Commit 7df113e9 authored by Rajendra Kadam's avatar Rajendra Kadam Committed by Mikołaj Wawrzyniak

Fix pseudonymization helper

For group and project insight 
controllers pseudonymization helper raise
errors, due to unrecognized path. This is 
caused by the way how Rails handle internally
constraints. This commit add special 
handling for those cases
parent ca6231f8
......@@ -21,7 +21,7 @@ module Routing
case key
when :project_id
[key, "project#{@project&.id}"]
when :namespace_id
when :namespace_id, :group_id
namespace = @group || @project&.namespace
[key, "namespace#{namespace&.id}"]
when :id
......@@ -31,11 +31,24 @@ module Routing
end
end
Gitlab::Routing.url_helpers.url_for(masked_params.merge(masked_query_params))
generate_url(masked_params.merge(masked_query_params))
end
private
def generate_url(masked_params)
# The below check is added since `project/insights` route does not
# work with Rails router `url_for` method.
# See https://gitlab.com/gitlab-org/gitlab/-/issues/343551
if @request.path_parameters[:controller] == 'projects/insights'
default_root_url + "#{Gitlab::Routing.url_helpers.namespace_project_insights_path(masked_params)}"
elsif @request.path_parameters[:controller] == 'groups/insights'
default_root_url + "#{Gitlab::Routing.url_helpers.group_insights_path(masked_params)}"
else
Gitlab::Routing.url_helpers.url_for(masked_params.merge(masked_query_params))
end
end
def mask_id(value)
if @request.path_parameters[:controller] == 'projects/blob'
':repository_path'
......@@ -50,7 +63,7 @@ module Routing
def has_maskable_params?
request_params = @request.path_parameters.to_h
request_params.has_key?(:namespace_id) || request_params.has_key?(:project_id) || request_params.has_key?(:id) || @request.query_string.present?
request_params.key?(:namespace_id) || request_params.key?(:group_id) || request_params.key?(:project_id) || request_params.key?(:id) || @request.query_string.present?
end
def masked_query_params
......@@ -79,7 +92,10 @@ module Routing
current_project = project if defined?(project)
mask_helper = MaskHelper.new(request, current_group, current_project)
mask_helper.mask_params
rescue ActionController::RoutingError, URI::InvalidURIError => e
# We rescue all exception for time being till we test this helper extensively.
# Check https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72864#note_711515501
rescue => e # rubocop:disable Style/RescueStandardError
Gitlab::ErrorTracking.track_exception(e, url: request.original_fullpath)
nil
end
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe ::Routing::PseudonymizationHelper do
let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, group: group) }
before do
stub_feature_flags(mask_page_urls: true)
allow(helper).to receive(:group).and_return(group)
allow(helper).to receive(:project).and_return(project)
end
shared_examples 'masked url' do
it 'generates masked page url' do
expect(helper.masked_page_url).to eq(masked_url)
end
end
describe 'when url has params to mask' do
context 'when project/insights page is loaded' do
let(:masked_url) { "http://localhost//namespace#{group.id}/project#{project.id}/insights/" }
let(:request) do
double(:Request,
path_parameters: {
controller: 'projects/insights',
action: 'show',
namespace_id: group.name,
project_id: project.name
},
protocol: 'http',
host: 'localhost',
query_string: '')
end
before do
allow(helper).to receive(:request).and_return(request)
end
it_behaves_like 'masked url'
end
context 'when groups/insights page is loaded' do
let(:masked_url) { "http://localhost//groups/namespace#{group.id}/-/insights/" }
let(:request) do
double(:Request,
path_parameters: {
controller: 'groups/insights',
action: 'show',
group_id: group.name
},
protocol: 'http',
host: 'localhost',
query_string: '')
end
before do
allow(helper).to receive(:request).and_return(request)
end
it_behaves_like 'masked url'
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment