summaryrefslogtreecommitdiff
path: root/spec
diff options
context:
space:
mode:
authorPatricio Cano <suprnova32@gmail.com>2016-06-21 21:10:09 -0500
committerPatricio Cano <suprnova32@gmail.com>2016-07-05 18:03:29 -0500
commit4cd4cf673844f8f381609f9c3264c33f2843935d (patch)
tree492d820410ea8c3b773c1865e093a86357168898 /spec
parentfd41b8a433164f36f7cf70b358115c5f56f06670 (diff)
downloadgitlab-shell-4cd4cf673844f8f381609f9c3264c33f2843935d.tar.gz
Added better tests for the protocol check
Diffstat (limited to 'spec')
-rw-r--r--spec/gitlab_access_spec.rb3
-rw-r--r--spec/gitlab_net_spec.rb36
-rw-r--r--spec/vcr_cassettes/http-access-disabled.yml44
-rw-r--r--spec/vcr_cassettes/ssh-access-disabled.yml44
4 files changed, 126 insertions, 1 deletions
diff --git a/spec/gitlab_access_spec.rb b/spec/gitlab_access_spec.rb
index 98848ae..2781aa9 100644
--- a/spec/gitlab_access_spec.rb
+++ b/spec/gitlab_access_spec.rb
@@ -11,7 +11,7 @@ describe GitlabAccess do
end
end
subject do
- GitlabAccess.new(repo_path, 'key-123', 'wow').tap do |access|
+ GitlabAccess.new(repo_path, 'key-123', 'wow', 'ssh').tap do |access|
access.stub(exec_cmd: :exec_called)
access.stub(api: api)
end
@@ -25,6 +25,7 @@ describe GitlabAccess do
it { subject.repo_name.should == repo_name }
it { subject.repo_path.should == repo_path }
it { subject.changes.should == ['wow'] }
+ it { subject.protocol.should == 'ssh' }
end
describe "#exec" do
diff --git a/spec/gitlab_net_spec.rb b/spec/gitlab_net_spec.rb
index 0643868..b236247 100644
--- a/spec/gitlab_net_spec.rb
+++ b/spec/gitlab_net_spec.rb
@@ -130,6 +130,42 @@ describe GitlabNet, vcr: true do
end
end
+ context 'ssh access has been disabled' do
+ it 'should deny pull access for dev.gitlab.org' do
+ VCR.use_cassette('ssh-access-disabled') do
+ access = gitlab_net.check_access('git-receive-pack', 'gitlab/gitlabhq.git', 'key-2', changes, 'ssh')
+ access.allowed?.should be_false
+ access.message.should eq 'Git access over SSH is not allowed'
+ end
+ end
+
+ it 'should deny pull access for dev.gitlab.org' do
+ VCR.use_cassette('ssh-access-disabled') do
+ access = gitlab_net.check_access('git-receive-pack', 'gitlab/gitlabhq.git', 'key-2', changes, 'ssh')
+ access.allowed?.should be_false
+ access.message.should eq 'Git access over SSH is not allowed'
+ end
+ end
+ end
+
+ context 'http access has been disabled' do
+ it 'should deny pull access for dev.gitlab.org' do
+ VCR.use_cassette('http-access-disabled') do
+ access = gitlab_net.check_access('git-receive-pack', 'gitlab/gitlabhq.git', 'key-2', changes, 'http')
+ access.allowed?.should be_false
+ access.message.should eq 'Git access over HTTP is not allowed'
+ end
+ end
+
+ it 'should deny pull access for dev.gitlab.org' do
+ VCR.use_cassette('http-access-disabled') do
+ access = gitlab_net.check_access('git-receive-pack', 'gitlab/gitlabhq.git', 'key-2', changes, 'http')
+ access.allowed?.should be_false
+ access.message.should eq 'Git access over HTTP is not allowed'
+ end
+ end
+ end
+
context 'ssh key without access to project' do
it 'should deny pull access for dev.gitlab.org' do
VCR.use_cassette("denied-pull") do
diff --git a/spec/vcr_cassettes/http-access-disabled.yml b/spec/vcr_cassettes/http-access-disabled.yml
new file mode 100644
index 0000000..36e27a9
--- /dev/null
+++ b/spec/vcr_cassettes/http-access-disabled.yml
@@ -0,0 +1,44 @@
+---
+http_interactions:
+- request:
+ method: post
+ uri: https://dev.gitlab.org/api/v3/internal/allowed
+ body:
+ encoding: US-ASCII
+ string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&protocol=http&key_id=2&secret_token=a123
+ headers:
+ Accept-Encoding:
+ - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+ Accept:
+ - "*/*"
+ User-Agent:
+ - Ruby
+ Content-Type:
+ - application/x-www-form-urlencoded
+ response:
+ status:
+ code: 200
+ message: OK
+ headers:
+ Cache-Control:
+ - no-cache
+ Content-Length:
+ - '30'
+ Content-Type:
+ - application/json
+ Date:
+ - Wed, 22 Jun 2016 01:03:41 GMT
+ Status:
+ - 200 OK
+ Vary:
+ - Origin
+ X-Request-Id:
+ - 55b7af2c-3559-41d2-b301-9b86ad1d8fac
+ X-Runtime:
+ - '2.280895'
+ body:
+ encoding: UTF-8
+ string: '{"status": false, "message":"Git access over HTTP is not allowed"}'
+ http_version:
+ recorded_at: Wed, 22 Jun 2016 01:03:41 GMT
+recorded_with: VCR 2.4.0 \ No newline at end of file
diff --git a/spec/vcr_cassettes/ssh-access-disabled.yml b/spec/vcr_cassettes/ssh-access-disabled.yml
new file mode 100644
index 0000000..656d0aa
--- /dev/null
+++ b/spec/vcr_cassettes/ssh-access-disabled.yml
@@ -0,0 +1,44 @@
+---
+http_interactions:
+- request:
+ method: post
+ uri: https://dev.gitlab.org/api/v3/internal/allowed
+ body:
+ encoding: US-ASCII
+ string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&protocol=ssh&key_id=2&secret_token=a123
+ headers:
+ Accept-Encoding:
+ - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+ Accept:
+ - "*/*"
+ User-Agent:
+ - Ruby
+ Content-Type:
+ - application/x-www-form-urlencoded
+ response:
+ status:
+ code: 200
+ message: OK
+ headers:
+ Cache-Control:
+ - no-cache
+ Content-Length:
+ - '30'
+ Content-Type:
+ - application/json
+ Date:
+ - Wed, 22 Jun 2016 01:01:41 GMT
+ Status:
+ - 200 OK
+ Vary:
+ - Origin
+ X-Request-Id:
+ - 55b7af2c-3559-41d2-b301-9b86ad1d8fac
+ X-Runtime:
+ - '2.280895'
+ body:
+ encoding: UTF-8
+ string: '{"status": false, "message":"Git access over SSH is not allowed"}'
+ http_version:
+ recorded_at: Wed, 22 Jun 2016 01:01:41 GMT
+recorded_with: VCR 2.4.0