From 0d05400bdee182de0564e4b0ac85f9365aa76adb Mon Sep 17 00:00:00 2001 From: Marvin Frick Date: Tue, 10 Jun 2014 21:21:28 +0200 Subject: removes api credentials from link to build_page Also adds a spec for MergeRequestHelper to avoid having a regression later on. --- app/helpers/merge_requests_helper.rb | 9 ++++++++- spec/helpers/merge_request_helper_spec.rb | 22 ++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 spec/helpers/merge_request_helper_spec.rb diff --git a/app/helpers/merge_requests_helper.rb b/app/helpers/merge_requests_helper.rb index 6c32647594d..9a9eaa05c6d 100644 --- a/app/helpers/merge_requests_helper.rb +++ b/app/helpers/merge_requests_helper.rb @@ -27,7 +27,14 @@ module MergeRequestsHelper end def ci_build_details_path(merge_request) - merge_request.source_project.ci_service.build_page(merge_request.last_commit.sha, merge_request.source_branch) + build_url = merge_request.source_project.ci_service.build_page(merge_request.last_commit.sha, merge_request.source_branch) + parsed_url = URI.parse(build_url) + + unless parsed_url.userinfo.blank? + parsed_url.userinfo = '' + end + + parsed_url.to_s end def merge_path_description(merge_request, separator) diff --git a/spec/helpers/merge_request_helper_spec.rb b/spec/helpers/merge_request_helper_spec.rb new file mode 100644 index 00000000000..5363511706e --- /dev/null +++ b/spec/helpers/merge_request_helper_spec.rb @@ -0,0 +1,22 @@ +require "spec_helper" + +describe MergeRequestsHelper do + let(:project) { create :project } + let(:merge_request) { MergeRequest.new } + let(:ci_service) { CiService.new } + let(:last_commit) { Commit.new({}) } + + before do + merge_request.stub(:source_project) { project } + merge_request.stub(:last_commit) { last_commit } + project.stub(:ci_service) { ci_service } + last_commit.stub(:sha) { '12d65c' } + end + + describe :ci_build_details_path do + it 'does not include api credentials in a link' do + ci_service.stub(:build_page) { "http://secretuser:secretpass@jenkins.example.com:8888/job/test1/scm/bySHA1/12d65c" } + expect(ci_build_details_path(merge_request)).to_not match("secret") + end + end +end \ No newline at end of file -- cgit v1.2.1 From f898e52a00741c620733853bb834d89695ce50ec Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Tue, 22 Dec 2015 00:20:32 +0100 Subject: ci_build_details_path should return nil if builds_page result is nil This is required since we parse URI later and remove the credentials --- app/helpers/merge_requests_helper.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/helpers/merge_requests_helper.rb b/app/helpers/merge_requests_helper.rb index 9a9eaa05c6d..1dd07a2a220 100644 --- a/app/helpers/merge_requests_helper.rb +++ b/app/helpers/merge_requests_helper.rb @@ -28,6 +28,8 @@ module MergeRequestsHelper def ci_build_details_path(merge_request) build_url = merge_request.source_project.ci_service.build_page(merge_request.last_commit.sha, merge_request.source_branch) + return nil unless build_url + parsed_url = URI.parse(build_url) unless parsed_url.userinfo.blank? -- cgit v1.2.1 From a495b9bc184c799097be1ff72e5328c7080cceb6 Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Tue, 22 Dec 2015 00:20:54 +0100 Subject: Deprecate GitLabCiService making it to always be inactive --- app/models/project_services/gitlab_ci_service.