BigW Consortium Gitlab

project_hooks_spec.rb 8.26 KB
Newer Older
1 2
require 'spec_helper'

3
describe API::API, 'ProjectHooks', api: true do
4 5 6
  include ApiHelpers
  let(:user) { create(:user) }
  let(:user3) { create(:user) }
7
  let!(:project) { create(:project, creator_id: user.id, namespace: user.namespace) }
8 9
  let!(:hook) do
    create(:project_hook,
10 11 12
           :all_events_enabled,
           project: project,
           url: 'http://example.com',
13 14
           enable_ssl_verification: true)
  end
15 16 17 18 19 20 21 22

  before do
    project.team << [user, :master]
    project.team << [user3, :developer]
  end

  describe "GET /projects/:id/hooks" do
    context "authorized user" do
23
      it "returns project hooks" do
24
        get api("/projects/#{project.id}/hooks", user)
25
        expect(response).to have_http_status(200)
26

27 28 29
        expect(json_response).to be_an Array
        expect(json_response.count).to eq(1)
        expect(json_response.first['url']).to eq("http://example.com")
30 31 32 33 34
        expect(json_response.first['issues_events']).to eq(true)
        expect(json_response.first['push_events']).to eq(true)
        expect(json_response.first['merge_requests_events']).to eq(true)
        expect(json_response.first['tag_push_events']).to eq(true)
        expect(json_response.first['note_events']).to eq(true)
35
        expect(json_response.first['build_events']).to eq(true)
36
        expect(json_response.first['pipeline_events']).to eq(true)
37
        expect(json_response.first['wiki_page_events']).to eq(true)
38
        expect(json_response.first['enable_ssl_verification']).to eq(true)
39 40 41 42
      end
    end

    context "unauthorized user" do
43
      it "does not access project hooks" do
44
        get api("/projects/#{project.id}/hooks", user3)
45
        expect(response).to have_http_status(403)
46 47 48 49 50 51
      end
    end
  end

  describe "GET /projects/:id/hooks/:hook_id" do
    context "authorized user" do
52
      it "returns a project hook" do
53
        get api("/projects/#{project.id}/hooks/#{hook.id}", user)
54
        expect(response).to have_http_status(200)
55
        expect(json_response['url']).to eq(hook.url)
56 57 58 59 60
        expect(json_response['issues_events']).to eq(hook.issues_events)
        expect(json_response['push_events']).to eq(hook.push_events)
        expect(json_response['merge_requests_events']).to eq(hook.merge_requests_events)
        expect(json_response['tag_push_events']).to eq(hook.tag_push_events)
        expect(json_response['note_events']).to eq(hook.note_events)
61 62
        expect(json_response['build_events']).to eq(hook.build_events)
        expect(json_response['pipeline_events']).to eq(hook.pipeline_events)
63
        expect(json_response['wiki_page_events']).to eq(hook.wiki_page_events)
64
        expect(json_response['enable_ssl_verification']).to eq(hook.enable_ssl_verification)
65 66
      end

67
      it "returns a 404 error if hook id is not available" do
68
        get api("/projects/#{project.id}/hooks/1234", user)
69
        expect(response).to have_http_status(404)
70 71 72 73
      end
    end

    context "unauthorized user" do
74
      it "does not access an existing hook" do
75
        get api("/projects/#{project.id}/hooks/#{hook.id}", user3)
76
        expect(response).to have_http_status(403)
77 78 79
      end
    end

80
    it "returns a 404 error if hook id is not available" do
81
      get api("/projects/#{project.id}/hooks/1234", user)
82
      expect(response).to have_http_status(404)
83 84 85 86
    end
  end

  describe "POST /projects/:id/hooks" do
87
    it "adds hook to project" do
88 89 90
      expect do
        post api("/projects/#{project.id}/hooks", user), url: "http://example.com", issues_events: true
      end.to change {project.hooks.count}.by(1)
91

92
      expect(response).to have_http_status(201)
93 94 95 96 97 98
      expect(json_response['url']).to eq('http://example.com')
      expect(json_response['issues_events']).to eq(true)
      expect(json_response['push_events']).to eq(true)
      expect(json_response['merge_requests_events']).to eq(false)
      expect(json_response['tag_push_events']).to eq(false)
      expect(json_response['note_events']).to eq(false)
99
      expect(json_response['build_events']).to eq(false)
100
      expect(json_response['pipeline_events']).to eq(false)
101
      expect(json_response['wiki_page_events']).to eq(false)
102
      expect(json_response['enable_ssl_verification']).to eq(true)
103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
      expect(json_response).not_to include('token')
    end

    it "adds the token without including it in the response" do
      token = "secret token"

      expect do
        post api("/projects/#{project.id}/hooks", user), url: "http://example.com", token: token
      end.to change {project.hooks.count}.by(1)

      expect(response).to have_http_status(201)
      expect(json_response["url"]).to eq("http://example.com")
      expect(json_response).not_to include("token")

      hook = project.hooks.find(json_response["id"])

      expect(hook.url).to eq("http://example.com")
      expect(hook.token).to eq(token)
121 122
    end

123
    it "returns a 400 error if url not given" do
124
      post api("/projects/#{project.id}/hooks", user)
125
      expect(response).to have_http_status(400)
126 127
    end

128
    it "returns a 422 error if url not valid" do
129
      post api("/projects/#{project.id}/hooks", user), "url" => "ftp://example.com"
130
      expect(response).to have_http_status(422)
131 132 133 134
    end
  end

  describe "PUT /projects/:id/hooks/:hook_id" do
135
    it "updates an existing project hook" do
136
      put api("/projects/#{project.id}/hooks/#{hook.id}", user),
137
        url: 'http://example.org', push_events: false
138
      expect(response).to have_http_status(200)
139
      expect(json_response['url']).to eq('http://example.org')
140 141 142 143 144
      expect(json_response['issues_events']).to eq(hook.issues_events)
      expect(json_response['push_events']).to eq(false)
      expect(json_response['merge_requests_events']).to eq(hook.merge_requests_events)
      expect(json_response['tag_push_events']).to eq(hook.tag_push_events)
      expect(json_response['note_events']).to eq(hook.note_events)
145 146
      expect(json_response['build_events']).to eq(hook.build_events)
      expect(json_response['pipeline_events']).to eq(hook.pipeline_events)
147
      expect(json_response['wiki_page_events']).to eq(hook.wiki_page_events)
148
      expect(json_response['enable_ssl_verification']).to eq(hook.enable_ssl_verification)
149 150 151 152 153 154 155 156 157 158 159 160 161
    end

    it "adds the token without including it in the response" do
      token = "secret token"

      put api("/projects/#{project.id}/hooks/#{hook.id}", user), url: "http://example.org", token: token

      expect(response).to have_http_status(200)
      expect(json_response["url"]).to eq("http://example.org")
      expect(json_response).not_to include("token")

      expect(hook.reload.url).to eq("http://example.org")
      expect(hook.reload.token).to eq(token)
162 163
    end

164
    it "returns 404 error if hook id not found" do
165
      put api("/projects/#{project.id}/hooks/1234", user), url: 'http://example.org'
166
      expect(response).to have_http_status(404)
167 168
    end

169
    it "returns 400 error if url is not given" do
170
      put api("/projects/#{project.id}/hooks/#{hook.id}", user)
171
      expect(response).to have_http_status(400)
172 173
    end

174
    it "returns a 422 error if url is not valid" do
175
      put api("/projects/#{project.id}/hooks/#{hook.id}", user), url: 'ftp://example.com'
176
      expect(response).to have_http_status(422)
177 178 179 180
    end
  end

  describe "DELETE /projects/:id/hooks/:hook_id" do
181
    it "deletes hook from project" do
182
      expect do
183
        delete api("/projects/#{project.id}/hooks/#{hook.id}", user)
184
      end.to change {project.hooks.count}.by(-1)
185
      expect(response).to have_http_status(200)
186 187
    end

188
    it "returns success when deleting hook" do
189
      delete api("/projects/#{project.id}/hooks/#{hook.id}", user)
190
      expect(response).to have_http_status(200)
191 192
    end

193
    it "returns a 404 error when deleting non existent hook" do
194
      delete api("/projects/#{project.id}/hooks/42", user)
195
      expect(response).to have_http_status(404)
196 197
    end

198
    it "returns a 404 error if hook id not given" do
199
      delete api("/projects/#{project.id}/hooks", user)
200

201
      expect(response).to have_http_status(404)
202
    end
203

204
    it "returns a 404 if a user attempts to delete project hooks he/she does not own" do
205 206 207 208 209
      test_user = create(:user)
      other_project = create(:project)
      other_project.team << [test_user, :master]

      delete api("/projects/#{other_project.id}/hooks/#{hook.id}", test_user)
210
      expect(response).to have_http_status(404)
211 212
      expect(WebHook.exists?(hook.id)).to be_truthy
    end
213 214
  end
end