files_spec.rb 18.8 KB
Newer Older
1 2
require 'spec_helper'

3
describe API::Files do
4
  let(:user) { create(:user) }
5 6
  let!(:project) { create(:project, :repository, namespace: user.namespace ) }
  let(:guest) { create(:user) { |u| project.add_guest(u) } }
7
  let(:file_path) { "files%2Fruby%2Fpopen%2Erb" }
8 9 10 11 12
  let(:params) do
    {
      ref: 'master'
    }
  end
13 14
  let(:author_email) { 'user@example.org' }
  let(:author_name) { 'John Doe' }
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
15

16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
  let(:helper) do
    fake_class = Class.new do
      include ::API::Helpers::HeadersHelpers

      attr_reader :headers

      def initialize
        @headers = {}
      end

      def header(key, value)
        @headers[key] = value
      end
    end

    fake_class.new
  end

34
  before do
35
    project.add_developer(user)
36
  end
37

38 39 40
  def route(file_path = nil)
    "/projects/#{project.id}/repository/files/#{file_path}"
  end
41

42 43 44 45 46 47 48 49 50 51 52 53
  context 'http headers' do
    it 'converts value into string' do
      helper.set_http_headers(test: 1)

      expect(helper.headers).to eq({ 'X-Gitlab-Test' => '1' })
    end

    it 'raises exception if value is an Enumerable' do
      expect { helper.set_http_headers(test: [1]) }.to raise_error(ArgumentError)
    end
  end

54 55 56
  describe "HEAD /projects/:id/repository/files/:file_path" do
    shared_examples_for 'repository files' do
      it 'returns file attributes in headers' do
57
        head api(route(file_path), current_user), params: params
58 59 60 61 62 63 64 65 66 67 68 69 70

        expect(response).to have_gitlab_http_status(200)
        expect(response.headers['X-Gitlab-File-Path']).to eq(CGI.unescape(file_path))
        expect(response.headers['X-Gitlab-File-Name']).to eq('popen.rb')
        expect(response.headers['X-Gitlab-Last-Commit-Id']).to eq('570e7b2abdd848b95f2f578043fc23bd6f6fd24d')
        expect(response.headers['X-Gitlab-Content-Sha256']).to eq('c440cd09bae50c4632cc58638ad33c6aa375b6109d811e76a9cc3a613c1e8887')
      end

      it 'returns file by commit sha' do
        # This file is deleted on HEAD
        file_path = "files%2Fjs%2Fcommit%2Ejs%2Ecoffee"
        params[:ref] = "6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9"

71
        head api(route(file_path), current_user), params: params
72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89

        expect(response).to have_gitlab_http_status(200)
        expect(response.headers['X-Gitlab-File-Name']).to eq('commit.js.coffee')
        expect(response.headers['X-Gitlab-Content-Sha256']).to eq('08785f04375b47f81f46e68cc125d5ef368aa20576ddb53f91f4d83f1d04b929')
      end

      context 'when mandatory params are not given' do
        it "responds with a 400 status" do
          head api(route("any%2Ffile"), current_user)

          expect(response).to have_gitlab_http_status(400)
        end
      end

      context 'when file_path does not exist' do
        it "responds with a 404 status" do
          params[:ref] = 'master'

90
          head api(route('app%2Fmodels%2Fapplication%2Erb'), current_user), params: params
91 92 93 94 95 96 97 98 99

          expect(response).to have_gitlab_http_status(404)
        end
      end

      context 'when file_path does not exist' do
        include_context 'disabled repository'

        it "responds with a 403 status" do
100
          head api(route(file_path), current_user), params: params
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117

          expect(response).to have_gitlab_http_status(403)
        end
      end
    end

    context 'when unauthenticated', 'and project is public' do
      it_behaves_like 'repository files' do
        let(:project) { create(:project, :public, :repository) }
        let(:current_user) { nil }
      end
    end

    context 'when unauthenticated', 'and project is private' do
      it "responds with a 404 status" do
        current_user = nil

118
        head api(route(file_path), current_user), params: params
119 120 121 122 123

        expect(response).to have_gitlab_http_status(404)
      end
    end

124 125 126 127 128 129 130
    context 'when PATs are used' do
      it_behaves_like 'repository files' do
        let(:token) { create(:personal_access_token, scopes: ['read_repository'], user: user) }
        let(:current_user) { { personal_access_token: token } }
      end
    end

