更新
更旧
RSpec.describe Projects::DeployKeysController, feature_category: :continuous_delivery do
let(:project) { create(:project, :repository) }
let(:user) { create(:user) }
let(:admin) { create(:admin) }
project.add_maintainer(user)
describe 'GET actions' do
let_it_be(:project) { create(:project, :repository) }
let_it_be(:user) { create(:user) }
let_it_be(:accessible_project) { create(:project, :internal).tap { |p| p.add_developer(user) } }
let_it_be(:inaccessible_project) { create(:project, :internal) }
let_it_be(:project_private) { create(:project, :private) }
let_it_be(:deploy_key_for_target_project) do
create(:deploy_keys_project, project: project, deploy_key: create(:deploy_key))
let_it_be(:deploy_key_for_accessible_project) do
create(:deploy_keys_project, project: accessible_project, deploy_key: create(:deploy_key))
end
let_it_be(:deploy_key_for_inaccessible_project) do
create(:deploy_keys_project, project: inaccessible_project, deploy_key: create(:deploy_key))
end
let_it_be(:deploy_keys_project_private) do
create(:deploy_keys_project, project: project_private, deploy_key: create(:another_deploy_key))
end
let_it_be(:deploy_key_public) { create(:deploy_key, public: true) }
describe 'GET index' do
let(:params) do
{ namespace_id: project.namespace, project_id: project }
context 'when html requested' do
it 'redirects to project settings with the correct anchor' do
get :index, params: params
expect(response).to redirect_to(project_settings_repository_path(project, anchor: 'js-deploy-keys-settings'))
context 'when json requested' do
it 'returns json in a correct format' do
get :index, params: params.merge(format: :json)
expect(json_response.keys).to match_array(%w[enabled_keys available_project_keys public_keys])
expect(json_response['enabled_keys'].pluck('id')).to match_array(
[deploy_key_for_target_project.deploy_key_id]
)
expect(json_response['available_project_keys'].pluck('id')).to match_array(
[deploy_key_for_accessible_project.deploy_key_id]
)
expect(json_response['public_keys'].pluck('id')).to match_array([deploy_key_public.id])
describe 'GET enabled_keys' do
let(:params) do
{ namespace_id: project.namespace, project_id: project }
end
it 'returns only enabled keys' do
get :enabled_keys, params: params.merge(format: :json)
expect(json_response.pluck("id")).to match_array([deploy_key_for_target_project.deploy_key_id])
end
end
describe 'GET available_project_keys' do
let(:params) do
{ namespace_id: project.namespace, project_id: project }
end
it 'returns available project keys' do
get :available_project_keys, params: params.merge(format: :json)
expect(json_response.pluck("id")).to match_array([deploy_key_for_accessible_project.deploy_key_id])
end
end
describe 'GET available_public_keys' do
let(:params) do
{ namespace_id: project.namespace, project_id: project }
end
it 'returns available public keys' do
get :available_public_keys, params: params.merge(format: :json)
expect(json_response.pluck("id")).to match_array([deploy_key_public.id])
let(:deploy_key_content) { attributes_for(:deploy_key)[:key] }
def create_params(title = 'my-key')
{
namespace_id: project.namespace.path,
project_id: project.path,
deploy_key: {
title: title,
key: deploy_key_content,
deploy_keys_projects_attributes: { '0' => { can_push: '1' } }
}
}
end
it 'creates a new deploy key for the project' do
expect { post :create, params: create_params }.to change(project.deploy_keys, :count).by(1)
expect(response).to redirect_to(project_settings_repository_path(project, anchor: 'js-deploy-keys-settings'))
end
it 'redirects to project settings with the correct anchor' do
post :create, params: create_params
expect(response).to redirect_to(project_settings_repository_path(project, anchor: 'js-deploy-keys-settings'))
context 'when the deploy key has an invalid title' do
it 'shows an alert with the validations errors' do
post :create, params: create_params(nil)
expect(flash[:alert]).to eq("Title can't be blank")
context 'when the deploy key is not supported SSH public key' do
let(:deploy_key_content) { 'bogus ssh public key' }
it 'shows an alert with a help link' do
post :create, params: create_params
expect(assigns(:key).errors.count).to be > 1
expect(flash[:alert]).to eq('Deploy Key must be a <a target="_blank" rel="noopener noreferrer" ' \
'href="/help/user/ssh#supported-ssh-key-types">supported SSH public key.</a>')
end
end
context 'when the deploy key already exists' do
before do
create(:deploy_key, title: 'my-key', key: deploy_key_content, projects: [project])
end
it 'shows an alert with the validations errors' do
post :create, params: create_params
expect(flash[:alert]).to eq("Fingerprint sha256 has already been taken")
describe '/enable/:id' do
let(:deploy_key) { create(:deploy_key) }
let(:project2) { create(:project) }
let!(:deploy_keys_project_internal) do
create(:deploy_keys_project, project: project2, deploy_key: deploy_key)
end
context 'with anonymous user' do
before do
sign_out(:user)
end
it 'redirects to login' do
expect do
put :enable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
end.not_to change { DeployKeysProject.count }
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(new_user_session_path)
end
end
context 'with user with no permission' do
before do
sign_in(create(:user))
end
it 'returns 404' do
expect do
put :enable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
end.not_to change { DeployKeysProject.count }
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'with user with permission' do
before do
project2.add_maintainer(user)
end
it 'returns 302' do
expect do
put :enable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
end.to change { DeployKeysProject.count }.by(1)
expect(DeployKeysProject.where(project_id: project.id, deploy_key_id: deploy_key.id).count).to eq(1)
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(namespace_project_settings_repository_path(anchor: 'js-deploy-keys-settings'))
put :enable, params: { id: 0, namespace_id: project.namespace, project_id: project }
expect(response).to have_gitlab_http_status(:not_found)
context 'with admin', :enable_admin_mode do
sign_in(admin)
end
it 'returns 302' do
expect do
put :enable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
end.to change { DeployKeysProject.count }.by(1)
expect(DeployKeysProject.where(project_id: project.id, deploy_key_id: deploy_key.id).count).to eq(1)
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(namespace_project_settings_repository_path(anchor: 'js-deploy-keys-settings'))
end
end
end
describe '/disable/:id' do
let(:deploy_key) { create(:deploy_key) }
let!(:deploy_key_project) { create(:deploy_keys_project, project: project, deploy_key: deploy_key) }
context 'with anonymous user' do
before do
sign_out(:user)
end
it 'redirects to login' do
put :disable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(new_user_session_path)
expect(DeployKey.find(deploy_key.id)).to eq(deploy_key)
end
end
context 'with user with no permission' do
before do
sign_in(create(:user))
end
it 'returns 404' do
put :disable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
expect(response).to have_gitlab_http_status(:not_found)
expect(DeployKey.find(deploy_key.id)).to eq(deploy_key)
end
end
context 'with user with permission' do
it 'returns 302' do
put :disable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(namespace_project_settings_repository_path(anchor: 'js-deploy-keys-settings'))
expect { DeployKey.find(deploy_key.id) }.to raise_error(ActiveRecord::RecordNotFound)
end
it 'returns 404' do
put :disable, params: { id: 0, namespace_id: project.namespace, project_id: project }
expect(response).to have_gitlab_http_status(:not_found)
context 'with admin', :enable_admin_mode do
sign_in(admin)
end
it 'returns 302' do
expect do
put :disable, params: { id: deploy_key.id, namespace_id: project.namespace, project_id: project }
end.to change { DeployKey.count }.by(-1)
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(namespace_project_settings_repository_path(anchor: 'js-deploy-keys-settings'))
expect { DeployKey.find(deploy_key.id) }.to raise_error(ActiveRecord::RecordNotFound)
end
end
end
describe 'PUT update' do
let(:extra_params) { {} }
subject do
put :update, params: extra_params.reverse_merge(
id: deploy_key.id, namespace_id: project.namespace, project_id: project
)
end
def deploy_key_params(title, can_push)
deploy_keys_projects_attributes = { '0' => { can_push: can_push } }
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
{ deploy_key: { title: title, deploy_keys_projects_attributes: deploy_keys_projects_attributes } }
end
let(:deploy_key) { create(:deploy_key, public: true) }
let(:project) { create(:project) }
let!(:deploy_keys_project) do
create(:deploy_keys_project, project: project, deploy_key: deploy_key)
end
context 'with project maintainer' do
before do
project.add_maintainer(user)
end
context 'public deploy key attached to project' do
let(:extra_params) { deploy_key_params('updated title', '1') }
it 'does not update the title of the deploy key' do
expect { subject }.not_to change { deploy_key.reload.title }
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
end
end
end
context 'with admin', :enable_admin_mode do
before do
sign_in(admin)
end
context 'public deploy key attached to project' do
let(:extra_params) { deploy_key_params('updated title', '1') }
it 'updates the title of the deploy key' do
expect { subject }.to change { deploy_key.reload.title }.to('updated title')
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
end
end
context 'when a different deploy key id param is injected' do
let(:extra_params) { deploy_key_params('updated title', '1') }
let(:hacked_params) do
extra_params.reverse_merge(id: other_deploy_key_id, namespace_id: project.namespace, project_id: project)
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
end
subject { put :update, params: hacked_params }
context 'and that deploy key id exists' do
let(:other_project) { create(:project) }
let(:other_deploy_key) do
key = create(:deploy_key)
project.deploy_keys << key
key
end
let(:other_deploy_key_id) { other_deploy_key.id }
it 'does not update the can_push attribute' do
expect { subject }.not_to change { deploy_key.deploy_keys_project_for(project).can_push }
end
end
context 'and that deploy key id does not exist' do
let(:other_deploy_key_id) { 9999 }
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
end
context 'with admin as project maintainer' do
before do
sign_in(admin)
project.add_maintainer(admin)
end
context 'public deploy key attached to project' do
let(:extra_params) { deploy_key_params('updated title', '1') }
context 'admin mode disabled' do
it 'does not update the title of the deploy key' do
expect { subject }.not_to change { deploy_key.reload.title }
end
end
context 'admin mode enabled', :enable_admin_mode do
it 'updates the title of the deploy key' do
expect { subject }.to change { deploy_key.reload.title }.to('updated title')
end
end
it 'updates can_push of deploy_keys_project' do
expect { subject }.to change { deploy_keys_project.reload.can_push }.from(false).to(true)
end
end
end
end