Commit a62646d6 authored by Markus Koller's avatar Markus Koller

Merge branch 'georgekoltsov/group-import-auth-user' into 'master'

Add BulkImportsController for user to provide credentials

See merge request gitlab-org/gitlab!42704
parents 0a8ccb54 f1a6b883
# frozen_string_literal: true
class Import::BulkImportsController < ApplicationController
before_action :ensure_group_import_enabled
before_action :verify_blocked_uri, only: :status
def configure
session[access_token_key] = params[access_token_key]&.strip
session[url_key] = params[url_key]
redirect_to status_import_bulk_import_url
end
private
def import_params
params.permit(access_token_key, url_key)
end
def ensure_group_import_enabled
render_404 unless Feature.enabled?(:bulk_import)
end
def access_token_key
:bulk_import_gitlab_access_token
end
def url_key
:bulk_import_gitlab_url
end
def verify_blocked_uri
Gitlab::UrlBlocker.validate!(
session[url_key],
**{
allow_localhost: allow_local_requests?,
allow_local_network: allow_local_requests?,
schemes: %w(http https)
}
)
rescue Gitlab::UrlBlocker::BlockedUrlError => e
session[access_token_key] = nil
session[url_key] = nil
redirect_to new_group_path, alert: _('Specified URL cannot be used: "%{reason}"') % { reason: e.message }
end
def allow_local_requests?
Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
end
end
---
name: bulk_import
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/42704
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/255310
group: group::import
type: development
default_enabled: false
...@@ -69,6 +69,11 @@ namespace :import do ...@@ -69,6 +69,11 @@ namespace :import do
post :authorize post :authorize
end end
resource :bulk_import, only: [:create] do
post :configure
get :status
end
resource :manifest, only: [:create, :new], controller: :manifest do resource :manifest, only: [:create, :new], controller: :manifest do
get :status get :status
get :realtime_changes get :realtime_changes
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Import::BulkImportsController do
let_it_be(:user) { create(:user) }
before do
sign_in(user)
end
context 'when user is signed in' do
context 'when bulk_import feature flag is enabled' do
before do
stub_feature_flags(bulk_import: true)
end
describe 'POST configure' do
context 'when no params are passed in' do
it 'clears out existing session' do
post :configure
expect(session[:bulk_import_gitlab_access_token]).to be_nil
expect(session[:bulk_import_gitlab_url]).to be_nil
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(status_import_bulk_import_url)
end
end
it 'sets the session variables' do
token = 'token'
url = 'https://gitlab.example'
post :configure, params: { bulk_import_gitlab_access_token: token, bulk_import_gitlab_url: url }
expect(session[:bulk_import_gitlab_access_token]).to eq(token)
expect(session[:bulk_import_gitlab_url]).to eq(url)
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(status_import_bulk_import_url)
end
it 'strips access token with spaces' do
token = 'token'
post :configure, params: { bulk_import_gitlab_access_token: " #{token} " }
expect(session[:bulk_import_gitlab_access_token]).to eq(token)
expect(controller).to redirect_to(status_import_bulk_import_url)
end
end
describe 'GET status' do
context 'when host url is local or not http' do
%w[https://localhost:3000 http://192.168.0.1 ftp://testing].each do |url|
before do
stub_application_setting(allow_local_requests_from_web_hooks_and_services: false)
session[:bulk_import_gitlab_access_token] = 'test'
session[:bulk_import_gitlab_url] = url
end
it 'denies network request' do
get :status
expect(controller).to redirect_to(new_group_path)
expect(flash[:alert]).to eq('Specified URL cannot be used: "Only allowed schemes are http, https"')
end
end
context 'when local requests are allowed' do
%w[https://localhost:3000 http://192.168.0.1].each do |url|
before do
stub_application_setting(allow_local_requests_from_web_hooks_and_services: true)
session[:bulk_import_gitlab_access_token] = 'test'
session[:bulk_import_gitlab_url] = url
end
it 'allows network request' do
get :status
expect(response).to have_gitlab_http_status(:ok)
end
end
end
end
end
end
context 'when gitlab_api_imports feature flag is disabled' do
before do
stub_feature_flags(bulk_import: false)
end
context 'POST configure' do
it 'returns 404' do
post :configure
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'GET status' do
it 'returns 404' do
get :status
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
context 'when user is signed out' do
before do
sign_out(user)
end
context 'POST configure' do
it 'redirects to sign in page' do
post :configure
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(new_user_session_path)
end
end
context 'GET status' do
it 'redirects to sign in page' do
get :status
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(new_user_session_path)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment