Commit b7f357cf authored by Stan Hu's avatar Stan Hu

Merge branch '5796-fix-invalid-signature-time-error' into 'master'

Rescue from `InvalidSignatureTimeError` on Geo API

Closes #5796

See merge request gitlab-org/gitlab-ee!5495
parents cf19910d 15848e61
---
title: 'Geo: Admin page will not crash with 500 because of InvalidSignatureTimeError'
merge_request: 5495
author:
type: fixed
......@@ -18,7 +18,7 @@ module EE
unless auth_header && ::Gitlab::Geo::JwtRequestDecoder.new(auth_header).decode
unauthorized!
end
rescue ::Gitlab::Geo::InvalidDecryptionKeyError, ::Gitlab::Geo::SignatureTimeInvalidError => e
rescue ::Gitlab::Geo::InvalidDecryptionKeyError, ::Gitlab::Geo::InvalidSignatureTimeError => e
render_api_error!(e.to_s, 401)
end
end
......
require 'spec_helper'
describe EE::API::Helpers do
include API::APIGuard::HelperMethods
include API::Helpers
include Rack::Test::Methods
let(:options) { {} }
let(:params) { {} }
let(:env) do
{
'rack.input' => '',
'REQUEST_METHOD' => 'GET'
}
let(:helper) do
Class.new(Grape::API) do
helpers EE::API::Helpers
helpers API::APIGuard::HelperMethods
helpers API::Helpers
format :json
get 'user' do
current_user ? { id: current_user.id } : { found: false }
end
let(:header) { }
let(:request) { Grape::Request.new(env)}
before do
allow(Gitlab::Database::LoadBalancing).to receive(:enable?).and_return(true)
get 'protected' do
authenticate_by_gitlab_geo_node_token!
end
end
end
def app
helper
end
describe '#current_user' do
let(:user) { build(:user, id: 42) }
before do
allow(Gitlab::Database::LoadBalancing).to receive(:enable?).and_return(true)
end
it 'handles sticking when a user could be found' do
allow_any_instance_of(API::Helpers).to receive(:initial_current_user).and_return(user)
expect(Gitlab::Database::LoadBalancing::RackMiddleware)
.to receive(:stick_or_unstick).with(env, :user, 42)
.to receive(:stick_or_unstick).with(any_args, :user, 42)
get 'user'
current_user
expect(JSON.parse(last_response.body)).to eq({ 'id' => user.id })
end
it 'does not handle sticking if no user could be found' do
......@@ -37,13 +48,37 @@ describe EE::API::Helpers do
expect(Gitlab::Database::LoadBalancing::RackMiddleware)
.not_to receive(:stick_or_unstick)
current_user
get 'user'
expect(JSON.parse(last_response.body)).to eq({ 'found' => false })
end
it 'returns the user if one could be found' do
allow_any_instance_of(API::Helpers).to receive(:initial_current_user).and_return(user)
expect(current_user).to eq(user)
get 'user'
expect(JSON.parse(last_response.body)).to eq({ 'id' => user.id })
end
end
describe '#authenticate_by_gitlab_geo_node_token!' do
it 'rescues from ::Gitlab::Geo::InvalidDecryptionKeyError' do
expect_any_instance_of(::Gitlab::Geo::JwtRequestDecoder).to receive(:decode) { raise ::Gitlab::Geo::InvalidDecryptionKeyError }
header 'Authorization', 'test'
get 'protected', current_user: 'test'
expect(JSON.parse(last_response.body)).to eq({ 'message' => 'Gitlab::Geo::InvalidDecryptionKeyError' })
end
it 'rescues from ::Gitlab::Geo::InvalidSignatureTimeError' do
allow_any_instance_of(::Gitlab::Geo::JwtRequestDecoder).to receive(:decode) { raise ::Gitlab::Geo::InvalidSignatureTimeError }
header 'Authorization', 'test'
get 'protected', current_user: 'test'
expect(JSON.parse(last_response.body)).to eq({ 'message' => 'Gitlab::Geo::InvalidSignatureTimeError' })
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment