Add specs for maven packages api [ci skip]

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Add specs for maven packages api [ci skip]
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
de0f1905 · Dmitriy Zaporozhets · db1a6daa · de0f1905 · de0f1905 · de0f1905
Commit de0f1905 authored Aug 03, 2018 by Dmitriy Zaporozhets
5 changed files
--- a/spec/factories/packages.rb
+++ b/spec/factories/packages.rb
@@ -19,20 +19,23 @@ FactoryBot.define do
    package
    trait(:jar) do
-      file Tempfile.new('my-app-1.0-20180724.124855-1.jar')
+      file { fixture_file_upload('spec/fixtures/maven/my-app-1.0-20180724.124855-1.jar') }
      file_name 'my-app-1.0-20180724.124855-1.jar'
+      file_sha1 '4f0bfa298744d505383fbb57c554d4f5c12d88b3'
      file_type 'jar'
    end
    trait(:pom) do
-      file Tempfile.new('my-app-1.0-20180724.124855-1.pom')
+      file { fixture_file_upload('spec/fixtures/maven/my-app-1.0-20180724.124855-1.pom') }
      file_name 'my-app-1.0-20180724.124855-1.pom'
+      file_sha1 '19c975abd49e5102ca6c74a619f21e0cf0351c57'
      file_type 'pom'
    end
    trait(:xml) do
-      file Tempfile.new('maven-metadata.xml')
+      file { fixture_file_upload('spec/fixtures/maven/maven-metadata.xml') }
      file_name 'maven-metadata.xml'
+      file_sha1 '42b1bdc80de64953b6876f5a8c644f20204011b0'
      file_type 'xml'
    end
  end

--- a/spec/fixtures/maven/maven-metadata.xml
+++ b/spec/fixtures/maven/maven-metadata.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<metadata modelVersion="1.1.0">
+  <groupId>com.mycompany.app</groupId>
+  <artifactId>my-app</artifactId>
+  <version>1.0-SNAPSHOT</version>
+  <versioning>
+    <snapshot>
+      <timestamp>20180724.124855</timestamp>
+      <buildNumber>1</buildNumber>
+    </snapshot>
+    <lastUpdated>20180724124855</lastUpdated>
+    <snapshotVersions>
+      <snapshotVersion>
+        <extension>jar</extension>
+        <value>1.0-20180724.124855-1</value>
+        <updated>20180724124855</updated>
+      </snapshotVersion>
+      <snapshotVersion>
+        <extension>pom</extension>
+        <value>1.0-20180724.124855-1</value>
+        <updated>20180724124855</updated>
+      </snapshotVersion>
+    </snapshotVersions>
+  </versioning>
+</metadata>
--- a/spec/fixtures/maven/my-app-1.0-20180724.124855-1.jar
+++ b/spec/fixtures/maven/my-app-1.0-20180724.124855-1.jar
--- a/spec/fixtures/maven/my-app-1.0-20180724.124855-1.pom
+++ b/spec/fixtures/maven/my-app-1.0-20180724.124855-1.pom
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.mycompany.app</groupId>
+  <artifactId>my-app</artifactId>
+  <packaging>jar</packaging>
+  <version>1.0-SNAPSHOT</version>
+  <name>my-app</name>
+  <url>http://maven.apache.org</url>
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>3.8.1</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+  <distributionManagement>
+    <snapshotRepository>
+      <id>local</id>
+      <url>file:///tmp/maven</url>
+    </snapshotRepository>
+  </distributionManagement>
+  <repositories>
+    <repository>
+      <id>local</id>
+      <url>file:///tmp/maven</url>
+    </repository>
+  </repositories>
+  <properties>
+    <maven.compiler.source>1.6</maven.compiler.source>
+    <maven.compiler.target>1.6</maven.compiler.target>
+  </properties>
+</project>
--- a/spec/requests/api/maven_packages_spec.rb
+++ b/spec/requests/api/maven_packages_spec.rb
+require 'spec_helper'
+describe API::MavenPackages do
+  let(:user) { create(:user) }
+  let(:project) { create(:project) }
+  let(:personal_access_token) { create(:personal_access_token, user: user) }
+  let(:jwt_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') }
+  let(:headers) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => jwt_token } }
+  let(:headers_with_token) { headers.merge('Private-Token' => personal_access_token.token) }
+  before do
+    project.add_developer(user)
+  end
+  describe 'GET /api/v4/projects/:id/packages/maven/*app_group/:app_name/:app_version/:file_name' do
+    let(:package) { create(:maven_package, project: project) }
+    let(:maven_metadatum) { package.maven_metadatum }
+    let(:package_file_xml) { package.package_files.find_by(file_type: 'xml') }
+    context 'a public project' do
+      it 'returns the file' do
