142 lines
3.9 KiB
Ruby
142 lines
3.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'spec_helper'
|
|
require 'stringio'
|
|
|
|
RSpec.describe Gitlab::Shell, feature_category: :source_code_management do
|
|
let_it_be(:project) { create(:project, :repository) }
|
|
|
|
let(:repository) { project.repository }
|
|
let(:gitlab_shell) { described_class.new }
|
|
|
|
before do
|
|
described_class.instance_variable_set(:@secret_token, nil)
|
|
end
|
|
|
|
describe '.verify_api_request' do
|
|
subject { described_class.verify_api_request(headers) }
|
|
|
|
let(:encoded_token) { JWT.encode(payload, described_class.secret_token, 'HS256') }
|
|
let(:payload) { { 'iss' => described_class::JWT_ISSUER } }
|
|
let(:headers) { { described_class::API_HEADER => encoded_token } }
|
|
|
|
it 'returns the decoded JWT' do
|
|
is_expected.to eq([
|
|
{ 'iss' => described_class::JWT_ISSUER },
|
|
{ 'alg' => 'HS256' }
|
|
])
|
|
end
|
|
|
|
context 'when secret is wrong' do
|
|
let(:encoded_token) { JWT.encode(payload, 'wrong secret', 'HS256') }
|
|
|
|
it 'returns nil' do
|
|
is_expected.to be_nil
|
|
end
|
|
end
|
|
|
|
context 'when issuer is wrong' do
|
|
let(:payload) { { 'iss' => 'wrong issuer' } }
|
|
|
|
it 'returns nil' do
|
|
is_expected.to be_nil
|
|
end
|
|
end
|
|
end
|
|
|
|
describe '.header_set?' do
|
|
subject { described_class.header_set?(headers) }
|
|
|
|
let(:headers) { { described_class::API_HEADER => 'token' } }
|
|
|
|
it { is_expected.to be_truthy }
|
|
|
|
context 'when header is missing' do
|
|
let(:headers) { { 'another_header' => 'token' } }
|
|
|
|
it { is_expected.to be_falsey }
|
|
end
|
|
end
|
|
|
|
describe '.secret_token' do
|
|
let(:secret_file) { 'tmp/tests/.secret_shell_test' }
|
|
let(:link_file) { 'tmp/tests/shell-secret-test/.gitlab_shell_secret' }
|
|
|
|
before do
|
|
allow(Gitlab.config.gitlab_shell).to receive(:secret_file).and_return(secret_file)
|
|
allow(Gitlab.config.gitlab_shell).to receive(:path).and_return('tmp/tests/shell-secret-test')
|
|
FileUtils.mkdir('tmp/tests/shell-secret-test')
|
|
end
|
|
|
|
after do
|
|
FileUtils.rm_rf('tmp/tests/shell-secret-test')
|
|
FileUtils.rm_rf(secret_file)
|
|
end
|
|
|
|
shared_examples 'creates and links the secret token file' do
|
|
it 'creates and links the secret token file' do
|
|
secret_token = described_class.secret_token
|
|
|
|
expect(File.exist?(secret_file)).to be(true)
|
|
expect(File.read(secret_file).chomp).to eq(secret_token)
|
|
expect(File.symlink?(link_file)).to be(true)
|
|
expect(File.readlink(link_file)).to eq(secret_file)
|
|
end
|
|
end
|
|
|
|
describe 'memoized secret_token' do
|
|
before do
|
|
described_class.ensure_secret_token!
|
|
end
|
|
|
|
it_behaves_like 'creates and links the secret token file'
|
|
end
|
|
|
|
context 'when link_file is a broken symbolic link' do
|
|
before do
|
|
File.symlink('tmp/tests/non_existing_file', link_file)
|
|
described_class.ensure_secret_token!
|
|
end
|
|
|
|
it_behaves_like 'creates and links the secret token file'
|
|
end
|
|
|
|
context 'when secret_file exists' do
|
|
let(:secret_token) { 'secret-token' }
|
|
|
|
before do
|
|
File.write(secret_file, 'secret-token')
|
|
described_class.ensure_secret_token!
|
|
end
|
|
|
|
it_behaves_like 'creates and links the secret token file'
|
|
|
|
it 'reads the token from the existing file' do
|
|
expect(described_class.secret_token).to eq(secret_token)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'namespace actions' do
|
|
subject { described_class.new }
|
|
|
|
let(:storage) { Gitlab.config.repositories.storages.each_key.first }
|
|
|
|
describe '#repository_exists?' do
|
|
context 'when the repository does not exist' do
|
|
it 'returns false' do
|
|
expect(subject.repository_exists?(storage, "non-existing.git")).to be(false)
|
|
end
|
|
end
|
|
|
|
context 'when the repository exists' do
|
|
it 'returns true' do
|
|
project = create(:project, :repository, :legacy_storage)
|
|
|
|
expect(subject.repository_exists?(storage, project.repository.disk_path + ".git")).to be(true)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|