Merge branch '6520-extract-spec-requests-ee' into 'master'

Extract EE specific files/lines for spec/requests Closes #6520 See merge request gitlab-org/gitlab-ee!12123

Merge branch '6520-extract-spec-requests-ee' into 'master'
Extract EE specific files/lines for spec/requests Closes #6520 See merge request gitlab-org/gitlab-ee!12123
22c3affb · Yorick Peterse · 7cfe6783 · 7d7452a0 · 22c3affb · 22c3affb
Commit 22c3affb authored May 03, 2019 by Yorick Peterse
4 changed files
--- a/ee/spec/requests/git_http_spec.rb
+++ b/ee/spec/requests/git_http_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+describe 'Git HTTP requests' do
+  include GitHttpHelpers
+  include WorkhorseHelpers
+  shared_examples_for 'pulls are allowed' do
+    it do
+      download(path, env) do |response|
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response.content_type.to_s).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
+      end
+    end
+  end
+  shared_examples_for 'pushes are allowed' do
+    it do
+      upload(path, env) do |response|
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response.content_type.to_s).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
+      end
+    end
+  end
+  describe "User with no identities" do
+    let(:user) { create(:user) }
+    let(:project) { create(:project, :repository, :private) }
+    let(:path) { "#{project.full_path}.git" }
+    context "when Kerberos token is provided" do
+      let(:env) { { spnego_request_token: 'opaque_request_token' } }
+      before do
+        allow_any_instance_of(Projects::GitHttpController).to receive(:allow_kerberos_spnego_auth?).and_return(true)
+      end
+      context "when authentication fails because of invalid Kerberos token" do
+        before do
+          allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_credentials!).and_return(nil)
+        end
+        it "responds with status 401 Unauthorized" do
+          download(path, env) do |response|
+            expect(response).to have_gitlab_http_status(:unauthorized)
+          end
+        end
+      end
+      context "when authentication fails because of unknown Kerberos identity" do
+        before do
+          allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_credentials!).and_return("mylogin@FOO.COM")
+        end
+        it "responds with status 401 Unauthorized" do
+          download(path, env) do |response|
+            expect(response).to have_gitlab_http_status(:unauthorized)
+          end
+        end
+      end
+      context "when authentication succeeds" do
+        before do
+          allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_credentials!).and_return("mylogin@FOO.COM")
+          user.identities.create!(provider: "kerberos", extern_uid: "mylogin@FOO.COM")
+        end
+        context "when the user has access to the project" do
+          before do
+            project.add_maintainer(user)
+          end
+          context "when the user is blocked" do
+            before do
+              user.block
+              project.add_maintainer(user)
+            end
+            it "responds with status 403 Forbidden" do
+              download(path, env) do |response|
+                expect(response).to have_gitlab_http_status(:forbidden)
+              end
+            end
+          end
+          context "when the user isn't blocked", :redis do
+            it "responds with status 200 OK" do
+              download(path, env) do |response|
+                expect(response).to have_gitlab_http_status(:ok)
+              end
+            end
+            it 'updates the user last activity' do
+              expect(user.last_activity_on).to be_nil
+              download(path, env) do |_response|
+                expect(user.reload.last_activity_on).to eql(Date.today)
+              end
+            end
+          end
+          it "complies with RFC4559" do
+            allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_response_token).and_return("opaque_response_token")
+            download(path, env) do |response|
+              expect(response.headers['WWW-Authenticate'].split("\n")).to include("Negotiate #{::Base64.strict_encode64('opaque_response_token')}")
+            end
+          end
+        end
+        context "when the user doesn't have access to the project" do
+          it "responds with status 404 Not Found" do
+            download(path, env) do |response|
+              expect(response).to have_gitlab_http_status(:not_found)
+            end
+          end
+          it "complies with RFC4559" do
+            allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_response_token).and_return("opaque_response_token")
+            download(path, env) do |response|
+              expect(response.headers['WWW-Authenticate'].split("\n")).to include("Negotiate #{::Base64.strict_encode64('opaque_response_token')}")
+            end
+          end
+        end
+      end
+    end
+    context 'when license is not provided' do
+      let(:env) { { user: user.username, password: user.password } }
+      before do
+        allow(License).to receive(:current).and_return(nil)
+        project.add_maintainer(user)
+      end
+      it_behaves_like 'pulls are allowed'
+      it_behaves_like 'pushes are allowed'
+    end
+  end
+end
--- a/ee/spec/requests/lfs_http_spec.rb
+++ b/ee/spec/requests/lfs_http_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+describe 'Git LFS API and storage' do
+  include WorkhorseHelpers
+  let(:user) { create(:user) }
+  let!(:lfs_object) { create(:lfs_object, :with_file) }
+  let(:headers) do
+    {
+      'Authorization' => authorization,
+      'X-Sendfile-Type' => sendfile
+    }.compact
+  end
+  let(:authorization) { }
+  let(:sendfile) { }
+  let(:sample_oid) { lfs_object.oid }
+  let(:sample_size) { lfs_object.size }
+  describe 'when handling lfs batch request' do
+    let(:update_lfs_permissions) { }
+    let(:update_user_permissions) { }
+    before do
+      enable_lfs
+      update_lfs_permissions
+      update_user_permissions
+      post_lfs_json "#{project.http_url_to_repo}/info/lfs/objects/batch", body, headers
+    end
+    describe 'upload' do
+      let(:project) { create(:project, :public) }
+      let(:body) do
+        {
+          'operation' => 'upload',
+          'objects' => [
+            { 'oid' => sample_oid,
+              'size' => sample_size }
+          ]
+        }
+      end
+      shared_examples 'pushes new LFS objects' do
+        let(:sample_size) { 150.megabytes }
+        let(:sample_oid) { '91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897' }
+        context 'and project is above the limit' do
+          let(:update_lfs_permissions) do
+            allow_any_instance_of(EE::Project).to receive_messages(
+              repository_and_lfs_size: 100.megabytes,
+              actual_size_limit: 99.megabytes)
+          end
+          it 'responds with status 406' do
+            expect(response).to have_gitlab_http_status(406)
+            expect(json_response['message']).to eql('Your push has been rejected, because this repository has exceeded its size limit of 99 MB by 1 MB. Please contact your GitLab administrator for more information.')
+          end
+        end
+        context 'and project will go over the limit' do
+          let(:update_lfs_permissions) do
+            allow_any_instance_of(EE::Project).to receive_messages(
+              repository_and_lfs_size: 200.megabytes,
+              actual_size_limit: 300.megabytes)
+          end
+          it 'responds with status 406' do
+            expect(response).to have_gitlab_http_status(406)
+            expect(json_response['documentation_url']).to include('/help')
+            expect(json_response['message']).to eql('Your push has been rejected, because this repository has exceeded its size limit of 300 MB by 50 MB. Please contact your GitLab administrator for more information.')
