Commit 1954cb80 authored by Kamil Trzcinski's avatar Kamil Trzcinski

Added missing LFS specs

parent a387ff7b
...@@ -15,7 +15,6 @@ describe 'Git LFS API and storage' do ...@@ -15,7 +15,6 @@ describe 'Git LFS API and storage' do
let(:authorization) { } let(:authorization) { }
let(:sendfile) { } let(:sendfile) { }
let(:pipeline) { create(:ci_empty_pipeline, project: project) } let(:pipeline) { create(:ci_empty_pipeline, project: project) }
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
let(:sample_oid) { lfs_object.oid } let(:sample_oid) { lfs_object.oid }
let(:sample_size) { lfs_object.size } let(:sample_size) { lfs_object.size }
...@@ -258,14 +257,63 @@ describe 'Git LFS API and storage' do ...@@ -258,14 +257,63 @@ describe 'Git LFS API and storage' do
it_behaves_like 'responds with a file' it_behaves_like 'responds with a file'
end end
context 'when build is authorized' do context 'when build is authorized as' do
let(:authorization) { authorize_ci_project } let(:authorization) { authorize_ci_project }
let(:update_permissions) do shared_examples 'can download LFS only from own projects' do
project.lfs_objects << lfs_object context 'for own project' do
let(:pipeline) { create(:ci_empty_pipeline, project: project) }
let(:update_permissions) do
project.team << [user, :reporter]
project.lfs_objects << lfs_object
end
it_behaves_like 'responds with a file'
end
context 'for other project' do
let(:other_project) { create(:empty_project) }
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
let(:update_permissions) do
project.lfs_objects << lfs_object
end
it 'rejects downloading code' do
expect(response).to have_http_status(other_project_status)
end
end
end end
it_behaves_like 'responds with a file' context 'administrator' do
let(:user) { create(:admin) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it_behaves_like 'can download LFS only from own projects' do
# We render 403, because administrator does have normally access
let(:other_project_status) { 403 }
end
end
context 'regular user' do
let(:user) { create(:user) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it_behaves_like 'can download LFS only from own projects' do
# We render 404, to prevent data leakage about existence of the project
let(:other_project_status) { 404 }
end
end
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
it_behaves_like 'can download LFS only from own projects' do
# We render 401, to prevent data leakage about existence of the project
let(:other_project_status) { 401 }
end
end
end end
end end
...@@ -445,10 +493,62 @@ describe 'Git LFS API and storage' do ...@@ -445,10 +493,62 @@ describe 'Git LFS API and storage' do
end end
end end
context 'when CI is authorized' do context 'when build is authorized as' do
let(:authorization) { authorize_ci_project } let(:authorization) { authorize_ci_project }
it_behaves_like 'an authorized requests' let(:update_lfs_permissions) do
project.lfs_objects << lfs_object
end
shared_examples 'can download LFS only from own projects' do
context 'for own project' do
let(:pipeline) { create(:ci_empty_pipeline, project: project) }
let(:update_user_permissions) do
project.team << [user, :reporter]
end
it_behaves_like 'an authorized requests'
end
context 'for other project' do
let(:other_project) { create(:empty_project) }
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
it 'rejects downloading code' do
expect(response).to have_http_status(other_project_status)
end
end
end
context 'administrator' do
let(:user) { create(:admin) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it_behaves_like 'can download LFS only from own projects' do
# We render 403, because administrator does have normally access
let(:other_project_status) { 403 }
end
end
context 'regular user' do
let(:user) { create(:user) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it_behaves_like 'can download LFS only from own projects' do
# We render 404, to prevent data leakage about existence of the project
let(:other_project_status) { 404 }
end
end
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
it_behaves_like 'can download LFS only from own projects' do
# We render 401, to prevent data leakage about existence of the project
let(:other_project_status) { 401 }
end
end
end end
context 'when user is not authenticated' do context 'when user is not authenticated' do
...@@ -597,11 +697,37 @@ describe 'Git LFS API and storage' do ...@@ -597,11 +697,37 @@ describe 'Git LFS API and storage' do
end end
end end
context 'when CI is authorized' do context 'when build is authorized' do
let(:authorization) { authorize_ci_project } let(:authorization) { authorize_ci_project }
it 'responds with 401' do context 'build has an user' do
expect(response).to have_http_status(401) let(:user) { create(:user) }
context 'tries to push to own project' do
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it 'responds with 403' do
expect(response).to have_http_status(403)
end
end
context 'tries to push to other project' do
let(:other_project) { create(:empty_project) }
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it 'responds with 403' do
expect(response).to have_http_status(403)
end
end
end
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
it 'responds with 401' do
expect(response).to have_http_status(401)
end
end end
end end
end end
...@@ -623,14 +749,6 @@ describe 'Git LFS API and storage' do ...@@ -623,14 +749,6 @@ describe 'Git LFS API and storage' do
end end
end end
end end
context 'when CI is authorized' do
let(:authorization) { authorize_ci_project }
it 'responds with status 401' do
expect(response).to have_http_status(401)
end
end
end end
describe 'unsupported' do describe 'unsupported' do
...@@ -793,10 +911,51 @@ describe 'Git LFS API and storage' do ...@@ -793,10 +911,51 @@ describe 'Git LFS API and storage' do
end end
end end
context 'when CI is authenticated' do context 'when build is authorized' do
let(:authorization) { authorize_ci_project } let(:authorization) { authorize_ci_project }
it_behaves_like 'unauthorized' context 'build has an user' do
let(:user) { create(:user) }
context 'tries to push to own project' do
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
before do
project.team << [user, :developer]
put_authorize
end
it 'responds with 403' do
expect(response).to have_http_status(403)
end
end
context 'tries to push to other project' do
let(:other_project) { create(:empty_project) }
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
before do
put_authorize
end
it 'responds with 404' do
expect(response).to have_http_status(404)
end
end
end
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
before do
put_authorize
end
it 'responds with 401' do
expect(response).to have_http_status(401)
end
end
end end
context 'for unauthenticated' do context 'for unauthenticated' do
...@@ -853,10 +1012,42 @@ describe 'Git LFS API and storage' do ...@@ -853,10 +1012,42 @@ describe 'Git LFS API and storage' do
end end
end end
context 'when CI is authenticated' do context 'when build is authorized' do
let(:authorization) { authorize_ci_project } let(:authorization) { authorize_ci_project }
it_behaves_like 'unauthorized' before do
put_authorize
end
context 'build has an user' do
let(:user) { create(:user) }
context 'tries to push to own project' do
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it 'responds with 403' do
expect(response).to have_http_status(403)
end
end
context 'tries to push to other project' do
let(:other_project) { create(:empty_project) }
let(:pipeline) { create(:ci_empty_pipeline, project: other_project) }
let(:build) { create(:ci_build, :running, pipeline: pipeline, user: user) }
it 'responds with 403' do
expect(response).to have_http_status(403)
end
end
end
context 'does not have user' do
let(:build) { create(:ci_build, :running, pipeline: pipeline) }
it 'responds with 401' do
expect(response).to have_http_status(401)
end
end
end end
context 'for unauthenticated' do context 'for unauthenticated' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment