BigW Consortium Gitlab

Commit 42fb2516 by Patricio Cano

Add more tests to the allowed protocols feature

parent c98f89ea
......@@ -67,6 +67,43 @@ describe Gitlab::GitAccess, lib: true do
end
end
describe '#check with single protocols allowed' do
def disable_protocol(protocol)
settings = ::ApplicationSetting.create_from_defaults
settings.update_attribute(:enabled_git_access_protocols, protocol)
end
context 'ssh disabled' do
before do
disable_protocol('ssh')
@acc = Gitlab::GitAccess.new(actor, project, 'ssh')
end
it 'blocks ssh git push' do
expect(@acc.check('git-receive-pack').allowed?).to be_falsey
end
it 'blocks ssh git pull' do
expect(@acc.check('git-upload-pack').allowed?).to be_falsey
end
end
context 'http disabled' do
before do
disable_protocol('http')
@acc = Gitlab::GitAccess.new(actor, project, 'http')
end
it 'blocks http push' do
expect(@acc.check('git-receive-pack').allowed?).to be_falsey
end
it 'blocks http git pull' do
expect(@acc.check('git-upload-pack').allowed?).to be_falsey
end
end
end
describe 'download_access_check' do
describe 'master permissions' do
before { project.team << [user, :master] }
......
......@@ -207,26 +207,86 @@ describe API::API, api: true do
expect(json_response["status"]).to be_falsey
end
end
context 'ssh access has been disabled' do
before do
settings = ::ApplicationSetting.create_from_defaults
settings.update_attribute(:enabled_git_access_protocols, 'http')
end
it 'rejects the SSH push' do
push(key, project)
expect(response.status).to eq(200)
expect(json_response['status']).to be_falsey
expect(json_response['message']).to eq 'Git access over SSH is not allowed'
end
it 'rejects the SSH pull' do
pull(key, project)
expect(response.status).to eq(200)
expect(json_response['status']).to be_falsey
expect(json_response['message']).to eq 'Git access over SSH is not allowed'
end
end
context 'http access has been disabled' do
before do
settings = ::ApplicationSetting.create_from_defaults
settings.update_attribute(:enabled_git_access_protocols, 'ssh')
end
it 'rejects the HTTP push' do
push(key, project, 'http')
expect(response.status).to eq(200)
expect(json_response['status']).to be_falsey
expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
end
it 'rejects the HTTP pull' do
pull(key, project, 'http')
expect(response.status).to eq(200)
expect(json_response['status']).to be_falsey
expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
end
end
context 'web actions are always allowed' do
it 'allows WEB push' do
settings = ::ApplicationSetting.create_from_defaults
settings.update_attribute(:enabled_git_access_protocols, 'ssh')
project.team << [user, :developer]
push(key, project, 'web')
expect(response.status).to eq(200)
expect(json_response['status']).to be_truthy
end
end
end
def pull(key, project)
def pull(key, project, protocol = 'ssh')
post(
api("/internal/allowed"),
key_id: key.id,
project: project.path_with_namespace,
action: 'git-upload-pack',
secret_token: secret_token
secret_token: secret_token,
protocol: protocol
)
end
def push(key, project)
def push(key, project, protocol = 'ssh')
post(
api("/internal/allowed"),
changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master',
key_id: key.id,
project: project.path_with_namespace,
action: 'git-receive-pack',
secret_token: secret_token
secret_token: secret_token,
protocol: protocol
)
end
......@@ -237,7 +297,8 @@ describe API::API, api: true do
key_id: key.id,
project: project.path_with_namespace,
action: 'git-upload-archive',
secret_token: secret_token
secret_token: secret_token,
protocol: 'ssh'
)
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment