From c9abdadd7a08f972d5a12472f9f5ac443e37a6ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9my=20Coutable?= <remy@rymai.me>
Date: Tue, 14 Mar 2017 18:08:50 +0100
Subject: [PATCH] Ensure dots in project path is allowed in the commits API
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Rémy Coutable <remy@rymai.me>
---
 lib/api/commits.rb                   |  2 +-
 lib/api/v3/commits.rb                |  2 +-
 spec/requests/api/commits_spec.rb    | 17 +++++++++--------
 spec/requests/api/v3/commits_spec.rb | 15 ++++++++-------
 4 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/lib/api/commits.rb b/lib/api/commits.rb
index 42401abfe0f..48939798900 100644
--- a/lib/api/commits.rb
+++ b/lib/api/commits.rb
@@ -10,7 +10,7 @@ module API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: /.+/ } do
       desc 'Get a project repository commits' do
         success Entities::RepoCommit
       end
diff --git a/lib/api/v3/commits.rb b/lib/api/v3/commits.rb
index d254d247042..6f36b2bc1c4 100644
--- a/lib/api/v3/commits.rb
+++ b/lib/api/v3/commits.rb
@@ -11,7 +11,7 @@ module API
       params do
         requires :id, type: String, desc: 'The ID of a project'
       end
-      resource :projects do
+      resource :projects, requirements: { id: /.+/ } do
         desc 'Get a project repository commits' do
           success ::API::Entities::RepoCommit
         end
diff --git a/spec/requests/api/commits_spec.rb b/spec/requests/api/commits_spec.rb
index 585449e62b6..7c0f2fb9fe9 100644
--- a/spec/requests/api/commits_spec.rb
+++ b/spec/requests/api/commits_spec.rb
@@ -178,7 +178,7 @@ describe API::Commits, api: true  do
     end
   end
 
-  describe "Create a commit with multiple files and actions" do
+  describe "POST /projects/:id/repository/commits" do
     let!(:url) { "/projects/#{project.id}/repository/commits" }
 
     it 'returns a 403 unauthorized for user without permissions' do
@@ -193,7 +193,7 @@ describe API::Commits, api: true  do
       expect(response).to have_http_status(400)
     end
 
-    context :create do
+    describe 'create' do
       let(:message) { 'Created file' }
       let!(:invalid_c_params) do
         {
@@ -237,8 +237,9 @@ describe API::Commits, api: true  do
         expect(response).to have_http_status(400)
       end
 
-      context 'with project path in URL' do
-        let(:url) { "/projects/#{project.full_path.gsub('/', '%2F')}/repository/commits" }
+      context 'with project path containing a dot in URL' do
+        let!(:user) { create(:user, username: 'foo.bar') }
+        let(:url) { "/projects/#{CGI.escape(project.full_path)}/repository/commits" }
 
         it 'a new file in project repo' do
           post api(url, user), valid_c_params
@@ -248,7 +249,7 @@ describe API::Commits, api: true  do
       end
     end
 
-    context :delete do
+    describe 'delete' do
       let(:message) { 'Deleted file' }
       let!(:invalid_d_params) do
         {
@@ -289,7 +290,7 @@ describe API::Commits, api: true  do
       end
     end
 
-    context :move do
+    describe 'move' do
       let(:message) { 'Moved file' }
       let!(:invalid_m_params) do
         {
@@ -334,7 +335,7 @@ describe API::Commits, api: true  do
       end
     end
 
-    context :update do
+    describe 'update' do
       let(:message) { 'Updated file' }
       let!(:invalid_u_params) do
         {
@@ -377,7 +378,7 @@ describe API::Commits, api: true  do
       end
     end
 
-    context "multiple operations" do
+    describe 'multiple operations' do
       let(:message) { 'Multiple actions' }
       let!(:invalid_mo_params) do
         {
diff --git a/spec/requests/api/v3/commits_spec.rb b/spec/requests/api/v3/commits_spec.rb
index e298ef055e1..adba3a787aa 100644
--- a/spec/requests/api/v3/commits_spec.rb
+++ b/spec/requests/api/v3/commits_spec.rb
@@ -88,7 +88,7 @@ describe API::V3::Commits, api: true do
     end
   end
 
-  describe "Create a commit with multiple files and actions" do
+  describe "POST /projects/:id/repository/commits" do
     let!(:url) { "/projects/#{project.id}/repository/commits" }
 
     it 'returns a 403 unauthorized for user without permissions' do
@@ -103,7 +103,7 @@ describe API::V3::Commits, api: true do
       expect(response).to have_http_status(400)
     end
 
-    context :create do
+    describe 'create' do
       let(:message) { 'Created file' }
       let!(:invalid_c_params) do
         {
@@ -147,8 +147,9 @@ describe API::V3::Commits, api: true do
         expect(response).to have_http_status(400)
       end
 
-      context 'with project path in URL' do
-        let(:url) { "/projects/#{project.full_path.gsub('/', '%2F')}/repository/commits" }
+      context 'with project path containing a dot in URL' do
+        let!(:user) { create(:user, username: 'foo.bar') }
+        let(:url) { "/projects/#{CGI.escape(project.full_path)}/repository/commits" }
 
         it 'a new file in project repo' do
           post v3_api(url, user), valid_c_params
@@ -158,7 +159,7 @@ describe API::V3::Commits, api: true do
       end
     end
 
-    context :delete do
+    describe 'delete' do
       let(:message) { 'Deleted file' }
       let!(:invalid_d_params) do
         {
@@ -199,7 +200,7 @@ describe API::V3::Commits, api: true do
       end
     end
 
-    context :move do
+    describe 'move' do
       let(:message) { 'Moved file' }
       let!(:invalid_m_params) do
         {
@@ -244,7 +245,7 @@ describe API::V3::Commits, api: true do
       end
     end
 
-    context :update do
+    describe 'update' do
       let(:message) { 'Updated file' }
       let!(:invalid_u_params) do
         {
-- 
GitLab