More tests, better descriptions

ccb29955 · Jacob Vosmaer · 91226c20 · ccb29955
Commit ccb29955 authored Apr 06, 2016 by Jacob Vosmaer
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 12 deletions

spec/requests/git_http_spec.rb spec/requests/git_http_spec.rb +27 -12

No files found.
--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -12,7 +12,7 @@ describe 'Git HTTP requests', lib: true do

  context "when the project doesn't exist" do
    context "when no authentication is provided" do
-      it "responds with status 401" do
+      it "responds with status 401 (no project existence information leak)" do
        download('doesnt/exist.git') do |response|
          expect(response.status).to eq(401)
        end
@@ -72,7 +72,7 @@ describe 'Git HTTP requests', lib: true do
          expect(response.status).to eq(401)
        end
      end
-      
+
      context "with correct credentials" do
        let(:env) { { user: user.username, password: user.password } }

@@ -81,11 +81,11 @@ describe 'Git HTTP requests', lib: true do
            expect(response.status).to eq(200)
          end
        end
-        
+
        context 'but git-receive-pack is disabled' do
          it "responds with status 404" do
            allow(Gitlab.config.gitlab_shell).to receive(:receive_pack).and_return(false)
-  
+
            upload(path, env) do |response|
              expect(response.status).to eq(404)
            end
@@ -110,11 +110,17 @@ describe 'Git HTTP requests', lib: true do
      end

      context "when no authentication is provided" do
-        it "responds with status 401" do
+        it "responds with status 401 to downloads" do
          download(path, env) do |response|
            expect(response.status).to eq(401)
          end
        end
+
+        it "responds with status 401 to uploads" do
+          upload(path, env) do |response|
+            expect(response.status).to eq(401)
+          end
+        end
      end

      context "when username and password are provided" do
@@ -159,18 +165,18 @@ describe 'Git HTTP requests', lib: true do
            end

            context "when the user isn't blocked" do
-              it "downloads status 200" do
+              it "downloads get status 200" do
                expect(Rack::Attack::Allow2Ban).to receive(:reset)

                clone_get(path, env)

                expect(response.status).to eq(200)
              end
-              
+
              it "uploads get status 200" do
                upload(path, env) do |response|
                  expect(response.status).to eq(200)
-                end      
+                end
              end
            end

@@ -211,7 +217,7 @@ describe 'Git HTTP requests', lib: true do
                expect(response.status).to eq(404)
              end
            end
-            
+
            it "uploads get status 200 (because Git hooks do the real check)" do
              upload(path, user: user.username, password: user.password) do |response|
                expect(response.status).to eq(200)
@@ -222,15 +228,24 @@ describe 'Git HTTP requests', lib: true do
      end

      context "when a gitlab ci token is provided" do
-        it "responds with status 200" do
-          token = "123"
-          project = FactoryGirl.create :empty_project
+        let(:token) { 123 }
+        let(:project) { FactoryGirl.create :empty_project }
+
+        before do
          project.update_attributes(runners_token: token, builds_enabled: true)
+        end

+        it "downloads get status 200" do
          clone_get "#{project.path_with_namespace}.git", user: 'gitlab-ci-token', password: token

          expect(response.status).to eq(200)
        end
+
+        it "uploads get status 401 (no project existence information leak)" do
+          push_get "#{project.path_with_namespace}.git", user: 'gitlab-ci-token', password: token
+
+          expect(response.status).to eq(401)
+        end
      end
    end
  end