Merge branch 'unify-http-basic-spec-helpers' into 'master'

Refactor http spec helpers

See merge request gitlab-org/gitlab!39321

spec/requests/api/composer_packages_spec.rb

@@ -2,7 +2,7 @@
 require 'spec_helper'
 
 RSpec.describe API::ComposerPackages do
-  include PackagesManagerApiSpecHelpers
+  include HttpBasicAuthHelpers
 
   let_it_be(:user) { create(:user) }
   let_it_be(:group, reload: true) { create(:group, :public) }
@@ -224,7 +224,7 @@ RSpec.describe API::ComposerPackages do
     end
 
     context 'with no tag or branch params' do
-      let(:headers) { build_basic_auth_header(user.username, personal_access_token.token) }
+      let(:headers) { basic_auth_header(user.username, personal_access_token.token) }
 
       it_behaves_like 'process Composer api request', :developer, :bad_request
     end
@@ -238,7 +238,7 @@ RSpec.describe API::ComposerPackages do
 
       context 'with a non existing tag' do
         let(:params) { { tag: 'non-existing-tag' } }
-        let(:headers) { build_basic_auth_header(user.username, personal_access_token.token) }
+        let(:headers) { basic_auth_header(user.username, personal_access_token.token) }
 
         it_behaves_like 'process Composer api request', :developer, :not_found
       end
@@ -253,7 +253,7 @@ RSpec.describe API::ComposerPackages do
 
       context 'with a non existing branch' do
         let(:params) { { branch: 'non-existing-branch' } }
-        let(:headers) { build_basic_auth_header(user.username, personal_access_token.token) }
+        let(:headers) { basic_auth_header(user.username, personal_access_token.token) }
 
         it_behaves_like 'process Composer api request', :developer, :not_found
       end
@@ -311,7 +311,7 @@ RSpec.describe API::ComposerPackages do
 
         with_them do
           let(:token) { user_token ? personal_access_token.token : 'wrong' }
-          let(:headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+          let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
 
           before do
             project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false))

spec/requests/api/conan_packages_spec.rb

@@ -3,6 +3,7 @@ require 'spec_helper'
 
 RSpec.describe API::ConanPackages do
   include WorkhorseHelpers
+  include HttpBasicAuthHelpers
   include PackagesManagerApiSpecHelpers
 
   let(:package) { create(:conan_package) }

spec/requests/api/go_proxy_spec.rb

@@ -4,6 +4,7 @@ require 'spec_helper'
 
 RSpec.describe API::GoProxy do
   include PackagesManagerApiSpecHelpers
+  include HttpBasicAuthHelpers
 
   let_it_be(:user) { create :user }
   let_it_be(:project) { create :project_empty_repo, creator: user, path: 'my-go-lib' }
@@ -387,7 +388,7 @@ RSpec.describe API::GoProxy do
       end
 
       it 'returns ok with a personal access token and basic authentication' do
-        get_resource(headers: build_basic_auth_header(user.username, pa_token.token))
+        get_resource(headers: basic_auth_header(user.username, pa_token.token))
 
         expect(response).to have_gitlab_http_status(:ok)
       end

spec/requests/api/npm_packages_spec.rb

@@ -4,6 +4,7 @@ require 'spec_helper'
 
 RSpec.describe API::NpmPackages do
   include PackagesManagerApiSpecHelpers
+  include HttpBasicAuthHelpers
 
   let_it_be(:user) { create(:user) }
   let_it_be(:group) { create(:group) }

spec/requests/api/nuget_packages_spec.rb

@@ -45,7 +45,7 @@ RSpec.describe API::NugetPackages do
 
           with_them do
             let(:token) { user_token ? personal_access_token.token : 'wrong' }
-            let(:headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+            let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
 
             subject { get api(url), headers: headers }
 
@@ -137,7 +137,7 @@ RSpec.describe API::NugetPackages do
 
         with_them do
           let(:token) { user_token ? personal_access_token.token : 'wrong' }
-          let(:user_headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+          let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
           let(:headers) { user_headers.merge(workhorse_header) }
 
           before do
@@ -204,7 +204,7 @@ RSpec.describe API::NugetPackages do
 
         with_them do
           let(:token) { user_token ? personal_access_token.token : 'wrong' }
-          let(:user_headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+          let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
           let(:headers) { user_headers.merge(workhorse_header) }
 
           before do
@@ -264,7 +264,7 @@ RSpec.describe API::NugetPackages do
 
         with_them do
           let(:token) { user_token ? personal_access_token.token : 'wrong' }
-          let(:headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+          let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
 
           subject { get api(url), headers: headers }
 
@@ -325,7 +325,7 @@ RSpec.describe API::NugetPackages do
 
         with_them do
           let(:token) { user_token ? personal_access_token.token : 'wrong' }
-          let(:headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+          let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
 
           subject { get api(url), headers: headers }
 
@@ -381,7 +381,7 @@ RSpec.describe API::NugetPackages do
 
         with_them do
           let(:token) { user_token ? personal_access_token.token : 'wrong' }
-          let(:headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+          let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
 
           subject { get api(url), headers: headers }
 
@@ -436,7 +436,7 @@ RSpec.describe API::NugetPackages do
 
         with_them do
           let(:token) { user_token ? personal_access_token.token : 'wrong' }
-          let(:headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+          let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
 
           subject { get api(url), headers: headers }
 
@@ -499,7 +499,7 @@ RSpec.describe API::NugetPackages do
 
         with_them do
           let(:token) { user_token ? personal_access_token.token : 'wrong' }
-          let(:headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+          let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
 
           subject { get api(url), headers: headers }
 

spec/requests/api/pypi_packages_spec.rb

@@ -4,6 +4,7 @@ require 'spec_helper'
 RSpec.describe API::PypiPackages do
   include WorkhorseHelpers
   include PackagesManagerApiSpecHelpers
+  include HttpBasicAuthHelpers
 
   let_it_be(:user) { create(:user) }
   let_it_be(:project, reload: true) { create(:project, :public) }
@@ -43,7 +44,7 @@ RSpec.describe API::PypiPackages do
 
       with_them do
         let(:token) { user_token ? personal_access_token.token : 'wrong' }
-        let(:headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+        let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
 
         subject { get api(url), headers: headers }
 
@@ -94,7 +95,7 @@ RSpec.describe API::PypiPackages do
 
       with_them do
         let(:token) { user_token ? personal_access_token.token : 'wrong' }
-        let(:user_headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+        let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
         let(:headers) { user_headers.merge(workhorse_header) }
 
         before do
@@ -157,7 +158,7 @@ RSpec.describe API::PypiPackages do
 
       with_them do
         let(:token) { user_token ? personal_access_token.token : 'wrong' }
-        let(:user_headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+        let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
         let(:headers) { user_headers.merge(workhorse_header) }
 
         before do
@@ -170,7 +171,7 @@ RSpec.describe API::PypiPackages do
 
     context 'with an invalid package' do
       let(:token) { personal_access_token.token }
-      let(:user_headers) { build_basic_auth_header(user.username, token) }
+      let(:user_headers) { basic_auth_header(user.username, token) }
       let(:headers) { user_headers.merge(workhorse_header) }
 
       before do
@@ -220,7 +221,7 @@ RSpec.describe API::PypiPackages do
 
       with_them do
         let(:token) { user_token ? personal_access_token.token : 'wrong' }
-        let(:headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+        let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
 
         subject { get api(url), headers: headers }
 
@@ -233,14 +234,14 @@ RSpec.describe API::PypiPackages do
     end
 
     context 'with deploy token headers' do
-      let(:headers) { build_basic_auth_header(deploy_token.username, deploy_token.token) }
+      let(:headers) { basic_auth_header(deploy_token.username, deploy_token.token) }
 
       context 'valid token' do
         it_behaves_like 'returning response status', :success
       end
 
       context 'invalid token' do
-        let(:headers) { build_basic_auth_header('foo', 'bar') }
+        let(:headers) { basic_auth_header('foo', 'bar') }
 
         it_behaves_like 'returning response status', :success
       end

spec/support/helpers/http_basic_auth_helpers.rb

@@ -15,12 +15,15 @@ module HttpBasicAuthHelpers
     basic_auth_header(client.uid, client.secret)
   end
 
+  def build_auth_headers(value)
+    { 'HTTP_AUTHORIZATION' => value }
+  end
+
+  def build_token_auth_header(token)
+    build_auth_headers("Bearer #{token}")
+  end
+
   def basic_auth_header(username, password)
-    {
-      'HTTP_AUTHORIZATION' => ActionController::HttpAuthentication::Basic.encode_credentials(
-        username,
-        password
-      )
-    }
+    build_auth_headers(ActionController::HttpAuthentication::Basic.encode_credentials(username, password))
   end
 end

spec/support/helpers/packages_manager_api_spec_helper.rb

 # frozen_string_literal: true
 
 module PackagesManagerApiSpecHelpers
-  def build_auth_headers(value)
-    { 'HTTP_AUTHORIZATION' => value }
-  end
-
-  def build_basic_auth_header(username, password)
-    build_auth_headers(ActionController::HttpAuthentication::Basic.encode_credentials(username, password))
-  end
-
-  def build_token_auth_header(token)
-    build_auth_headers("Bearer #{token}")
-  end
-
   def build_jwt(personal_access_token, secret: jwt_secret, user_id: nil)
     JSONWebToken::HMACToken.new(secret).tap do |jwt|
       jwt['access_token'] = personal_access_token.id

spec/support/shared_examples/requests/api/composer_packages_shared_examples.rb

@@ -89,7 +89,7 @@ end
 
 RSpec.shared_context 'Composer auth headers' do |user_role, user_token|
   let(:token) { user_token ? personal_access_token.token : 'wrong' }
-  let(:headers) { user_role == :anonymous ? {} : build_basic_auth_header(user.username, token) }
+  let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
 end
 
 RSpec.shared_context 'Composer api project access' do |project_visibility_level, user_role, user_token|
@@ -118,7 +118,7 @@ RSpec.shared_examples 'rejects Composer access with unknown group id' do
     end
 
     context 'as authenticated user' do
-      subject { get api(url), headers: build_basic_auth_header(user.username, personal_access_token.token) }
+      subject { get api(url), headers: basic_auth_header(user.username, personal_access_token.token) }
 
       it_behaves_like 'process Composer api request', :anonymous, :not_found
     end
@@ -134,7 +134,7 @@ RSpec.shared_examples 'rejects Composer access with unknown project id' do
     end
 
     context 'as authenticated user' do
-      subject { get api(url), headers: build_basic_auth_header(user.username, personal_access_token.token) }
+      subject { get api(url), headers: basic_auth_header(user.username, personal_access_token.token) }
 
       it_behaves_like 'process Composer api request', :anonymous, :not_found
     end

spec/support/shared_examples/requests/api/nuget_packages_shared_examples.rb

@@ -122,7 +122,7 @@ RSpec.shared_examples 'process nuget workhorse authorization' do |user_type, sta
 
     context 'with a request that bypassed gitlab-workhorse' do
       let(:headers) do
-        build_basic_auth_header(user.username, personal_access_token.token)
+        basic_auth_header(user.username, personal_access_token.token)
           .merge(workhorse_header)
           .tap { |h| h.delete(Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER) }
       end
@@ -401,7 +401,7 @@ RSpec.shared_examples 'rejects nuget access with unknown project id' do
     end
 
     context 'as authenticated user' do
-      subject { get api(url), headers: build_basic_auth_header(user.username, personal_access_token.token) }
+      subject { get api(url), headers: basic_auth_header(user.username, personal_access_token.token) }
 
       it_behaves_like 'rejects nuget packages access', :anonymous, :not_found
     end

spec/support/shared_examples/requests/api/packages_shared_examples.rb

@@ -2,7 +2,7 @@
 
 RSpec.shared_examples 'deploy token for package GET requests' do
   context 'with deploy token headers' do
-    let(:headers) { build_basic_auth_header(deploy_token.username, deploy_token.token) }
+    let(:headers) { basic_auth_header(deploy_token.username, deploy_token.token) }
 
     subject { get api(url), headers: headers }
 
@@ -15,7 +15,7 @@ RSpec.shared_examples 'deploy token for package GET requests' do
     end
 
     context 'invalid token' do
-      let(:headers) { build_basic_auth_header(deploy_token.username, 'bar') }
+      let(:headers) { basic_auth_header(deploy_token.username, 'bar') }
 
       it_behaves_like 'returning response status', :unauthorized
     end
@@ -24,7 +24,7 @@ end
 
 RSpec.shared_examples 'deploy token for package uploads' do
   context 'with deploy token headers' do
-    let(:headers) { build_basic_auth_header(deploy_token.username, deploy_token.token).merge(workhorse_header) }
+    let(:headers) { basic_auth_header(deploy_token.username, deploy_token.token).merge(workhorse_header) }
 
     before do
       project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
@@ -35,7 +35,7 @@ RSpec.shared_examples 'deploy token for package uploads' do
     end
 
     context 'invalid token' do
-      let(:headers) { build_basic_auth_header(deploy_token.username, 'bar').merge(workhorse_header) }
+      let(:headers) { basic_auth_header(deploy_token.username, 'bar').merge(workhorse_header) }
 
       it_behaves_like 'returning response status', :unauthorized
     end

spec/support/shared_examples/requests/api/pypi_packages_shared_examples.rb

@@ -159,7 +159,7 @@ RSpec.shared_examples 'rejects PyPI access with unknown project id' do
     end
 
     context 'as authenticated user' do
-      subject { get api(url), headers: build_basic_auth_header(user.username, personal_access_token.token) }
+      subject { get api(url), headers: basic_auth_header(user.username, personal_access_token.token) }
 
       it_behaves_like 'process PyPi api request', :anonymous, :not_found
     end