BigW Consortium Gitlab

Ensure dots in project path is allowed in the commits API

Signed-off-by: 's avatarRémy Coutable <remy@rymai.me>
parent e52529e2
...@@ -10,7 +10,7 @@ module API ...@@ -10,7 +10,7 @@ module API
params do params do
requires :id, type: String, desc: 'The ID of a project' requires :id, type: String, desc: 'The ID of a project'
end end
resource :projects do resource :projects, requirements: { id: /.+/ } do
desc 'Get a project repository commits' do desc 'Get a project repository commits' do
success Entities::RepoCommit success Entities::RepoCommit
end end
......
...@@ -11,7 +11,7 @@ module API ...@@ -11,7 +11,7 @@ module API
params do params do
requires :id, type: String, desc: 'The ID of a project' requires :id, type: String, desc: 'The ID of a project'
end end
resource :projects do resource :projects, requirements: { id: /.+/ } do
desc 'Get a project repository commits' do desc 'Get a project repository commits' do
success ::API::Entities::RepoCommit success ::API::Entities::RepoCommit
end end
......
...@@ -178,7 +178,7 @@ describe API::Commits, api: true do ...@@ -178,7 +178,7 @@ describe API::Commits, api: true do
end end
end end
describe "Create a commit with multiple files and actions" do describe "POST /projects/:id/repository/commits" do
let!(:url) { "/projects/#{project.id}/repository/commits" } let!(:url) { "/projects/#{project.id}/repository/commits" }
it 'returns a 403 unauthorized for user without permissions' do it 'returns a 403 unauthorized for user without permissions' do
...@@ -193,7 +193,7 @@ describe API::Commits, api: true do ...@@ -193,7 +193,7 @@ describe API::Commits, api: true do
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
end end
context :create do describe 'create' do
let(:message) { 'Created file' } let(:message) { 'Created file' }
let!(:invalid_c_params) do let!(:invalid_c_params) do
{ {
...@@ -237,8 +237,9 @@ describe API::Commits, api: true do ...@@ -237,8 +237,9 @@ describe API::Commits, api: true do
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
end end
context 'with project path in URL' do context 'with project path containing a dot in URL' do
let(:url) { "/projects/#{project.full_path.gsub('/', '%2F')}/repository/commits" } let!(:user) { create(:user, username: 'foo.bar') }
let(:url) { "/projects/#{CGI.escape(project.full_path)}/repository/commits" }
it 'a new file in project repo' do it 'a new file in project repo' do
post api(url, user), valid_c_params post api(url, user), valid_c_params
...@@ -248,7 +249,7 @@ describe API::Commits, api: true do ...@@ -248,7 +249,7 @@ describe API::Commits, api: true do
end end
end end
context :delete do describe 'delete' do
let(:message) { 'Deleted file' } let(:message) { 'Deleted file' }
let!(:invalid_d_params) do let!(:invalid_d_params) do
{ {
...@@ -289,7 +290,7 @@ describe API::Commits, api: true do ...@@ -289,7 +290,7 @@ describe API::Commits, api: true do
end end
end end
context :move do describe 'move' do
let(:message) { 'Moved file' } let(:message) { 'Moved file' }
let!(:invalid_m_params) do let!(:invalid_m_params) do
{ {
...@@ -334,7 +335,7 @@ describe API::Commits, api: true do ...@@ -334,7 +335,7 @@ describe API::Commits, api: true do
end end
end end
context :update do describe 'update' do
let(:message) { 'Updated file' } let(:message) { 'Updated file' }
let!(:invalid_u_params) do let!(:invalid_u_params) do
{ {
...@@ -377,7 +378,7 @@ describe API::Commits, api: true do ...@@ -377,7 +378,7 @@ describe API::Commits, api: true do
end end
end end
context "multiple operations" do describe 'multiple operations' do
let(:message) { 'Multiple actions' } let(:message) { 'Multiple actions' }
let!(:invalid_mo_params) do let!(:invalid_mo_params) do
{ {
......
...@@ -88,7 +88,7 @@ describe API::V3::Commits, api: true do ...@@ -88,7 +88,7 @@ describe API::V3::Commits, api: true do
end end
end end
describe "Create a commit with multiple files and actions" do describe "POST /projects/:id/repository/commits" do
let!(:url) { "/projects/#{project.id}/repository/commits" } let!(:url) { "/projects/#{project.id}/repository/commits" }
it 'returns a 403 unauthorized for user without permissions' do it 'returns a 403 unauthorized for user without permissions' do
...@@ -103,7 +103,7 @@ describe API::V3::Commits, api: true do ...@@ -103,7 +103,7 @@ describe API::V3::Commits, api: true do
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
end end
context :create do describe 'create' do
let(:message) { 'Created file' } let(:message) { 'Created file' }
let!(:invalid_c_params) do let!(:invalid_c_params) do
{ {
...@@ -147,8 +147,9 @@ describe API::V3::Commits, api: true do ...@@ -147,8 +147,9 @@ describe API::V3::Commits, api: true do
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
end end
context 'with project path in URL' do context 'with project path containing a dot in URL' do
let(:url) { "/projects/#{project.full_path.gsub('/', '%2F')}/repository/commits" } let!(:user) { create(:user, username: 'foo.bar') }
let(:url) { "/projects/#{CGI.escape(project.full_path)}/repository/commits" }
it 'a new file in project repo' do it 'a new file in project repo' do
post v3_api(url, user), valid_c_params post v3_api(url, user), valid_c_params
...@@ -158,7 +159,7 @@ describe API::V3::Commits, api: true do ...@@ -158,7 +159,7 @@ describe API::V3::Commits, api: true do
end end
end end
context :delete do describe 'delete' do
let(:message) { 'Deleted file' } let(:message) { 'Deleted file' }
let!(:invalid_d_params) do let!(:invalid_d_params) do
{ {
...@@ -199,7 +200,7 @@ describe API::V3::Commits, api: true do ...@@ -199,7 +200,7 @@ describe API::V3::Commits, api: true do
end end
end end
context :move do describe 'move' do
let(:message) { 'Moved file' } let(:message) { 'Moved file' }
let!(:invalid_m_params) do let!(:invalid_m_params) do
{ {
...@@ -244,7 +245,7 @@ describe API::V3::Commits, api: true do ...@@ -244,7 +245,7 @@ describe API::V3::Commits, api: true do
end end
end end
context :update do describe 'update' do
let(:message) { 'Updated file' } let(:message) { 'Updated file' }
let!(:invalid_u_params) do let!(:invalid_u_params) do
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment