fix the jobs api spec

62365211 · Micaël Bergeron · 223053c1 · 62365211 · 62365211
Commit 62365211 authored Mar 19, 2018 by Micaël Bergeron
Hide whitespace changes
Inline Side-by-side

Showing with 113 additions and 8 deletions

ee/spec/requests/api/jobs_spec.rb ee/spec/requests/api/jobs_spec.rb +72 -0

spec/requests/api/jobs_spec.rb spec/requests/api/jobs_spec.rb +41 -8

No files found.
--- a/ee/spec/requests/api/jobs_spec.rb
+++ b/ee/spec/requests/api/jobs_spec.rb
+require 'spec_helper'
+
+describe API::Jobs do
+  set(:project) do
+    create(:project, :repository, public_builds: false)
+  end
+
+  set(:pipeline) do
+    create(:ci_empty_pipeline, project: project,
+                               sha: project.commit.id,
+                               ref: project.default_branch)
+  end
+
+  let!(:job) { create(:ci_build, :success, pipeline: pipeline) }
+
+  let(:user) { create(:user) }
+  let(:api_user) { user }
+  let(:reporter) { create(:project_member, :reporter, project: project).user }
+  let(:cross_project_pipeline_enabled) { true }
+
+  before do
+    stub_licensed_features(cross_project_pipelines: cross_project_pipeline_enabled)
+    project.add_developer(user)
+  end
+
+  describe 'GET /projects/:id/jobs/:job_id/artifacts' do
+    shared_examples 'downloads artifact' do
+      let(:download_headers) do
+        { 'Content-Transfer-Encoding' => 'binary',
+          'Content-Disposition' => 'attachment; filename=ci_build_artifacts.zip' }
+      end
+
+      it 'returns specific job artifacts' do
+        expect(response).to have_gitlab_http_status(200)
+        expect(response.headers).to include(download_headers)
+        expect(response.body).to match_file(job.artifacts_file.file.file)
+      end
+    end
+
+    context 'authorized by job_token' do
+      let(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user) }
+
+      before do
+        get api("/projects/#{project.id}/jobs/#{job.id}/artifacts"), job_token: job.token
+      end
+
+      context 'user is developer' do
+        let(:api_user) { user }
+
+        it_behaves_like 'downloads artifact'
+      end
+
+      context 'when anonymous user is accessing private artifacts' do
+        let(:api_user) { nil }
+
+        it 'hides artifacts and rejects request' do
+          expect(project).to be_private
+          expect(response).to have_gitlab_http_status(404)
+        end
+      end
+
+      context 'feature is disabled for EES' do
+        let(:api_user) { user }
+        let(:cross_project_pipeline_enabled) { false }
+
+        it 'disallows access to the artifacts' do
+          expect(response).to have_gitlab_http_status(404)
+        end
+      end
+    end
+  end
+end
--- a/spec/requests/api/jobs_spec.rb
+++ b/spec/requests/api/jobs_spec.rb
 require 'spec_helper'

 describe API::Jobs do
-  include HttpIOHelpers
-
  set(:project) do
    create(:project, :repository, public_builds: false)
  end
@@ -21,6 +19,7 @@ describe API::Jobs do
  let(:guest) { create(:project_member, :guest, project: project).user }

  before do
+    stub_licensed_features(cross_project_pipelines: true)
    project.add_developer(user)
  end

@@ -316,11 +315,6 @@ describe API::Jobs do
      end
    end

-    before do
-      stub_artifacts_object_storage
-      get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user)
-    end
-
    context 'normal authentication' do
      context 'job with artifacts' do
        context 'when artifacts are stored locally' do
@@ -344,8 +338,10 @@ describe API::Jobs do
        end

        context 'when artifacts are stored remotely' do
+          let(:proxy_download) { false }
+
          before do
-            stub_artifacts_object_storage
+            stub_artifacts_object_storage(proxy_download: proxy_download)
          end

          let(:job) { create(:ci_build, pipeline: pipeline) }
@@ -357,6 +353,20 @@ describe API::Jobs do
            get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user)
          end

+          context 'when proxy download is enabled' do
+            let(:proxy_download) { true }
+
+            it 'responds with the workhorse send-url' do
+              expect(response.headers[Gitlab::Workhorse::SEND_DATA_HEADER]).to start_with("send-url:")
+            end
+          end
+
+          context 'when proxy download is disabled' do
+            it 'returns location redirect' do
+              expect(response).to have_gitlab_http_status(302)
+            end
+          end
+
          context 'authorized user' do
            it 'returns the file remote URL' do
              expect(response).to redirect_to(artifact.file.url)
@@ -495,6 +505,29 @@ describe API::Jobs do

        it_behaves_like 'a valid file'
      end
+
+      context 'when using job_token to authenticate' do
+        before do
+          pipeline.reload
+          pipeline.update(ref: 'master',
+                          sha: project.commit('master').sha)
+
+          get api("/projects/#{project.id}/jobs/artifacts/master/download"), job: job.name, job_token: job.token
+        end
+
+        context 'when user is reporter' do
+          it_behaves_like 'a valid file'
+        end
+
+        context 'when user is admin, but not member' do
+          let(:api_user) { create(:admin) }
+          let(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user) }
+
+          it 'does not allow to see that artfiact is present' do
+            expect(response).to have_gitlab_http_status(404)
+          end
+        end
+      end
    end
  end