Ensure URL in all Service subclasses are valid

Signed-off-by: Rémy Coutable <remy@rymai.me>

Ensure URL in all Service subclasses are valid
Signed-off-by: Rémy Coutable <remy@rymai.me>
ef340f6e · Rémy Coutable · Robert Speicher · b79c5c40 · ef340f6e · ef340f6e
Commit ef340f6e authored Apr 21, 2016 by Rémy Coutable Committed by Robert Speicher Apr 25, 2016
26 changed files
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -16,31 +16,49 @@ module IssuesHelper
  def url_for_project_issues(project = @project, options = {})
    return '' if project.nil?
-    if options[:only_path]
+    url =
-      project.issues_tracker.project_path
+      if options[:only_path]
-    else
+        project.issues_tracker.project_path
-      project.issues_tracker.project_url
+      else
-    end
+        project.issues_tracker.project_url
+      end
+    # Ensure we return a valid URL to prevent possible XSS.
+    URI.parse(url).to_s
+  rescue URI::InvalidURIError
+    ''
  end
  def url_for_new_issue(project = @project, options = {})
    return '' if project.nil?
-    if options[:only_path]
+    url =
-      project.issues_tracker.new_issue_path
+      if options[:only_path]
-    else
+        project.issues_tracker.new_issue_path
-      project.issues_tracker.new_issue_url
+      else
-    end
+        project.issues_tracker.new_issue_url
+      end
+    # Ensure we return a valid URL to prevent possible XSS.
+    URI.parse(url).to_s
+  rescue URI::InvalidURIError
+    ''
  end
  def url_for_issue(issue_iid, project = @project, options = {})
    return '' if project.nil?
-    if options[:only_path]
+    url =
-      project.issues_tracker.issue_path(issue_iid)
+      if options[:only_path]
-    else
+        project.issues_tracker.issue_path(issue_iid)
-      project.issues_tracker.issue_url(issue_iid)
+      else
-    end
+        project.issues_tracker.issue_url(issue_iid)
+      end
+    # Ensure we return a valid URL to prevent possible XSS.
+    URI.parse(url).to_s
+  rescue URI::InvalidURIError
+    ''
  end
  def bulk_update_milestone_options

--- a/app/models/project_services/buildkite_service.rb
+++ b/app/models/project_services/buildkite_service.rb
@@ -26,7 +26,7 @@ class BuildkiteService < CiService
  prop_accessor :project_url, :token, :enable_ssl_verification
-  validates :project_url, presence: true, if: :activated?
+  validates :project_url, presence: true, url: true, if: :activated?
  validates :token, presence: true, if: :activated?
  after_save :compose_service_hook, if: :activated?
@@ -91,7 +91,7 @@ class BuildkiteService < CiService
      { type: 'text',
        name: 'project_url',
        placeholder: "#{ENDPOINT}/example/project" },
      { type: 'checkbox',
        name: 'enable_ssl_verification',
        title: "Enable SSL verification" }

--- a/app/models/project_services/issue_tracker_service.rb
+++ b/app/models/project_services/issue_tracker_service.rb
@@ -21,7 +21,7 @@
 class IssueTrackerService < Service
-  validates :project_url, :issues_url, :new_issue_url, presence: true, if: :activated?
+  validates :project_url, :issues_url, :new_issue_url, presence: true, url: true, if: :activated?
  default_value_for :category, 'issue_tracker'

--- a/app/models/project_services/jira_service.rb
+++ b/app/models/project_services/jira_service.rb
@@ -28,6 +28,8 @@ class JiraService < IssueTrackerService
  prop_accessor :username, :password, :api_url, :jira_issue_transition_id,
                :title, :description, :project_url, :issues_url, :new_issue_url
+  validates :api_url, presence: true, url: true, if: :activated?
  before_validation :set_api_url, :set_jira_issue_transition_id
  before_update :reset_password

--- a/app/models/project_services/slack_service.rb
+++ b/app/models/project_services/slack_service.rb
@@ -22,7 +22,7 @@
 class SlackService < Service
  prop_accessor :webhook, :username, :channel
  boolean_accessor :notify_only_broken_builds
-  validates :webhook, presence: true, if: :activated?
+  validates :webhook, presence: true, url: true, if: :activated?
  def initialize_properties
    if properties.nil?

--- a/spec/helpers/issues_helper_spec.rb
+++ b/spec/helpers/issues_helper_spec.rb
@@ -30,6 +30,18 @@ describe IssuesHelper do
      expect(url_for_project_issues).to eq ""
    end
+    it 'returns an empty string if project_url is invalid' do
+      expect(project).to receive_message_chain('issues_tracker.project_url') { 'javascript:alert("foo");' }
+      expect(url_for_project_issues(project)).to eq ''
+    end
+    it 'returns an empty string if project_path is invalid' do
+      expect(project).to receive_message_chain('issues_tracker.project_path') { 'javascript:alert("foo");' }
+      expect(url_for_project_issues(project, only_path: true)).to eq ''
+    end
    describe "when external tracker was enabled and then config removed" do
      before do
        @project = ext_project
@@ -68,6 +80,18 @@ describe IssuesHelper do
      expect(url_for_issue(issue.iid)).to eq ""
    end
+    it 'returns an empty string if issue_url is invalid' do
+      expect(project).to receive_message_chain('issues_tracker.issue_url') { 'javascript:alert("foo");' }
+      expect(url_for_issue(issue.iid, project)).to eq ''
+    end
+    it 'returns an empty string if issue_path is invalid' do
+      expect(project).to receive_message_chain('issues_tracker.issue_path') { 'javascript:alert("foo");' }
+      expect(url_for_issue(issue.iid, project, only_path: true)).to eq ''
+    end
    describe "when external tracker was enabled and then config removed" do
      before do
        @project = ext_project
@@ -105,6 +129,18 @@ describe IssuesHelper do
      expect(url_for_new_issue).to eq ""
    end
+    it 'returns an empty string if issue_url is invalid' do
+      expect(project).to receive_message_chain('issues_tracker.new_issue_url') { 'javascript:alert("foo");' }
+      expect(url_for_new_issue(project)).to eq ''
+    end
+    it 'returns an empty string if issue_path is invalid' do
+      expect(project).to receive_message_chain('issues_tracker.new_issue_path') { 'javascript:alert("foo");' }
+      expect(url_for_new_issue(project, only_path: true)).to eq ''
+    end
    describe "when external tracker was enabled and then config removed" do
      before do
        @project = ext_project

--- a/spec/models/project_services/bamboo_service_spec.rb
+++ b/spec/models/project_services/bamboo_service_spec.rb
@@ -27,86 +27,51 @@ describe BambooService, models: true do
  end
  describe 'Validations' do
-    describe '#bamboo_url' do
+    subject { service }
-      it 'does not validate the presence of bamboo_url if service is not active' do
-        bamboo_service = service
-        bamboo_service.active = false
-        expect(bamboo_service).not_to validate_presence_of(:bamboo_url)
-      end
-      it 'validates the presence of bamboo_url if service is active' do
-        bamboo_service = service
-        bamboo_service.active = true
-        expect(bamboo_service).to validate_presence_of(:bamboo_url)
-      end
-    end
-    describe '#build_key' do
+    context 'when service is active' do
-      it 'does not validate the presence of build_key if service is not active' do
+      before { subject.active = true }
-        bamboo_service = service
-        bamboo_service.active = false
-        expect(bamboo_service).not_to validate_presence_of(:build_key)
+      it { is_expected.to validate_presence_of(:build_key) }
-      end
+      it { is_expected.to validate_presence_of(:bamboo_url) }
+      it_behaves_like 'issue tracker service URL attribute', :bamboo_url
-      it 'validates the presence of build_key if service is active' do
+      describe '#username' do
-        bamboo_service = service
+        it 'does not validate the presence of username if password is nil' do
-        bamboo_service.active = true
+          subject.password = nil
-        expect(bamboo_service).to validate_presence_of(:build_key)
+          expect(subject).not_to validate_presence_of(:username)
-      end
+        end
-    end
-    describe '#username' do
+        it 'validates the presence of username if password is present' do
-      it 'does not validate the presence of username if service is not active' do
+          subject.password = 'secret'
-        bamboo_service = service
-        bamboo_service.active = false
-        expect(bamboo_service).not_to validate_presence_of(:username)
+          expect(subject).to validate_presence_of(:username)
+        end
      end
-      it 'does not validate the presence of username if username is nil' do
+      describe '#password' do
-        bamboo_service = service
+        it 'does not validate the presence of password if username is nil' do
-        bamboo_service.active = true
+          subject.username = nil
-        bamboo_service.password = nil
-        expect(bamboo_service).not_to validate_presence_of(:username)
+          expect(subject).not_to validate_presence_of(:password)
-      end
+        end
-      it 'validates the presence of username if service is active and username is present' do
+        it 'validates the presence of password if username is present' do
-        bamboo_service = service
+          subject.username = 'john'
-        bamboo_service.active = true
-        bamboo_service.password = 'secret'
-        expect(bamboo_service).to validate_presence_of(:username)
+          expect(subject).to validate_presence_of(:password)
+        end
      end
    end
-    describe '#password' do
+    context 'when service is inactive' do
-      it 'does not validate the presence of password if service is not active' do
+      before { subject.active = false }
-        bamboo_service = service
-        bamboo_service.active = false
-        expect(bamboo_service).not_to validate_presence_of(:password)
-      end
-      it 'does not validate the presence of password if username is nil' do
-        bamboo_service = service
-        bamboo_service.active = true
-        bamboo_service.username = nil
-        expect(bamboo_service).not_to validate_presence_of(:password)
-      end
-      it 'validates the presence of password if service is active and username is present' do
-        bamboo_service = service
-        bamboo_service.active = true
-        bamboo_service.username = 'john'
-        expect(bamboo_service).to validate_presence_of(:password)
+      it { is_expected.not_to validate_presence_of(:build_key) }
-      end
+      it { is_expected.not_to validate_presence_of(:bamboo_url) }
+      it { is_expected.not_to validate_presence_of(:username) }
+      it { is_expected.not_to validate_presence_of(:password) }
    end
  end

--- a/spec/models/project_services/buildkite_service_spec.rb
+++ b/spec/models/project_services/buildkite_service_spec.rb
@@ -26,6 +26,23 @@ describe BuildkiteService, models: true do
    it { is_expected.to have_one :service_hook }
  end
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+      it { is_expected.to validate_presence_of(:project_url) }
+      it { is_expected.to validate_presence_of(:token) }
+      it_behaves_like 'issue tracker service URL attribute', :project_url
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
+      it { is_expected.not_to validate_presence_of(:project_url) }
+      it { is_expected.not_to validate_presence_of(:token) }
+    end
+  end
  describe 'commits methods' do
    before do
      @project = Project.new

--- a/spec/models/project_services/builds_email_service_spec.rb
+++ b/spec/models/project_services/builds_email_service_spec.rb
 require 'spec_helper'
 describe BuildsEmailService do
-  let(:build) { create(:ci_build) }
+  let(:data) { Gitlab::BuildDataBuilder.build(create(:ci_build)) }
-  let(:data) { Gitlab::BuildDataBuilder.build(build) }
-  let!(:project) { create(:project, :public, ci_id: 1) }
+  describe 'Validations' do
-  let(:service) { described_class.new(project: project, active: true) }
+    context 'when service is active' do
+      before { subject.active = true }
+      it { is_expected.to validate_presence_of(:recipients) }
+      context 'when pusher is added' do
+        before { subject.add_pusher = true }
+        it { is_expected.not_to validate_presence_of(:recipients) }
+      end
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
+      it { is_expected.not_to validate_presence_of(:recipients) }
+    end
+  end
  describe '#execute' do
    it 'sends email' do
-      service.recipients = 'test@gitlab.com'
+      subject.recipients = 'test@gitlab.com'
      data[:build_status] = 'failed'
      expect(BuildEmailWorker).to receive(:perform_async)
-      service.execute(data)
+      subject.execute(data)
    end
    it 'does not send email with succeeded build and notify_only_broken_builds on' do
-      expect(service).to receive(:notify_only_broken_builds).and_return(true)
+      expect(subject).to receive(:notify_only_broken_builds).and_return(true)
      data[:build_status] = 'success'
      expect(BuildEmailWorker).not_to receive(:perform_async)
-      service.execute(data)
+      subject.execute(data)
    end
    it 'does not send email with failed build and build_allow_failure is true' do
      data[:build_status] = 'failed'
      data[:build_allow_failure] = true
      expect(BuildEmailWorker).not_to receive(:perform_async)
-      service.execute(data)
+      subject.execute(data)
    end
    it 'does not send email with unknown build status' do
      data[:build_status] = 'foo'
-      expect(BuildEmailWorker).not_to receive(:perform_async)
-      service.execute(data)
-    end
-    it 'does not send email when recipients list is empty' do
-      service.recipients = ' ,, '
-      data[:build_status] = 'failed'
      expect(BuildEmailWorker).not_to receive(:perform_async)
-      service.execute(data)
-    end
-  end
-  describe 'validations' do
-    context 'when pusher is not added' do
-      before { service.add_pusher = false }
-      it 'does not allow empty recipient input' do
-        service.recipients = ''
-        expect(service.valid?).to be false
-      end
-      it 'does allow non-empty recipient input' do
-        service.recipients = 'test@example.com'
-        expect(service.valid?).to be true
-      end
+      subject.execute(data)
    end
-    context 'when pusher is added' do
+    it 'does not send email when recipients list is empty' do
-      before { service.add_pusher = true }
+      subject.recipients = ' ,, '
+      data[:build_status] = 'failed'
-      it 'does allow empty recipient input' do
+      expect(BuildEmailWorker).not_to receive(:perform_async)
-        service.recipients = ''
-        expect(service.valid?).to be true
-      end
-      it 'does allow non-empty recipient input' do
+      subject.execute(data)
-        service.recipients = 'test@example.com'
-        expect(service.valid?).to be true
-      end
    end
  end
 end
--- a/spec/models/project_services/campfire_service_spec.rb
+++ b/spec/models/project_services/campfire_service_spec.rb
+# == Schema Information
+#
+# Table name: services
+#
+#  id                    :integer          not null, primary key
+#  type                  :string(255)
+#  title                 :string(255)
+#  project_id            :integer
+#  created_at            :datetime
+#  updated_at            :datetime
+#  active                :boolean          default(FALSE), not null
+#  properties            :text
+#  template              :boolean          default(FALSE)
+#  push_events           :boolean          default(TRUE)
+#  issues_events         :boolean          default(TRUE)
+#  merge_requests_events :boolean          default(TRUE)
+#  tag_push_events       :boolean          default(TRUE)
+#  note_events           :boolean          default(TRUE), not null
+#
+require 'spec_helper'
+describe CampfireService, models: true do
+  describe 'Associations' do
+    it { is_expected.to belong_to :project }
+    it { is_expected.to have_one :service_hook }
+  end
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+      it { is_expected.to validate_presence_of(:token) }
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
+      it { is_expected.not_to validate_presence_of(:token) }
+    end
+  end
+end
--- a/spec/models/project_services/custom_issue_tracker_service_spec.rb
+++ b/spec/models/project_services/custom_issue_tracker_service_spec.rb
+# == Schema Information
+#
+# Table name: services
+#
+#  id                    :integer          not null, primary key
+#  type                  :string(255)
+#  title                 :string(255)
+#  project_id            :integer
+#  created_at            :datetime
+#  updated_at            :datetime
+#  active                :boolean          default(FALSE), not null
+#  properties            :text
+#  template              :boolean          default(FALSE)
+#  push_events           :boolean          default(TRUE)
+#  issues_events         :boolean          default(TRUE)
+#  merge_requests_events :boolean          default(TRUE)
+#  tag_push_events       :boolean          default(TRUE)
+#  note_events           :boolean          default(TRUE), not null
+#
+require 'spec_helper'
+describe CustomIssueTrackerService, models: true do
+  describe 'Associations' do
+    it { is_expected.to belong_to :project }
+    it { is_expected.to have_one :service_hook }
+  end
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+      it { is_expected.to validate_presence_of(:project_url) }
+      it { is_expected.to validate_presence_of(:issues_url) }
+      it { is_expected.to validate_presence_of(:new_issue_url) }
+      it_behaves_like 'issue tracker service URL attribute', :project_url
+      it_behaves_like 'issue tracker service URL attribute', :issues_url
+      it_behaves_like 'issue tracker service URL attribute', :new_issue_url
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
+      it { is_expected.not_to validate_presence_of(:project_url) }
+      it { is_expected.not_to validate_presence_of(:issues_url) }
+      it { is_expected.not_to validate_presence_of(:new_issue_url) }
+    end
+  end
+end
--- a/spec/models/project_services/drone_ci_service_spec.rb
+++ b/spec/models/project_services/drone_ci_service_spec.rb
@@ -28,25 +28,18 @@ describe DroneCiService, models: true do
  describe 'validations' do
    context 'active' do
-      before { allow(subject).to receive(:activated?).and_return(true) }
+      before { subject.active = true }
      it { is_expected.to validate_presence_of(:token) }
      it { is_expected.to validate_presence_of(:drone_url) }
-      it { is_expected.to allow_value('ewf9843kdnfdfs89234n').for(:token) }
+      it_behaves_like 'issue tracker service URL attribute', :drone_url
-      it { is_expected.to allow_value('http://ci.example.com').for(:drone_url) }
-      it { is_expected.not_to allow_value('this is not url').for(:drone_url) }
-      it { is_expected.not_to allow_value('http//noturl').for(:drone_url) }
-      it { is_expected.not_to allow_value('ftp://ci.example.com').for(:drone_url) }
    end
    context 'inactive' do
-      before { allow(subject).to receive(:activated?).and_return(false) }
+      before { subject.active = false }
      it { is_expected.not_to validate_presence_of(:token) }
      it { is_expected.not_to validate_presence_of(:drone_url) }
-      it { is_expected.to allow_value('ewf9843kdnfdfs89234n').for(:token) }
-      it { is_expected.to allow_value('http://drone.example.com').for(:drone_url) }
-      it { is_expected.to allow_value('ftp://drone.example.com').for(:drone_url) }
    end
  end

--- a/spec/models/project_services/emails_on_push_service_spec.rb
+++ b/spec/models/project_services/emails_on_push_service_spec.rb
+require 'spec_helper'
+describe EmailsOnPushService do
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+      it { is_expected.to validate_presence_of(:recipients) }
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
+      it { is_expected.not_to validate_presence_of(:recipients) }
+    end
+  end
+end
--- a/spec/models/external_wiki_service_spec.rb
+++ b/spec/models/external_wiki_service_spec.rb
@@ -28,13 +28,18 @@ describe ExternalWikiService, models: true do
    it { should have_one :service_hook }
  end
-  describe "Validations" do
+  describe 'Validations' do
-    context "active" do
+    context 'when service is active' do
-      before do
+      before { subject.active = true }
-        subject.active = true
-      end
+      it { is_expected.to validate_presence_of(:external_wiki_url) }
+      it_behaves_like 'issue tracker service URL attribute', :external_wiki_url
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
-      it { should validate_presence_of :external_wiki_url }
+      it { is_expected.not_to validate_presence_of(:external_wiki_url) }
    end
  end

--- a/spec/models/project_services/flowdock_service_spec.rb
+++ b/spec/models/project_services/flowdock_service_spec.rb
@@ -26,6 +26,20 @@ describe FlowdockService, models: true do
    it { is_expected.to have_one :service_hook }
  end
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+      it { is_expected.to validate_presence_of(:token) }
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
+      it { is_expected.not_to validate_presence_of(:token) }
+    end
+  end
  describe "Execute" do
    let(:user)    { create(:user) }
    let(:project) { create(:project) }

--- a/spec/models/project_services/gemnasium_service_spec.rb
+++ b/spec/models/project_services/gemnasium_service_spec.rb
@@ -26,6 +26,22 @@ describe GemnasiumService, models: true do
    it { is_expected.to have_one :service_hook }
  end
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+      it { is_expected.to validate_presence_of(:token) }
+      it { is_expected.to validate_presence_of(:api_key) }
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
+      it { is_expected.not_to validate_presence_of(:token) }
+      it { is_expected.not_to validate_presence_of(:api_key) }
+    end
+  end
  describe "Execute" do
    let(:user)    { create(:user) }
    let(:project) { create(:project) }

--- a/spec/models/project_services/gitlab_issue_tracker_service_spec.rb
+++ b/spec/models/project_services/gitlab_issue_tracker_service_spec.rb
@@ -26,6 +26,20 @@ describe GitlabIssueTrackerService, models: true do
    it { is_expected.to have_one :service_hook }
  end
+  describe 'Validations' do
+    context 'when service is active' do
+      subject { described_class.new(project: create(:project), active: true) }
+      it { is_expected.to validate_presence_of(:issues_url) }
+      it_behaves_like 'issue tracker service URL attribute', :issues_url
+    end
+    context 'when service is inactive' do
+      subject { described_class.new(project: create(:project), active: false) }
+      it { is_expected.not_to validate_presence_of(:issues_url) }
+    end
+  end
  describe 'project and issue urls' do
    let(:project) { create(:project) }

--- a/spec/models/project_services/hipchat_service_spec.rb
+++ b/spec/models/project_services/hipchat_service_spec.rb
@@ -26,6 +26,20 @@ describe HipchatService, models: true do
    it { is_expected.to have_one :service_hook }
  end
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+      it { is_expected.to validate_presence_of(:token) }
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
+      it { is_expected.not_to validate_presence_of(:token) }
+    end
+  end
  describe "Execute" do
    let(:hipchat) { HipchatService.new }
    let(:user)    { create(:user, username: 'username') }

--- a/spec/models/project_services/irker_service_spec.rb
+++ b/spec/models/project_services/irker_service_spec.rb
@@ -29,14 +29,16 @@ describe IrkerService, models: true do
  end
  describe 'Validations' do
-    before do
+    context 'when service is active' do
-      subject.active = true
+      before { subject.active = true }
-      subject.properties['recipients'] = _recipients
+      it { is_expected.to validate_presence_of(:recipients) }
    end
-    context 'active' do
+    context 'when service is inactive' do
-      let(:_recipients) { nil }
+      before { subject.active = false }
-      it { should validate_presence_of :recipients }
+      it { is_expected.not_to validate_presence_of(:recipients) }
    end
  end

--- a/spec/models/project_services/jira_service_spec.rb
+++ b/spec/models/project_services/jira_service_spec.rb
@@ -26,6 +26,30 @@ describe JiraService, models: true do
    it { is_expected.to have_one :service_hook }
  end
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+      it { is_expected.to validate_presence_of(:api_url) }
+      it { is_expected.to validate_presence_of(:project_url) }
+      it { is_expected.to validate_presence_of(:issues_url) }
+      it { is_expected.to validate_presence_of(:new_issue_url) }
+      it_behaves_like 'issue tracker service URL attribute', :api_url
+      it_behaves_like 'issue tracker service URL attribute', :project_url
+      it_behaves_like 'issue tracker service URL attribute', :issues_url
+      it_behaves_like 'issue tracker service URL attribute', :new_issue_url
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
+      it { is_expected.not_to validate_presence_of(:api_url) }
+      it { is_expected.not_to validate_presence_of(:project_url) }
+      it { is_expected.not_to validate_presence_of(:issues_url) }
+      it { is_expected.not_to validate_presence_of(:new_issue_url) }
+    end
+  end
  describe "Execute" do
    let(:user)    { create(:user) }
    let(:project) { create(:project) }
@@ -72,7 +96,7 @@ describe JiraService, models: true do
    context "when a password was previously set" do
      before do
-        @jira_service = JiraService.create(
+        @jira_service = JiraService.create!(
          project: create(:project),
          properties: {
            api_url: 'http://jira.example.com/rest/api/2',

--- a/spec/models/project_services/pivotaltracker_service_spec.rb
+++ b/spec/models/project_services/pivotaltracker_service_spec.rb
+# == Schema Information
+#
+# Table name: services
+#
+#  id                    :integer          not null, primary key
+#  type                  :string(255)
+#  title                 :string(255)
+#  project_id            :integer
+#  created_at            :datetime
+#  updated_at            :datetime
+#  active                :boolean          default(FALSE), not null
+#  properties            :text
+#  template              :boolean          default(FALSE)
+#  push_events           :boolean          default(TRUE)
+#  issues_events         :boolean          default(TRUE)
+#  merge_requests_events :boolean          default(TRUE)
+#  tag_push_events       :boolean          default(TRUE)
+#  note_events           :boolean          default(TRUE), not null
+#
+require 'spec_helper'
+describe PivotaltrackerService, models: true do
+  describe 'Associations' do
+    it { is_expected.to belong_to :project }
+    it { is_expected.to have_one :service_hook }
+  end
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+      it { is_expected.to validate_presence_of(:token) }
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
+      it { is_expected.not_to validate_presence_of(:token) }
+    end
+  end
+end
--- a/spec/models/project_services/pushover_service_spec.rb
+++ b/spec/models/project_services/pushover_service_spec.rb
@@ -27,14 +27,20 @@ describe PushoverService, models: true do
  end
  describe 'Validations' do
-    context 'active' do
+    context 'when service is active' do
-      before do
+      before { subject.active = true }
-        subject.active = true
-      end
-      it { is_expected.to validate_presence_of :api_key }
+      it { is_expected.to validate_presence_of(:api_key) }
-      it { is_expected.to validate_presence_of :user_key }
+      it { is_expected.to validate_presence_of(:user_key) }
-      it { is_expected.to validate_presence_of :priority }
+      it { is_expected.to validate_presence_of(:priority) }
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
+      it { is_expected.not_to validate_presence_of(:api_key) }
+      it { is_expected.not_to validate_presence_of(:user_key) }
+      it { is_expected.not_to validate_presence_of(:priority) }
    end
  end

--- a/spec/models/project_services/redmine_service_spec.rb
+++ b/spec/models/project_services/redmine_service_spec.rb
+# == Schema Information
+#
+# Table name: services
+#
+#  id                    :integer          not null, primary key
+#  type                  :string(255)
+#  title                 :string(255)
+#  project_id            :integer
+#  created_at            :datetime
+#  updated_at            :datetime
+#  active                :boolean          default(FALSE), not null
+#  properties            :text
+#  template              :boolean          default(FALSE)
+#  push_events           :boolean          default(TRUE)
+#  issues_events         :boolean          default(TRUE)
+#  merge_requests_events :boolean          default(TRUE)
+#  tag_push_events       :boolean          default(TRUE)
+#  note_events           :boolean          default(TRUE), not null
+#
+require 'spec_helper'
+describe RedmineService, models: true do
+  describe 'Associations' do
+    it { is_expected.to belong_to :project }
+    it { is_expected.to have_one :service_hook }
+  end
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+      it { is_expected.to validate_presence_of(:project_url) }
+      it { is_expected.to validate_presence_of(:issues_url) }
+      it { is_expected.to validate_presence_of(:new_issue_url) }
+      it_behaves_like 'issue tracker service URL attribute', :project_url
+      it_behaves_like 'issue tracker service URL attribute', :issues_url
+      it_behaves_like 'issue tracker service URL attribute', :new_issue_url
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
+      it { is_expected.not_to validate_presence_of(:project_url) }
+      it { is_expected.not_to validate_presence_of(:issues_url) }
+      it { is_expected.not_to validate_presence_of(:new_issue_url) }
+    end
+  end
+end
--- a/spec/models/project_services/slack_service_spec.rb
+++ b/spec/models/project_services/slack_service_spec.rb
@@ -26,13 +26,18 @@ describe SlackService, models: true do
    it { is_expected.to have_one :service_hook }
  end
-  describe "Validations" do
+  describe 'Validations' do
-    context "active" do
+    context 'when service is active' do
-      before do
+      before { subject.active = true }
-        subject.active = true
-      end
-      it { is_expected.to validate_presence_of :webhook }
+      it { is_expected.to validate_presence_of(:webhook) }
+      it_behaves_like 'issue tracker service URL attribute', :webhook
+    end
+    context 'when service is inactive' do
+      before { subject.active = false }
+      it { is_expected.not_to validate_presence_of(:webhook) }
    end
  end

--- a/spec/models/project_services/teamcity_service_spec.rb
+++ b/spec/models/project_services/teamcity_service_spec.rb
@@ -27,86 +27,51 @@ describe TeamcityService, models: true do
  end
  describe 'Validations' do
-    describe '#teamcity_url' do
+    subject { service }
-      it 'does not validate the presence of teamcity_url if service is not active' do
-        teamcity_service = service
-        teamcity_service.active = false
-        expect(teamcity_service).not_to validate_presence_of(:teamcity_url)
-      end
-      it 'validates the presence of teamcity_url if service is active' do
-        teamcity_service = service
-        teamcity_service.active = true
-        expect(teamcity_service).to validate_presence_of(:teamcity_url)
-      end
-    end
-    describe '#build_type' do
+    context 'when service is active' do
-      it 'does not validate the presence of build_type if service is not active' do
+      before { subject.active = true }
-        teamcity_service = service
-        teamcity_service.active = false
-        expect(teamcity_service).not_to validate_presence_of(:build_type)
+      it { is_expected.to validate_presence_of(:build_type) }
-      end
+      it { is_expected.to validate_presence_of(:teamcity_url) }
+      it_behaves_like 'issue tracker service URL attribute', :teamcity_url
-      it 'validates the presence of build_type if service is active' do
+      describe '#username' do
-        teamcity_service = service
+        it 'does not validate the presence of username if password is nil' do
-        teamcity_service.active = true
+          subject.password = nil
-        expect(teamcity_service).to validate_presence_of(:build_type)
+          expect(subject).not_to validate_presence_of(:username)
-      end
+        end
-    end
-    describe '#username' do
+        it 'validates the presence of username if password is present' do
-      it 'does not validate the presence of username if service is not active' do
+          subject.password = 'secret'
-        teamcity_service = service
-        teamcity_service.active = false
-        expect(teamcity_service).not_to validate_presence_of(:username)
+          expect(subject).to validate_presence_of(:username)
+        end
      end
-      it 'does not validate the presence of username if username is nil' do
+      describe '#password' do
-        teamcity_service = service
+        it 'does not validate the presence of password if username is nil' do
-        teamcity_service.active = true
+          subject.username = nil
-        teamcity_service.password = nil
-        expect(teamcity_service).not_to validate_presence_of(:username)
+          expect(subject).not_to validate_presence_of(:password)
-      end
+        end
-      it 'validates the presence of username if service is active and username is present' do
+        it 'validates the presence of password if username is present' do
-        teamcity_service = service
+          subject.username = 'john'
-        teamcity_service.active = true
-        teamcity_service.password = 'secret'
-        expect(teamcity_service).to validate_presence_of(:username)
+          expect(subject).to validate_presence_of(:password)
+        end
      end
    end
-    describe '#password' do
+    context 'when service is inactive' do
-      it 'does not validate the presence of password if service is not active' do
+      before { subject.active = false }
-        teamcity_service = service
-        teamcity_service.active = false
-        expect(teamcity_service).not_to validate_presence_of(:password)
-      end
-      it 'does not validate the presence of password if username is nil' do
-        teamcity_service = service
-        teamcity_service.active = true
-        teamcity_service.username = nil
-        expect(teamcity_service).not_to validate_presence_of(:password)
-      end
-      it 'validates the presence of password if service is active and username is present' do
-        teamcity_service = service
-        teamcity_service.active = true
-        teamcity_service.username = 'john'
-        expect(teamcity_service).to validate_presence_of(:password)
+      it { is_expected.not_to validate_presence_of(:build_type) }
-      end
+      it { is_expected.not_to validate_presence_of(:teamcity_url) }
+      it { is_expected.not_to validate_presence_of(:username) }
+      it { is_expected.not_to validate_presence_of(:password) }
    end
  end

--- a/spec/support/issue_tracker_service_shared_example.rb
+++ b/spec/support/issue_tracker_service_shared_example.rb
+RSpec.shared_examples 'issue tracker service URL attribute' do |url_attr|
+  it { is_expected.to allow_value('https://example.com').for(url_attr) }
+  it { is_expected.not_to allow_value('example.com').for(url_attr) }
+  it { is_expected.not_to allow_value('ftp://example.com').for(url_attr) }
+  it { is_expected.not_to allow_value('herp-and-derp').for(url_attr) }
+end