Commit fbd5f5a2 authored by Nikolay Belokolodov's avatar Nikolay Belokolodov Committed by Doug Stull

OneTrust for trial and purchase flows pages

parent d0140af7
......@@ -5,7 +5,7 @@ module OneTrustCSP
included do
content_security_policy do |policy|
next if policy.directives.blank?
next unless helpers.one_trust_enabled? || policy.directives.present?
default_script_src = policy.directives['script-src'] || policy.directives['default-src']
script_src_values = Array.wrap(default_script_src) | ["'unsafe-eval'", 'https://cdn.cookielaw.org https://*.onetrust.com']
......
......@@ -4,7 +4,6 @@ module OneTrustHelper
def one_trust_enabled?
Feature.enabled?(:ecomm_instrumentation, type: :ops) &&
Gitlab.config.extra.has_key?('one_trust_id') &&
Gitlab.config.extra.one_trust_id.present? &&
!current_user
Gitlab.config.extra.one_trust_id.present?
end
end
......@@ -2,6 +2,7 @@
class SubscriptionsController < ApplicationController
include InternalRedirect
include OneTrustCSP
layout 'checkout'
skip_before_action :authenticate_user!, only: [:new]
......
......@@ -4,6 +4,7 @@
# TODO: namespace https://gitlab.com/gitlab-org/gitlab/-/issues/338394
class TrialsController < ApplicationController
include ActionView::Helpers::SanitizeHelper
include OneTrustCSP
layout 'minimal'
......
- page_title _('Buy CI Minutes')
- content_for :page_specific_javascripts do
= render "layouts/one_trust"
#js-buy-minutes{ data: buy_addon_data(@group, @account_id, 'pipelines-quota-tab', s_('Checkout|CI minutes')) }
- page_title _('Buy Storage')
- content_for :page_specific_javascripts do
= render "layouts/one_trust"
#js-buy-storage{ data: buy_addon_data(@group, @account_id, 'storage-quota-tab', s_('Checkout|a storage subscription')) }
- page_title _('Checkout')
- content_for :page_specific_javascripts do
= render "layouts/one_trust"
#js-new-subscription{ data: subscription_data(@eligible_groups) }
- page_title _('Start your Free Ultimate Trial')
- glm_params = { glm_source: params[:glm_source], glm_content: params[:glm_content] }
- content_for :page_specific_javascripts do
= render "layouts/one_trust"
.row
.col-md-6.offset-md-3
......
......@@ -7,12 +7,14 @@ RSpec.describe 'Subscriptions Content Security Policy' do
let_it_be(:default_csp_values) { "'self' https://some-cdn.test" }
let_it_be(:zuora_url) { 'https://*.zuora.com' }
let_it_be(:onetrust_url) { 'https://*.onetrust.com' }
let_it_be(:cookielaw_url) { 'https://cdn.cookielaw.org' }
before do
stub_request(:get, /.*gitlab_plans.*/).to_return(status: 200, body: "{}")
expect_next_instance_of(SubscriptionsController) do |controller|
expect(controller).to receive(:current_content_security_policy).and_return(csp)
expect(controller).to receive(:current_content_security_policy).and_return(csp).twice
end
sign_in(create(:user))
......@@ -35,9 +37,10 @@ RSpec.describe 'Subscriptions Content Security Policy' do
end
end
it { is_expected.to include("script-src #{default_csp_values} 'unsafe-eval' #{zuora_url}") }
it { is_expected.to include("script-src #{default_csp_values} 'unsafe-eval' #{cookielaw_url} #{onetrust_url} #{zuora_url}") }
it { is_expected.to include("frame-src #{default_csp_values} #{zuora_url}") }
it { is_expected.to include("child-src #{default_csp_values} #{zuora_url}") }
it { is_expected.to include("connect-src #{cookielaw_url}") }
end
context 'when just a default CSP config exists' do
......@@ -48,7 +51,7 @@ RSpec.describe 'Subscriptions Content Security Policy' do
end
it { is_expected.to include("default-src #{default_csp_values}") }
it { is_expected.to include("script-src #{default_csp_values} 'unsafe-eval' #{zuora_url}") }
it { is_expected.to include("script-src #{default_csp_values} 'unsafe-eval' #{cookielaw_url} #{onetrust_url} #{zuora_url}") }
it { is_expected.to include("frame-src #{default_csp_values} #{zuora_url}") }
it { is_expected.to include("child-src #{default_csp_values} #{zuora_url}") }
end
......
......@@ -4,11 +4,8 @@ require "spec_helper"
RSpec.describe OneTrustHelper do
describe '#one_trust_enabled?' do
let(:user) { nil }
before do
stub_config(extra: { one_trust_id: SecureRandom.uuid })
allow(helper).to receive(:current_user).and_return(user)
end
subject(:one_trust_enabled?) { helper.one_trust_enabled? }
......@@ -18,20 +15,10 @@ RSpec.describe OneTrustHelper do
stub_feature_flags(ecomm_instrumentation: false)
end
context 'when id is set and no user is set' do
let(:user) { instance_double('User') }
it { is_expected.to be_falsey }
end
end
context 'with ecomm_instrumentation feature flag enabled' do
context 'when current user is set' do
let(:user) { instance_double('User') }
it { is_expected.to be_falsey }
end
context 'when no id is set' do
before do
stub_config(extra: {})
......@@ -39,10 +26,6 @@ RSpec.describe OneTrustHelper do
it { is_expected.to be_falsey }
end
context 'when id is set and no user is set' do
it { is_expected.to be_truthy }
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment