BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
42fb2516
Commit
42fb2516
authored
Jun 22, 2016
by
Patricio Cano
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add more tests to the allowed protocols feature
parent
c98f89ea
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
103 additions
and
5 deletions
+103
-5
git_access_spec.rb
spec/lib/gitlab/git_access_spec.rb
+37
-0
internal_spec.rb
spec/requests/api/internal_spec.rb
+66
-5
No files found.
spec/lib/gitlab/git_access_spec.rb
View file @
42fb2516
...
...
@@ -67,6 +67,43 @@ describe Gitlab::GitAccess, lib: true do
end
end
describe
'#check with single protocols allowed'
do
def
disable_protocol
(
protocol
)
settings
=
::
ApplicationSetting
.
create_from_defaults
settings
.
update_attribute
(
:enabled_git_access_protocols
,
protocol
)
end
context
'ssh disabled'
do
before
do
disable_protocol
(
'ssh'
)
@acc
=
Gitlab
::
GitAccess
.
new
(
actor
,
project
,
'ssh'
)
end
it
'blocks ssh git push'
do
expect
(
@acc
.
check
(
'git-receive-pack'
).
allowed?
).
to
be_falsey
end
it
'blocks ssh git pull'
do
expect
(
@acc
.
check
(
'git-upload-pack'
).
allowed?
).
to
be_falsey
end
end
context
'http disabled'
do
before
do
disable_protocol
(
'http'
)
@acc
=
Gitlab
::
GitAccess
.
new
(
actor
,
project
,
'http'
)
end
it
'blocks http push'
do
expect
(
@acc
.
check
(
'git-receive-pack'
).
allowed?
).
to
be_falsey
end
it
'blocks http git pull'
do
expect
(
@acc
.
check
(
'git-upload-pack'
).
allowed?
).
to
be_falsey
end
end
end
describe
'download_access_check'
do
describe
'master permissions'
do
before
{
project
.
team
<<
[
user
,
:master
]
}
...
...
spec/requests/api/internal_spec.rb
View file @
42fb2516
...
...
@@ -207,26 +207,86 @@ describe API::API, api: true do
expect
(
json_response
[
"status"
]).
to
be_falsey
end
end
context
'ssh access has been disabled'
do
before
do
settings
=
::
ApplicationSetting
.
create_from_defaults
settings
.
update_attribute
(
:enabled_git_access_protocols
,
'http'
)
end
it
'rejects the SSH push'
do
push
(
key
,
project
)
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
json_response
[
'status'
]).
to
be_falsey
expect
(
json_response
[
'message'
]).
to
eq
'Git access over SSH is not allowed'
end
it
'rejects the SSH pull'
do
pull
(
key
,
project
)
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
json_response
[
'status'
]).
to
be_falsey
expect
(
json_response
[
'message'
]).
to
eq
'Git access over SSH is not allowed'
end
end
context
'http access has been disabled'
do
before
do
settings
=
::
ApplicationSetting
.
create_from_defaults
settings
.
update_attribute
(
:enabled_git_access_protocols
,
'ssh'
)
end
it
'rejects the HTTP push'
do
push
(
key
,
project
,
'http'
)
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
json_response
[
'status'
]).
to
be_falsey
expect
(
json_response
[
'message'
]).
to
eq
'Git access over HTTP is not allowed'
end
it
'rejects the HTTP pull'
do
pull
(
key
,
project
,
'http'
)
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
json_response
[
'status'
]).
to
be_falsey
expect
(
json_response
[
'message'
]).
to
eq
'Git access over HTTP is not allowed'
end
end
context
'web actions are always allowed'
do
it
'allows WEB push'
do
settings
=
::
ApplicationSetting
.
create_from_defaults
settings
.
update_attribute
(
:enabled_git_access_protocols
,
'ssh'
)
project
.
team
<<
[
user
,
:developer
]
push
(
key
,
project
,
'web'
)
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
json_response
[
'status'
]).
to
be_truthy
end
end
end
def
pull
(
key
,
project
)
def
pull
(
key
,
project
,
protocol
=
'ssh'
)
post
(
api
(
"/internal/allowed"
),
key_id:
key
.
id
,
project:
project
.
path_with_namespace
,
action:
'git-upload-pack'
,
secret_token:
secret_token
secret_token:
secret_token
,
protocol:
protocol
)
end
def
push
(
key
,
project
)
def
push
(
key
,
project
,
protocol
=
'ssh'
)
post
(
api
(
"/internal/allowed"
),
changes:
'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master'
,
key_id:
key
.
id
,
project:
project
.
path_with_namespace
,
action:
'git-receive-pack'
,
secret_token:
secret_token
secret_token:
secret_token
,
protocol:
protocol
)
end
...
...
@@ -237,7 +297,8 @@ describe API::API, api: true do
key_id:
key
.
id
,
project:
project
.
path_with_namespace
,
action:
'git-upload-archive'
,
secret_token:
secret_token
secret_token:
secret_token
,
protocol:
'ssh'
)
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment