suzanne.soy/travis-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e103b291ad
travis-api/spec/integration/v2/settings/env_vars_spec.rb
Piotr Sarnacki e103b291ad Reset value when env var is changed from private to public 
When env var is changed from private to public, we didn't nullify it, so
someone doing that could miss exposing it. To minimise the risk of
exposing any secure info we'll now nullify the value.
2014-09-10 10:46:29 +02:00

165 lines
6.1 KiB
Ruby
Raw Blame History

require 'spec_helper'
describe Travis::Api::App::SettingsEndpoint do
let(:repo) { Repository.by_slug('svenfuchs/minimal').first }
let(:headers) { { 'HTTP_ACCEPT' => 'application/vnd.travis-ci.2+json' } }
describe 'with authenticated user' do
let(:user) { User.where(login: 'svenfuchs').first }
let(:token) { Travis::Api::App::AccessToken.create(user: user, app_id: -1) }
let(:headers) { { 'HTTP_ACCEPT' => 'application/json; version=2', 'HTTP_AUTHORIZATION' => "token #{token}" } }
before { user.permissions.create!(:repository_id => repo.id, :admin => true, :push => true) }
describe 'GET /settings/env_vars/:id' do
it 'returns an item' do
settings = repo.settings
record = settings.env_vars.create(name: 'FOO', value: 'bar')
settings.save
response = get '/settings/env_vars/' + record.id, { repository_id: repo.id }, headers
json = JSON.parse(response.body)
json['env_var']['name'].should == 'FOO'
json['env_var']['id'].should == record.id
json['env_var']['public'].should be_false
json['env_var']['repository_id'].should == repo.id
json['env_var'].should_not have_key('value')
end
it 'returns 404 if env var can\'t be found' do
response = get '/settings/env_vars/123', { repository_id: repo.id }, headers
json = JSON.parse(response.body)
json['error'].should == "Could not find a requested setting"
end
end
describe 'GET /settings/env_vars' do
it 'returns a list of env vars' do
settings = repo.settings
record = settings.env_vars.create(name: 'FOO', value: 'bar')
settings.save
response = get '/settings/env_vars', { repository_id: repo.id }, headers
response.should be_successful
json = JSON.parse(response.body)
key = json['env_vars'].first
key['name'].should == 'FOO'
key['id'].should == record.id
key['repository_id'].should == repo.id
key['public'].should be_false
key.should_not have_key('value')
end
end
describe 'POST /settings/env_vars' do
it 'creates a new key' do
body = { env_var: { name: 'FOO', value: 'bar' } }.to_json
response = post "/settings/env_vars?repository_id=#{repo.id}", body, headers
json = JSON.parse(response.body)
json['env_var']['name'].should == 'FOO'
json['env_var']['id'].should_not be_nil
json['env_var'].should_not have_key('value')
env_var = repo.reload.settings.env_vars.first
env_var.id.should_not be_nil
env_var.name.should == 'FOO'
env_var.value.decrypt.should == 'bar'
end
it 'returns error message if a key is invalid' do
response = post "/settings/env_vars?repository_id=#{repo.id}", '{}', headers
response.status.should == 422
json = JSON.parse(response.body)
json['message'].should == 'Validation failed'
json['errors'].should == [{
'field' => 'name',
'code' => 'missing_field'
}]
repo.reload.settings.env_vars.to_a.length.should == 0
end
end
describe 'PATCH /settings/env_vars/:id' do
it 'resets value if private key is made public' do
settings = repo.settings
env_var = settings.env_vars.create(name: 'FOO', value: 'bar')
settings.save
body = { env_var: { public: true } }.to_json
response = patch "/settings/env_vars/#{env_var.id}?repository_id=#{repo.id}", body, headers
json = JSON.parse(response.body)
json['env_var']['value'].should be_nil
updated_env_var = repo.reload.settings.env_vars.find(env_var.id)
updated_env_var.value.decrypt.should be_nil
end
it 'should update a key' do
settings = repo.settings
env_var = settings.env_vars.create(name: 'FOO', value: 'bar')
settings.save
body = { env_var: { value: 'baz' } }.to_json
response = patch "/settings/env_vars/#{env_var.id}?repository_id=#{repo.id}", body, headers
json = JSON.parse(response.body)
json['env_var']['name'].should == 'FOO'
json['env_var']['id'].should == env_var.id
json['env_var'].should_not have_key('value')
updated_env_var = repo.reload.settings.env_vars.find(env_var.id)
updated_env_var.id.should == env_var.id
updated_env_var.name.should == 'FOO'
updated_env_var.value.decrypt.should == 'baz'
end
it 'returns an error message if env_var is invalid' do
settings = repo.settings
env_var = settings.env_vars.create(name: 'FOO', value: 'bar')
settings.save
body = { env_var: { name: '' } }.to_json
response = patch "/settings/env_vars/#{env_var.id}?repository_id=#{repo.id}", body, headers
response.status.should == 422
json = JSON.parse(response.body)
json['message'].should == 'Validation failed'
json['errors'].should == [{
'field' => 'name',
'code' => 'missing_field'
}]
updated_env_var = repo.reload.settings.env_vars.find(env_var.id)
updated_env_var.id.should == env_var.id
updated_env_var.name.should == 'FOO'
updated_env_var.value.decrypt.should == 'bar'
end
end
describe 'DELETE /env_vars/:id' do
it 'should delete an env_var' do
settings = repo.settings
env_var = settings.env_vars.create(name: 'FOO', value: 'bar')
settings.save
params = { repository_id: repo.id }
response = delete '/settings/env_vars/' + env_var.id, params, headers
json = JSON.parse(response.body)
json['env_var']['name'].should == 'FOO'
json['env_var']['id'].should == env_var.id
json['env_var'].should_not have_key('value')
repo.reload.settings.env_vars.should have(0).env_vars
end
it 'returns 404 if env_var can\'t be found' do
response = delete '/settings/env_vars/123', { repository_id: repo.id }, headers
json = JSON.parse(response.body)
json['error'].should == "Could not find a requested setting"
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink