remote_mirror_spec.rb 12.3 KB
Newer Older
1 2
require 'rails_helper'

3
describe RemoteMirror, :mailer do
4 5
  include GitHelpers

6 7 8 9 10 11 12 13 14 15 16
  describe 'URL validation' do
    context 'with a valid URL' do
      it 'should be valid' do
        remote_mirror = build(:remote_mirror)
        expect(remote_mirror).to be_valid
      end
    end

    context 'with an invalid URL' do
      it 'should not be valid' do
        remote_mirror = build(:remote_mirror, url: 'ftp://invalid.invalid')
17

18 19
        expect(remote_mirror).not_to be_valid
      end
20 21 22 23 24 25 26

      it 'does not allow url with an invalid user' do
        remote_mirror = build(:remote_mirror, url: 'http://$user:password@invalid.invalid')

        expect(remote_mirror).to be_invalid
        expect(remote_mirror.errors[:url].first).to include('Username needs to start with an alphanumeric character')
      end
27 28 29 30 31 32 33 34 35 36 37 38 39 40

      it 'does not allow url pointing to localhost' do
        remote_mirror = build(:remote_mirror, url: 'http://127.0.0.2/t.git')

        expect(remote_mirror).to be_invalid
        expect(remote_mirror.errors[:url].first).to include('Requests to loopback addresses are not allowed')
      end

      it 'does not allow url pointing to the local network' do
        remote_mirror = build(:remote_mirror, url: 'https://192.168.1.1')

        expect(remote_mirror).to be_invalid
        expect(remote_mirror.errors[:url].first).to include('Requests to the local network are not allowed')
      end
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
    end
  end

  describe 'encrypting credentials' do
    context 'when setting URL for a first time' do
      it 'stores the URL without credentials' do
        mirror = create_mirror(url: 'http://foo:bar@test.com')

        expect(mirror.read_attribute(:url)).to eq('http://test.com')
      end

      it 'stores the credentials on a separate field' do
        mirror = create_mirror(url: 'http://foo:bar@test.com')

        expect(mirror.credentials).to eq({ user: 'foo', password: 'bar' })
      end

      it 'handles credentials with large content' do
        mirror = create_mirror(url: 'http://bxnhm8dote33ct932r3xavslj81wxmr7o8yux8do10oozckkif:9ne7fuvjn40qjt35dgt8v86q9m9g9essryxj76sumg2ccl2fg26c0krtz2gzfpyq4hf22h328uhq6npuiq6h53tpagtsj7vsrz75@test.com')

        expect(mirror.credentials).to eq({
          user: 'bxnhm8dote33ct932r3xavslj81wxmr7o8yux8do10oozckkif',
          password: '9ne7fuvjn40qjt35dgt8v86q9m9g9essryxj76sumg2ccl2fg26c0krtz2gzfpyq4hf22h328uhq6npuiq6h53tpagtsj7vsrz75'
        })
      end
    end

    context 'when updating the URL' do
      it 'allows a new URL without credentials' do
        mirror = create_mirror(url: 'http://foo:bar@test.com')

        mirror.update_attribute(:url, 'http://test.com')

        expect(mirror.url).to eq('http://test.com')
        expect(mirror.credentials).to eq({ user: nil, password: nil })
      end

      it 'allows a new URL with credentials' do
        mirror = create_mirror(url: 'http://test.com')

        mirror.update_attribute(:url, 'http://foo:bar@test.com')

        expect(mirror.url).to eq('http://foo:bar@test.com')
        expect(mirror.credentials).to eq({ user: 'foo', password: 'bar' })
      end

      it 'updates the remote config if credentials changed' do
        mirror = create_mirror(url: 'http://foo:bar@test.com')
        repo = mirror.project.repository

        mirror.update_attribute(:url, 'http://foo:baz@test.com')

93
        config = rugged_repo(repo).config
94 95 96 97 98 99 100 101
        expect(config["remote.#{mirror.remote_name}.url"]).to eq('http://foo:baz@test.com')
      end

      it 'removes previous remote' do
        mirror = create_mirror(url: 'http://foo:bar@test.com')

        expect(RepositoryRemoveRemoteWorker).to receive(:perform_async).with(mirror.project.id, mirror.remote_name).and_call_original

Lin Jen-Shin's avatar
Lin Jen-Shin committed
102
        mirror.update(url: 'http://test.com')
103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153
      end
    end
  end

  describe '#remote_name' do
    context 'when remote name is persisted in the database' do
      it 'returns remote name with random value' do
        allow(SecureRandom).to receive(:hex).and_return('secret')

        remote_mirror = create(:remote_mirror)

        expect(remote_mirror.remote_name).to eq("remote_mirror_secret")
      end
    end

    context 'when remote name is not persisted in the database' do
      it 'returns remote name with remote mirror id' do
        remote_mirror = create(:remote_mirror)
        remote_mirror.remote_name = nil

        expect(remote_mirror.remote_name).to eq("remote_mirror_#{remote_mirror.id}")
      end
    end

    context 'when remote is not persisted in the database' do
      it 'returns nil' do
        remote_mirror = build(:remote_mirror, remote_name: nil)

        expect(remote_mirror.remote_name).to be_nil
      end
    end
  end

  describe '#safe_url' do
    context 'when URL contains credentials' do
      it 'masks the credentials' do
        mirror = create_mirror(url: 'http://foo:bar@test.com')

        expect(mirror.safe_url).to eq('http://*****:*****@test.com')
      end
    end

    context 'when URL does not contain credentials' do
      it 'shows the full URL' do
        mirror = create_mirror(url: 'http://test.com')

        expect(mirror.safe_url).to eq('http://test.com')
      end
    end
  end

154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190
  describe '#mark_as_failed' do
    let(:remote_mirror) { create(:remote_mirror) }
    let(:error_message) { 'http://user:pass@test.com/root/repoC.git/' }
    let(:sanitized_error_message) { 'http://*****:*****@test.com/root/repoC.git/' }

    subject do
      remote_mirror.update_start
      remote_mirror.mark_as_failed(error_message)
    end

    it 'sets the update_status to failed' do
      subject

      expect(remote_mirror.reload.update_status).to eq('failed')
    end

    it 'saves the sanitized error' do
      subject

      expect(remote_mirror.last_error).to eq(sanitized_error_message)
    end

    context 'notifications' do
      let(:user) { create(:user) }

      before do
        remote_mirror.project.add_maintainer(user)
      end

      it 'notifies the project maintainers' do
        perform_enqueued_jobs { subject }

        should_email(user)
      end
    end
  end

191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220
  context 'when remote mirror gets destroyed' do
    it 'removes remote' do
      mirror = create_mirror(url: 'http://foo:bar@test.com')

      expect(RepositoryRemoveRemoteWorker).to receive(:perform_async).with(mirror.project.id, mirror.remote_name).and_call_original

      mirror.destroy!
    end
  end

  context 'stuck mirrors' do
    it 'includes mirrors stuck in started with no last_update_at set' do
      mirror = create_mirror(url: 'http://cantbeblank',
                             update_status: 'started',
                             last_update_at: nil,
                             updated_at: 25.hours.ago)

      expect(described_class.stuck.last).to eq(mirror)
    end
  end

  context '#sync' do
    let(:remote_mirror) { create(:project, :repository, :remote_mirror).remote_mirrors.first }

    around do |example|
      Timecop.freeze { example.run }
    end

    context 'with remote mirroring disabled' do
      it 'returns nil' do
Lin Jen-Shin's avatar
Lin Jen-Shin committed
221
        remote_mirror.update(enabled: false)
222 223 224 225 226 227

        expect(remote_mirror.sync).to be_nil
      end
    end

    context 'with remote mirroring enabled' do
228 229 230 231
      it 'defaults to disabling only protected branches' do
        expect(remote_mirror.only_protected_branches?).to be_falsey
      end

232
      context 'with only protected branches enabled' do
233 234 235 236
        before do
          remote_mirror.only_protected_branches = true
        end

237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281
        context 'when it did not update in the last minute' do
          it 'schedules a RepositoryUpdateRemoteMirrorWorker to run now' do
            expect(RepositoryUpdateRemoteMirrorWorker).to receive(:perform_async).with(remote_mirror.id, Time.now)

            remote_mirror.sync
          end
        end

        context 'when it did update in the last minute' do
          it 'schedules a RepositoryUpdateRemoteMirrorWorker to run in the next minute' do
            remote_mirror.last_update_started_at = Time.now - 30.seconds

            expect(RepositoryUpdateRemoteMirrorWorker).to receive(:perform_in).with(RemoteMirror::PROTECTED_BACKOFF_DELAY, remote_mirror.id, Time.now)

