Commit e81e649f authored by Mathieu Parent's avatar Mathieu Parent

Use token authentication in the Debian distribution APIs

And improve specs.

Changelog: changed
parent 8f9b5225
......@@ -51,8 +51,9 @@ module API
end
authenticate_with do |accept|
accept.token_types(:personal_access_token, :deploy_token, :job_token)
.sent_through(:http_basic_auth)
accept.token_types(:personal_access_token).sent_through(:http_private_token_header)
accept.token_types(:deploy_token).sent_through(:http_deploy_token_header)
accept.token_types(:job_token).sent_through(:http_job_token_header)
end
content_type :json, 'application/json'
......
......@@ -9,35 +9,36 @@ RSpec.describe API::DebianGroupPackages do
context 'with invalid parameter' do
let(:url) { "/groups/1/-/packages/debian/dists/with+space/InRelease" }
it_behaves_like 'Debian repository GET request', :bad_request, /^distribution is invalid$/
it_behaves_like 'Debian packages GET request', :bad_request, /^distribution is invalid$/
end
describe 'GET groups/:id/-/packages/debian/dists/*distribution/Release.gpg' do
let(:url) { "/groups/#{container.id}/-/packages/debian/dists/#{distribution.codename}/Release.gpg" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /^-----BEGIN PGP SIGNATURE-----/
it_behaves_like 'Debian packages read endpoint', 'GET', :success, /^-----BEGIN PGP SIGNATURE-----/
end
describe 'GET groups/:id/-/packages/debian/dists/*distribution/Release' do
let(:url) { "/groups/#{container.id}/-/packages/debian/dists/#{distribution.codename}/Release" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /^Codename: fixture-distribution\n$/
it_behaves_like 'Debian packages read endpoint', 'GET', :success, /^Codename: fixture-distribution\n$/
end
describe 'GET groups/:id/-/packages/debian/dists/*distribution/InRelease' do
let(:url) { "/groups/#{container.id}/-/packages/debian/dists/#{distribution.codename}/InRelease" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /^-----BEGIN PGP SIGNED MESSAGE-----/
it_behaves_like 'Debian packages read endpoint', 'GET', :success, /^-----BEGIN PGP SIGNED MESSAGE-----/
end
describe 'GET groups/:id/-/packages/debian/dists/*distribution/:component/binary-:architecture/Packages' do
let(:url) { "/groups/#{container.id}/-/packages/debian/dists/#{distribution.codename}/#{component.name}/binary-#{architecture.name}/Packages" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /Description: This is an incomplete Packages file/
it_behaves_like 'Debian packages read endpoint', 'GET', :success, /Description: This is an incomplete Packages file/
end
describe 'GET groups/:id/-/packages/debian/pool/:codename/:project_id/:letter/:package_name/:package_version/:file_name' do
let(:url) { "/groups/#{container.id}/-/packages/debian/pool/#{package.debian_distribution.codename}/#{project.id}/#{letter}/#{package.name}/#{package.version}/#{file_name}" }
let(:file_name) { params[:file_name] }
using RSpec::Parameterized::TableSyntax
......@@ -51,9 +52,7 @@ RSpec.describe API::DebianGroupPackages do
end
with_them do
include_context 'with file_name', params[:file_name]
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, params[:success_body]
it_behaves_like 'Debian packages read endpoint', 'GET', :success, params[:success_body]
end
end
end
......
......@@ -9,35 +9,36 @@ RSpec.describe API::DebianProjectPackages do
context 'with invalid parameter' do
let(:url) { "/projects/1/packages/debian/dists/with+space/InRelease" }
it_behaves_like 'Debian repository GET request', :bad_request, /^distribution is invalid$/
it_behaves_like 'Debian packages GET request', :bad_request, /^distribution is invalid$/
end
describe 'GET projects/:id/packages/debian/dists/*distribution/Release.gpg' do
let(:url) { "/projects/#{container.id}/packages/debian/dists/#{distribution.codename}/Release.gpg" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /^-----BEGIN PGP SIGNATURE-----/
it_behaves_like 'Debian packages read endpoint', 'GET', :success, /^-----BEGIN PGP SIGNATURE-----/
end
describe 'GET projects/:id/packages/debian/dists/*distribution/Release' do
let(:url) { "/projects/#{container.id}/packages/debian/dists/#{distribution.codename}/Release" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /^Codename: fixture-distribution\n$/
it_behaves_like 'Debian packages read endpoint', 'GET', :success, /^Codename: fixture-distribution\n$/
end
describe 'GET projects/:id/packages/debian/dists/*distribution/InRelease' do
let(:url) { "/projects/#{container.id}/packages/debian/dists/#{distribution.codename}/InRelease" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /^-----BEGIN PGP SIGNED MESSAGE-----/
it_behaves_like 'Debian packages read endpoint', 'GET', :success, /^-----BEGIN PGP SIGNED MESSAGE-----/
end
describe 'GET projects/:id/packages/debian/dists/*distribution/:component/binary-:architecture/Packages' do
let(:url) { "/projects/#{container.id}/packages/debian/dists/#{distribution.codename}/#{component.name}/binary-#{architecture.name}/Packages" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /Description: This is an incomplete Packages file/
it_behaves_like 'Debian packages read endpoint', 'GET', :success, /Description: This is an incomplete Packages file/
end
describe 'GET projects/:id/packages/debian/pool/:codename/:letter/:package_name/:package_version/:file_name' do
let(:url) { "/projects/#{container.id}/packages/debian/pool/#{package.debian_distribution.codename}/#{letter}/#{package.name}/#{package.version}/#{file_name}" }