+          end
+        end
+      end
+      describe 'when request is authenticated' do
+        context 'when user has project push access' do
+          let(:authorization) { authorize_user }
+          let(:update_user_permissions) { project.add_developer(user) }
+          context 'when pushing a lfs object that does not exist' do
+            it_behaves_like 'pushes new LFS objects'
+          end
+        end
+        context 'when deploy key has project push access' do
+          let(:key) { create(:deploy_key) }
+          let(:authorization) { authorize_deploy_key }
+          let(:update_user_permissions) do
+            project.deploy_keys_projects.create(deploy_key: key, can_push: true)
+          end
+          it_behaves_like 'pushes new LFS objects'
+        end
+      end
+    end
+  end
+  describe 'when pushing a lfs object' do
+    before do
+      enable_lfs
+    end
+    describe 'to one project' do
+      let(:project) { create(:project) }
+      context 'when user is authenticated' do
+        let(:authorization) { authorize_user }
+        context 'when user has push access to the project' do
+          before do
+            project.add_developer(user)
+          end
+          context 'and project has limit enabled but will stay under the limit' do
+            before do
+              allow_any_instance_of(EE::Project).to receive_messages(
+                actual_size_limit: 200,
+                size_limit_enabled?: true)
+              put_finalize
+            end
+            it 'responds with status 200' do
+              expect(response).to have_gitlab_http_status(200)
+            end
+          end
+        end
+      end
+    end
+    def put_finalize(lfs_tmp = lfs_tmp_file, with_tempfile: false, verified: true, args: {})
+      upload_path = LfsObjectUploader.workhorse_local_upload_path
+      file_path = upload_path + '/' + lfs_tmp if lfs_tmp
+      if with_tempfile
+        FileUtils.mkdir_p(upload_path)
+        FileUtils.touch(file_path)
+      end
+      extra_args = {
+        'file.path' => file_path,
+        'file.name' => File.basename(file_path)
+      }
+      put_finalize_with_args(args.merge(extra_args).compact, verified: verified)
+    end
+    def put_finalize_with_args(args, verified:)
+      finalize_headers = headers
+      finalize_headers.merge!(workhorse_internal_api_request_header) if verified
+      put "#{project.http_url_to_repo}/gitlab-lfs/objects/#{sample_oid}/#{sample_size}", params: args, headers: finalize_headers
+    end
+    def lfs_tmp_file
+      "#{sample_oid}012345678"
+    end
+  end
+  def enable_lfs
+    allow(Gitlab.config.lfs).to receive(:enabled).and_return(true)
+  end
+  def authorize_user
+    ActionController::HttpAuthentication::Basic.encode_credentials(user.username, user.password)
+  end
+  def authorize_deploy_key
+    ActionController::HttpAuthentication::Basic.encode_credentials("lfs+deploy-key-#{key.id}", Gitlab::LfsToken.new(key).token)
+  end
+  def post_lfs_json(url, body = nil, headers = nil)
+    params = body.try(:to_json)
+    headers = (headers || {}).merge('Content-Type' => LfsRequest::CONTENT_TYPE)
+    post(url, params: params, headers: headers)
+  end
+end
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
-require "spec_helper"
+require 'spec_helper'
 describe 'Git HTTP requests' do
  include ProjectForksHelper
@@ -813,115 +813,6 @@ describe 'Git HTTP requests' do
            end
          end
        end
-        context "when Kerberos token is provided" do
-          let(:env) { { spnego_request_token: 'opaque_request_token' } }
-          before do
-            allow_any_instance_of(Projects::GitHttpController).to receive(:allow_kerberos_spnego_auth?).and_return(true)
-          end
-          context "when authentication fails because of invalid Kerberos token" do
-            before do
-              allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_credentials!).and_return(nil)
-            end
-            it "responds with status 401 Unauthorized" do
-              download(path, env) do |response|
-                expect(response).to have_gitlab_http_status(:unauthorized)
-              end
-            end
-          end
-          context "when authentication fails because of unknown Kerberos identity" do
-            before do
-              allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_credentials!).and_return("mylogin@FOO.COM")
-            end
-            it "responds with status 401 Unauthorized" do
-              download(path, env) do |response|
-                expect(response).to have_gitlab_http_status(:unauthorized)
-              end
-            end
-          end
-          context "when authentication succeeds" do
-            before do
-              allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_credentials!).and_return("mylogin@FOO.COM")
-              user.identities.create!(provider: "kerberos", extern_uid: "mylogin@FOO.COM")
-            end
-            context "when the user has access to the project" do
-              before do
-                project.add_maintainer(user)
-              end
-              context "when the user is blocked" do
-                before do
-                  user.block
-                  project.add_maintainer(user)
-                end
-                it "responds with status 403 Forbidden" do
-                  download(path, env) do |response|
-                    expect(response).to have_gitlab_http_status(:forbidden)
-                  end
-                end
-              end
-              context "when the user isn't blocked", :redis do
-                it "responds with status 200 OK" do
-                  download(path, env) do |response|
-                    expect(response).to have_gitlab_http_status(:ok)
-                  end
-                end
-                it 'updates the user last activity' do
-                  expect(user.last_activity_on).to be_nil
-                  download(path, env) do |_response|
-                    expect(user.reload.last_activity_on).to eql(Date.today)
-                  end
-                end
-              end
-              it "complies with RFC4559" do
-                allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_response_token).and_return("opaque_response_token")
-                download(path, env) do |response|
-                  expect(response.headers['WWW-Authenticate'].split("\n")).to include("Negotiate #{::Base64.strict_encode64('opaque_response_token')}")
-                end
-              end
-            end
-            context "when the user doesn't have access to the project" do
-              it "responds with status 404 Not Found" do
-                download(path, env) do |response|
-                  expect(response).to have_gitlab_http_status(:not_found)
-                end
-              end
-              it "complies with RFC4559" do
-                allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_response_token).and_return("opaque_response_token")
-                download(path, env) do |response|
-                  expect(response.headers['WWW-Authenticate'].split("\n")).to include("Negotiate #{::Base64.strict_encode64('opaque_response_token')}")
-                end
-              end
-            end
-          end
-        end
-        context 'when license is not provided' do
-          let(:env) { { user: user.username, password: user.password } }
-          before do
-            allow(License).to receive(:current).and_return(nil)
-            project.add_maintainer(user)
-          end
-          it_behaves_like 'pulls are allowed'
-          it_behaves_like 'pushes are allowed'
-        end
      end
      it_behaves_like 'project path without .git suffix' do

--- a/spec/requests/lfs_http_spec.rb
+++ b/spec/requests/lfs_http_spec.rb
@@ -734,34 +734,6 @@ describe 'Git LFS API and storage' do
          expect(json_response['objects'].first['actions']['upload']['href']).to eq("#{Gitlab.config.gitlab.url}/#{project.full_path}.git/gitlab-lfs/objects/#{sample_oid}/#{sample_size}")
          expect(json_response['objects'].first['actions']['upload']['header']).to eq({ 'Authorization' => authorization, 'Content-Type' => 'application/octet-stream' })
        end
-        ## EE-specific context
-        context 'and project is above the limit' do
-          let(:update_lfs_permissions) do
-            allow_any_instance_of(EE::Project).to receive_messages(
-              repository_and_lfs_size: 100.megabytes,
-              actual_size_limit: 99.megabytes)
-          end
-          it 'responds with status 406' do
-            expect(response).to have_gitlab_http_status(406)
-            expect(json_response['message']).to eql('Your push has been rejected, because this repository has exceeded its size limit of 99 MB by 1 MB. Please contact your GitLab administrator for more information.')
-          end
-        end
-        context 'and project will go over the limit' do
-          let(:update_lfs_permissions) do
-            allow_any_instance_of(EE::Project).to receive_messages(
-              repository_and_lfs_size: 200.megabytes,
-              actual_size_limit: 300.megabytes)
-          end
-          it 'responds with status 406' do
-            expect(response).to have_gitlab_http_status(406)
-            expect(json_response['documentation_url']).to include('/help')
-            expect(json_response['message']).to eql('Your push has been rejected, because this repository has exceeded its size limit of 300 MB by 50 MB. Please contact your GitLab administrator for more information.')
-          end
-        end
      end
      describe 'when request is authenticated' do
@@ -1205,20 +1177,6 @@ describe 'Git LFS API and storage' do
            end
          end
-          context 'and project has limit enabled but will stay under the limit' do
-            before do
-              allow_any_instance_of(EE::Project).to receive_messages(
-                actual_size_limit: 200,
-                size_limit_enabled?: true)
-              put_finalize
-            end
-            it 'responds with status 200' do
-              expect(response).to have_gitlab_http_status(200)
-            end
-          end
          context 'invalid tempfiles' do
            before do
              lfs_object.destroy