            remote_mirror.sync
          end
        end
      end

      context 'with only protected branches disabled' do
        before do
          remote_mirror.only_protected_branches = false
        end

        context 'when it did not update in the last 5 minutes' do
          it 'schedules a RepositoryUpdateRemoteMirrorWorker to run now' do
            expect(RepositoryUpdateRemoteMirrorWorker).to receive(:perform_async).with(remote_mirror.id, Time.now)

            remote_mirror.sync
          end
        end

        context 'when it did update within the last 5 minutes' do
          it 'schedules a RepositoryUpdateRemoteMirrorWorker to run in the next 5 minutes' do
            remote_mirror.last_update_started_at = Time.now - 30.seconds

            expect(RepositoryUpdateRemoteMirrorWorker).to receive(:perform_in).with(RemoteMirror::UNPROTECTED_BACKOFF_DELAY, remote_mirror.id, Time.now)

            remote_mirror.sync
          end
        end
      end
    end
  end

282 283
  context '#ensure_remote!' do
    let(:remote_mirror) { create(:project, :repository, :remote_mirror).remote_mirrors.first }
284 285
    let(:project) { remote_mirror.project }
    let(:repository) { project.repository }
286 287

    it 'adds a remote multiple times with no errors' do
288
      expect(repository).to receive(:add_remote).with(remote_mirror.remote_name, remote_mirror.url).twice.and_call_original
289 290 291 292 293

      2.times do
        remote_mirror.ensure_remote!
      end
    end
294 295 296 297 298 299 300 301 302 303

    context 'SSH public-key authentication' do
      it 'omits the password from the URL' do
        remote_mirror.update!(auth_method: 'ssh_public_key', url: 'ssh://git:pass@example.com')

        expect(repository).to receive(:add_remote).with(remote_mirror.remote_name, 'ssh://git@example.com')

        remote_mirror.ensure_remote!
      end
    end
304 305
  end

306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324
  context '#url=' do
    let(:remote_mirror) { create(:project, :repository, :remote_mirror).remote_mirrors.first }

    it 'resets all the columns when URL changes' do
      remote_mirror.update(last_error: Time.now,
                           last_update_at: Time.now,
                           last_successful_update_at: Time.now,
                           update_status: 'started',
                           error_notification_sent: true)

      expect { remote_mirror.update_attribute(:url, 'http://new.example.com') }
        .to change { remote_mirror.last_error }.to(nil)
        .and change { remote_mirror.last_update_at }.to(nil)
        .and change { remote_mirror.last_successful_update_at }.to(nil)
        .and change { remote_mirror.update_status }.to('finished')
        .and change { remote_mirror.error_notification_sent }.to(false)
    end
  end

325 326 327 328 329 330 331 332 333
  context '#updated_since?' do
    let(:remote_mirror) { create(:project, :repository, :remote_mirror).remote_mirrors.first }
    let(:timestamp) { Time.now - 5.minutes }

    around do |example|
      Timecop.freeze { example.run }
    end

    before do
Lin Jen-Shin's avatar
Lin Jen-Shin committed
334
      remote_mirror.update(last_update_started_at: Time.now)
335 336 337 338 339 340 341 342 343 344 345 346 347 348
    end

    context 'when remote mirror does not have status failed' do
      it 'returns true when last update started after the timestamp' do
        expect(remote_mirror.updated_since?(timestamp)).to be true
      end

      it 'returns false when last update started before the timestamp' do
        expect(remote_mirror.updated_since?(Time.now + 5.minutes)).to be false
      end
    end

    context 'when remote mirror has status failed' do
      it 'returns false when last update started after the timestamp' do
Lin Jen-Shin's avatar
Lin Jen-Shin committed
349
        remote_mirror.update(update_status: 'failed')
350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378

        expect(remote_mirror.updated_since?(timestamp)).to be false
      end
    end
  end

  context 'no project' do
    it 'includes mirror with a project in pending_delete' do
      mirror = create_mirror(url: 'http://cantbeblank',
                             update_status: 'finished',
                             enabled: true,
                             last_update_at: nil,
                             updated_at: 25.hours.ago)
      project = mirror.project
      project.pending_delete = true
      project.save
      mirror.reload

      expect(mirror.sync).to be_nil
      expect(mirror.valid?).to be_truthy
      expect(mirror.update_status).to eq('finished')
    end
  end

  def create_mirror(params)
    project = FactoryBot.create(:project, :repository)
    project.remote_mirrors.create!(params)
  end
end