1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
require_relative 'spec_helper'
require 'open3'
describe 'bin/gitlab-shell' do
def original_root_path
ROOT_PATH
end
# All this test boilerplate is mostly copy/pasted between
# gitlab_shell_gitlab_shell_spec.rb and
# gitlab_shell_authorized_keys_check_spec.rb
def tmp_root_path
@tmp_root_path ||= File.realpath(Dir.mktmpdir)
end
def config_path
File.join(tmp_root_path, 'config.yml')
end
def tmp_socket_path
# This has to be a relative path shorter than 100 bytes due to
# limitations in how Unix sockets work.
'tmp/gitlab-shell-socket'
end
before(:all) do
FileUtils.mkdir_p(File.dirname(tmp_socket_path))
FileUtils.touch(File.join(tmp_root_path, '.gitlab_shell_secret'))
@server = HTTPUNIXServer.new(BindAddress: tmp_socket_path)
@server.mount_proc('/api/v4/internal/discover') do |req, res|
identifier = req.query['key_id'] || req.query['username'] || req.query['user_id']
known_identifiers = %w(10 someuser 100)
if known_identifiers.include?(identifier)
res.status = 200
res.content_type = 'application/json'
res.body = '{"id":1, "name": "Some User", "username": "someuser"}'
elsif identifier == 'broken_message'
res.status = 401
res.body = '{"message": "Forbidden!"}'
elsif identifier && identifier != 'broken'
res.status = 200
res.content_type = 'application/json'
res.body = 'null'
else
res.status = 500
end
end
@webrick_thread = Thread.new { @server.start }
sleep(0.1) while @webrick_thread.alive? && @server.status != :Running
raise "Couldn't start stub GitlabNet server" unless @server.status == :Running
system(original_root_path, 'bin/compile')
copy_dirs = ['bin', 'lib']
FileUtils.rm_rf(copy_dirs.map { |d| File.join(tmp_root_path, d) })
FileUtils.cp_r(copy_dirs, tmp_root_path)
end
after(:all) do
@server.shutdown if @server
@webrick_thread.join if @webrick_thread
FileUtils.rm_rf(tmp_root_path)
end
let(:gitlab_shell_path) { File.join(tmp_root_path, 'bin', 'gitlab-shell') }
shared_examples 'results with keys' do
# Basic valid input
it 'succeeds and prints username when a valid known key id is given' do
output, _, status = run!(["key-100"])
expect(output).to eq("Welcome to GitLab, @someuser!\n")
expect(status).to be_success
end
it 'succeeds and prints username when a valid known username is given' do
output, _, status = run!(["username-someuser"])
expect(output).to eq("Welcome to GitLab, @someuser!\n")
expect(status).to be_success
end
# Valid but unknown input
it 'succeeds and prints Anonymous when a valid unknown key id is given' do
output, _, status = run!(["key-12345"])
expect(output).to eq("Welcome to GitLab, Anonymous!\n")
expect(status).to be_success
end
it 'succeeds and prints Anonymous when a valid unknown username is given' do
output, _, status = run!(["username-unknown"])
expect(output).to eq("Welcome to GitLab, Anonymous!\n")
expect(status).to be_success
end
it 'gets an ArgumentError on invalid input (empty)' do
_, stderr, status = run!([])
expect(stderr).to match(/who='' is invalid/)
expect(status).not_to be_success
end
it 'gets an ArgumentError on invalid input (unknown)' do
_, stderr, status = run!(["whatever"])
expect(stderr).to match(/who='' is invalid/)
expect(status).not_to be_success
end
it 'gets an ArgumentError on invalid input (multiple unknown)' do
_, stderr, status = run!(["this", "is", "all", "invalid"])
expect(stderr).to match(/who='' is invalid/)
expect(status).not_to be_success
end
# Not so basic valid input
# (https://gitlab.com/gitlab-org/gitlab-shell/issues/145)
it 'succeeds and prints username when a valid known key id is given in the middle of other input' do
output, _, status = run!(["-c/usr/share/webapps/gitlab-shell/bin/gitlab-shell", "key-100", "2foo"])
expect(output).to eq("Welcome to GitLab, @someuser!\n")
expect(status).to be_success
end
it 'succeeds and prints username when a valid known username is given in the middle of other input' do
output, _, status = run!(["-c/usr/share/webapps/gitlab-shell/bin/gitlab-shell", "username-someuser" ,"foo"])
expect(output).to eq("Welcome to GitLab, @someuser!\n")
expect(status).to be_success
end
end
describe 'without go features' do
before(:context) do
write_config("gitlab_url" => "http+unix://#{CGI.escape(tmp_socket_path)}")
end
it_behaves_like 'results with keys'
end
describe 'with the go discover feature', :go do
before(:context) do
write_config(
"gitlab_url" => "http+unix://#{CGI.escape(tmp_socket_path)}",
"migration" => { "enabled" => true,
"features" => ["discover"] }
)
end
it_behaves_like 'results with keys'
it 'outputs "Only ssh allowed"' do
_, stderr, status = run!(["-c/usr/share/webapps/gitlab-shell/bin/gitlab-shell", "username-someuser"], env: {})
expect(stderr).to eq("Only ssh allowed\n")
expect(status).not_to be_success
end
it 'returns an error message when the API call fails with a message' do
_, stderr, status = run!(["-c/usr/share/webapps/gitlab-shell/bin/gitlab-shell", "username-broken_message"])
expect(stderr).to match(/Failed to get username: Forbidden!/)
expect(status).not_to be_success
end
it 'returns an error message when the API call fails without a message' do
_, stderr, status = run!(["-c/usr/share/webapps/gitlab-shell/bin/gitlab-shell", "username-broken"])
expect(stderr).to match(/Failed to get username: Internal API error \(500\)/)
expect(status).not_to be_success
end
end
def run!(args, env: {'SSH_CONNECTION' => 'fake'})
cmd = [
gitlab_shell_path,
args
].flatten.compact.join(' ')
Open3.capture3(env, cmd)
end
def write_config(config)
File.open(config_path, 'w') do |f|
f.write(config.to_yaml)
end
end
end
|