131 132 133 134 135 136 137 138
    context 'when authenticated', 'as a developer' do
      it_behaves_like 'repository files' do
        let(:current_user) { user }
      end
    end

    context 'when authenticated', 'as a guest' do
      it_behaves_like '403 response' do
139
        let(:request) { head api(route(file_path), guest), params: params }
140 141 142 143
      end
    end
  end

144
  describe "GET /projects/:id/repository/files/:file_path" do
145
    shared_examples_for 'repository files' do
146
      it 'returns file attributes as json' do
blackst0ne's avatar
blackst0ne committed
147
        get api(route(file_path), current_user), params: params
148

149
        expect(response).to have_gitlab_http_status(200)
150
        expect(json_response['file_path']).to eq(CGI.unescape(file_path))
151 152
        expect(json_response['file_name']).to eq('popen.rb')
        expect(json_response['last_commit_id']).to eq('570e7b2abdd848b95f2f578043fc23bd6f6fd24d')
153
        expect(json_response['content_sha256']).to eq('c440cd09bae50c4632cc58638ad33c6aa375b6109d811e76a9cc3a613c1e8887')
154 155
        expect(Base64.decode64(json_response['content']).lines.first).to eq("require 'fileutils'\n")
      end
156

157 158 159
      it 'returns json when file has txt extension' do
        file_path = "bar%2Fbranch-test.txt"

blackst0ne's avatar
blackst0ne committed
160
        get api(route(file_path), current_user), params: params
161

162
        expect(response).to have_gitlab_http_status(200)
163 164 165
        expect(response.content_type).to eq('application/json')
      end

166 167 168 169 170
      it 'returns file by commit sha' do
        # This file is deleted on HEAD
        file_path = "files%2Fjs%2Fcommit%2Ejs%2Ecoffee"
        params[:ref] = "6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9"

blackst0ne's avatar
blackst0ne committed
171
        get api(route(file_path), current_user), params: params
172

173
        expect(response).to have_gitlab_http_status(200)
174
        expect(json_response['file_name']).to eq('commit.js.coffee')
175
        expect(json_response['content_sha256']).to eq('08785f04375b47f81f46e68cc125d5ef368aa20576ddb53f91f4d83f1d04b929')
176 177 178
        expect(Base64.decode64(json_response['content']).lines.first).to eq("class Commit\n")
      end

179 180 181 182
      it 'returns raw file info' do
        url = route(file_path) + "/raw"
        expect(Gitlab::Workhorse).to receive(:send_git_blob)

blackst0ne's avatar
blackst0ne committed
183
        get api(url, current_user), params: params
184

185
        expect(response).to have_gitlab_http_status(200)
186 187
      end

188 189 190
      it 'forces attachment content disposition' do
        url = route(file_path) + "/raw"

blackst0ne's avatar
blackst0ne committed
191
        get api(url, current_user), params: params
192 193 194 195

        expect(headers['Content-Disposition']).to match(/^attachment/)
      end

196
      context 'when mandatory params are not given' do
197
        it_behaves_like '400 response' do
198
          let(:request) { get api(route("any%2Ffile"), current_user) }
199 200 201 202
        end
      end

      context 'when file_path does not exist' do
203
        let(:params) { { ref: 'master' } }
204 205

        it_behaves_like '404 response' do
blackst0ne's avatar
blackst0ne committed
206
          let(:request) { get api(route('app%2Fmodels%2Fapplication%2Erb'), current_user), params: params }
207 208 209 210 211 212 213 214
          let(:message) { '404 File Not Found' }
        end
      end

      context 'when repository is disabled' do
        include_context 'disabled repository'

        it_behaves_like '403 response' do
blackst0ne's avatar
blackst0ne committed
215
          let(:request) { get api(route(file_path), current_user), params: params }
216 217
        end
      end
218 219
    end

220
    context 'when unauthenticated', 'and project is public' do
221
      it_behaves_like 'repository files' do
222
        let(:project) { create(:project, :public, :repository) }
223 224 225
        let(:current_user) { nil }
      end
    end
226

227 228 229 230 231 232 233
    context 'when PATs are used' do
      it_behaves_like 'repository files' do
        let(:token) { create(:personal_access_token, scopes: ['read_repository'], user: user) }
        let(:current_user) { { personal_access_token: token } }
      end
    end

234 235
    context 'when unauthenticated', 'and project is private' do
      it_behaves_like '404 response' do
blackst0ne's avatar
blackst0ne committed
236
        let(:request) { get api(route(file_path)), params: params }
237
        let(:message) { '404 Project Not Found' }
238
      end
239 240
    end

241 242 243 244
    context 'when authenticated', 'as a developer' do
      it_behaves_like 'repository files' do
        let(:current_user) { user }
      end
245 246
    end

247 248
    context 'when authenticated', 'as a guest' do
      it_behaves_like '403 response' do
blackst0ne's avatar
blackst0ne committed
249
        let(:request) { get api(route(file_path), guest), params: params }
250
      end
251 252
    end
  end
253

254 255 256 257 258 259
  describe "GET /projects/:id/repository/files/:file_path/raw" do
    shared_examples_for 'repository raw files' do
      it 'returns raw file info' do
        url = route(file_path) + "/raw"
        expect(Gitlab::Workhorse).to receive(:send_git_blob)

blackst0ne's avatar
blackst0ne committed
260
        get api(url, current_user), params: params
261

262
        expect(response).to have_gitlab_http_status(200)
263 264
      end

265 266 267 268
      it 'returns raw file info for files with dots' do
        url = route('.gitignore') + "/raw"
        expect(Gitlab::Workhorse).to receive(:send_git_blob)

blackst0ne's avatar
blackst0ne committed
269
        get api(url, current_user), params: params
270

271
        expect(response).to have_gitlab_http_status(200)
272 273
      end

274 275 276 277 278 279
      it 'returns file by commit sha' do
        # This file is deleted on HEAD
        file_path = "files%2Fjs%2Fcommit%2Ejs%2Ecoffee"
        params[:ref] = "6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9"
        expect(Gitlab::Workhorse).to receive(:send_git_blob)

blackst0ne's avatar
blackst0ne committed
280
        get api(route(file_path) + "/raw", current_user), params: params
281

282
        expect(response).to have_gitlab_http_status(200)
283 284
      end

285 286 287 288 289 290 291 292 293 294
      context 'when mandatory params are not given' do
        it_behaves_like '400 response' do
          let(:request) { get api(route("any%2Ffile"), current_user) }
        end
      end

      context 'when file_path does not exist' do
        let(:params) { { ref: 'master' } }

        it_behaves_like '404 response' do
blackst0ne's avatar
blackst0ne committed
295
          let(:request) { get api(route('app%2Fmodels%2Fapplication%2Erb'), current_user), params: params }
296 297 298 299 300 301 302 303
          let(:message) { '404 File Not Found' }
        end
      end

      context 'when repository is disabled' do
        include_context 'disabled repository'

        it_behaves_like '403 response' do
blackst0ne's avatar
blackst0ne committed
304
          let(:request) { get api(route(file_path), current_user), params: params }
305 306 307 308 309 310
        end
      end
    end

    context 'when unauthenticated', 'and project is public' do
      it_behaves_like 'repository raw files' do
311
        let(:project) { create(:project, :public, :repository) }
312 313 314 315 316 317
        let(:current_user) { nil }
      end
    end

    context 'when unauthenticated', 'and project is private' do
      it_behaves_like '404 response' do
blackst0ne's avatar
blackst0ne committed
318
        let(:request) { get api(route(file_path)), params: params }
319 320 321 322 323 324 325 326 327 328 329 330
        let(:message) { '404 Project Not Found' }
      end
    end

    context 'when authenticated', 'as a developer' do
      it_behaves_like 'repository raw files' do
        let(:current_user) { user }
      end
    end

    context 'when authenticated', 'as a guest' do
      it_behaves_like '403 response' do
blackst0ne's avatar
blackst0ne committed
331
        let(:request) { get api(route(file_path), guest), params: params }
332 333
      end
    end
334 335 336 337 338 339 340 341 342 343

    context 'when PATs are used' do
      it 'returns file by commit sha' do
        token = create(:personal_access_token, scopes: ['read_repository'], user: user)

        # This file is deleted on HEAD
        file_path = "files%2Fjs%2Fcommit%2Ejs%2Ecoffee"
        params[:ref] = "6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9"
        expect(Gitlab::Workhorse).to receive(:send_git_blob)

blackst0ne's avatar
blackst0ne committed
344
        get api(route(file_path) + "/raw", personal_access_token: token), params: params
345 346 347 348

        expect(response).to have_gitlab_http_status(200)
      end
    end
349 350 351 352
  end

  describe "POST /projects/:id/repository/files/:file_path" do
    let!(:file_path) { "new_subfolder%2Fnewfile%2Erb" }
Robert Schilling's avatar
Robert Schilling committed
353
    let(:params) do
354
      {
355 356 357
        branch: "master",
        content: "puts 8",
        commit_message: "Added newfile"
358
      }
359
    end
360

361
    it "creates a new file in project repo" do
blackst0ne's avatar
blackst0ne committed
362
      post api(route(file_path), user), params: params
363

364
      expect(response).to have_gitlab_http_status(201)
365
      expect(json_response["file_path"]).to eq(CGI.unescape(file_path))
366 367 368
      last_commit = project.repository.commit.raw
      expect(last_commit.author_email).to eq(user.email)
      expect(last_commit.author_name).to eq(user.name)
369 370
    end

371 372
    it "returns a 400 bad request if no mandatory params given" do
      post api(route("any%2Etxt"), user)
373

374
      expect(response).to have_gitlab_http_status(400)
375 376
    end

377
    it 'returns a 400 bad request if the commit message is empty' do
Robert Schilling's avatar
Robert Schilling committed
378
      params[:commit_message] = ''
379

blackst0ne's avatar
blackst0ne committed
380
      post api(route(file_path), user), params: params
381 382 383 384

      expect(response).to have_gitlab_http_status(400)
    end

385
    it "returns a 400 if editor fails to create file" do
386
      allow_any_instance_of(Repository).to receive(:create_file)
387
        .and_raise(Gitlab::Git::CommitError, 'Cannot create file')
388

blackst0ne's avatar
blackst0ne committed
389
      post api(route("any%2Etxt"), user), params: params
390

391
      expect(response).to have_gitlab_http_status(400)
392
    end
393

394 395 396 397
    context 'with PATs' do
      it 'returns 403 with `read_repository` scope' do
        token = create(:personal_access_token, scopes: ['read_repository'], user: user)

blackst0ne's avatar
blackst0ne committed
398
        post api(route(file_path), personal_access_token: token), params: params
399 400 401 402 403 404 405

        expect(response).to have_gitlab_http_status(403)
      end

      it 'returns 201 with `api` scope' do
        token = create(:personal_access_token, scopes: ['api'], user: user)

blackst0ne's avatar
blackst0ne committed
406
        post api(route(file_path), personal_access_token: token), params: params
407 408 409 410 411

        expect(response).to have_gitlab_http_status(201)
      end
    end

412 413
    context "when specifying an author" do
      it "creates a new file with the specified author" do
Robert Schilling's avatar
Robert Schilling committed
414
        params.merge!(author_email: author_email, author_name: author_name)
415

blackst0ne's avatar
blackst0ne committed
416
        post api(route("new_file_with_author%2Etxt"), user), params: params
417

418
        expect(response).to have_gitlab_http_status(201)
419
        expect(response.content_type).to eq('application/json')
420 421 422 423 424
        last_commit = project.repository.commit.raw
        expect(last_commit.author_email).to eq(author_email)
        expect(last_commit.author_name).to eq(author_name)
      end
    end
425 426 427 428 429

    context 'when the repo is empty' do
      let!(:project) { create(:project_empty_repo, namespace: user.namespace ) }

      it "creates a new file in project repo" do
blackst0ne's avatar
blackst0ne committed
430
        post api(route("newfile%2Erb"), user), params: params
431

432
        expect(response).to have_gitlab_http_status(201)
433 434 435 436 437 438
        expect(json_response['file_path']).to eq('newfile.rb')
        last_commit = project.repository.commit.raw
        expect(last_commit.author_email).to eq(user.email)
        expect(last_commit.author_name).to eq(user.name)
      end
    end
439 440
  end

441
  describe "PUT /projects/:id/repository/files" do
Robert Schilling's avatar
Robert Schilling committed
442
    let(:params) do
443
      {
444
        branch: 'master',
445 446 447
        content: 'puts 8',
        commit_message: 'Changed file'
      }
448
    end
449

450
    it "updates existing file in project repo" do
blackst0ne's avatar
blackst0ne committed
451
      put api(route(file_path), user), params: params
452

453
      expect(response).to have_gitlab_http_status(200)
454
      expect(json_response['file_path']).to eq(CGI.unescape(file_path))
455 456 457
      last_commit = project.repository.commit.raw
      expect(last_commit.author_email).to eq(user.email)
      expect(last_commit.author_name).to eq(user.name)
458 459
    end

Robert Schilling's avatar
Robert Schilling committed
460 461 462
    it 'returns a 400 bad request if the commit message is empty' do
      params[:commit_message] = ''

blackst0ne's avatar
blackst0ne committed
463
      put api(route(file_path), user), params: params
Robert Schilling's avatar
Robert Schilling committed
464 465 466 467

      expect(response).to have_gitlab_http_status(400)
    end

468
    it "returns a 400 bad request if update existing file with stale last commit id" do
Robert Schilling's avatar
Robert Schilling committed
469
      params_with_stale_id = params.merge(last_commit_id: 'stale')
470

blackst0ne's avatar
blackst0ne committed
471
      put api(route(file_path), user), params: params_with_stale_id
472

473
      expect(response).to have_gitlab_http_status(400)
474 475 476 477 478 479
      expect(json_response['message']).to eq('You are attempting to update a file that has changed since you started editing it.')
    end

    it "updates existing file in project repo with accepts correct last commit id" do
      last_commit = Gitlab::Git::Commit
                        .last_for_path(project.repository, 'master', URI.unescape(file_path))
Robert Schilling's avatar
Robert Schilling committed
480
      params_with_correct_id = params.merge(last_commit_id: last_commit.id)
481

blackst0ne's avatar
blackst0ne committed
482
      put api(route(file_path), user), params: params_with_correct_id
483

484
      expect(response).to have_gitlab_http_status(200)
485 486
    end

487
    it "returns a 400 bad request if no params given" do
488
      put api(route(file_path), user)
489

490
      expect(response).to have_gitlab_http_status(400)
491
    end
492 493 494

    context "when specifying an author" do
      it "updates a file with the specified author" do
Robert Schilling's avatar
Robert Schilling committed
495
        params.merge!(author_email: author_email, author_name: author_name, content: "New content")
496

blackst0ne's avatar
blackst0ne committed
497
        put api(route(file_path), user), params: params
498

499
        expect(response).to have_gitlab_http_status(200)
500 501 502 503 504
        last_commit = project.repository.commit.raw
        expect(last_commit.author_email).to eq(author_email)
        expect(last_commit.author_name).to eq(author_name)
      end
    end
505
  end
506 507

  describe "DELETE /projects/:id/repository/files" do
508
    let(:params) do
509
      {
510
        branch: 'master',
511 512
        commit_message: 'Changed file'
      }
513
    end
514

515
    it "deletes existing file in project repo" do
blackst0ne's avatar
blackst0ne committed
516
      delete api(route(file_path), user), params: params
517

518
      expect(response).to have_gitlab_http_status(204)
519 520
    end

521
    it "returns a 400 bad request if no params given" do
522
      delete api(route(file_path), user)
523

524
      expect(response).to have_gitlab_http_status(400)
525 526
    end

527 528 529
    it 'returns a 400 bad request if the commit message is empty' do
      params[:commit_message] = ''

blackst0ne's avatar
blackst0ne committed
530
      delete api(route(file_path), user), params: params
531 532 533 534

      expect(response).to have_gitlab_http_status(400)
    end

535
    it "returns a 400 if fails to delete file" do
536
      allow_any_instance_of(Repository).to receive(:delete_file).and_raise(Gitlab::Git::CommitError, 'Cannot delete file')
537

blackst0ne's avatar
blackst0ne committed
538
      delete api(route(file_path), user), params: params
539

540
      expect(response).to have_gitlab_http_status(400)
541
    end
542 543 544

    context "when specifying an author" do
      it "removes a file with the specified author" do
545
        params.merge!(author_email: author_email, author_name: author_name)
546

blackst0ne's avatar
blackst0ne committed
547
        delete api(route(file_path), user), params: params
548

549
        expect(response).to have_gitlab_http_status(204)
550 551
      end
    end
552
  end
553 554

  describe "POST /projects/:id/repository/files with binary file" do
555
    let(:file_path) { 'test%2Ebin' }
556 557
    let(:put_params) do
      {
558
        branch: 'master',
559 560 561 562 563 564 565
        content: 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABAQMAAAAl21bKAAAAA1BMVEUAAACnej3aAAAAAXRSTlMAQObYZgAAAApJREFUCNdjYAAAAAIAAeIhvDMAAAAASUVORK5CYII=',
        commit_message: 'Binary file with a \n should not be touched',
        encoding: 'base64'
      }
    end
    let(:get_params) do
      {
566
        ref: 'master'
567 568 569 570
      }
    end

    before do
blackst0ne's avatar
blackst0ne committed
571
      post api(route(file_path), user), params: put_params
572 573 574
    end

    it "remains unchanged" do
blackst0ne's avatar
blackst0ne committed
575
      get api(route(file_path), user), params: get_params
576

577
      expect(response).to have_gitlab_http_status(200)
578 579
      expect(json_response['file_path']).to eq(CGI.unescape(file_path))
      expect(json_response['file_name']).to eq(CGI.unescape(file_path))
580 581 582
      expect(json_response['content']).to eq(put_params[:content])
    end
  end
583
end