Fix pseudonymization helper

For group and project insight controllers pseudonymization helper raise errors, due to unrecognized path. This is caused by the way how Rails handle internally constraints. This commit add special handling for those cases

Fix pseudonymization helper
For group and project insight controllers pseudonymization helper raise errors, due to unrecognized path. This is caused by the way how Rails handle internally constraints. This commit add special handling for those cases
7df113e9 · Rajendra Kadam · Mikołaj Wawrzyniak · ca6231f8 · 7df113e9 · 7df113e9
Commit 7df113e9 authored Nov 03, 2021 by Rajendra Kadam Committed by Mikołaj Wawrzyniak Nov 03, 2021
Showing with 85 additions and 4 deletions

app/helpers/routing/pseudonymization_helper.rb app/helpers/routing/pseudonymization_helper.rb +20 -4

ee/spec/helpers/routing/pseudonymization_helper_spec.rb ee/spec/helpers/routing/pseudonymization_helper_spec.rb +65 -0

No files found.
--- a/app/helpers/routing/pseudonymization_helper.rb
+++ b/app/helpers/routing/pseudonymization_helper.rb
@@ -21,7 +21,7 @@ module Routing
          case key
          when :project_id
            [key, "project#{@project&.id}"]
-          when :namespace_id
+          when :namespace_id, :group_id
            namespace = @group || @project&.namespace
            [key, "namespace#{namespace&.id}"]
          when :id
@@ -31,11 +31,24 @@ module Routing
          end
        end

-        Gitlab::Routing.url_helpers.url_for(masked_params.merge(masked_query_params))
+        generate_url(masked_params.merge(masked_query_params))
      end

      private

+      def generate_url(masked_params)
+        # The below check is added since `project/insights` route does not
+        # work with Rails router `url_for` method.
+        # See https://gitlab.com/gitlab-org/gitlab/-/issues/343551
+        if @request.path_parameters[:controller] == 'projects/insights'
+          default_root_url + "#{Gitlab::Routing.url_helpers.namespace_project_insights_path(masked_params)}"
+        elsif @request.path_parameters[:controller] == 'groups/insights'
+          default_root_url + "#{Gitlab::Routing.url_helpers.group_insights_path(masked_params)}"
+        else
+          Gitlab::Routing.url_helpers.url_for(masked_params.merge(masked_query_params))
+        end
+      end
+
      def mask_id(value)
        if @request.path_parameters[:controller] == 'projects/blob'
          ':repository_path'
@@ -50,7 +63,7 @@ module Routing

      def has_maskable_params?
        request_params = @request.path_parameters.to_h
-        request_params.has_key?(:namespace_id) || request_params.has_key?(:project_id) || request_params.has_key?(:id) || @request.query_string.present?
+        request_params.key?(:namespace_id) || request_params.key?(:group_id) || request_params.key?(:project_id) || request_params.key?(:id) || @request.query_string.present?
      end

      def masked_query_params
@@ -79,7 +92,10 @@ module Routing
      current_project = project if defined?(project)
      mask_helper = MaskHelper.new(request, current_group, current_project)
      mask_helper.mask_params
-    rescue ActionController::RoutingError, URI::InvalidURIError => e
+
+    # We rescue all exception for time being till we test this helper extensively.
+    # Check https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72864#note_711515501
+    rescue => e # rubocop:disable Style/RescueStandardError
      Gitlab::ErrorTracking.track_exception(e, url: request.original_fullpath)
      nil
    end

--- a/ee/spec/helpers/routing/pseudonymization_helper_spec.rb
+++ b/ee/spec/helpers/routing/pseudonymization_helper_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::Routing::PseudonymizationHelper do
+  let_it_be(:group) { create(:group) }
+  let_it_be(:project) { create(:project, group: group) }
+
+  before do
+    stub_feature_flags(mask_page_urls: true)
+    allow(helper).to receive(:group).and_return(group)
+    allow(helper).to receive(:project).and_return(project)
+  end
+
+  shared_examples 'masked url' do
+    it 'generates masked page url' do
+      expect(helper.masked_page_url).to eq(masked_url)
+    end
+  end
+
+  describe 'when url has params to mask' do
+    context 'when project/insights page is loaded' do
+      let(:masked_url) { "http://localhost//namespace#{group.id}/project#{project.id}/insights/" }
+      let(:request) do
+        double(:Request,
+          path_parameters: {
+                controller: 'projects/insights',
+                action: 'show',
+                namespace_id: group.name,
+                project_id: project.name
+               },
+               protocol: 'http',
+               host: 'localhost',
+               query_string: '')
+      end
+
+      before do
+        allow(helper).to receive(:request).and_return(request)
+      end
+
+      it_behaves_like 'masked url'
+    end
+
+    context 'when groups/insights page is loaded' do
+      let(:masked_url) { "http://localhost//groups/namespace#{group.id}/-/insights/" }
+      let(:request) do
+        double(:Request,
+          path_parameters: {
+                controller: 'groups/insights',
+                action: 'show',
+                group_id: group.name
+               },
+               protocol: 'http',
+               host: 'localhost',
+               query_string: '')
+      end
+
+      before do
+        allow(helper).to receive(:request).and_return(request)
+      end
+
+      it_behaves_like 'masked url'
+    end
+  end
+end