+        download_file(package_file_xml.file_name)
+        expect(response).to have_gitlab_http_status(200)
+        expect(response.content_type.to_s).to eq('application/octet-stream')
+      end
+      it 'returns sha1 of the file' do
+        download_file(package_file_xml.file_name + '.sha1')
+        expect(response).to have_gitlab_http_status(200)
+        expect(response.content_type.to_s).to eq('text/plain')
+        expect(response.body).to eq(package_file_xml.file_sha1)
+      end
+    end
+    context 'private project' do
+      # Auth required, read permissions required
+    end
+    def download_file(file_name, params = {}, request_headers = headers)
+      get api("/projects/#{project.id}/packages/maven/" \
+              "#{maven_metadatum.app_group}/#{maven_metadatum.app_name}/" \
+              "#{maven_metadatum.app_version}/#{file_name}"), params, request_headers
+    end
+    def download_file_with_token(params = {}, request_headers = headers_with_token)
+      download_file(params, request_headers)
+    end
+  end
+  describe 'PUT /api/v4/projects/:id/packages/maven/*app_group/:app_name/:app_version/:file_name/authorize' do
+    it 'authorizes posting package with a valid token' do
+      authorize_upload_with_token
+      expect(response).to have_gitlab_http_status(200)
+      expect(response.content_type.to_s).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
+      expect(json_response['TempPath']).not_to be_nil
+    end
+    it 'rejects request without a valid token' do
+      headers_with_token['Private-Token'] = 'foo'
+      authorize_upload_with_token
+      expect(response).to have_gitlab_http_status(401)
+    end
+    it 'rejects request without a valid permission' do
+      project.add_guest(user)
+      authorize_upload_with_token
+      expect(response).to have_gitlab_http_status(401)
+    end
+    it 'rejects requests that did not go through gitlab-workhorse' do
+      headers.delete(Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER)
+      authorize_upload_with_token
+      expect(response).to have_gitlab_http_status(500)
+    end
+    def authorize_upload(params = {}, request_headers = headers)
+      put api("/projects/#{project.id}/packages/maven/com/example/my-app/1-0-SNAPSHOT/maven-metadata.xml/authorize"), params, request_headers
+    end
+    def authorize_upload_with_token(params = {}, request_headers = headers_with_token)
+      authorize_upload(params, request_headers)
+    end
+  end
+  describe 'PUT /api/v4/projects/:id/packages/maven/*app_group/:app_name/:app_version/:file_name' do
+    let(:file_upload) { fixture_file_upload('spec/fixtures/maven/maven-metadata.xml') }
+    before do
+      # by configuring this path we allow to pass temp file from any path
+      allow(Packages::PackageFileUploader).to receive(:workhorse_upload_path).and_return('/')
+    end
+    it 'rejects requests without a file from workhorse' do
+      upload_file_with_token
+      expect(response).to have_gitlab_http_status(400)
+    end
+    it 'rejects request without a token' do
+      upload_file
+      expect(response).to have_gitlab_http_status(401)
+    end
+    context 'when params from workhorse are correct' do
+      let(:package) { project.packages.reload.last }
+      let(:package_file) { package.package_files.reload.last }
+      let(:params) do
+        {
+          'file.path' => file_upload.path,
+          'file.name' => file_upload.original_filename
+        }
+      end
+      it 'creates package and stores package file' do
+        expect { upload_file_with_token(params) }.to change { project.packages.count }.by(1)
+          #.and change { Packages::MavenMetadatum.count }.by(1)
+          #.and change { Packages::PackageFile.count }.by(1)
+        expect(response).to have_gitlab_http_status(200)
+        expect(package_file.original_filename).to eq(file_upload.original_filename)
+      end
+    end
+    def upload_file(params = {}, request_headers = headers)
+      put api("/projects/#{project.id}/packages/maven/com/example/my-app/1-0-SNAPSHOT/maven-metadata.xml"), params, request_headers
+    end
+    def upload_file_with_token(params = {}, request_headers = headers_with_token)
+      upload_file(params, request_headers)
+    end
+  end
+end