Ensure dots in project path is allowed in the commits API

Signed-off-by: N Rémy Coutable <remy@rymai.me>

Ensure dots in project path is allowed in the commits API
Signed-off-by: N Rémy Coutable <remy@rymai.me>
c9abdadd · Rémy Coutable · e52529e2 · c9abdadd · c9abdadd · c9abdadd
4 changed file
--- a/lib/api/commits.rb
+++ b/lib/api/commits.rb
@@ -10,7 +10,7 @@ module API
    params do
      requires :id, type: String, desc: 'The ID of a project'
    end
-    resource :projects do
+    resource :projects, requirements: { id: /.+/ } do
      desc 'Get a project repository commits' do
        success Entities::RepoCommit
      end

--- a/lib/api/v3/commits.rb
+++ b/lib/api/v3/commits.rb
@@ -11,7 +11,7 @@ module API
      params do
        requires :id, type: String, desc: 'The ID of a project'
      end
-      resource :projects do
+      resource :projects, requirements: { id: /.+/ } do
        desc 'Get a project repository commits' do
          success ::API::Entities::RepoCommit
        end

--- a/spec/requests/api/commits_spec.rb
+++ b/spec/requests/api/commits_spec.rb
@@ -178,7 +178,7 @@ describe API::Commits, api: true  do
    end
  end

-  describe "Create a commit with multiple files and actions" do
+  describe "POST /projects/:id/repository/commits" do
    let!(:url) { "/projects/#{project.id}/repository/commits" }

    it 'returns a 403 unauthorized for user without permissions' do
@@ -193,7 +193,7 @@ describe API::Commits, api: true  do
      expect(response).to have_http_status(400)
    end

-    context :create do
+    describe 'create' do
      let(:message) { 'Created file' }
      let!(:invalid_c_params) do
        {
@@ -237,8 +237,9 @@ describe API::Commits, api: true  do
        expect(response).to have_http_status(400)
      end

-      context 'with project path in URL' do
-        let(:url) { "/projects/#{project.full_path.gsub('/', '%2F')}/repository/commits" }
+      context 'with project path containing a dot in URL' do
+        let!(:user) { create(:user, username: 'foo.bar') }
+        let(:url) { "/projects/#{CGI.escape(project.full_path)}/repository/commits" }

        it 'a new file in project repo' do
          post api(url, user), valid_c_params
@@ -248,7 +249,7 @@ describe API::Commits, api: true  do
      end
    end

-    context :delete do
+    describe 'delete' do
      let(:message) { 'Deleted file' }
      let!(:invalid_d_params) do
        {
@@ -289,7 +290,7 @@ describe API::Commits, api: true  do
      end
    end

-    context :move do
+    describe 'move' do
      let(:message) { 'Moved file' }
      let!(:invalid_m_params) do
        {
@@ -334,7 +335,7 @@ describe API::Commits, api: true  do
      end
    end

-    context :update do
+    describe 'update' do
      let(:message) { 'Updated file' }
      let!(:invalid_u_params) do
        {
@@ -377,7 +378,7 @@ describe API::Commits, api: true  do
      end
    end

-    context "multiple operations" do
+    describe 'multiple operations' do
      let(:message) { 'Multiple actions' }
      let!(:invalid_mo_params) do
        {

--- a/spec/requests/api/v3/commits_spec.rb
+++ b/spec/requests/api/v3/commits_spec.rb
@@ -88,7 +88,7 @@ describe API::V3::Commits, api: true do
    end
  end

-  describe "Create a commit with multiple files and actions" do
+  describe "POST /projects/:id/repository/commits" do
    let!(:url) { "/projects/#{project.id}/repository/commits" }

    it 'returns a 403 unauthorized for user without permissions' do
@@ -103,7 +103,7 @@ describe API::V3::Commits, api: true do
      expect(response).to have_http_status(400)
    end

-    context :create do
+    describe 'create' do
      let(:message) { 'Created file' }
      let!(:invalid_c_params) do
        {
@@ -147,8 +147,9 @@ describe API::V3::Commits, api: true do
        expect(response).to have_http_status(400)
      end

-      context 'with project path in URL' do
-        let(:url) { "/projects/#{project.full_path.gsub('/', '%2F')}/repository/commits" }
+      context 'with project path containing a dot in URL' do
+        let!(:user) { create(:user, username: 'foo.bar') }
+        let(:url) { "/projects/#{CGI.escape(project.full_path)}/repository/commits" }

        it 'a new file in project repo' do
          post v3_api(url, user), valid_c_params
@@ -158,7 +159,7 @@ describe API::V3::Commits, api: true do
      end
    end

-    context :delete do
+    describe 'delete' do
      let(:message) { 'Deleted file' }
      let!(:invalid_d_params) do
        {
@@ -199,7 +200,7 @@ describe API::V3::Commits, api: true do
      end
    end

-    context :move do
+    describe 'move' do
      let(:message) { 'Moved file' }
      let!(:invalid_m_params) do
        {
@@ -244,7 +245,7 @@ describe API::V3::Commits, api: true do
      end
    end

-    context :update do
+    describe 'update' do
      let(:message) { 'Updated file' }
      let!(:invalid_u_params) do
        {