From 53511f3655a5eed9976164fbd88d14df3490000c Mon Sep 17 00:00:00 2001
From: Bob Van Landuyt <bob@vanlanduyt.co>
Date: Thu, 7 Mar 2019 10:58:37 +0100
Subject: Detect user based on key, username or id

This allows gitlab-shell to be called with an argument of the format
`key-123` or `username-name`.

When called in this way, `gitlab-shell` will call the GitLab internal
API. If the API responds with user information, it will print a
welcome message including the username.

If the API responds with a successful but empty response, gitlab-shell
will print a welcome message for an anonymous user.

If the API response includes an error message in JSON, this message
will be printed to stderr.

If the API call fails, an error message including the status code will
be printed to stderr.
---
 spec/gitlab_shell_gitlab_shell_spec.rb | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

(limited to 'spec')

diff --git a/spec/gitlab_shell_gitlab_shell_spec.rb b/spec/gitlab_shell_gitlab_shell_spec.rb
index 11692d3..cb3fd9c 100644
--- a/spec/gitlab_shell_gitlab_shell_spec.rb
+++ b/spec/gitlab_shell_gitlab_shell_spec.rb
@@ -30,12 +30,19 @@ describe 'bin/gitlab-shell' do
 
     @server = HTTPUNIXServer.new(BindAddress: tmp_socket_path)
     @server.mount_proc('/api/v4/internal/discover') do |req, res|
-      if req.query['key_id'] == '100' ||
-         req.query['user_id'] == '10' ||
-         req.query['username'] == 'someuser'
+      identifier = req.query['key_id'] || req.query['username'] || req.query['user_id']
+      known_identifiers = %w(10 someuser 100)
+      if known_identifiers.include?(identifier)
         res.status = 200
         res.content_type = 'application/json'
         res.body = '{"id":1, "name": "Some User", "username": "someuser"}'
+      elsif identifier == 'broken_message'
+        res.status = 401
+        res.body = '{"message": "Forbidden!"}'
+      elsif identifier && identifier != 'broken'
+        res.status = 200
+        res.content_type = 'application/json'
+        res.body = 'null'
       else
         res.status = 500
       end
@@ -145,11 +152,7 @@ describe 'bin/gitlab-shell' do
       )
     end
 
-    it_behaves_like 'results with keys' do
-      before do
-        pending
-      end
-    end
+    it_behaves_like 'results with keys'
 
     it 'outputs "Only ssh allowed"' do
       _, stderr, status = run!(["-c/usr/share/webapps/gitlab-shell/bin/gitlab-shell", "username-someuser"], env: {})
@@ -157,6 +160,20 @@ describe 'bin/gitlab-shell' do
       expect(stderr).to eq("Only ssh allowed\n")
       expect(status).not_to be_success
     end
+
+    it 'returns an error message when the API call fails with a message' do
+      _, stderr, status = run!(["-c/usr/share/webapps/gitlab-shell/bin/gitlab-shell", "username-broken_message"])
+
+      expect(stderr).to match(/Failed to get username: Forbidden!/)
+      expect(status).not_to be_success
+    end
+
+    it 'returns an error message when the API call fails without a message' do
+      _, stderr, status = run!(["-c/usr/share/webapps/gitlab-shell/bin/gitlab-shell", "username-broken"])
+
+      expect(stderr).to match(/Failed to get username: Internal API error \(500\)/)
+      expect(status).not_to be_success
+    end
   end
 
   def run!(args, env: {'SSH_CONNECTION' => 'fake'})
-- 
cgit v1.2.1