diff options
author | Patricio Cano <suprnova32@gmail.com> | 2016-06-21 21:10:09 -0500 |
---|---|---|
committer | Patricio Cano <suprnova32@gmail.com> | 2016-07-05 18:03:29 -0500 |
commit | 4cd4cf673844f8f381609f9c3264c33f2843935d (patch) | |
tree | 492d820410ea8c3b773c1865e093a86357168898 /spec | |
parent | fd41b8a433164f36f7cf70b358115c5f56f06670 (diff) | |
download | gitlab-shell-4cd4cf673844f8f381609f9c3264c33f2843935d.tar.gz |
Added better tests for the protocol check
Diffstat (limited to 'spec')
-rw-r--r-- | spec/gitlab_access_spec.rb | 3 | ||||
-rw-r--r-- | spec/gitlab_net_spec.rb | 36 | ||||
-rw-r--r-- | spec/vcr_cassettes/http-access-disabled.yml | 44 | ||||
-rw-r--r-- | spec/vcr_cassettes/ssh-access-disabled.yml | 44 |
4 files changed, 126 insertions, 1 deletions
diff --git a/spec/gitlab_access_spec.rb b/spec/gitlab_access_spec.rb index 98848ae..2781aa9 100644 --- a/spec/gitlab_access_spec.rb +++ b/spec/gitlab_access_spec.rb @@ -11,7 +11,7 @@ describe GitlabAccess do end end subject do - GitlabAccess.new(repo_path, 'key-123', 'wow').tap do |access| + GitlabAccess.new(repo_path, 'key-123', 'wow', 'ssh').tap do |access| access.stub(exec_cmd: :exec_called) access.stub(api: api) end @@ -25,6 +25,7 @@ describe GitlabAccess do it { subject.repo_name.should == repo_name } it { subject.repo_path.should == repo_path } it { subject.changes.should == ['wow'] } + it { subject.protocol.should == 'ssh' } end describe "#exec" do diff --git a/spec/gitlab_net_spec.rb b/spec/gitlab_net_spec.rb index 0643868..b236247 100644 --- a/spec/gitlab_net_spec.rb +++ b/spec/gitlab_net_spec.rb @@ -130,6 +130,42 @@ describe GitlabNet, vcr: true do end end + context 'ssh access has been disabled' do + it 'should deny pull access for dev.gitlab.org' do + VCR.use_cassette('ssh-access-disabled') do + access = gitlab_net.check_access('git-receive-pack', 'gitlab/gitlabhq.git', 'key-2', changes, 'ssh') + access.allowed?.should be_false + access.message.should eq 'Git access over SSH is not allowed' + end + end + + it 'should deny pull access for dev.gitlab.org' do + VCR.use_cassette('ssh-access-disabled') do + access = gitlab_net.check_access('git-receive-pack', 'gitlab/gitlabhq.git', 'key-2', changes, 'ssh') + access.allowed?.should be_false + access.message.should eq 'Git access over SSH is not allowed' + end + end + end + + context 'http access has been disabled' do + it 'should deny pull access for dev.gitlab.org' do + VCR.use_cassette('http-access-disabled') do + access = gitlab_net.check_access('git-receive-pack', 'gitlab/gitlabhq.git', 'key-2', changes, 'http') + access.allowed?.should be_false + access.message.should eq 'Git access over HTTP is not allowed' + end + end + + it 'should deny pull access for dev.gitlab.org' do + VCR.use_cassette('http-access-disabled') do + access = gitlab_net.check_access('git-receive-pack', 'gitlab/gitlabhq.git', 'key-2', changes, 'http') + access.allowed?.should be_false + access.message.should eq 'Git access over HTTP is not allowed' + end + end + end + context 'ssh key without access to project' do it 'should deny pull access for dev.gitlab.org' do VCR.use_cassette("denied-pull") do diff --git a/spec/vcr_cassettes/http-access-disabled.yml b/spec/vcr_cassettes/http-access-disabled.yml new file mode 100644 index 0000000..36e27a9 --- /dev/null +++ b/spec/vcr_cassettes/http-access-disabled.yml @@ -0,0 +1,44 @@ +--- +http_interactions: +- request: + method: post + uri: https://dev.gitlab.org/api/v3/internal/allowed + body: + encoding: US-ASCII + string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&protocol=http&key_id=2&secret_token=a123 + headers: + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + Accept: + - "*/*" + User-Agent: + - Ruby + Content-Type: + - application/x-www-form-urlencoded + response: + status: + code: 200 + message: OK + headers: + Cache-Control: + - no-cache + Content-Length: + - '30' + Content-Type: + - application/json + Date: + - Wed, 22 Jun 2016 01:03:41 GMT + Status: + - 200 OK + Vary: + - Origin + X-Request-Id: + - 55b7af2c-3559-41d2-b301-9b86ad1d8fac + X-Runtime: + - '2.280895' + body: + encoding: UTF-8 + string: '{"status": false, "message":"Git access over HTTP is not allowed"}' + http_version: + recorded_at: Wed, 22 Jun 2016 01:03:41 GMT +recorded_with: VCR 2.4.0
\ No newline at end of file diff --git a/spec/vcr_cassettes/ssh-access-disabled.yml b/spec/vcr_cassettes/ssh-access-disabled.yml new file mode 100644 index 0000000..656d0aa --- /dev/null +++ b/spec/vcr_cassettes/ssh-access-disabled.yml @@ -0,0 +1,44 @@ +--- +http_interactions: +- request: + method: post + uri: https://dev.gitlab.org/api/v3/internal/allowed + body: + encoding: US-ASCII + string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&protocol=ssh&key_id=2&secret_token=a123 + headers: + Accept-Encoding: + - gzip;q=1.0,deflate;q=0.6,identity;q=0.3 + Accept: + - "*/*" + User-Agent: + - Ruby + Content-Type: + - application/x-www-form-urlencoded + response: + status: + code: 200 + message: OK + headers: + Cache-Control: + - no-cache + Content-Length: + - '30' + Content-Type: + - application/json + Date: + - Wed, 22 Jun 2016 01:01:41 GMT + Status: + - 200 OK + Vary: + - Origin + X-Request-Id: + - 55b7af2c-3559-41d2-b301-9b86ad1d8fac + X-Runtime: + - '2.280895' + body: + encoding: UTF-8 + string: '{"status": false, "message":"Git access over SSH is not allowed"}' + http_version: + recorded_at: Wed, 22 Jun 2016 01:01:41 GMT +recorded_with: VCR 2.4.0 |