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app/models/project_services/gitlab_ci_service.rb b/app/models/project_services/gitlab_ci_service.rb index d73182d40ac..b64d97ce75d 100644 --- a/app/models/project_services/gitlab_ci_service.rb +++ b/app/models/project_services/gitlab_ci_service.rb @@ -18,6 +18,11 @@ # note_events :boolean default(TRUE), not null # +# TODO(ayufan): The GitLabCiService is deprecated and the type should be removed when the database entries are removed class GitlabCiService < CiService - # this is no longer used + # We override the active accessor to always make GitLabCiService disabled + # Otherwise the GitLabCiService can be picked, but should never be since it's deprecated + def active + false + end end -- cgit v1.2.1 From f8986e4bb6dbeb1e340d5963e721136e7a01ea1d Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Tue, 22 Dec 2015 00:21:54 +0100 Subject: Update CHANGELOG --- CHANGELOG | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index bd566fd9f49..10e3424c48e 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -12,6 +12,8 @@ v 8.3.0 - Add button to automatically merge a merge request when the build succeeds (Zeger-Jan van de Weg) - Provide better diagnostic message upon project creation errors (Stan Hu) - Bump devise to 3.5.3 to fix reset token expiring after account creation (Stan Hu) + - Remove api credentials from link to build_page + - Deprecate GitLabCiService making it to always be inactive - Bump gollum-lib to 4.1.0 (Stan Hu) - Fix broken group avatar upload under "New group" (Stan Hu) - Update project repositorize size and commit count during import:repos task (Stan Hu) -- cgit v1.2.1 From 09008026f6ed5eebc94cbaaa8edf323c8aaad280 Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Mon, 21 Dec 2015 21:57:51 -0500 Subject: Move `ci_build_details_path` helper spec to correct location Also, make it not fail. --- spec/helpers/merge_request_helper_spec.rb | 22 ---------------------- spec/helpers/merge_requests_helper_spec.rb | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+), 22 deletions(-) delete mode 100644 spec/helpers/merge_request_helper_spec.rb diff --git a/spec/helpers/merge_request_helper_spec.rb b/spec/helpers/merge_request_helper_spec.rb deleted file mode 100644 index 5363511706e..00000000000 --- a/spec/helpers/merge_request_helper_spec.rb +++ /dev/null @@ -1,22 +0,0 @@ -require "spec_helper" - -describe MergeRequestsHelper do - let(:project) { create :project } - let(:merge_request) { MergeRequest.new } - let(:ci_service) { CiService.new } - let(:last_commit) { Commit.new({}) } - - before do - merge_request.stub(:source_project) { project } - merge_request.stub(:last_commit) { last_commit } - project.stub(:ci_service) { ci_service } - last_commit.stub(:sha) { '12d65c' } - end - - describe :ci_build_details_path do - it 'does not include api credentials in a link' do - ci_service.stub(:build_page) { "http://secretuser:secretpass@jenkins.example.com:8888/job/test1/scm/bySHA1/12d65c" } - expect(ci_build_details_path(merge_request)).to_not match("secret") - end - end -end \ No newline at end of file diff --git a/spec/helpers/merge_requests_helper_spec.rb b/spec/helpers/merge_requests_helper_spec.rb index 28fb3216f60..600e1c4e9ec 100644 --- a/spec/helpers/merge_requests_helper_spec.rb +++ b/spec/helpers/merge_requests_helper_spec.rb @@ -1,6 +1,26 @@ require 'spec_helper' describe MergeRequestsHelper do + describe 'ci_build_details_path' do + let(:project) { create :project } + let(:merge_request) { MergeRequest.new } + let(:ci_service) { CiService.new } + let(:last_commit) { Ci::Commit.new({}) } + + before do + allow(merge_request).to receive(:source_project).and_return(project) + allow(merge_request).to receive(:last_commit).and_return(last_commit) + allow(project).to receive(:ci_service).and_return(ci_service) + allow(last_commit).to receive(:sha).and_return('12d65c') + end + + it 'does not include api credentials in a link' do + allow(ci_service). + to receive(:build_page).and_return("http://secretuser:secretpass@jenkins.example.com:8888/job/test1/scm/bySHA1/12d65c") + expect(helper.ci_build_details_path(merge_request)).to_not match("secret") + end + end + describe '#issues_sentence' do subject { issues_sentence(issues) } let(:issues) do -- cgit v1.2.1