Add http status cop in top-level request specs

279 files inspected, 62 offenses detected, 62 offenses corrected

.rubocop.yml

@@ -353,6 +353,8 @@ RSpec/HaveGitlabHttpStatus:
     - 'ee/spec/features/**/*'
     - 'spec/controllers/*.rb'
     - 'ee/spec/controllers/*.rb'
+    - 'spec/requests/*.rb'
+    - 'ee/spec/requests/*.rb'
 
 Style/MultilineWhenThen:
   Enabled: false

ee/spec/requests/groups_controller_spec.rb

@@ -37,7 +37,7 @@ describe GroupsController, type: :request do
                 expect { subject }
                   .to(change { group.reload.ip_restrictions.map(&:range) }
                     .from([]).to(range.split(',')))
-                expect(response).to have_gitlab_http_status(302)
+                expect(response).to have_gitlab_http_status(:found)
               end
             end
 
@@ -60,7 +60,7 @@ describe GroupsController, type: :request do
             it 'adds error message' do
               expect { subject }
                 .not_to(change { group.reload.ip_restrictions.count }.from(0))
-              expect(response).to have_gitlab_http_status(200)
+              expect(response).to have_gitlab_http_status(:ok)
               expect(response.body).to include('Ip restrictions range is an invalid IP address range')
             end
           end
@@ -77,7 +77,7 @@ describe GroupsController, type: :request do
                   expect { subject }
                     .to(change { group.reload.ip_restrictions.map(&:range) }
                       .from(['10.0.0.0/8']).to(range.split(',')))
-                  expect(response).to have_gitlab_http_status(302)
+                  expect(response).to have_gitlab_http_status(:found)
                 end
               end
 
@@ -113,7 +113,7 @@ describe GroupsController, type: :request do
                 it 'adds error message' do
                   subject
 
-                  expect(response).to have_gitlab_http_status(200)
+                  expect(response).to have_gitlab_http_status(:ok)
                   expect(response.body).to include('Ip restrictions range is an invalid IP address range')
                 end
               end
@@ -140,7 +140,7 @@ describe GroupsController, type: :request do
             it 'deletes ip restriction' do
               expect { subject }
                 .to(change { group.reload.ip_restrictions.count }.to(0))
-              expect(response).to have_gitlab_http_status(302)
+              expect(response).to have_gitlab_http_status(:found)
             end
           end
         end
@@ -152,7 +152,7 @@ describe GroupsController, type: :request do
         it 'does not create ip restriction' do
           expect { subject }
             .not_to change { group.reload.ip_restrictions.count }.from(0)
-          expect(response).to have_gitlab_http_status(200)
+          expect(response).to have_gitlab_http_status(:ok)
           expect(response.body).to include('Ip restrictions base IP subnet restriction only allowed for top-level groups')
         end
       end
@@ -166,7 +166,7 @@ describe GroupsController, type: :request do
         it 'updates group setting' do
           expect { subject }
             .to change { group.reload.two_factor_grace_period }.from(48).to(42)
-          expect(response).to have_gitlab_http_status(302)
+          expect(response).to have_gitlab_http_status(:found)
         end
 
         it 'does not create ip restriction' do
@@ -182,7 +182,7 @@ describe GroupsController, type: :request do
         it 'does not create ip restriction' do
           expect { subject }
             .not_to change { group.reload.ip_restrictions.count }.from(0)
-          expect(response).to have_gitlab_http_status(302)
+          expect(response).to have_gitlab_http_status(:found)
         end
       end
     end

ee/spec/requests/jwt_controller_spec.rb

@@ -28,7 +28,7 @@ describe JwtController do
       it 'allows access' do
         get '/jwt/auth', params: parameters, headers: headers
 
-        expect(response).to have_gitlab_http_status(200)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(token_response['access']).to be_present
         expect(token_access['actions']).to eq ['pull']
         expect(token_access['type']).to eq 'repository'

ee/spec/requests/lfs_http_spec.rb

@@ -55,7 +55,7 @@ describe 'Git LFS API and storage' do
           end
 
           it 'responds with status 406' do
-            expect(response).to have_gitlab_http_status(406)
+            expect(response).to have_gitlab_http_status(:not_acceptable)
             expect(json_response['message']).to eql('Your push has been rejected, because this repository has exceeded its size limit of 99 MB by 1 MB. Please contact your GitLab administrator for more information.')
           end
         end
@@ -68,7 +68,7 @@ describe 'Git LFS API and storage' do
           end
 
           it 'responds with status 406' do
-            expect(response).to have_gitlab_http_status(406)
+            expect(response).to have_gitlab_http_status(:not_acceptable)
             expect(json_response['documentation_url']).to include('/help')
             expect(json_response['message']).to eql('Your push has been rejected, because this repository has exceeded its size limit of 300 MB by 50 MB. Please contact your GitLab administrator for more information.')
           end
@@ -125,7 +125,7 @@ describe 'Git LFS API and storage' do
             end
 
             it 'responds with status 200' do
-              expect(response).to have_gitlab_http_status(200)
+              expect(response).to have_gitlab_http_status(:ok)
             end
           end
         end

ee/spec/requests/rack_attack_global_spec.rb

@@ -20,7 +20,7 @@ describe 'Rack Attack global throttles' do
     it 'allows requests over the rate limit' do
       (1 + requests_per_period).times do
         get "/#{project.full_path}.git/info/refs", params: { service: 'git-upload-pack' }, headers: { 'Authorization' => "#{::Gitlab::Geo::BaseRequest::GITLAB_GEO_AUTH_TOKEN_TYPE} token" }
-        expect(response).to have_http_status 401
+        expect(response).to have_gitlab_http_status(:unauthorized)
       end
     end
   end

ee/spec/requests/rack_attack_spec.rb

@@ -40,7 +40,7 @@ describe 'Rack Attack EE throttles' do
           # At first, allow requests under the rate limit.
           requests_per_period.times do
             post(*post_args)
-            expect(response).to have_http_status 200
+            expect(response).to have_gitlab_http_status(:ok)
           end
 
           # the last straw
@@ -50,7 +50,7 @@ describe 'Rack Attack EE throttles' do
         it 'allows requests after throttling and then waiting for the next period' do
           requests_per_period.times do
             post(*post_args)
-            expect(response).to have_http_status 200
+            expect(response).to have_gitlab_http_status(:ok)
           end
 
           expect_rejection { post(*post_args) }
@@ -58,7 +58,7 @@ describe 'Rack Attack EE throttles' do
           Timecop.travel(period.from_now) do
             requests_per_period.times do
               post(*post_args)
-              expect(response).to have_http_status 200
+              expect(response).to have_gitlab_http_status(:ok)
             end
 
             expect_rejection { post(*post_args) }
@@ -73,12 +73,12 @@ describe 'Rack Attack EE throttles' do
           # At first, allow requests under the rate limit.
           requests_per_period.times do
             post(*post_args)
-            expect(response).to have_http_status 200
+            expect(response).to have_gitlab_http_status(:ok)
           end
 
           # requests still allowed
           post(*post_args)
-          expect(response).to have_http_status 200
+          expect(response).to have_gitlab_http_status(:ok)
         end
       end
     end

ee/spec/requests/smartcard_controller_spec.rb

@@ -72,7 +72,7 @@ describe SmartcardController, type: :request do
       it 'renders 404' do
         subject
 
-        expect(response).to have_gitlab_http_status(404)
+        expect(response).to have_gitlab_http_status(:not_found)
       end
     end
   end
@@ -140,7 +140,7 @@ describe SmartcardController, type: :request do
       it 'renders 401' do
         subject
 
-        expect(response).to have_gitlab_http_status(401)
+        expect(response).to have_gitlab_http_status(:unauthorized)
         expect(request.env['warden']).not_to be_authenticated
       end
     end

spec/requests/git_http_spec.rb

@@ -848,7 +848,7 @@ describe 'Git HTTP requests' do
           end
 
           it "redirects" do
-            expect(response).to have_gitlab_http_status(302)
+            expect(response).to have_gitlab_http_status(:found)
           end
         end
       end
@@ -890,7 +890,7 @@ describe 'Git HTTP requests' do
 
           it "responds with status 200" do
             clone_get(path, env) do |response|
-              expect(response).to have_gitlab_http_status(200)
+              expect(response).to have_gitlab_http_status(:ok)
             end
           end
 

spec/requests/jwt_controller_spec.rb

@@ -15,12 +15,12 @@ describe JwtController do
   context 'existing service' do
     subject! { get '/jwt/auth', params: parameters }
 
-    it { expect(response).to have_gitlab_http_status(200) }
+    it { expect(response).to have_gitlab_http_status(:ok) }
 
     context 'returning custom http code' do
       let(:service) { double(execute: { http_status: 505 }) }
 
-      it { expect(response).to have_gitlab_http_status(505) }
+      it { expect(response).to have_gitlab_http_status(:http_version_not_supported) }
     end
   end
 
@@ -43,7 +43,7 @@ describe JwtController do
 
         subject! { get '/jwt/auth', params: parameters, headers: headers }
 
-        it { expect(response).to have_gitlab_http_status(401) }
+        it { expect(response).to have_gitlab_http_status(:unauthorized) }
       end
 
       context 'using personal access tokens' do
@@ -58,7 +58,7 @@ describe JwtController do
         subject! { get '/jwt/auth', params: parameters, headers: headers }
 
         it 'authenticates correctly' do
-          expect(response).to have_gitlab_http_status(200)
+          expect(response).to have_gitlab_http_status(:ok)
           expect(service_class).to have_received(:new).with(nil, user, ActionController::Parameters.new(parameters).permit!)
         end
       end
@@ -96,7 +96,7 @@ describe JwtController do
 
         context 'without personal token' do
           it 'rejects the authorization attempt' do
-            expect(response).to have_gitlab_http_status(401)
+            expect(response).to have_gitlab_http_status(:unauthorized)
             expect(response.body).to include('You must use a personal access token with \'api\' scope for Git over HTTP')
           end
         end
@@ -106,7 +106,7 @@ describe JwtController do
           let(:headers) { { authorization: credentials(user.username, access_token.token) } }
 
           it 'accepts the authorization attempt' do
-            expect(response).to have_gitlab_http_status(200)
+            expect(response).to have_gitlab_http_status(:ok)
           end
         end
       end
@@ -116,7 +116,7 @@ describe JwtController do
 
         get '/jwt/auth', params: parameters, headers: headers
 
-        expect(response).to have_gitlab_http_status(200)
+        expect(response).to have_gitlab_http_status(:ok)
       end
     end
 
@@ -127,7 +127,7 @@ describe JwtController do
         it 'rejects the authorization attempt' do
           get '/jwt/auth', params: parameters, headers: headers
 
-          expect(response).to have_gitlab_http_status(401)
+          expect(response).to have_gitlab_http_status(:unauthorized)
           expect(response.body).not_to include('You must use a personal access token with \'api\' scope for Git over HTTP')
         end
       end
@@ -139,7 +139,7 @@ describe JwtController do
           end
           get '/jwt/auth', params: parameters, headers: headers
 
-          expect(response).to have_gitlab_http_status(401)
+          expect(response).to have_gitlab_http_status(:unauthorized)
           expect(response.body).to include('You must use a personal access token with \'api\' scope for Git over HTTP')
         end
       end
@@ -150,7 +150,7 @@ describe JwtController do
     it 'accepts the authorization attempt' do
       get '/jwt/auth', params: parameters
 
-      expect(response).to have_gitlab_http_status(200)
+      expect(response).to have_gitlab_http_status(:ok)
     end
 
     it 'allows read access' do
@@ -163,7 +163,7 @@ describe JwtController do
   context 'unknown service' do
     subject! { get '/jwt/auth', params: { service: 'unknown' } }
 
-    it { expect(response).to have_gitlab_http_status(404) }
+    it { expect(response).to have_gitlab_http_status(:not_found) }
   end
 
   def credentials(login, password)

spec/requests/lfs_http_spec.rb

@@ -227,7 +227,7 @@ describe 'Git LFS API and storage' do
                 end
 
                 it 'responds with redirect' do
-                  expect(response).to have_gitlab_http_status(302)
+                  expect(response).to have_gitlab_http_status(:found)
                 end
 
                 it 'responds with the file location' do
@@ -1011,7 +1011,7 @@ describe 'Git LFS API and storage' do
                     it 'responds with status 403' do
                       subject
 
-                      expect(response).to have_gitlab_http_status(403)
+                      expect(response).to have_gitlab_http_status(:forbidden)
                     end
                   end
                 end
@@ -1027,7 +1027,7 @@ describe 'Git LFS API and storage' do
                   it 'responds with status 200' do
                     subject
 
-                    expect(response).to have_gitlab_http_status(200)
+                    expect(response).to have_gitlab_http_status(:ok)
 
                     object = LfsObject.find_by_oid(sample_oid)
                     expect(object).to be_present
@@ -1070,7 +1070,7 @@ describe 'Git LFS API and storage' do
 
             it 'rejects slashes in the tempfile name (path traversal)' do
               put_finalize('../bar', with_tempfile: true)
-              expect(response).to have_gitlab_http_status(403)
+              expect(response).to have_gitlab_http_status(:forbidden)
             end
           end
         end

spec/requests/lfs_locks_api_spec.rb

@@ -23,7 +23,7 @@ describe 'Git LFS File Locking API' do
       it 'returns a forbidden 403 response' do
         post_lfs_json url, body, headers
 
-        expect(response).to have_gitlab_http_status(403)
+        expect(response).to have_gitlab_http_status(:forbidden)
       end
     end
   end
@@ -51,7 +51,7 @@ describe 'Git LFS File Locking API' do
       it 'return an error message' do
         post_lfs_json url, body, headers
 
-        expect(response).to have_gitlab_http_status(409)
+        expect(response).to have_gitlab_http_status(:conflict)
 
         expect(json_response.keys).to match_array(%w(lock message documentation_url))
         expect(json_response['message']).to match(/already locked/)
@@ -68,7 +68,7 @@ describe 'Git LFS File Locking API' do
       it 'creates the lock' do
         post_lfs_json url, body, headers
 
-        expect(response).to have_gitlab_http_status(201)
+        expect(response).to have_gitlab_http_status(:created)
 
         expect(json_response['lock'].keys).to match_array(%w(id path locked_at owner))
       end
@@ -87,7 +87,7 @@ describe 'Git LFS File Locking API' do
 
       do_get url, nil, headers
 
-      expect(response).to have_gitlab_http_status(200)
+      expect(response).to have_gitlab_http_status(:ok)
 
       expect(json_response['locks'].size).to eq(2)
       expect(json_response['locks'].first.keys).to match_array(%w(id path locked_at owner))
@@ -106,7 +106,7 @@ describe 'Git LFS File Locking API' do
 
       post_lfs_json url, nil, headers
 
-      expect(response).to have_gitlab_http_status(200)
+      expect(response).to have_gitlab_http_status(:ok)
 
       expect(json_response['ours'].size).to eq(1)
       expect(json_response['ours'].first['path']).to eq('README')
@@ -126,7 +126,7 @@ describe 'Git LFS File Locking API' do
       it 'deletes the lock' do
         post_lfs_json url, nil, headers
 
-        expect(response).to have_gitlab_http_status(200)
+        expect(response).to have_gitlab_http_status(:ok)
       end
 
       it 'returns the deleted lock' do
@@ -142,7 +142,7 @@ describe 'Git LFS File Locking API' do
           project.add_maintainer(maintainer)
           post_lfs_json url, { force: true }, headers
 
-          expect(response).to have_gitlab_http_status(200)
+          expect(response).to have_gitlab_http_status(:ok)
         end
       end
     end

spec/requests/openid_connect_spec.rb

@@ -75,7 +75,7 @@ describe 'OpenID Connect requests' do
     it 'userinfo response is unauthorized' do
       request_user_info!
 
-      expect(response).to have_gitlab_http_status 403
+      expect(response).to have_gitlab_http_status(:forbidden)
       expect(response.body).to be_blank
     end
   end
@@ -177,7 +177,7 @@ describe 'OpenID Connect requests' do
     it 'correctly returns the configuration' do
       get '/.well-known/openid-configuration'
 
-      expect(response).to have_gitlab_http_status(200)
+      expect(response).to have_gitlab_http_status(:ok)
       expect(json_response['issuer']).to eq('http://localhost')
       expect(json_response['jwks_uri']).to eq('http://www.example.com/oauth/discovery/keys')
       expect(json_response['scopes_supported']).to eq(%w[api read_user read_repository write_repository sudo openid profile email])

spec/requests/rack_attack_global_spec.rb

@@ -53,7 +53,7 @@ describe 'Rack Attack global throttles' do
         # At first, allow requests under the rate limit.
         requests_per_period.times do
           get url_that_does_not_require_authentication
-          expect(response).to have_http_status 200
+          expect(response).to have_gitlab_http_status(:ok)
         end
 
         # the last straw
@@ -63,7 +63,7 @@ describe 'Rack Attack global throttles' do
       it 'allows requests after throttling and then waiting for the next period' do
         requests_per_period.times do
           get url_that_does_not_require_authentication
-          expect(response).to have_http_status 200
+          expect(response).to have_gitlab_http_status(:ok)
         end
 
         expect_rejection { get url_that_does_not_require_authentication }
@@ -71,7 +71,7 @@ describe 'Rack Attack global throttles' do
         Timecop.travel(period.from_now) do
           requests_per_period.times do
             get url_that_does_not_require_authentication
-            expect(response).to have_http_status 200
+            expect(response).to have_gitlab_http_status(:ok)
           end
 
           expect_rejection { get url_that_does_not_require_authentication }
@@ -81,7 +81,7 @@ describe 'Rack Attack global throttles' do
       it 'counts requests from different IPs separately' do
         requests_per_period.times do
           get url_that_does_not_require_authentication
-          expect(response).to have_http_status 200
+          expect(response).to have_gitlab_http_status(:ok)
         end
 
         expect_next_instance_of(Rack::Attack::Request) do |instance|
@@ -90,14 +90,14 @@ describe 'Rack Attack global throttles' do
 
         # would be over limit for the same IP
         get url_that_does_not_require_authentication
-        expect(response).to have_http_status 200
+        expect(response).to have_gitlab_http_status(:ok)
       end
 
       context 'when the request is to the api internal endpoints' do
         it 'allows requests over the rate limit' do
           (1 + requests_per_period).times do
             get url_api_internal, params: { secret_token: Gitlab::Shell.secret_token }
-            expect(response).to have_http_status 200
+            expect(response).to have_gitlab_http_status(:ok)
           end
         end
       end
@@ -109,7 +109,7 @@ describe 'Rack Attack global throttles' do
         it 'does not cont as unauthenticated' do
           (1 + requests_per_period).times do
             post request_jobs_url, params: { token: runner.token }
-            expect(response).to have_http_status 204
+            expect(response).to have_gitlab_http_status(:no_content)
           end
         end
       end
@@ -117,7 +117,7 @@ describe 'Rack Attack global throttles' do
       it 'logs RackAttack info into structured logs' do
         requests_per_period.times do
           get url_that_does_not_require_authentication
-          expect(response).to have_http_status 200
+          expect(response).to have_gitlab_http_status(:ok)
         end
 
         arguments = {
@@ -143,7 +143,7 @@ describe 'Rack Attack global throttles' do
       it 'allows requests over the rate limit' do
         (1 + requests_per_period).times do
           get url_that_does_not_require_authentication
-          expect(response).to have_http_status 200
+          expect(response).to have_gitlab_http_status(:ok)
         end
       end
     end
@@ -243,7 +243,7 @@ describe 'Rack Attack global throttles' do
         it 'allows requests over the rate limit' do
           (1 + requests_per_period).times do
             post protected_path_that_does_not_require_authentication, params: post_params
-            expect(response).to have_http_status 200
+            expect(response).to have_gitlab_http_status(:ok)
           end
         end
       end
@@ -257,7 +257,7 @@ describe 'Rack Attack global throttles' do
         it 'rejects requests over the rate limit' do
           requests_per_period.times do
             post protected_path_that_does_not_require_authentication, params: post_params
-            expect(response).to have_http_status 200
+            expect(response).to have_gitlab_http_status(:ok)
           end
 
           expect_rejection { post protected_path_that_does_not_require_authentication, params: post_params }
@@ -272,7 +272,7 @@ describe 'Rack Attack global throttles' do
           it 'allows requests over the rate limit' do
             (1 + requests_per_period).times do
               post protected_path_that_does_not_require_authentication, params: post_params
-              expect(response).to have_http_status 200
+              expect(response).to have_gitlab_http_status(:ok)
             end
           end
         end
@@ -329,7 +329,7 @@ describe 'Rack Attack global throttles' do
         it 'allows requests over the rate limit' do
           (1 + requests_per_period).times do
             post(*request_args)
-            expect(response).not_to have_http_status 429
+            expect(response).not_to have_gitlab_http_status(:too_many_requests)
           end
         end
       end
@@ -369,7 +369,7 @@ describe 'Rack Attack global throttles' do
         it 'allows requests over the rate limit' do
           (1 + requests_per_period).times do
             post url_that_requires_authentication
-            expect(response).not_to have_http_status 429
+            expect(response).not_to have_gitlab_http_status(:too_many_requests)
           end
         end
       end

spec/requests/user_avatar_spec.rb

@@ -19,7 +19,7 @@ describe 'Loading a user avatar' do
     it 'only performs three SQL queries' do
       get user.avatar_url # Skip queries on first application load
 
-      expect(response).to have_gitlab_http_status(200)
+      expect(response).to have_gitlab_http_status(:ok)
       expect { get user.avatar_url }.not_to exceed_query_limit(3)
     end
   end
@@ -29,7 +29,7 @@ describe 'Loading a user avatar' do
     it 'only performs two SQL queries' do
       get user.avatar_url # Skip queries on first application load
 
-      expect(response).to have_gitlab_http_status(200)
+      expect(response).to have_gitlab_http_status(:ok)
       expect { get user.avatar_url }.not_to exceed_query_limit(2)
     end
   end