let(:file_name) { params[:file_name] }
using RSpec::Parameterized::TableSyntax
......@@ -51,9 +52,7 @@ RSpec.describe API::DebianProjectPackages do
end
with_them do
include_context 'with file_name', params[:file_name]
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, params[:success_body]
it_behaves_like 'Debian packages read endpoint', 'GET', :success, params[:success_body]
end
end
......@@ -65,13 +64,13 @@ RSpec.describe API::DebianProjectPackages do
context 'with a deb' do
let(:file_name) { 'libsample0_1.2.3~alpha2_amd64.deb' }
it_behaves_like 'Debian repository write endpoint', 'upload request', :created
it_behaves_like 'Debian packages write endpoint', 'upload', :created, nil
end
context 'with a changes file' do
let(:file_name) { 'sample_1.2.3~alpha2_amd64.changes' }
it_behaves_like 'Debian repository write endpoint', 'upload request', :created
it_behaves_like 'Debian packages write endpoint', 'upload', :created, nil
end
end
......@@ -80,7 +79,7 @@ RSpec.describe API::DebianProjectPackages do
let(:method) { :put }
let(:url) { "/projects/#{container.id}/packages/debian/#{file_name}/authorize" }
it_behaves_like 'Debian repository write endpoint', 'upload authorize request', :created
it_behaves_like 'Debian packages write endpoint', 'upload authorize', :created, nil
end
end
end
......@@ -11,25 +11,25 @@ RSpec.describe API::GroupDebianDistributions do
let(:url) { "/groups/#{container.id}/-/debian_distributions" }
let(:api_params) { { 'codename': 'my-codename' } }
it_behaves_like 'Debian repository write endpoint', 'POST distribution request', :created, /^{.*"codename":"my-codename",.*"components":\["main"\],.*"architectures":\["all","amd64"\]/, authenticate_non_public: false
it_behaves_like 'Debian distributions write endpoint', 'POST', :created, /^{.*"codename":"my-codename",.*"components":\["main"\],.*"architectures":\["all","amd64"\]/
end
describe 'GET groups/:id/-/debian_distributions' do
let(:url) { "/groups/#{container.id}/-/debian_distributions" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /^\[{.*"codename":"existing-codename",.*"components":\["existing-component"\],.*"architectures":\["all","existing-arch"\]/, authenticate_non_public: false
it_behaves_like 'Debian distributions read endpoint', 'GET', :success, /^\[{.*"codename":"existing-codename",.*"components":\["existing-component"\],.*"architectures":\["all","existing-arch"\]/
end
describe 'GET groups/:id/-/debian_distributions/:codename' do
let(:url) { "/groups/#{container.id}/-/debian_distributions/#{distribution.codename}" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /^{.*"codename":"existing-codename",.*"components":\["existing-component"\],.*"architectures":\["all","existing-arch"\]/, authenticate_non_public: false
it_behaves_like 'Debian distributions read endpoint', 'GET', :success, /^{.*"codename":"existing-codename",.*"components":\["existing-component"\],.*"architectures":\["all","existing-arch"\]/
end
describe 'GET groups/:id/-/debian_distributions/:codename/key.asc' do
let(:url) { "/groups/#{container.id}/-/debian_distributions/#{distribution.codename}/key.asc" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /^-----BEGIN PGP PUBLIC KEY BLOCK-----/, authenticate_non_public: false
it_behaves_like 'Debian distributions read endpoint', 'GET', :success, /^-----BEGIN PGP PUBLIC KEY BLOCK-----/
end
describe 'PUT groups/:id/-/debian_distributions/:codename' do
......@@ -37,14 +37,14 @@ RSpec.describe API::GroupDebianDistributions do
let(:url) { "/groups/#{container.id}/-/debian_distributions/#{distribution.codename}" }
let(:api_params) { { suite: 'my-suite' } }
it_behaves_like 'Debian repository write endpoint', 'PUT distribution request', :success, /^{.*"codename":"existing-codename",.*"suite":"my-suite",/, authenticate_non_public: false
it_behaves_like 'Debian distributions write endpoint', 'PUT', :success, /^{.*"codename":"existing-codename",.*"suite":"my-suite",/
end
describe 'DELETE groups/:id/-/debian_distributions/:codename' do
let(:method) { :delete }
let(:url) { "/groups/#{container.id}/-/debian_distributions/#{distribution.codename}" }
it_behaves_like 'Debian repository maintainer write endpoint', 'DELETE distribution request', :success, /^{"message":"202 Accepted"}$/, authenticate_non_public: false
it_behaves_like 'Debian distributions maintainer write endpoint', 'DELETE', :success, /^{"message":"202 Accepted"}$/
end
end
end
......@@ -11,31 +11,31 @@ RSpec.describe API::ProjectDebianDistributions do
let(:url) { "/projects/#{container.id}/debian_distributions" }
let(:api_params) { { 'codename': 'my-codename' } }
it_behaves_like 'Debian repository write endpoint', 'POST distribution request', :created, /^{.*"codename":"my-codename",.*"components":\["main"\],.*"architectures":\["all","amd64"\]/, authenticate_non_public: false
it_behaves_like 'Debian distributions write endpoint', 'POST', :created, /^{.*"codename":"my-codename",.*"components":\["main"\],.*"architectures":\["all","amd64"\]/
context 'with invalid parameters' do
let(:api_params) { { codename: distribution.codename } }
it_behaves_like 'Debian repository write endpoint', 'GET request', :bad_request, /^{"message":{"codename":\["has already been taken"\]}}$/, authenticate_non_public: false
it_behaves_like 'Debian distributions write endpoint', 'GET', :bad_request, /^{"message":{"codename":\["has already been taken"\]}}$/
end
end
describe 'GET projects/:id/debian_distributions' do
let(:url) { "/projects/#{container.id}/debian_distributions" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /^\[{.*"codename":"existing-codename\",.*"components":\["existing-component"\],.*"architectures":\["all","existing-arch"\]/, authenticate_non_public: false
it_behaves_like 'Debian distributions read endpoint', 'GET', :success, /^\[{.*"codename":"existing-codename\",.*"components":\["existing-component"\],.*"architectures":\["all","existing-arch"\]/
end
describe 'GET projects/:id/debian_distributions/:codename' do
let(:url) { "/projects/#{container.id}/debian_distributions/#{distribution.codename}" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /^{.*"codename":"existing-codename\",.*"components":\["existing-component"\],.*"architectures":\["all","existing-arch"\]/, authenticate_non_public: false
it_behaves_like 'Debian distributions read endpoint', 'GET', :success, /^{.*"codename":"existing-codename\",.*"components":\["existing-component"\],.*"architectures":\["all","existing-arch"\]/
end
describe 'GET projects/:id/debian_distributions/:codename/key.asc' do
let(:url) { "/projects/#{container.id}/debian_distributions/#{distribution.codename}/key.asc" }
it_behaves_like 'Debian repository read endpoint', 'GET request', :success, /^-----BEGIN PGP PUBLIC KEY BLOCK-----/, authenticate_non_public: false
it_behaves_like 'Debian distributions read endpoint', 'GET', :success, /^-----BEGIN PGP PUBLIC KEY BLOCK-----/
end
describe 'PUT projects/:id/debian_distributions/:codename' do
......@@ -43,12 +43,12 @@ RSpec.describe API::ProjectDebianDistributions do
let(:url) { "/projects/#{container.id}/debian_distributions/#{distribution.codename}" }
let(:api_params) { { suite: 'my-suite' } }
it_behaves_like 'Debian repository write endpoint', 'PUT distribution request', :success, /^{.*"codename":"existing-codename",.*"suite":"my-suite",/, authenticate_non_public: false
it_behaves_like 'Debian distributions write endpoint', 'PUT', :success, /^{.*"codename":"existing-codename",.*"suite":"my-suite",/
context 'with invalid parameters' do
let(:api_params) { { suite: distribution.codename } }
it_behaves_like 'Debian repository write endpoint', 'GET request', :bad_request, /^{"message":{"suite":\["has already been taken as Codename"\]}}$/, authenticate_non_public: false
it_behaves_like 'Debian distributions write endpoint', 'GET', :bad_request, /^{"message":{"suite":\["has already been taken as Codename"\]}}$/
end
end
......@@ -56,7 +56,7 @@ RSpec.describe API::ProjectDebianDistributions do
let(:method) { :delete }
let(:url) { "/projects/#{container.id}/debian_distributions/#{distribution.codename}" }
it_behaves_like 'Debian repository maintainer write endpoint', 'DELETE distribution request', :success, /^{\"message\":\"202 Accepted\"}$/, authenticate_non_public: false
it_behaves_like 'Debian distributions maintainer write endpoint', 'DELETE', :success, /^{\"message\":\"202 Accepted\"}$/
context 'when destroy fails' do
before do
......@@ -65,7 +65,7 @@ RSpec.describe API::ProjectDebianDistributions do
end
end
it_behaves_like 'Debian repository maintainer write endpoint', 'GET request', :bad_request, /^{"message":"Failed to delete distribution"}$/, authenticate_non_public: false
it_behaves_like 'Debian distributions maintainer write endpoint', 'GET', :bad_request, /^{"message":"Failed to delete distribution"}$/
end
end
end
......
# frozen_string_literal: true
RSpec.shared_context 'Debian repository shared context' do |container_type, can_freeze|
include_context 'workhorse headers'
before do
stub_feature_flags(debian_packages: true, debian_group_packages: true)
end
let_it_be(:private_container, freeze: can_freeze) { create(container_type, :private) }
let_it_be(:public_container, freeze: can_freeze) { create(container_type, :public) }
let_it_be(:user, freeze: true) { create(:user) }
let_it_be(:personal_access_token, freeze: true) { create(:personal_access_token, user: user) }
let_it_be(:private_distribution, freeze: true) { create("debian_#{container_type}_distribution", :with_file, container: private_container, codename: 'existing-codename') }
let_it_be(:private_distribution_key, freeze: true) { create("debian_#{container_type}_distribution_key", distribution: private_distribution) }
let_it_be(:private_component, freeze: true) { create("debian_#{container_type}_component", distribution: private_distribution, name: 'existing-component') }
let_it_be(:private_architecture_all, freeze: true) { create("debian_#{container_type}_architecture", distribution: private_distribution, name: 'all') }
let_it_be(:private_architecture, freeze: true) { create("debian_#{container_type}_architecture", distribution: private_distribution, name: 'existing-arch') }
let_it_be(:private_component_file) { create("debian_#{container_type}_component_file", component: private_component, architecture: private_architecture) }
let_it_be(:public_distribution, freeze: true) { create("debian_#{container_type}_distribution", :with_file, container: public_container, codename: 'existing-codename') }
let_it_be(:public_distribution_key, freeze: true) { create("debian_#{container_type}_distribution_key", distribution: public_distribution) }
let_it_be(:public_component, freeze: true) { create("debian_#{container_type}_component", distribution: public_distribution, name: 'existing-component') }
let_it_be(:public_architecture_all, freeze: true) { create("debian_#{container_type}_architecture", distribution: public_distribution, name: 'all') }
let_it_be(:public_architecture, freeze: true) { create("debian_#{container_type}_architecture", distribution: public_distribution, name: 'existing-arch') }
let_it_be(:public_component_file) { create("debian_#{container_type}_component_file", component: public_component, architecture: public_architecture) }
if container_type == :group
let_it_be(:private_project) { create(:project, :private, group: private_container) }
let_it_be(:public_project) { create(:project, :public, group: public_container) }
let_it_be(:private_project_distribution) { create(:debian_project_distribution, container: private_project, codename: 'existing-codename') }
let_it_be(:public_project_distribution) { create(:debian_project_distribution, container: public_project, codename: 'existing-codename') }
let(:project) { { private: private_project, public: public_project }[visibility_level] }
else
let_it_be(:private_project) { private_container }
let_it_be(:public_project) { public_container }
let_it_be(:private_project_distribution) { private_distribution }
let_it_be(:public_project_distribution) { public_distribution }
end
let_it_be(:private_package) { create(:debian_package, project: private_project, published_in: private_project_distribution) }
let_it_be(:public_package) { create(:debian_package, project: public_project, published_in: public_project_distribution) }
let(:visibility_level) { :public }
let(:distribution) { { private: private_distribution, public: public_distribution }[visibility_level] }
let(:architecture) { { private: private_architecture, public: public_architecture }[visibility_level] }
let(:component) { { private: private_component, public: public_component }[visibility_level] }
let(:component_file) { { private: private_component_file, public: public_component_file }[visibility_level] }
let(:package) { { private: private_package, public: public_package }[visibility_level] }
let(:letter) { package.name[0..2] == 'lib' ? package.name[0..3] : package.name[0] }
let(:method) { :get }
let(:workhorse_params) do
if method == :put
file_upload = fixture_file_upload("spec/fixtures/packages/debian/#{file_name}")
{ file: file_upload }
else
{}
end
end
let(:api_params) { workhorse_params }
let(:auth_headers) { {} }
let(:wh_headers) do
if method == :put
workhorse_headers
else
{}
end
end
let(:headers) { auth_headers.merge(wh_headers) }
let(:send_rewritten_field) { true }
subject do
if method == :put
workhorse_finalize(
api(url),
method: method,
file_key: :file,
params: api_params,
headers: headers,
send_rewritten_field: send_rewritten_field
)
else
send method, api(url), headers: headers, params: api_params
end
end
end
RSpec.shared_context 'Debian repository auth headers' do |user_type, auth_method = :private_token|
let(:token) { user_type == :invalid_token ? 'wrong' : personal_access_token.token }
let(:auth_headers) do
if user_type == :anonymous
{}
elsif auth_method == :private_token
{ 'Private-Token' => token }
else
basic_auth_header(user.username, token)
end
end
end
RSpec.shared_context 'Debian repository access' do |visibility_level, user_type, auth_method|
include_context 'Debian repository auth headers', user_type, auth_method do
let(:containers) { { private: private_container, public: public_container } }
let(:container) { containers[visibility_level] }
before do
container.send("add_#{user_type}", user) if user_type != :anonymous && user_type != :not_a_member && user_type != :invalid_token
end
end
end
# frozen_string_literal: true
RSpec.shared_examples 'rejects Debian access with unknown container id' do |anonymous_status, auth_method|
context 'with an unknown container' do
let(:container) { double(id: non_existing_record_id) }
context 'as anonymous' do
it_behaves_like 'Debian packages GET request', anonymous_status, nil
end
context 'as authenticated user' do
include_context 'Debian repository auth headers', :not_a_member, auth_method do
it_behaves_like 'Debian packages GET request', :not_found, nil
end
end
end
end
# frozen_string_literal: true
RSpec.shared_examples 'Debian distributions GET request' do |status, body = nil|
and_body = body.nil? ? '' : ' and expected body'
it "returns #{status}#{and_body}" do
subject
expect(response).to have_gitlab_http_status(status)
unless body.nil?
expect(response.body).to match(body)
end
end
end
RSpec.shared_examples 'Debian distributions PUT request' do |status, body|
and_body = body.nil? ? '' : ' and expected body'
if status == :success
it 'updates distribution', :aggregate_failures do
expect(::Packages::Debian::UpdateDistributionService).to receive(:new).with(distribution, api_params.except(:codename)).and_call_original
expect { subject }
.to not_change { Packages::Debian::GroupDistribution.all.count + Packages::Debian::ProjectDistribution.all.count }
.and not_change { Packages::Debian::GroupComponent.all.count + Packages::Debian::ProjectComponent.all.count }
.and not_change { Packages::Debian::GroupArchitecture.all.count + Packages::Debian::ProjectArchitecture.all.count }
expect(response).to have_gitlab_http_status(status)
expect(response.media_type).to eq('application/json')
unless body.nil?
expect(response.body).to match(body)
end
end
else
it "returns #{status}#{and_body}", :aggregate_failures do
subject
expect(response).to have_gitlab_http_status(status)
unless body.nil?
expect(response.body).to match(body)
end
end
end
end
RSpec.shared_examples 'Debian distributions DELETE request' do |status, body|
and_body = body.nil? ? '' : ' and expected body'
if status == :success
it 'updates distribution', :aggregate_failures do
expect { subject }
.to change { Packages::Debian::GroupDistribution.all.count + Packages::Debian::ProjectDistribution.all.count }.by(-1)
.and change { Packages::Debian::GroupComponent.all.count + Packages::Debian::ProjectComponent.all.count }.by(-1)
.and change { Packages::Debian::GroupArchitecture.all.count + Packages::Debian::ProjectArchitecture.all.count }.by(-2)
expect(response).to have_gitlab_http_status(status)
expect(response.media_type).to eq('application/json')
unless body.nil?
expect(response.body).to match(body)
end
end
else
it "returns #{status}#{and_body}", :aggregate_failures do
subject
expect(response).to have_gitlab_http_status(status)
unless body.nil?
expect(response.body).to match(body)
end
end
end
end
RSpec.shared_examples 'Debian distributions POST request' do |status, body|
and_body = body.nil? ? '' : ' and expected body'
if status == :created
it 'creates distribution', :aggregate_failures do
expect(::Packages::Debian::CreateDistributionService).to receive(:new).with(container, user, api_params).and_call_original
expect { subject }
.to change { Packages::Debian::GroupDistribution.all.count + Packages::Debian::ProjectDistribution.all.count }.by(1)
.and change { Packages::Debian::GroupComponent.all.count + Packages::Debian::ProjectComponent.all.count }.by(1)
.and change { Packages::Debian::GroupArchitecture.all.count + Packages::Debian::ProjectArchitecture.all.count }.by(2)
expect(response).to have_gitlab_http_status(status)
expect(response.media_type).to eq('application/json')
unless body.nil?
expect(response.body).to match(body)
end
end
else
it "returns #{status}#{and_body}", :aggregate_failures do
subject
expect(response).to have_gitlab_http_status(status)
unless body.nil?
expect(response.body).to match(body)
end
end
end
end
RSpec.shared_examples 'Debian distributions read endpoint' do |desired_behavior, success_status, success_body|
context 'with valid container' do
using RSpec::Parameterized::TableSyntax
where(:visibility_level, :user_type, :auth_method, :expected_status, :expected_body) do
:public | :guest | :private_token | success_status | success_body
:public | :not_a_member | :private_token | success_status | success_body
:public | :anonymous | :private_token | success_status | success_body
:public | :invalid_token | :private_token | :unauthorized | nil
:private | :developer | :private_token | success_status | success_body
:private | :developer | :basic | :not_found | nil
:private | :guest | :private_token | :forbidden | nil
:private | :not_a_member | :private_token | :not_found | nil
:private | :anonymous | :private_token | :not_found | nil
:private | :invalid_token | :private_token | :unauthorized | nil
end
with_them do
include_context 'Debian repository access', params[:visibility_level], params[:user_type], params[:auth_method] do
it_behaves_like "Debian distributions #{desired_behavior} request", params[:expected_status], params[:expected_body]
end
end
end
it_behaves_like 'rejects Debian access with unknown container id', :not_found, :private_token
end
RSpec.shared_examples 'Debian distributions write endpoint' do |desired_behavior, success_status, success_body|
context 'with valid container' do
using RSpec::Parameterized::TableSyntax
where(:visibility_level, :user_type, :auth_method, :expected_status, :expected_body) do
:public | :developer | :private_token | success_status | success_body
:public | :developer | :basic | :unauthorized | nil
:public | :guest | :private_token | :forbidden | nil
:public | :not_a_member | :private_token | :forbidden | nil
:public | :anonymous | :private_token | :unauthorized | nil
:public | :invalid_token | :private_token | :unauthorized | nil
:private | :developer | :private_token | success_status | success_body
:private | :guest | :private_token | :forbidden | nil
:private | :not_a_member | :private_token | :not_found | nil
:private | :anonymous | :private_token | :not_found | nil
:private | :invalid_token | :private_token | :unauthorized | nil
end
with_them do
include_context 'Debian repository access', params[:visibility_level], params[:user_type], params[:auth_method] do
it_behaves_like "Debian distributions #{desired_behavior} request", params[:expected_status], params[:expected_body]
end
end
end
it_behaves_like 'rejects Debian access with unknown container id', :not_found, :private_token
end
RSpec.shared_examples 'Debian distributions maintainer write endpoint' do |desired_behavior, success_status, success_body|
context 'with valid container' do
using RSpec::Parameterized::TableSyntax
where(:visibility_level, :user_type, :auth_method, :expected_status, :expected_body) do
:public | :maintainer | :private_token | success_status | success_body
:public | :maintainer | :basic | :unauthorized | nil
:public | :developer | :private_token | :forbidden | nil
:public | :not_a_member | :private_token | :forbidden | nil
:public | :anonymous | :private_token | :unauthorized | nil
:public | :invalid_token | :private_token | :unauthorized | nil
:private | :maintainer | :private_token | success_status | success_body
:private | :developer | :private_token | :forbidden | nil
:private | :not_a_member | :private_token | :not_found | nil
:private | :anonymous | :private_token | :not_found | nil
:private | :invalid_token | :private_token | :unauthorized | nil
end
with_them do
include_context 'Debian repository access', params[:visibility_level], params[:user_type], params[:auth_method] do
it_behaves_like "Debian distributions #{desired_behavior} request", params[:expected_status], params[:expected_body]
end
end
end
it_behaves_like 'rejects Debian access with unknown container id', :not_found, :private_token
end
# frozen_string_literal: true
RSpec.shared_context 'Debian repository shared context' do |container_type, can_freeze|
include_context 'workhorse headers'
before do
stub_feature_flags(debian_packages: true, debian_group_packages: true)
end
let_it_be(:private_container, freeze: can_freeze) { create(container_type, :private) }
let_it_be(:public_container, freeze: can_freeze) { create(container_type, :public) }
let_it_be(:user, freeze: true) { create(:user) }
let_it_be(:personal_access_token, freeze: true) { create(:personal_access_token, user: user) }
let_it_be(:private_distribution, freeze: true) { create("debian_#{container_type}_distribution", :with_file, container: private_container, codename: 'existing-codename') }
let_it_be(:private_distribution_key, freeze: true) { create("debian_#{container_type}_distribution_key", distribution: private_distribution) }
let_it_be(:private_component, freeze: true) { create("debian_#{container_type}_component", distribution: private_distribution, name: 'existing-component') }
let_it_be(:private_architecture_all, freeze: true) { create("debian_#{container_type}_architecture", distribution: private_distribution, name: 'all') }
let_it_be(:private_architecture, freeze: true) { create("debian_#{container_type}_architecture", distribution: private_distribution, name: 'existing-arch') }
let_it_be(:private_component_file) { create("debian_#{container_type}_component_file", component: private_component, architecture: private_architecture) }
let_it_be(:public_distribution, freeze: true) { create("debian_#{container_type}_distribution", :with_file, container: public_container, codename: 'existing-codename') }
let_it_be(:public_distribution_key, freeze: true) { create("debian_#{container_type}_distribution_key", distribution: public_distribution) }
let_it_be(:public_component, freeze: true) { create("debian_#{container_type}_component", distribution: public_distribution, name: 'existing-component') }
let_it_be(:public_architecture_all, freeze: true) { create("debian_#{container_type}_architecture", distribution: public_distribution, name: 'all') }
let_it_be(:public_architecture, freeze: true) { create("debian_#{container_type}_architecture", distribution: public_distribution, name: 'existing-arch') }
let_it_be(:public_component_file) { create("debian_#{container_type}_component_file", component: public_component, architecture: public_architecture) }
if container_type == :group
let_it_be(:private_project) { create(:project, :private, group: private_container) }
let_it_be(:public_project) { create(:project, :public, group: public_container) }
let_it_be(:private_project_distribution) { create(:debian_project_distribution, container: private_project, codename: 'existing-codename') }
let_it_be(:public_project_distribution) { create(:debian_project_distribution, container: public_project, codename: 'existing-codename') }
let(:project) { { private: private_project, public: public_project }[visibility_level] }
else
let_it_be(:private_project) { private_container }
let_it_be(:public_project) { public_container }
let_it_be(:private_project_distribution) { private_distribution }
let_it_be(:public_project_distribution) { public_distribution }
end
let_it_be(:private_package) { create(:debian_package, project: private_project, published_in: private_project_distribution) }
let_it_be(:public_package) { create(:debian_package, project: public_project, published_in: public_project_distribution) }
let(:visibility_level) { :public }
let(:distribution) { { private: private_distribution, public: public_distribution }[visibility_level] }
let(:architecture) { { private: private_architecture, public: public_architecture }[visibility_level] }
let(:component) { { private: private_component, public: public_component }[visibility_level] }
let(:component_file) { { private: private_component_file, public: public_component_file }[visibility_level] }
let(:package) { { private: private_package, public: public_package }[visibility_level] }
let(:letter) { package.name[0..2] == 'lib' ? package.name[0..3] : package.name[0] }
let(:method) { :get }
let(:workhorse_params) do
if method == :put
file_upload = fixture_file_upload("spec/fixtures/packages/debian/#{file_name}")
{ file: file_upload }
else
{}
end
end
let(:api_params) { workhorse_params }
let(:auth_headers) { {} }
let(:wh_headers) do
if method == :put
workhorse_headers
else
{}
end
end
let(:headers) { auth_headers.merge(wh_headers) }
let(:send_rewritten_field) { true }
subject do
if method == :put
workhorse_finalize(
api(url),
method: method,
file_key: :file,
params: api_params,
headers: headers,
send_rewritten_field: send_rewritten_field
)
else
send method, api(url), headers: headers, params: api_params
end
end
end
RSpec.shared_context 'with file_name' do |file_name|
let(:file_name) { file_name }
end
RSpec.shared_context 'Debian repository auth headers' do |user_role, user_token, auth_method = :token|
let(:token) { user_token ? personal_access_token.token : 'wrong' }
let(:auth_headers) do
if user_role == :anonymous
{}
elsif auth_method == :token
{ 'Private-Token' => token }
else
basic_auth_header(user.username, token)
end
end
end
RSpec.shared_context 'Debian repository access' do |visibility_level, user_role, add_member, user_token, auth_method|
include_context 'Debian repository auth headers', user_role, user_token, auth_method do
let(:containers) { { private: private_container, public: public_container } }
let(:container) { containers[visibility_level] }
before do
container.send("add_#{user_role}", user) if add_member && user_role != :anonymous
end
end
end
RSpec.shared_examples 'Debian repository GET request' do |status, body = nil|
RSpec.shared_examples 'Debian packages GET request' do |status, body = nil|
and_body = body.nil? ? '' : ' and expected body'
it "returns #{status}#{and_body}" do
......@@ -137,7 +14,7 @@ RSpec.shared_examples 'Debian repository GET request' do |status, body = nil|
end
end
RSpec.shared_examples 'Debian repository upload request' do |status, body = nil|
RSpec.shared_examples 'Debian packages upload request' do |status, body = nil|
and_body = body.nil? ? '' : ' and expected body'
if status == :created
......@@ -177,7 +54,7 @@ RSpec.shared_examples 'Debian repository upload request' do |status, body = nil|
end
end
RSpec.shared_examples 'Debian repository upload authorize request' do |status, body = nil|
RSpec.shared_examples 'Debian packages upload authorize request' do |status, body = nil|
and_body = body.nil? ? '' : ' and expected body'
if status == :created
......@@ -223,237 +100,57 @@ RSpec.shared_examples 'Debian repository upload authorize request' do |status, b
end
end
RSpec.shared_examples 'Debian repository POST distribution request' do |status, body|
and_body = body.nil? ? '' : ' and expected body'
if status == :created
it 'creates distribution', :aggregate_failures do
expect(::Packages::Debian::CreateDistributionService).to receive(:new).with(container, user, api_params).and_call_original
expect { subject }
.to change { Packages::Debian::GroupDistribution.all.count + Packages::Debian::ProjectDistribution.all.count }.by(1)
.and change { Packages::Debian::GroupComponent.all.count + Packages::Debian::ProjectComponent.all.count }.by(1)
.and change { Packages::Debian::GroupArchitecture.all.count + Packages::Debian::ProjectArchitecture.all.count }.by(2)
expect(response).to have_gitlab_http_status(status)
expect(response.media_type).to eq('application/json')
unless body.nil?
expect(response.body).to match(body)
end
end
else
it "returns #{status}#{and_body}", :aggregate_failures do
subject
expect(response).to have_gitlab_http_status(status)
unless body.nil?
expect(response.body).to match(body)
end
end
end
end
RSpec.shared_examples 'Debian repository PUT distribution request' do |status, body|
and_body = body.nil? ? '' : ' and expected body'
if status == :success
it 'updates distribution', :aggregate_failures do
expect(::Packages::Debian::UpdateDistributionService).to receive(:new).with(distribution, api_params.except(:codename)).and_call_original
expect { subject }
.to not_change { Packages::Debian::GroupDistribution.all.count + Packages::Debian::ProjectDistribution.all.count }
.and not_change { Packages::Debian::GroupComponent.all.count + Packages::Debian::ProjectComponent.all.count }
.and not_change { Packages::Debian::GroupArchitecture.all.count + Packages::Debian::ProjectArchitecture.all.count }
expect(response).to have_gitlab_http_status(status)
expect(response.media_type).to eq('application/json')
unless body.nil?
expect(response.body).to match(body)
end
end
else
it "returns #{status}#{and_body}", :aggregate_failures do
subject
expect(response).to have_gitlab_http_status(status)
unless body.nil?
expect(response.body).to match(body)
end
end
end
end
RSpec.shared_examples 'Debian repository DELETE distribution request' do |status, body|
and_body = body.nil? ? '' : ' and expected body'
if status == :success
it 'updates distribution', :aggregate_failures do
expect { subject }
.to change { Packages::Debian::GroupDistribution.all.count + Packages::Debian::ProjectDistribution.all.count }.by(-1)
.and change { Packages::Debian::GroupComponent.all.count + Packages::Debian::ProjectComponent.all.count }.by(-1)
.and change { Packages::Debian::GroupArchitecture.all.count + Packages::Debian::ProjectArchitecture.all.count }.by(-2)
expect(response).to have_gitlab_http_status(status)
expect(response.media_type).to eq('application/json')
unless body.nil?
expect(response.body).to match(body)
end
end
else
it "returns #{status}#{and_body}", :aggregate_failures do
subject
expect(response).to have_gitlab_http_status(status)
unless body.nil?
expect(response.body).to match(body)
end
end
end
end
RSpec.shared_examples 'rejects Debian access with unknown container id' do |hidden_status|
context 'with an unknown container' do
let(:container) { double(id: non_existing_record_id) }
context 'as anonymous' do
it_behaves_like 'Debian repository GET request', hidden_status, nil
end
context 'as authenticated user' do
subject { get api(url), headers: basic_auth_header(user.username, personal_access_token.token) }
it_behaves_like 'Debian repository GET request', :not_found, nil
end
end
end
RSpec.shared_examples 'Debian repository read endpoint' do |desired_behavior, success_status, success_body, authenticate_non_public: true|
hidden_status = if authenticate_non_public
:unauthorized
else
:not_found
end
context 'with valid container' do
using RSpec::Parameterized::TableSyntax
where(:visibility_level, :user_role, :member, :user_token, :expected_status, :expected_body) do
:public | :developer | true | true | success_status | success_body
:public | :guest | true | true | success_status | success_body
:public | :developer | true | false | :unauthorized | nil
:public | :guest | true | false | :unauthorized | nil
:public | :developer | false | true | success_status | success_body
:public | :guest | false | true | success_status | success_body
:public | :developer | false | false | :unauthorized | nil
:public | :guest | false | false | :unauthorized | nil
:public | :anonymous | false | true | success_status | success_body
:private | :developer | true | true | success_status | success_body
:private | :guest | true | true | :forbidden | nil
:private | :developer | true | false | :unauthorized | nil
:private | :guest | true | false | :unauthorized | nil
:private | :developer | false | true | :not_found | nil
:private | :guest | false | true | :not_found | nil
:private | :developer | false | false | :unauthorized | nil
:private | :guest | false | false | :unauthorized | nil
:private | :anonymous | false | true | hidden_status | nil
end
with_them do
include_context 'Debian repository access', params[:visibility_level], params[:user_role], params[:member], params[:user_token], :basic do
it_behaves_like "Debian repository #{desired_behavior}", params[:expected_status], params[:expected_body]
end
end
end
it_behaves_like 'rejects Debian access with unknown container id', hidden_status
end
RSpec.shared_examples 'Debian repository write endpoint' do |desired_behavior, success_status, success_body, authenticate_non_public: true|
hidden_status = if authenticate_non_public
:unauthorized
else
:not_found
end
RSpec.shared_examples 'Debian packages read endpoint' do |desired_behavior, success_status, success_body|
context 'with valid container' do
using RSpec::Parameterized::TableSyntax
where(:visibility_level, :user_role, :member, :user_token, :expected_status, :expected_body) do
:public | :developer | true | true | success_status | success_body
:public | :guest | true | true | :forbidden | nil
:public | :developer | true | false | :unauthorized | nil
