Fix InvalidSignatureTimeError handling on API

Improved specs

Fix InvalidSignatureTimeError handling on API
Improved specs
d22b3486 · Gabriel Mazetto · cf19910d · d22b3486 · d22b3486
Commit d22b3486 authored Apr 27, 2018 by Gabriel Mazetto
Hide whitespace changes
Inline Side-by-side

Showing with 54 additions and 19 deletions

ee/lib/ee/api/helpers.rb ee/lib/ee/api/helpers.rb +1 -1

ee/spec/lib/ee/api/helpers_spec.rb ee/spec/lib/ee/api/helpers_spec.rb +53 -18

No files found.
--- a/ee/lib/ee/api/helpers.rb
+++ b/ee/lib/ee/api/helpers.rb
@@ -18,7 +18,7 @@ module EE
          unless auth_header && ::Gitlab::Geo::JwtRequestDecoder.new(auth_header).decode
            unauthorized!
          end
-        rescue ::Gitlab::Geo::InvalidDecryptionKeyError, ::Gitlab::Geo::SignatureTimeInvalidError => e
+        rescue ::Gitlab::Geo::InvalidDecryptionKeyError, ::Gitlab::Geo::InvalidSignatureTimeError => e
          render_api_error!(e.to_s, 401)
        end
      end

--- a/ee/spec/lib/ee/api/helpers_spec.rb
+++ b/ee/spec/lib/ee/api/helpers_spec.rb
 require 'spec_helper'
 describe EE::API::Helpers do
-  include API::APIGuard::HelperMethods
+  include Rack::Test::Methods
-  include API::Helpers
+  let(:helper) do
-  let(:options) { {} }
+    Class.new(Grape::API) do
-  let(:params) { {} }
+      helpers EE::API::Helpers
-  let(:env) do
+      helpers API::APIGuard::HelperMethods
-    {
+      helpers API::Helpers
-      'rack.input' => '',
+      format :json
-      'REQUEST_METHOD' => 'GET'
-    }
+      get 'user' do
+        current_user ? { id: current_user.id } : { found: false }
+      end
+      get 'protected' do
+        authenticate_by_gitlab_geo_node_token!
+      end
+    end
  end
-  let(:header) { }
-  let(:request) { Grape::Request.new(env)}
-  before do
+  def app
-    allow(Gitlab::Database::LoadBalancing).to receive(:enable?).and_return(true)
+    helper
  end
  describe '#current_user' do
    let(:user) { build(:user, id: 42) }
+    before do
+      allow(Gitlab::Database::LoadBalancing).to receive(:enable?).and_return(true)
+    end
    it 'handles sticking when a user could be found' do
      allow_any_instance_of(API::Helpers).to receive(:initial_current_user).and_return(user)
      expect(Gitlab::Database::LoadBalancing::RackMiddleware)
-        .to receive(:stick_or_unstick).with(env, :user, 42)
+        .to receive(:stick_or_unstick).with(any_args, :user, 42)
+      get 'user'
-      current_user
+      expect(JSON.parse(last_response.body)).to eq({ 'id' => user.id })
    end
    it 'does not handle sticking if no user could be found' do
@@ -37,13 +48,37 @@ describe EE::API::Helpers do
      expect(Gitlab::Database::LoadBalancing::RackMiddleware)
        .not_to receive(:stick_or_unstick)
-      current_user
+      get 'user'
+      expect(JSON.parse(last_response.body)).to eq({ 'found' => false })
    end
    it 'returns the user if one could be found' do
      allow_any_instance_of(API::Helpers).to receive(:initial_current_user).and_return(user)
-      expect(current_user).to eq(user)
+      get 'user'
+      expect(JSON.parse(last_response.body)).to eq({ 'id' => user.id })
+    end
+  end
+  describe '#authenticate_by_gitlab_geo_node_token!' do
+    it 'rescues from ::Gitlab::Geo::InvalidDecryptionKeyError' do
+      expect_any_instance_of(::Gitlab::Geo::JwtRequestDecoder).to receive(:decode) { raise ::Gitlab::Geo::InvalidDecryptionKeyError }
+      header 'Authorization', 'test'
+      get 'protected', current_user: 'test'
+      expect(JSON.parse(last_response.body)).to eq({ 'message' => 'Gitlab::Geo::InvalidDecryptionKeyError' })
+    end
+    it 'rescues from ::Gitlab::Geo::InvalidSignatureTimeError' do
+      allow_any_instance_of(::Gitlab::Geo::JwtRequestDecoder).to receive(:decode) { raise ::Gitlab::Geo::InvalidSignatureTimeError }
+      header 'Authorization', 'test'
+      get 'protected', current_user: 'test'
+      expect(JSON.parse(last_response.body)).to eq({ 'message' => 'Gitlab::Geo::InvalidSignatureTimeError' })
    end
  end
 end