Skip to content

G
gitlab-ce
Commit bcc83ffd authored by Giorgenes Gelatti's avatar Giorgenes Gelatti Committed by Sean McGivern
Browse files
Options

Extend composer specs to cover group visibility 

Extend composer specs to test for auth token
from private token param
parent ff21e2bb
Show whitespace changes
Inline Side-by-side
Showing with 94 additions and 49 deletions
changelogs/unreleased/232636-add-support-for-fixing-composer-404.yml 0 → 100644
View file @ bcc83ffd
---
title: Fix composer 404 issues with http auth
merge_request: 38641
author:
type: fixed
doc/user/packages/composer_repository/index.md
View file @ bcc83ffd
...@@ -130,11 +130,8 @@ You also need to create a `auth.json` file with your GitLab credentials: ...@@ -130,11 +130,8 @@ You also need to create a `auth.json` file with your GitLab credentials:
```json ```json
{ {
"http-basic": { "gitlab-token": {
"gitlab.com": { "gitlab.com": "<personal_access_token>"
"username": "___token___",
"password": "<personal_access_token>"
}
} }
} }
``` ```
......
spec/requests/api/composer_packages_spec.rb
View file @ bcc83ffd
...@@ -26,34 +26,65 @@ RSpec.describe API::ComposerPackages do ...@@ -26,34 +26,65 @@ RSpec.describe API::ComposerPackages do
group.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) group.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
end end
context 'with basic auth' do
where(:project_visibility_level, :user_role, :member, :user_token, :include_package) do where(:project_visibility_level, :user_role, :member, :user_token, :include_package) do
'PUBLIC' | :developer | true | true | :include_package 'PUBLIC' | :developer | true | true | :include_package
'PUBLIC' | :developer | true | false | :include_package
'PUBLIC' | :developer | false | false | :include_package
'PUBLIC' | :developer | false | true | :include_package 'PUBLIC' | :developer | false | true | :include_package
'PUBLIC' | :guest | true | true | :include_package 'PUBLIC' | :guest | true | true | :include_package
'PUBLIC' | :guest | true | false | :include_package
'PUBLIC' | :guest | false | true | :include_package 'PUBLIC' | :guest | false | true | :include_package
'PUBLIC' | :guest | false | false | :include_package
'PUBLIC' | :anonymous | false | true | :include_package 'PUBLIC' | :anonymous | false | true | :include_package
'PRIVATE' | :developer | true | true | :include_package 'PRIVATE' | :developer | true | true | :include_package
'PRIVATE' | :developer | true | false | :does_not_include_package
'PRIVATE' | :developer | false | true | :does_not_include_package 'PRIVATE' | :developer | false | true | :does_not_include_package
'PRIVATE' | :developer | false | false | :does_not_include_package
'PRIVATE' | :guest | true | true | :does_not_include_package 'PRIVATE' | :guest | true | true | :does_not_include_package
'PRIVATE' | :guest | true | false | :does_not_include_package
'PRIVATE' | :guest | false | true | :does_not_include_package 'PRIVATE' | :guest | false | true | :does_not_include_package
'PRIVATE' | :guest | false | false | :does_not_include_package
'PRIVATE' | :anonymous | false | true | :does_not_include_package 'PRIVATE' | :anonymous | false | true | :does_not_include_package
'PRIVATE' | :guest | false | false | :does_not_include_package
'PRIVATE' | :guest | true | false | :does_not_include_package
'PRIVATE' | :developer | false | false | :does_not_include_package
'PRIVATE' | :developer | true | false | :does_not_include_package
'PUBLIC' | :developer | true | false | :include_package
'PUBLIC' | :guest | true | false | :include_package
'PUBLIC' | :developer | false | false | :include_package
'PUBLIC' | :guest | false | false | :include_package
end end
with_them do with_them do
include_context 'Composer api project access', params[:project_visibility_level], params[:user_role], params[:user_token] do include_context 'Composer api project access', params[:project_visibility_level], params[:user_role], params[:user_token], :basic do
it_behaves_like 'Composer package index', params[:user_role], :success, params[:member], params[:include_package] it_behaves_like 'Composer package index', params[:user_role], :success, params[:member], params[:include_package]
end end
end end
end end
context 'with private token header auth' do
where(:project_visibility_level, :user_role, :member, :user_token, :expected_status, :include_package) do
'PUBLIC' | :developer | true | true | :success | :include_package
'PUBLIC' | :developer | false | true | :success | :include_package
'PUBLIC' | :guest | true | true | :success | :include_package
'PUBLIC' | :guest | false | true | :success | :include_package
'PUBLIC' | :anonymous | false | true | :success | :include_package
'PRIVATE' | :developer | true | true | :success | :include_package
'PRIVATE' | :developer | false | true | :success | :does_not_include_package
