Extract EE specific files/lines for spec/requests
We have the following files containing EE specific code. We should move them to ee/
spec/requests/git_http_spec.rb
diff --git a/spec/requests/git_http_spec.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/spec/requests/git_http_spec.rb
index 5b625fd47be..60fedd85e11 100644
--- a/spec/requests/git_http_spec.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/spec/requests/git_http_spec.rb
@@ -704,6 +704,115 @@ describe 'Git HTTP requests' do
end
end
end
+
+ context "when Kerberos token is provided" do
+ let(:env) { { spnego_request_token: 'opaque_request_token' } }
+
+ before do
+ allow_any_instance_of(Projects::GitHttpController).to receive(:allow_kerberos_spnego_auth?).and_return(true)
+ end
+
+ context "when authentication fails because of invalid Kerberos token" do
+ before do
+ allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_credentials!).and_return(nil)
+ end
+
+ it "responds with status 401 Unauthorized" do
+ download(path, env) do |response|
+ expect(response).to have_gitlab_http_status(:unauthorized)
+ end
+ end
+ end
+
+ context "when authentication fails because of unknown Kerberos identity" do
+ before do
+ allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_credentials!).and_return("mylogin@FOO.COM")
+ end
+
+ it "responds with status 401 Unauthorized" do
+ download(path, env) do |response|
+ expect(response).to have_gitlab_http_status(:unauthorized)
+ end
+ end
+ end
+
+ context "when authentication succeeds" do
+ before do
+ allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_credentials!).and_return("mylogin@FOO.COM")
+ user.identities.create!(provider: "kerberos", extern_uid: "mylogin@FOO.COM")
+ end
+
+ context "when the user has access to the project" do
+ before do
+ project.add_maintainer(user)
+ end
+
+ context "when the user is blocked" do
+ before do
+ user.block
+ project.add_maintainer(user)
+ end
+
+ it "responds with status 403 Forbidden" do
+ download(path, env) do |response|
+ expect(response).to have_gitlab_http_status(:forbidden)
+ end
+ end
+ end
+
+ context "when the user isn't blocked", :redis do
+ it "responds with status 200 OK" do
+ download(path, env) do |response|
+ expect(response).to have_gitlab_http_status(:ok)
+ end
+ end
+
+ it 'updates the user last activity' do
+ expect(user.last_activity_on).to be_nil
+
+ download(path, env) do |_response|
+ expect(user.reload.last_activity_on).to eql(Date.today)
+ end
+ end
+ end
+
+ it "complies with RFC4559" do
+ allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_response_token).and_return("opaque_response_token")
+ download(path, env) do |response|
+ expect(response.headers['WWW-Authenticate'].split("\n")).to include("Negotiate #{::Base64.strict_encode64('opaque_response_token')}")
+ end
+ end
+ end
+
+ context "when the user doesn't have access to the project" do
+ it "responds with status 404 Not Found" do
+ download(path, env) do |response|
+ expect(response).to have_gitlab_http_status(:not_found)
+ end
+ end
+
+ it "complies with RFC4559" do
+ allow_any_instance_of(Projects::GitHttpController).to receive(:spnego_response_token).and_return("opaque_response_token")
+ download(path, env) do |response|
+ expect(response.headers['WWW-Authenticate'].split("\n")).to include("Negotiate #{::Base64.strict_encode64('opaque_response_token')}")
+ end
+ end
+ end
+ end
+ end
+
+ context 'when license is not provided' do
+ let(:env) { { user: user.username, password: user.password } }
+
+ before do
+ allow(License).to receive(:current).and_return(nil)
+
+ project.add_maintainer(user)
+ end
+
+ it_behaves_like 'pulls are allowed'
+ it_behaves_like 'pushes are allowed'
+ end
end
context "when the project path doesn't end in .git" do
spec/requests/lfs_http_spec.rb
diff --git a/spec/requests/lfs_http_spec.rb b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/spec/requests/lfs_http_spec.rb
index 1781759c54b..f3221429ba0 100644
--- a/spec/requests/lfs_http_spec.rb
+++ b/home/yorickpeterse/Projects/gitlab/gdk-ee/gitlab/spec/requests/lfs_http_spec.rb
@@ -734,6 +734,34 @@ describe 'Git LFS API and storage' do
expect(json_response['objects'].first['actions']['upload']['href']).to eq("#{Gitlab.config.gitlab.url}/#{project.full_path}.git/gitlab-lfs/objects/#{sample_oid}/#{sample_size}")
expect(json_response['objects'].first['actions']['upload']['header']).to eq({ 'Authorization' => authorization, 'Content-Type' => 'application/octet-stream' })
end
+
+ ## EE-specific context
+ context 'and project is above the limit' do
+ let(:update_lfs_permissions) do
+ allow_any_instance_of(EE::Project).to receive_messages(
+ repository_and_lfs_size: 100.megabytes,
+ actual_size_limit: 99.megabytes)
+ end
+
+ it 'responds with status 406' do
+ expect(response).to have_gitlab_http_status(406)
+ expect(json_response['message']).to eql('Your push has been rejected, because this repository has exceeded its size limit of 99 MB by 1 MB. Please contact your GitLab administrator for more information.')
+ end
+ end
+
+ context 'and project will go over the limit' do
+ let(:update_lfs_permissions) do
+ allow_any_instance_of(EE::Project).to receive_messages(
+ repository_and_lfs_size: 200.megabytes,
+ actual_size_limit: 300.megabytes)
+ end
+
+ it 'responds with status 406' do
+ expect(response).to have_gitlab_http_status(406)
+ expect(json_response['documentation_url']).to include('/help')
+ expect(json_response['message']).to eql('Your push has been rejected, because this repository has exceeded its size limit of 300 MB by 50 MB. Please contact your GitLab administrator for more information.')
+ end
+ end
end
describe 'when request is authenticated' do
@@ -1177,6 +1205,20 @@ describe 'Git LFS API and storage' do
end
end
+ context 'and project has limit enabled but will stay under the limit' do
+ before do
+ allow_any_instance_of(EE::Project).to receive_messages(
+ actual_size_limit: 200,
+ size_limit_enabled?: true)
+
+ put_finalize
+ end
+
+ it 'responds with status 200' do
+ expect(response).to have_gitlab_http_status(200)
+ end
+ end
+
context 'invalid tempfiles' do
before do
lfs_object.destroy
Edited by Yorick Peterse