:public | :guest | true | false | :unauthorized | nil
:public | :developer | false | true | :forbidden | nil
:public | :guest | false | true | :forbidden | nil
:public | :developer | false | false | :unauthorized | nil
:public | :guest | false | false | :unauthorized | nil
:public | :anonymous | false | true | :unauthorized | nil
:private | :developer | true | true | success_status | success_body
:private | :guest | true | true | :forbidden | nil
:private | :developer | true | false | :unauthorized | nil
:private | :guest | true | false | :unauthorized | nil
:private | :developer | false | true | :not_found | nil
:private | :guest | false | true | :not_found | nil
:private | :developer | false | false | :unauthorized | nil
:private | :guest | false | false | :unauthorized | nil
:private | :anonymous | false | true | hidden_status | nil
where(:visibility_level, :user_type, :auth_method, :expected_status, :expected_body) do
:public | :guest | :basic | success_status | success_body
:public | :not_a_member | :basic | success_status | success_body
:public | :anonymous | :basic | success_status | success_body
:public | :invalid_token | :basic | :unauthorized | nil
:private | :developer | :basic | success_status | success_body
:private | :developer | :private_token | :unauthorized | nil
:private | :guest | :basic | :forbidden | nil
:private | :not_a_member | :basic | :not_found | nil
:private | :anonymous | :basic | :unauthorized | nil
:private | :invalid_token | :basic | :unauthorized | nil
end
with_them do
include_context 'Debian repository access', params[:visibility_level], params[:user_role], params[:member], params[:user_token], :basic do
it_behaves_like "Debian repository #{desired_behavior}", params[:expected_status], params[:expected_body]
include_context 'Debian repository access', params[:visibility_level], params[:user_type], params[:auth_method] do
it_behaves_like "Debian packages #{desired_behavior} request", params[:expected_status], params[:expected_body]
end
end
end
it_behaves_like 'rejects Debian access with unknown container id', hidden_status
it_behaves_like 'rejects Debian access with unknown container id', :unauthorized, :basic
end
RSpec.shared_examples 'Debian repository maintainer write endpoint' do |desired_behavior, success_status, success_body, authenticate_non_public: true|
hidden_status = if authenticate_non_public
:unauthorized
else
:not_found
end
RSpec.shared_examples 'Debian packages write endpoint' do |desired_behavior, success_status, success_body|
context 'with valid container' do
using RSpec::Parameterized::TableSyntax
where(:visibility_level, :user_role, :member, :user_token, :expected_status, :expected_body) do
:public | :maintainer | true | true | success_status | success_body
:public | :developer | true | true | :forbidden | nil
:public | :guest | true | true | :forbidden | nil
:public | :maintainer | true | false | :unauthorized | nil
:public | :guest | true | false | :unauthorized | nil
:public | :maintainer | false | true | :forbidden | nil
:public | :guest | false | true | :forbidden | nil
:public | :maintainer | false | false | :unauthorized | nil
:public | :guest | false | false | :unauthorized | nil
:public | :anonymous | false | true | :unauthorized | nil
:private | :maintainer | true | true | success_status | success_body
:private | :developer | true | true | :forbidden | nil
:private | :guest | true | true | :forbidden | nil
:private | :maintainer | true | false | :unauthorized | nil
:private | :guest | true | false | :unauthorized | nil
:private | :maintainer | false | true | :not_found | nil
:private | :guest | false | true | :not_found | nil
:private | :maintainer | false | false | :unauthorized | nil
:private | :guest | false | false | :unauthorized | nil
:private | :anonymous | false | true | hidden_status | nil
where(:visibility_level, :user_type, :auth_method, :expected_status, :expected_body) do
:public | :developer | :basic | success_status | success_body
:public | :developer | :private_token | :unauthorized | nil
:public | :guest | :basic | :forbidden | nil
:public | :not_a_member | :basic | :forbidden | nil
:public | :anonymous | :basic | :unauthorized | nil
:public | :invalid_token | :basic | :unauthorized | nil
:private | :developer | :basic | success_status | success_body
:private | :guest | :basic | :forbidden | nil
:private | :not_a_member | :basic | :not_found | nil
:private | :anonymous | :basic | :unauthorized | nil
:private | :invalid_token | :basic | :unauthorized | nil
end
with_them do
include_context 'Debian repository access', params[:visibility_level], params[:user_role], params[:member], params[:user_token], :basic do
it_behaves_like "Debian repository #{desired_behavior}", params[:expected_status], params[:expected_body]
include_context 'Debian repository access', params[:visibility_level], params[:user_type], params[:auth_method] do
it_behaves_like "Debian packages #{desired_behavior} request", params[:expected_status], params[:expected_body]
end
end
end
it_behaves_like 'rejects Debian access with unknown container id', hidden_status
it_behaves_like 'rejects Debian access with unknown container id', :unauthorized, :basic
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment