }
  let_it_be(:project_deploy_token) { create(:project_deploy_token, deploy_token: deploy_token, project: project) }
  let_it_be(:headers) { {} }

  shared_examples 'when feature flag is disabled' do
    let(:headers) do
      { 'HTTP_AUTHORIZATION' => personal_access_token.token }
    end

    before do
      stub_feature_flags(rubygem_packages: false)
    end

    it_behaves_like 'returning response status', :not_found
  end

  shared_examples 'when package feature is disabled' do
    before do
      stub_config(packages: { enabled: false })
    end

    it_behaves_like 'returning response status', :not_found
  end

  shared_examples 'without authentication' do
    it_behaves_like 'returning response status', :unauthorized
  end

  shared_examples 'with authentication' do
    let(:headers) do
      { 'HTTP_AUTHORIZATION' => token }
    end

    let(:tokens) do
      {
        personal_access_token: personal_access_token.token,
        deploy_token: deploy_token.token,
        job_token: job.token
      }
    end

    where(:user_role, :token_type, :valid_token, :status) do
      :guest     | :personal_access_token   | true  | :not_found
      :guest     | :personal_access_token   | false | :unauthorized
      :guest     | :deploy_token            | true  | :not_found
      :guest     | :deploy_token            | false | :unauthorized
      :guest     | :job_token               | true  | :not_found
      :guest     | :job_token               | false | :unauthorized
      :reporter  | :personal_access_token   | true  | :not_found
      :reporter  | :personal_access_token   | false | :unauthorized
      :reporter  | :deploy_token            | true  | :not_found
      :reporter  | :deploy_token            | false | :unauthorized
      :reporter  | :job_token               | true  | :not_found
      :reporter  | :job_token               | false | :unauthorized
      :developer | :personal_access_token   | true  | :not_found
      :developer | :personal_access_token   | false | :unauthorized
      :developer | :deploy_token            | true  | :not_found
      :developer | :deploy_token            | false | :unauthorized
      :developer | :job_token               | true  | :not_found
      :developer | :job_token               | false | :unauthorized
    end

    with_them do
      before do
        project.send("add_#{user_role}", user) unless user_role == :anonymous
      end

      let(:token) { valid_token ? tokens[token_type] : 'invalid-token123' }

      it_behaves_like 'returning response status', params[:status]
    end
  end

  shared_examples 'an unimplemented route' do
    it_behaves_like 'without authentication'
    it_behaves_like 'with authentication'
    it_behaves_like 'when feature flag is disabled'
    it_behaves_like 'when package feature is disabled'
  end

  describe 'GET /api/v4/projects/:project_id/packages/rubygems/:filename' do
    let(:url) { api("/projects/#{project.id}/packages/rubygems/specs.4.8.gz") }

    subject { get(url, headers: headers) }

    it_behaves_like 'an unimplemented route'
  end

  describe 'GET /api/v4/projects/:project_id/packages/rubygems/quick/Marshal.4.8/:file_name' do
    let(:url) { api("/projects/#{project.id}/packages/rubygems/quick/Marshal.4.8/my_gem-1.0.0.gemspec.rz") }

    subject { get(url, headers: headers) }

    it_behaves_like 'an unimplemented route'
  end

  describe 'GET /api/v4/projects/:project_id/packages/rubygems/gems/:file_name' do
    let(:url) { api("/projects/#{project.id}/packages/rubygems/gems/my_gem-1.0.0.gem") }

    subject { get(url, headers: headers) }

    it_behaves_like 'an unimplemented route'
  end

  describe 'POST /api/v4/projects/:project_id/packages/rubygems/api/v1/gems/authorize' do
    let(:url) { api("/projects/#{project.id}/packages/rubygems/api/v1/gems/authorize") }

    subject { post(url, headers: headers) }

    it_behaves_like 'an unimplemented route'
  end

  describe 'POST /api/v4/projects/:project_id/packages/rubygems/api/v1/gems' do
    let(:url) { api("/projects/#{project.id}/packages/rubygems/api/v1/gems") }

    subject { post(url, headers: headers) }

    it_behaves_like 'an unimplemented route'
  end

  describe 'GET /api/v4/projects/:project_id/packages/rubygems/api/v1/dependencies' do
    let(:url) { api("/projects/#{project.id}/packages/rubygems/api/v1/dependencies") }

    subject { get(url, headers: headers) }

    it_behaves_like 'an unimplemented route'
  end
end