Commit 93b0eab5 authored by Robert Speicher's avatar Robert Speicher

Merge branch '15437-fix-xss-in-issue-tracker-service' into 'master'

Prevent XSS via custom issue tracker URL

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/15437

See merge request !1955
parents b79c5c40 ef340f6e
...@@ -16,31 +16,49 @@ module IssuesHelper ...@@ -16,31 +16,49 @@ module IssuesHelper
def url_for_project_issues(project = @project, options = {}) def url_for_project_issues(project = @project, options = {})
return '' if project.nil? return '' if project.nil?
url =
if options[:only_path] if options[:only_path]
project.issues_tracker.project_path project.issues_tracker.project_path
else else
project.issues_tracker.project_url project.issues_tracker.project_url
end end
# Ensure we return a valid URL to prevent possible XSS.
URI.parse(url).to_s
rescue URI::InvalidURIError
''
end end
def url_for_new_issue(project = @project, options = {}) def url_for_new_issue(project = @project, options = {})
return '' if project.nil? return '' if project.nil?
url =
if options[:only_path] if options[:only_path]
project.issues_tracker.new_issue_path project.issues_tracker.new_issue_path
else else
project.issues_tracker.new_issue_url project.issues_tracker.new_issue_url
end end
# Ensure we return a valid URL to prevent possible XSS.
URI.parse(url).to_s
rescue URI::InvalidURIError
''
end end
def url_for_issue(issue_iid, project = @project, options = {}) def url_for_issue(issue_iid, project = @project, options = {})
return '' if project.nil? return '' if project.nil?
url =
if options[:only_path] if options[:only_path]
project.issues_tracker.issue_path(issue_iid) project.issues_tracker.issue_path(issue_iid)
else else
project.issues_tracker.issue_url(issue_iid) project.issues_tracker.issue_url(issue_iid)
end end
# Ensure we return a valid URL to prevent possible XSS.
URI.parse(url).to_s
rescue URI::InvalidURIError
''
end end
def bulk_update_milestone_options def bulk_update_milestone_options
......
...@@ -26,7 +26,7 @@ class BuildkiteService < CiService ...@@ -26,7 +26,7 @@ class BuildkiteService < CiService
prop_accessor :project_url, :token, :enable_ssl_verification prop_accessor :project_url, :token, :enable_ssl_verification
validates :project_url, presence: true, if: :activated? validates :project_url, presence: true, url: true, if: :activated?
validates :token, presence: true, if: :activated? validates :token, presence: true, if: :activated?
after_save :compose_service_hook, if: :activated? after_save :compose_service_hook, if: :activated?
......
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
class IssueTrackerService < Service class IssueTrackerService < Service
validates :project_url, :issues_url, :new_issue_url, presence: true, if: :activated? validates :project_url, :issues_url, :new_issue_url, presence: true, url: true, if: :activated?
default_value_for :category, 'issue_tracker' default_value_for :category, 'issue_tracker'
......
...@@ -28,6 +28,8 @@ class JiraService < IssueTrackerService ...@@ -28,6 +28,8 @@ class JiraService < IssueTrackerService
prop_accessor :username, :password, :api_url, :jira_issue_transition_id, prop_accessor :username, :password, :api_url, :jira_issue_transition_id,
:title, :description, :project_url, :issues_url, :new_issue_url :title, :description, :project_url, :issues_url, :new_issue_url
validates :api_url, presence: true, url: true, if: :activated?
before_validation :set_api_url, :set_jira_issue_transition_id before_validation :set_api_url, :set_jira_issue_transition_id
before_update :reset_password before_update :reset_password
......
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
class SlackService < Service class SlackService < Service
prop_accessor :webhook, :username, :channel prop_accessor :webhook, :username, :channel
boolean_accessor :notify_only_broken_builds boolean_accessor :notify_only_broken_builds
validates :webhook, presence: true, if: :activated? validates :webhook, presence: true, url: true, if: :activated?
def initialize_properties def initialize_properties
if properties.nil? if properties.nil?
......
...@@ -30,6 +30,18 @@ describe IssuesHelper do ...@@ -30,6 +30,18 @@ describe IssuesHelper do
expect(url_for_project_issues).to eq "" expect(url_for_project_issues).to eq ""
end end
it 'returns an empty string if project_url is invalid' do
expect(project).to receive_message_chain('issues_tracker.project_url') { 'javascript:alert("foo");' }
expect(url_for_project_issues(project)).to eq ''
end
it 'returns an empty string if project_path is invalid' do
expect(project).to receive_message_chain('issues_tracker.project_path') { 'javascript:alert("foo");' }
expect(url_for_project_issues(project, only_path: true)).to eq ''
end
describe "when external tracker was enabled and then config removed" do describe "when external tracker was enabled and then config removed" do
before do before do
@project = ext_project @project = ext_project
...@@ -68,6 +80,18 @@ describe IssuesHelper do ...@@ -68,6 +80,18 @@ describe IssuesHelper do
expect(url_for_issue(issue.iid)).to eq "" expect(url_for_issue(issue.iid)).to eq ""
end end
it 'returns an empty string if issue_url is invalid' do
expect(project).to receive_message_chain('issues_tracker.issue_url') { 'javascript:alert("foo");' }
expect(url_for_issue(issue.iid, project)).to eq ''
end
it 'returns an empty string if issue_path is invalid' do
expect(project).to receive_message_chain('issues_tracker.issue_path') { 'javascript:alert("foo");' }
expect(url_for_issue(issue.iid, project, only_path: true)).to eq ''
end
describe "when external tracker was enabled and then config removed" do describe "when external tracker was enabled and then config removed" do
before do before do
@project = ext_project @project = ext_project
...@@ -105,6 +129,18 @@ describe IssuesHelper do ...@@ -105,6 +129,18 @@ describe IssuesHelper do
expect(url_for_new_issue).to eq "" expect(url_for_new_issue).to eq ""
end end
it 'returns an empty string if issue_url is invalid' do
expect(project).to receive_message_chain('issues_tracker.new_issue_url') { 'javascript:alert("foo");' }
expect(url_for_new_issue(project)).to eq ''
end
it 'returns an empty string if issue_path is invalid' do
expect(project).to receive_message_chain('issues_tracker.new_issue_path') { 'javascript:alert("foo");' }
expect(url_for_new_issue(project, only_path: true)).to eq ''
end
describe "when external tracker was enabled and then config removed" do describe "when external tracker was enabled and then config removed" do
before do before do
@project = ext_project @project = ext_project
......
...@@ -27,86 +27,51 @@ describe BambooService, models: true do ...@@ -27,86 +27,51 @@ describe BambooService, models: true do
end end
describe 'Validations' do describe 'Validations' do
describe '#bamboo_url' do subject { service }
it 'does not validate the presence of bamboo_url if service is not active' do
bamboo_service = service
bamboo_service.active = false
expect(bamboo_service).not_to validate_presence_of(:bamboo_url)
end
it 'validates the presence of bamboo_url if service is active' do
bamboo_service = service
bamboo_service.active = true
expect(bamboo_service).to validate_presence_of(:bamboo_url) context 'when service is active' do
end before { subject.active = true }
end
describe '#build_key' do it { is_expected.to validate_presence_of(:build_key) }
it 'does not validate the presence of build_key if service is not active' do it { is_expected.to validate_presence_of(:bamboo_url) }
bamboo_service = service it_behaves_like 'issue tracker service URL attribute', :bamboo_url
bamboo_service.active = false
expect(bamboo_service).not_to validate_presence_of(:build_key)
end
it 'validates the presence of build_key if service is active' do
bamboo_service = service
bamboo_service.active = true
expect(bamboo_service).to validate_presence_of(:build_key)
end
end
describe '#username' do describe '#username' do
it 'does not validate the presence of username if service is not active' do it 'does not validate the presence of username if password is nil' do
bamboo_service = service subject.password = nil
bamboo_service.active = false
expect(bamboo_service).not_to validate_presence_of(:username)
end
it 'does not validate the presence of username if username is nil' do
bamboo_service = service
bamboo_service.active = true
bamboo_service.password = nil
expect(bamboo_service).not_to validate_presence_of(:username) expect(subject).not_to validate_presence_of(:username)
end end
it 'validates the presence of username if service is active and username is present' do it 'validates the presence of username if password is present' do
bamboo_service = service subject.password = 'secret'
bamboo_service.active = true
bamboo_service.password = 'secret'
expect(bamboo_service).to validate_presence_of(:username) expect(subject).to validate_presence_of(:username)
end end
end end
describe '#password' do describe '#password' do
it 'does not validate the presence of password if service is not active' do it 'does not validate the presence of password if username is nil' do
bamboo_service = service subject.username = nil
bamboo_service.active = false
expect(bamboo_service).not_to validate_presence_of(:password) expect(subject).not_to validate_presence_of(:password)
end end
it 'does not validate the presence of password if username is nil' do it 'validates the presence of password if username is present' do
bamboo_service = service subject.username = 'john'
bamboo_service.active = true
bamboo_service.username = nil
expect(bamboo_service).not_to validate_presence_of(:password) expect(subject).to validate_presence_of(:password)
end
end
end end
it 'validates the presence of password if service is active and username is present' do context 'when service is inactive' do
bamboo_service = service before { subject.active = false }
bamboo_service.active = true
bamboo_service.username = 'john'
expect(bamboo_service).to validate_presence_of(:password) it { is_expected.not_to validate_presence_of(:build_key) }
end it { is_expected.not_to validate_presence_of(:bamboo_url) }
it { is_expected.not_to validate_presence_of(:username) }
it { is_expected.not_to validate_presence_of(:password) }
end end
end end
......
...@@ -26,6 +26,23 @@ describe BuildkiteService, models: true do ...@@ -26,6 +26,23 @@ describe BuildkiteService, models: true do
it { is_expected.to have_one :service_hook } it { is_expected.to have_one :service_hook }
end end
describe 'Validations' do
context 'when service is active' do
before { subject.active = true }
it { is_expected.to validate_presence_of(:project_url) }
it { is_expected.to validate_presence_of(:token) }
it_behaves_like 'issue tracker service URL attribute', :project_url
end
context 'when service is inactive' do
before { subject.active = false }
it { is_expected.not_to validate_presence_of(:project_url) }
it { is_expected.not_to validate_presence_of(:token) }
end
end
describe 'commits methods' do describe 'commits methods' do
before do before do
@project = Project.new @project = Project.new
......
require 'spec_helper' require 'spec_helper'
describe BuildsEmailService do describe BuildsEmailService do
let(:build) { create(:ci_build) } let(:data) { Gitlab::BuildDataBuilder.build(create(:ci_build)) }
let(:data) { Gitlab::BuildDataBuilder.build(build) }
let!(:project) { create(:project, :public, ci_id: 1) } describe 'Validations' do
let(:service) { described_class.new(project: project, active: true) } context 'when service is active' do
before { subject.active = true }
it { is_expected.to validate_presence_of(:recipients) }
context 'when pusher is added' do
before { subject.add_pusher = true }
it { is_expected.not_to validate_presence_of(:recipients) }
end
end
context 'when service is inactive' do
before { subject.active = false }
it { is_expected.not_to validate_presence_of(:recipients) }
end
end
describe '#execute' do describe '#execute' do
it 'sends email' do it 'sends email' do
service.recipients = 'test@gitlab.com' subject.recipients = 'test@gitlab.com'
data[:build_status] = 'failed' data[:build_status] = 'failed'
expect(BuildEmailWorker).to receive(:perform_async) expect(BuildEmailWorker).to receive(:perform_async)
service.execute(data)
subject.execute(data)
end end
it 'does not send email with succeeded build and notify_only_broken_builds on' do it 'does not send email with succeeded build and notify_only_broken_builds on' do
expect(service).to receive(:notify_only_broken_builds).and_return(true) expect(subject).to receive(:notify_only_broken_builds).and_return(true)
data[:build_status] = 'success' data[:build_status] = 'success'
expect(BuildEmailWorker).not_to receive(:perform_async) expect(BuildEmailWorker).not_to receive(:perform_async)
service.execute(data)
subject.execute(data)
end end
it 'does not send email with failed build and build_allow_failure is true' do it 'does not send email with failed build and build_allow_failure is true' do
data[:build_status] = 'failed' data[:build_status] = 'failed'
data[:build_allow_failure] = true data[:build_allow_failure] = true
expect(BuildEmailWorker).not_to receive(:perform_async) expect(BuildEmailWorker).not_to receive(:perform_async)
service.execute(data)
subject.execute(data)
end end
it 'does not send email with unknown build status' do it 'does not send email with unknown build status' do
data[:build_status] = 'foo' data[:build_status] = 'foo'
expect(BuildEmailWorker).not_to receive(:perform_async)
service.execute(data)
end
it 'does not send email when recipients list is empty' do
service.recipients = ' ,, '
data[:build_status] = 'failed'
expect(BuildEmailWorker).not_to receive(:perform_async) expect(BuildEmailWorker).not_to receive(:perform_async)
service.execute(data)
end
end
describe 'validations' do
context 'when pusher is not added' do
before { service.add_pusher = false }
it 'does not allow empty recipient input' do
service.recipients = ''
expect(service.valid?).to be false
end
it 'does allow non-empty recipient input' do subject.execute(data)
service.recipients = 'test@example.com'
expect(service.valid?).to be true
end end
end it 'does not send email when recipients list is empty' do
subject.recipients = ' ,, '
context 'when pusher is added' do data[:build_status] = 'failed'
before { service.add_pusher = true }
it 'does allow empty recipient input' do expect(BuildEmailWorker).not_to receive(:perform_async)
service.recipients = ''
expect(service.valid?).to be true
end
it 'does allow non-empty recipient input' do subject.execute(data)
service.recipients = 'test@example.com'
expect(service.valid?).to be true
end
end end
end end
end end
# == Schema Information
#
# Table name: services
#
# id :integer not null, primary key
# type :string(255)
# title :string(255)
# project_id :integer
# created_at :datetime
# updated_at :datetime
# active :boolean default(FALSE), not null
# properties :text
# template :boolean default(FALSE)
# push_events :boolean default(TRUE)
# issues_events :boolean default(TRUE)
# merge_requests_events :boolean default(TRUE)
# tag_push_events :boolean default(TRUE)
# note_events :boolean default(TRUE), not null
#
require 'spec_helper'
describe CampfireService, models: true do
describe 'Associations' do
it { is_expected.to belong_to :project }
it { is_expected.to have_one :service_hook }
end
describe 'Validations' do
context 'when service is active' do
before { subject.active = true }
it { is_expected.to validate_presence_of(:token) }
end
context 'when service is inactive' do
before { subject.active = false }
it { is_expected.not_to validate_presence_of(:token) }
end
end
end
# == Schema Information
#
# Table name: services
#
# id :integer not null, primary key
# type :string(255)
# title :string(255)
# project_id :integer
# created_at :datetime
# updated_at :datetime
# active :boolean default(FALSE), not null
# properties :text
# template :boolean default(FALSE)
# push_events :boolean default(TRUE)
# issues_events :boolean default(TRUE)
# merge_requests_events :boolean default(TRUE)
# tag_push_events :boolean default(TRUE)
# note_events :boolean default(TRUE), not null
#
require 'spec_helper'
describe CustomIssueTrackerService, models: true do
describe 'Associations' do
it { is_expected.to belong_to :project }
it { is_expected.to have_one :service_hook }
end
describe 'Validations' do
context 'when service is active' do
before { subject.active = true }
it { is_expected.to validate_presence_of(:project_url) }
it { is_expected.to validate_presence_of(:issues_url) }
it { is_expected.to validate_presence_of(:new_issue_url) }
it_behaves_like 'issue tracker service URL attribute', :project_url
it_behaves_like 'issue tracker service URL attribute', :issues_url
it_behaves_like 'issue tracker service URL attribute', :new_issue_url
end
context 'when service is inactive' do
before { subject.active = false }
it { is_expected.not_to validate_presence_of(:project_url) }
it { is_expected.not_to validate_presence_of(:issues_url) }
it { is_expected.not_to validate_presence_of(:new_issue_url) }
end
end
end
...@@ -28,25 +28,18 @@ describe DroneCiService, models: true do ...@@ -28,25 +28,18 @@ describe DroneCiService, models: true do
describe 'validations' do describe 'validations' do
context 'active' do context 'active' do
before { allow(subject).to receive(:activated?).and_return(true) } before { subject.active = true }
it { is_expected.to validate_presence_of(:token) } it { is_expected.to validate_presence_of(:token) }
it { is_expected.to validate_presence_of(:drone_url) } it { is_expected.to validate_presence_of(:drone_url) }
it { is_expected.to allow_value('ewf9843kdnfdfs89234n').for(:token) } it_behaves_like 'issue tracker service URL attribute', :drone_url
it { is_expected.to allow_value('http://ci.example.com').for(:drone_url) }
it { is_expected.not_to allow_value('this is not url').for(:drone_url) }
it { is_expected.not_to allow_value('http//noturl').for(:drone_url) }
it { is_expected.not_to allow_value('ftp://ci.example.com').for(:drone_url) }
end end
context 'inactive' do context 'inactive' do
before { allow(subject).to receive(:activated?).and_return(false) } before { subject.active = false }
it { is_expected.not_to validate_presence_of(:token) } it { is_expected.not_to validate_presence_of(:token) }
it { is_expected.not_to validate_presence_of(:drone_url) } it { is_expected.not_to validate_presence_of(:drone_url) }
it { is_expected.to allow_value('ewf9843kdnfdfs89234n').for(:token) }
it { is_expected.to allow_value('http://drone.example.com').for(:drone_url) }
it { is_expected.to allow_value('ftp://drone.example.com').for(:drone_url) }
end end
end end
......
require 'spec_helper'
describe EmailsOnPushService do
describe 'Validations' do
context 'when service is active' do
before { subject.active = true }
it { is_expected.to validate_presence_of(:recipients) }
end
context 'when service is inactive' do
before { subject.active = false }
it { is_expected.not_to validate_presence_of(:recipients) }
end
end
end
...@@ -28,13 +28,18 @@ describe ExternalWikiService, models: true do ...@@ -28,13 +28,18 @@ describe ExternalWikiService, models: true do
it { should have_one :service_hook } it { should have_one :service_hook }
end end
describe "Validations" do describe 'Validations' do
context "active" do context 'when service is active' do
before do before { subject.active = true }
subject.active = true
it { is_expected.to validate_presence_of(:external_wiki_url) }
it_behaves_like 'issue tracker service URL attribute', :external_wiki_url
end end
it { should validate_presence_of :external_wiki_url } context 'when service is inactive' do
before { subject.active = false }
it { is_expected.not_to validate_presence_of(:external_wiki_url) }
end end
end end
......
...@@ -26,6 +26,20 @@ describe FlowdockService, models: true do ...@@ -26,6 +26,20 @@ describe FlowdockService, models: true do
it { is_expected.to have_one :service_hook } it { is_expected.to have_one :service_hook }
end end
describe 'Validations' do
context 'when service is active' do
before { subject.active = true }
it { is_expected.to validate_presence_of(:token) }
end
context 'when service is inactive' do
before { subject.active = false }
it { is_expected.not_to validate_presence_of(:token) }
end
end
describe "Execute" do describe "Execute" do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:project) { create(:project) } let(:project) { create(:project) }
......
...@@ -26,6 +26,22 @@ describe GemnasiumService, models: true do ...@@ -26,6 +26,22 @@ describe GemnasiumService, models: true do
it { is_expected.to have_one :service_hook } it { is_expected.to have_one :service_hook }
end end
describe 'Validations' do
context 'when service is active' do
before { subject.active = true }
it { is_expected.to validate_presence_of(:token) }
it { is_expected.to validate_presence_of(:api_key) }
end
context 'when service is inactive' do
before { subject.active = false }
it { is_expected.not_to validate_presence_of(:token) }
it { is_expected.not_to validate_presence_of(:api_key) }
end
end
describe "Execute" do describe "Execute" do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:project) { create(:project) } let(:project) { create(:project) }
......
...@@ -26,6 +26,20 @@ describe GitlabIssueTrackerService, models: true do ...@@ -26,6 +26,20 @@ describe GitlabIssueTrackerService, models: true do
it { is_expected.to have_one :service_hook } it { is_expected.to have_one :service_hook }
end end
describe 'Validations' do
context 'when service is active' do
subject { described_class.new(project: create(:project), active: true) }
it { is_expected.to validate_presence_of(:issues_url) }
it_behaves_like 'issue tracker service URL attribute', :issues_url
end
context 'when service is inactive' do
subject { described_class.new(project: create(:project), active: false) }
it { is_expected.not_to validate_presence_of(:issues_url) }
end
end
describe 'project and issue urls' do describe 'project and issue urls' do
let(:project) { create(:project) } let(:project) { create(:project) }
......
...@@ -26,6 +26,20 @@ describe HipchatService, models: true do ...@@ -26,6 +26,20 @@ describe HipchatService, models: true do
it { is_expected.to have_one :service_hook } it { is_expected.to have_one :service_hook }
end end
describe 'Validations' do
context 'when service is active' do
before { subject.active = true }
it { is_expected.to validate_presence_of(:token) }
end
context 'when service is inactive' do
before { subject.active = false }
it { is_expected.not_to validate_presence_of(:token) }
end
end
describe "Execute" do describe "Execute" do
let(:hipchat) { HipchatService.new } let(:hipchat) { HipchatService.new }
let(:user) { create(:user, username: 'username') } let(:user) { create(:user, username: 'username') }
......
...@@ -29,14 +29,16 @@ describe IrkerService, models: true do ...@@ -29,14 +29,16 @@ describe IrkerService, models: true do
end end
describe 'Validations' do describe 'Validations' do
before do context 'when service is active' do
subject.active = true before { subject.active = true }
subject.properties['recipients'] = _recipients
it { is_expected.to validate_presence_of(:recipients) }
end end
context 'active' do context 'when service is inactive' do
let(:_recipients) { nil } before { subject.active = false }
it { should validate_presence_of :recipients }
it { is_expected.not_to validate_presence_of(:recipients) }
end end
end end
......
...@@ -26,6 +26,30 @@ describe JiraService, models: true do ...@@ -26,6 +26,30 @@ describe JiraService, models: true do
it { is_expected.to have_one :service_hook } it { is_expected.to have_one :service_hook }
end end
describe 'Validations' do
context 'when service is active' do
before { subject.active = true }
it { is_expected.to validate_presence_of(:api_url) }
it { is_expected.to validate_presence_of(:project_url) }
it { is_expected.to validate_presence_of(:issues_url) }
it { is_expected.to validate_presence_of(:new_issue_url) }
it_behaves_like 'issue tracker service URL attribute', :api_url
it_behaves_like 'issue tracker service URL attribute', :project_url
it_behaves_like 'issue tracker service URL attribute', :issues_url
it_behaves_like 'issue tracker service URL attribute', :new_issue_url
end
context 'when service is inactive' do
before { subject.active = false }
it { is_expected.not_to validate_presence_of(:api_url) }
it { is_expected.not_to validate_presence_of(:project_url) }
it { is_expected.not_to validate_presence_of(:issues_url) }
it { is_expected.not_to validate_presence_of(:new_issue_url) }
end
end
describe "Execute" do describe "Execute" do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:project) { create(:project) } let(:project) { create(:project) }
...@@ -72,7 +96,7 @@ describe JiraService, models: true do ...@@ -72,7 +96,7 @@ describe JiraService, models: true do
context "when a password was previously set" do context "when a password was previously set" do
before do before do
@jira_service = JiraService.create( @jira_service = JiraService.create!(
project: create(:project), project: create(:project),
properties: { properties: {
api_url: 'http://jira.example.com/rest/api/2', api_url: 'http://jira.example.com/rest/api/2',
......
# == Schema Information
#
# Table name: services
#
# id :integer not null, primary key
# type :string(255)
# title :string(255)
# project_id :integer
# created_at :datetime
# updated_at :datetime
# active :boolean default(FALSE), not null
# properties :text
# template :boolean default(FALSE)
# push_events :boolean default(TRUE)
# issues_events :boolean default(TRUE)
# merge_requests_events :boolean default(TRUE)
# tag_push_events :boolean default(TRUE)
# note_events :boolean default(TRUE), not null
#
require 'spec_helper'
describe PivotaltrackerService, models: true do
describe 'Associations' do
it { is_expected.to belong_to :project }
it { is_expected.to have_one :service_hook }
end
describe 'Validations' do
context 'when service is active' do
before { subject.active = true }
it { is_expected.to validate_presence_of(:token) }
end
context 'when service is inactive' do
before { subject.active = false }
it { is_expected.not_to validate_presence_of(:token) }
end
end
end
...@@ -27,14 +27,20 @@ describe PushoverService, models: true do ...@@ -27,14 +27,20 @@ describe PushoverService, models: true do
end end
describe 'Validations' do describe 'Validations' do
context 'active' do context 'when service is active' do
before do before { subject.active = true }
subject.active = true
it { is_expected.to validate_presence_of(:api_key) }
it { is_expected.to validate_presence_of(:user_key) }
it { is_expected.to validate_presence_of(:priority) }
end end
it { is_expected.to validate_presence_of :api_key } context 'when service is inactive' do
it { is_expected.to validate_presence_of :user_key } before { subject.active = false }
it { is_expected.to validate_presence_of :priority }
it { is_expected.not_to validate_presence_of(:api_key) }
it { is_expected.not_to validate_presence_of(:user_key) }
it { is_expected.not_to validate_presence_of(:priority) }
end end
end end
......
# == Schema Information
#
# Table name: services
#
# id :integer not null, primary key
# type :string(255)
# title :string(255)
# project_id :integer
# created_at :datetime
# updated_at :datetime
# active :boolean default(FALSE), not null
# properties :text
# template :boolean default(FALSE)
# push_events :boolean default(TRUE)
# issues_events :boolean default(TRUE)
# merge_requests_events :boolean default(TRUE)
# tag_push_events :boolean default(TRUE)
# note_events :boolean default(TRUE), not null
#
require 'spec_helper'
describe RedmineService, models: true do
describe 'Associations' do
it { is_expected.to belong_to :project }
it { is_expected.to have_one :service_hook }
end
describe 'Validations' do
context 'when service is active' do
before { subject.active = true }
it { is_expected.to validate_presence_of(:project_url) }
it { is_expected.to validate_presence_of(:issues_url) }
it { is_expected.to validate_presence_of(:new_issue_url) }
it_behaves_like 'issue tracker service URL attribute', :project_url
it_behaves_like 'issue tracker service URL attribute', :issues_url
it_behaves_like 'issue tracker service URL attribute', :new_issue_url
end
context 'when service is inactive' do
before { subject.active = false }
it { is_expected.not_to validate_presence_of(:project_url) }
it { is_expected.not_to validate_presence_of(:issues_url) }
it { is_expected.not_to validate_presence_of(:new_issue_url) }
end
end
end
...@@ -26,13 +26,18 @@ describe SlackService, models: true do ...@@ -26,13 +26,18 @@ describe SlackService, models: true do
it { is_expected.to have_one :service_hook } it { is_expected.to have_one :service_hook }
end end
describe "Validations" do describe 'Validations' do
context "active" do context 'when service is active' do
before do before { subject.active = true }
subject.active = true
it { is_expected.to validate_presence_of(:webhook) }
it_behaves_like 'issue tracker service URL attribute', :webhook
end end
it { is_expected.to validate_presence_of :webhook } context 'when service is inactive' do
before { subject.active = false }
it { is_expected.not_to validate_presence_of(:webhook) }
end end
end end
......
...@@ -27,86 +27,51 @@ describe TeamcityService, models: true do ...@@ -27,86 +27,51 @@ describe TeamcityService, models: true do
end end
describe 'Validations' do describe 'Validations' do
describe '#teamcity_url' do subject { service }
it 'does not validate the presence of teamcity_url if service is not active' do
teamcity_service = service
teamcity_service.active = false
expect(teamcity_service).not_to validate_presence_of(:teamcity_url)
end
it 'validates the presence of teamcity_url if service is active' do
teamcity_service = service
teamcity_service.active = true
expect(teamcity_service).to validate_presence_of(:teamcity_url) context 'when service is active' do
end before { subject.active = true }
end
describe '#build_type' do it { is_expected.to validate_presence_of(:build_type) }
it 'does not validate the presence of build_type if service is not active' do it { is_expected.to validate_presence_of(:teamcity_url) }
teamcity_service = service it_behaves_like 'issue tracker service URL attribute', :teamcity_url
teamcity_service.active = false
expect(teamcity_service).not_to validate_presence_of(:build_type)
end
it 'validates the presence of build_type if service is active' do
teamcity_service = service
teamcity_service.active = true
expect(teamcity_service).to validate_presence_of(:build_type)
end
end
describe '#username' do describe '#username' do
it 'does not validate the presence of username if service is not active' do it 'does not validate the presence of username if password is nil' do
teamcity_service = service subject.password = nil
teamcity_service.active = false
expect(teamcity_service).not_to validate_presence_of(:username)
end
it 'does not validate the presence of username if username is nil' do
teamcity_service = service
teamcity_service.active = true
teamcity_service.password = nil
expect(teamcity_service).not_to validate_presence_of(:username) expect(subject).not_to validate_presence_of(:username)
end end
it 'validates the presence of username if service is active and username is present' do it 'validates the presence of username if password is present' do
teamcity_service = service subject.password = 'secret'
teamcity_service.active = true
teamcity_service.password = 'secret'
expect(teamcity_service).to validate_presence_of(:username) expect(subject).to validate_presence_of(:username)
end end
end end
describe '#password' do describe '#password' do
it 'does not validate the presence of password if service is not active' do it 'does not validate the presence of password if username is nil' do
teamcity_service = service subject.username = nil
teamcity_service.active = false
expect(teamcity_service).not_to validate_presence_of(:password) expect(subject).not_to validate_presence_of(:password)
end end
it 'does not validate the presence of password if username is nil' do it 'validates the presence of password if username is present' do
teamcity_service = service subject.username = 'john'
teamcity_service.active = true
teamcity_service.username = nil
expect(teamcity_service).not_to validate_presence_of(:password) expect(subject).to validate_presence_of(:password)
end
end
end end
it 'validates the presence of password if service is active and username is present' do context 'when service is inactive' do
teamcity_service = service before { subject.active = false }
teamcity_service.active = true
teamcity_service.username = 'john'
expect(teamcity_service).to validate_presence_of(:password) it { is_expected.not_to validate_presence_of(:build_type) }
end it { is_expected.not_to validate_presence_of(:teamcity_url) }
it { is_expected.not_to validate_presence_of(:username) }
it { is_expected.not_to validate_presence_of(:password) }
end end
end end
......
RSpec.shared_examples 'issue tracker service URL attribute' do |url_attr|
it { is_expected.to allow_value('https://example.com').for(url_attr) }
it { is_expected.not_to allow_value('example.com').for(url_attr) }
it { is_expected.not_to allow_value('ftp://example.com').for(url_attr) }
it { is_expected.not_to allow_value('herp-and-derp').for(url_attr) }
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment