Merge tonsky#190

190: Pushing an existing version of a gem should not overwrite the gem con… r=bronzdoc a=bronzdoc closes rubygems/gemstash#188 Co-authored-by: Luis Sagastume <[email protected]> Co-authored-by: Matan Zruya <[email protected]>
Losangelosgenetics · Oct 31, 2018 · 0f3dfec · 0f3dfec
2 parents db15e93 + 334055c
commit 0f3dfec
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 1 deletion.
diff --git a/lib/gemstash/gem_pusher.rb b/lib/gemstash/gem_pusher.rb
@@ -53,6 +53,13 @@ def check_auth
     end
 
     def store_gem
+      resource_exist = storage.resource(full_name).exist?
+      resource_is_indexed = storage.resource(full_name).properties[:indexed] if resource_exist
+
+      if resource_exist && resource_is_indexed
+        raise ExistingVersionError, "Cannot push to an existing version!"
+      end
+
       storage.resource(full_name).save({ gem: @content }, indexed: true)
     end
 

diff --git a/lib/gemstash/web.rb b/lib/gemstash/web.rb
@@ -26,6 +26,11 @@ def http_client_for(server_url)
       body JSON.dump("error" => "Not found", "code" => 404)
     end
 
+    error GemPusher::ExistingVersionError do
+      status 422
+      body JSON.dump("error" => "Version already exists", "code" => 422)
+    end
+
     get "/" do
       @gem_source.serve_root
     end

diff --git a/spec/gemstash/gem_pusher_spec.rb b/spec/gemstash/gem_pusher_spec.rb
@@ -154,15 +154,26 @@
     end
 
     context "with an existing version" do
+      let(:serve) { Gemstash::GemPusher.new(auth, gem_contents).serve }
+
       before do
         gem_id = insert_rubygem "example"
         insert_version gem_id, "0.1.0"
         storage.resource("example-0.1.0").save({ gem: "zapatito" }, indexed: true)
       end
 
-      it "rejects the push" do
+      it "rejects the push and does not change the file content" do
+        expect do
+          expect { serve }.to raise_error(Gemstash::GemPusher::ExistingVersionError)
+        end.to_not change { storage.resource("example-0.1.0").content(:gem) }.from("zapatito")
+      end
+
+      it "does not overwrite the gem content" do
         expect { Gemstash::GemPusher.new(auth, gem_contents).serve }.
           to raise_error(Gemstash::GemPusher::ExistingVersionError)
+
+        expect(storage.resource("example-0.1.0").content(:gem)).
+          to eq("zapatito")
       end
     end
   end

diff --git a/spec/gemstash/web_spec.rb b/spec/gemstash/web_spec.rb
@@ -408,4 +408,30 @@ def for(server_url, timeout = 20)
       end
     end
   end
+
+  context "POST /api/v1/gems" do
+    let(:gem_source) { Gemstash::GemSource::PrivateSource }
+    let(:auth_key) { "auth-key" }
+    let(:env) { rack_env.merge("CONTENT_TYPE" => "application/octet-stream", "HTTP_AUTHORIZATION" => auth_key) }
+
+    before do
+      Gemstash::Authorization.authorize(auth_key, "all")
+    end
+
+    it "returns 200 on a successful push" do
+      post "/api/v1/gems", read_gem("example", "0.1.0"), env
+      expect(last_response).to be_ok
+      expect(last_response.status).to eq(200)
+    end
+
+    it "returns a 422 when gem already exists" do
+      post "/api/v1/gems", read_gem("example", "0.1.0"), env
+      expect(last_response).to be_ok
+
+      post "/api/v1/gems", read_gem("example", "0.1.0"), env
+      expect(last_response).to_not be_ok
+      expect(last_response.status).to eq(422)
+      expect(JSON.parse(last_response.body)).to eq("error" => "Version already exists", "code" => 422)
+    end
+  end
 end