'PRIVATE' | :guest | true | true | :success | :does_not_include_package
'PRIVATE' | :guest | false | true | :success | :does_not_include_package
'PRIVATE' | :anonymous | false | true | :success | :does_not_include_package
'PRIVATE' | :guest | false | false | :unauthorized | nil
'PRIVATE' | :guest | true | false | :unauthorized | nil
'PRIVATE' | :developer | false | false | :unauthorized | nil
'PRIVATE' | :developer | true | false | :unauthorized | nil
'PUBLIC' | :developer | true | false | :unauthorized | nil
'PUBLIC' | :guest | true | false | :unauthorized | nil
'PUBLIC' | :developer | false | false | :unauthorized | nil
'PUBLIC' | :guest | false | false | :unauthorized | nil
end
with_them do
include_context 'Composer api project access', params[:project_visibility_level], params[:user_role], params[:user_token], :token do
it_behaves_like 'Composer package index', params[:user_role], params[:expected_status], params[:member], params[:include_package]
end
end
end
end
context 'with a private group' do context 'with a private group' do
before do before do
group.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE) group.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
...@@ -105,22 +136,22 @@ RSpec.describe API::ComposerPackages do ...@@ -105,22 +136,22 @@ RSpec.describe API::ComposerPackages do
context 'with valid project' do context 'with valid project' do
where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do
'PUBLIC' | :developer | true | true | 'Composer provider index' | :success 'PUBLIC' | :developer | true | true | 'Composer provider index' | :success
'PUBLIC' | :developer | true | false | 'Composer provider index' | :success 'PUBLIC' | :developer | true | false | 'process Composer api request' | :unauthorized
'PUBLIC' | :developer | false | true | 'Composer provider index' | :success 'PUBLIC' | :developer | false | true | 'Composer provider index' | :success
'PUBLIC' | :developer | false | false | 'Composer provider index' | :success 'PUBLIC' | :developer | false | false | 'process Composer api request' | :unauthorized
'PUBLIC' | :guest | true | true | 'Composer provider index' | :success 'PUBLIC' | :guest | true | true | 'Composer provider index' | :success
'PUBLIC' | :guest | true | false | 'Composer provider index' | :success 'PUBLIC' | :guest | true | false | 'process Composer api request' | :unauthorized
'PUBLIC' | :guest | false | true | 'Composer provider index' | :success 'PUBLIC' | :guest | false | true | 'Composer provider index' | :success
'PUBLIC' | :guest | false | false | 'Composer provider index' | :success 'PUBLIC' | :guest | false | false | 'process Composer api request' | :unauthorized
'PUBLIC' | :anonymous | false | true | 'Composer provider index' | :success 'PUBLIC' | :anonymous | false | true | 'Composer provider index' | :success
'PRIVATE' | :developer | true | true | 'Composer provider index' | :success 'PRIVATE' | :developer | true | true | 'Composer provider index' | :success
'PRIVATE' | :developer | true | false | 'process Composer api request' | :not_found 'PRIVATE' | :developer | true | false | 'process Composer api request' | :unauthorized
'PRIVATE' | :developer | false | true | 'process Composer api request' | :not_found 'PRIVATE' | :developer | false | true | 'process Composer api request' | :not_found
'PRIVATE' | :developer | false | false | 'process Composer api request' | :not_found 'PRIVATE' | :developer | false | false | 'process Composer api request' | :unauthorized
'PRIVATE' | :guest | true | true | 'Composer empty provider index' | :success 'PRIVATE' | :guest | true | true | 'Composer empty provider index' | :success
'PRIVATE' | :guest | true | false | 'process Composer api request' | :not_found 'PRIVATE' | :guest | true | false | 'process Composer api request' | :unauthorized
'PRIVATE' | :guest | false | true | 'process Composer api request' | :not_found 'PRIVATE' | :guest | false | true | 'process Composer api request' | :not_found
'PRIVATE' | :guest | false | false | 'process Composer api request' | :not_found 'PRIVATE' | :guest | false | false | 'process Composer api request' | :unauthorized
'PRIVATE' | :anonymous | false | true | 'process Composer api request' | :not_found 'PRIVATE' | :anonymous | false | true | 'process Composer api request' | :not_found
end end
...@@ -151,22 +182,22 @@ RSpec.describe API::ComposerPackages do ...@@ -151,22 +182,22 @@ RSpec.describe API::ComposerPackages do
where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do
'PUBLIC' | :developer | true | true | 'Composer package api request' | :success 'PUBLIC' | :developer | true | true | 'Composer package api request' | :success
'PUBLIC' | :developer | true | false | 'Composer package api request' | :success 'PUBLIC' | :developer | true | false | 'process Composer api request' | :unauthorized
'PUBLIC' | :developer | false | true | 'Composer package api request' | :success 'PUBLIC' | :developer | false | true | 'Composer package api request' | :success
'PUBLIC' | :developer | false | false | 'Composer package api request' | :success 'PUBLIC' | :developer | false | false | 'process Composer api request' | :unauthorized
'PUBLIC' | :guest | true | true | 'Composer package api request' | :success 'PUBLIC' | :guest | true | true | 'Composer package api request' | :success
'PUBLIC' | :guest | true | false | 'Composer package api request' | :success 'PUBLIC' | :guest | true | false | 'process Composer api request' | :unauthorized
'PUBLIC' | :guest | false | true | 'Composer package api request' | :success 'PUBLIC' | :guest | false | true | 'Composer package api request' | :success
'PUBLIC' | :guest | false | false | 'Composer package api request' | :success 'PUBLIC' | :guest | false | false | 'process Composer api request' | :unauthorized
'PUBLIC' | :anonymous | false | true | 'Composer package api request' | :success 'PUBLIC' | :anonymous | false | true | 'Composer package api request' | :success
'PRIVATE' | :developer | true | true | 'Composer package api request' | :success 'PRIVATE' | :developer | true | true | 'Composer package api request' | :success
'PRIVATE' | :developer | true | false | 'process Composer api request' | :not_found 'PRIVATE' | :developer | true | false | 'process Composer api request' | :unauthorized
'PRIVATE' | :developer | false | true | 'process Composer api request' | :not_found 'PRIVATE' | :developer | false | true | 'process Composer api request' | :not_found
'PRIVATE' | :developer | false | false | 'process Composer api request' | :not_found 'PRIVATE' | :developer | false | false | 'process Composer api request' | :unauthorized
'PRIVATE' | :guest | true | true | 'process Composer api request' | :not_found 'PRIVATE' | :guest | true | true | 'process Composer api request' | :not_found
'PRIVATE' | :guest | true | false | 'process Composer api request' | :not_found 'PRIVATE' | :guest | true | false | 'process Composer api request' | :unauthorized
'PRIVATE' | :guest | false | true | 'process Composer api request' | :not_found 'PRIVATE' | :guest | false | true | 'process Composer api request' | :not_found
'PRIVATE' | :guest | false | false | 'process Composer api request' | :not_found 'PRIVATE' | :guest | false | false | 'process Composer api request' | :unauthorized
'PRIVATE' | :anonymous | false | true | 'process Composer api request' | :not_found 'PRIVATE' | :anonymous | false | true | 'process Composer api request' | :not_found
end end
......
spec/support/shared_examples/requests/api/composer_packages_shared_examples.rb
View file @ bcc83ffd
...@@ -16,10 +16,13 @@ RSpec.shared_examples 'Composer package index' do |user_type, status, add_member ...@@ -16,10 +16,13 @@ RSpec.shared_examples 'Composer package index' do |user_type, status, add_member
subject subject
expect(response).to have_gitlab_http_status(status) expect(response).to have_gitlab_http_status(status)
if status == :success
expect(response).to match_response_schema('public_api/v4/packages/composer/index') expect(response).to match_response_schema('public_api/v4/packages/composer/index')
expect(json_response).to eq presenter.root expect(json_response).to eq presenter.root
end end
end end
end
end end
RSpec.shared_examples 'Composer empty provider index' do |user_type, status, add_member = true| RSpec.shared_examples 'Composer empty provider index' do |user_type, status, add_member = true|
...@@ -87,13 +90,22 @@ RSpec.shared_examples 'process Composer api request' do |user_type, status, add_ ...@@ -87,13 +90,22 @@ RSpec.shared_examples 'process Composer api request' do |user_type, status, add_
end end
end end
RSpec.shared_context 'Composer auth headers' do |user_role, user_token| RSpec.shared_context 'Composer auth headers' do |user_role, user_token, auth_method = :token|
let(:token) { user_token ? personal_access_token.token : 'wrong' } let(:token) { user_token ? personal_access_token.token : 'wrong' }
let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
let(:headers) do
if user_role == :anonymous
{}
elsif auth_method == :token
{ 'Private-Token' => token }
else
basic_auth_header(user.username, token)
end
end
end end
RSpec.shared_context 'Composer api project access' do |project_visibility_level, user_role, user_token| RSpec.shared_context 'Composer api project access' do |project_visibility_level, user_role, user_token, auth_method|
include_context 'Composer auth headers', user_role, user_token do include_context 'Composer auth headers', user_role, user_token, auth_method do
before do before do
project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false)) project.update!(visibility_level: Gitlab::VisibilityLevel.const_get(project_visibility_level, false))
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7