diff options
author | Igor <idrozdov@gitlab.com> | 2019-06-06 16:02:02 +0000 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2019-06-06 16:02:02 +0000 |
commit | 888cd2c4ecb7d8a82328c5b3d68545596466b1a2 (patch) | |
tree | 3557c79227b01376a90f381c5f60f0ef42727baa /spec | |
parent | eb2b186f7d209a638b7523c674bc79cbafe764b6 (diff) | |
download | gitlab-shell-888cd2c4ecb7d8a82328c5b3d68545596466b1a2.tar.gz |
Go implementation for LFS authenticate
Diffstat (limited to 'spec')
-rw-r--r-- | spec/gitlab_shell_lfs_authentication_spec.rb | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/spec/gitlab_shell_lfs_authentication_spec.rb b/spec/gitlab_shell_lfs_authentication_spec.rb new file mode 100644 index 0000000..7cdb320 --- /dev/null +++ b/spec/gitlab_shell_lfs_authentication_spec.rb @@ -0,0 +1,146 @@ +require_relative 'spec_helper' + +require 'open3' + +describe 'bin/gitlab-shell git-lfs-authentication' do + include_context 'gitlab shell' + + let(:path) { "https://gitlab.com/repo/path" } + + def mock_server(server) + server.mount_proc('/api/v4/internal/lfs_authenticate') do |req, res| + res.content_type = 'application/json' + + key_id = req.query['key_id'] || req.query['user_id'] + + unless key_id + body = JSON.parse(req.body) + key_id = body['key_id'] || body['user_id'].to_s + end + + if key_id == '100' + res.status = 200 + res.body = %{{"username":"john","lfs_token":"sometoken","repository_http_path":"#{path}","expires_in":1800}} + else + res.status = 403 + end + end + + server.mount_proc('/api/v4/internal/allowed') do |req, res| + res.content_type = 'application/json' + + key_id = req.query['key_id'] || req.query['username'] + + unless key_id + body = JSON.parse(req.body) + key_id = body['key_id'] || body['username'].to_s + end + + case key_id + when '100', 'someone' then + res.status = 200 + res.body = '{"gl_id":"user-100", "status":true}' + when '101' then + res.status = 200 + res.body = '{"gl_id":"user-101", "status":true}' + else + res.status = 403 + end + end + end + + shared_examples 'lfs authentication command' do + def successful_response + { + "header" => { + "Authorization" => "Basic am9objpzb21ldG9rZW4=" + }, + "href" => "#{path}/info/lfs", + "expires_in" => 1800 + }.to_json + "\n" + end + + context 'when the command is allowed' do + context 'when key is provided' do + let(:cmd) { "#{gitlab_shell_path} key-100" } + + it 'lfs is successfully authenticated' do + output, stderr, status = Open3.capture3(env, cmd) + + expect(output).to eq(successful_response) + expect(status).to be_success + end + end + + context 'when username is provided' do + let(:cmd) { "#{gitlab_shell_path} username-someone" } + + it 'lfs is successfully authenticated' do + output, stderr, status = Open3.capture3(env, cmd) + + expect(output).to eq(successful_response) + expect(status).to be_success + end + end + end + + context 'when a user is not allowed to perform an action' do + let(:cmd) { "#{gitlab_shell_path} key-102" } + + it 'lfs is not authenticated' do + _, stderr, status = Open3.capture3(env, cmd) + + expect(stderr).not_to be_empty + expect(status).not_to be_success + end + end + + context 'when lfs authentication is forbidden for a user' do + let(:cmd) { "#{gitlab_shell_path} key-101" } + + it 'lfs is not authenticated' do + output, stderr, status = Open3.capture3(env, cmd) + + expect(stderr).to be_empty + expect(output).to be_empty + expect(status).to be_success + end + end + + context 'when an action for lfs authentication is unknown' do + let(:cmd) { "#{gitlab_shell_path} key-100" } + let(:env) { {'SSH_CONNECTION' => 'fake', 'SSH_ORIGINAL_COMMAND' => 'git-lfs-authenticate project/repo unknown' } } + + it 'the command is disallowed' do + _, stderr, status = Open3.capture3(env, cmd) + + expect(stderr).to eq("> GitLab: Disallowed command\n") + expect(status).not_to be_success + end + end + end + + let(:env) { {'SSH_CONNECTION' => 'fake', 'SSH_ORIGINAL_COMMAND' => 'git-lfs-authenticate project/repo download' } } + + describe 'without go features' do + before(:context) do + write_config( + "gitlab_url" => "http+unix://#{CGI.escape(tmp_socket_path)}", + ) + end + + it_behaves_like 'lfs authentication command' + end + + describe 'with go features' do + before(:context) do + write_config( + "gitlab_url" => "http+unix://#{CGI.escape(tmp_socket_path)}", + "migration" => { "enabled" => true, + "features" => ["git-lfs-authenticate"] } + ) + end + + it_behaves_like 'lfs authentication command' + end +end |