Merge pull request #1172 from travis-ci/ta-fix-restart-build-breach

Fix build restart subscription/plan check

Author: Shairyar Baig

lib/travis/api/enqueue/services/restart_model.rb

@@ -46,7 +46,12 @@ def billing?
             false
           rescue Travis::API::V3::NotFound
             # Owner is on a legacy plan
-            true
+            if subscription&.active?
+              true
+            else
+              @cause_of_denial = 'You do not seem to have active subscription.'
+              false
+            end
           end
         end
 
@@ -77,6 +82,10 @@ def target
 
         private
 
+        def subscription
+          Subscription.where(owner: repository.owner)&.first
+        end
+
         def permission?
           current_user && current_user.permission?(required_role, repository_id: target.repository_id) && !abusive? && build_permission?
         end

lib/travis/testing/factories.rb

@@ -25,6 +25,29 @@
     compare_url { 'https://github.com/svenfuchs/minimal/compare/master...develop' }
   end
 
+  factory :subscription do
+    association :owner, factory: :user
+    valid_to { Time.now.utc + 1.week }
+    customer_id { 'cus_123' }
+    billing_email { '[email protected]' }
+    cc_last_digits { 111 }
+    status { 'subscribed'}
+    source { 'stripe' }
+    cc_token { 'token_123' }
+    selected_plan { 'travis-ci-one-build' }
+    country { 'Germany' }
+
+    factory :valid_stripe_subs do
+      status { 'subscribed' }
+      source { 'stripe' }
+    end
+
+    factory :canceled_stripe_subs do
+      status { 'canceled' }
+      source { 'stripe' }
+    end
+  end
+
   factory :test, :class => 'Job::Test', aliases: [:job] do
     owner      { User.first || FactoryBot.create(:user) }
     repository { Repository.first || FactoryBot.create(:repository) }

spec/lib/travis/api/enqueue/services/restart_model_spec.rb

@@ -3,16 +3,13 @@
   let(:repository) { FactoryBot.create(:repository, owner: owner) }
   let(:job) { FactoryBot.create(:job, repository: repository, state: 'canceled') }
   let(:user) { FactoryBot.create(:user) }
+  let(:subscription) { nil }
 
   let(:service) { Travis::Enqueue::Services::RestartModel.new(user, { job_id: job.id }) }
 
   before do
     Travis.config.billing.url = 'http://localhost:9292/'
     Travis.config.billing.auth_key = 'secret'
-
-    stub_request(:post, /http:\/\/localhost:9292\/(users|organizations)\/(.+)\/authorize_build/).to_return(
-      body: MultiJson.dump(allowed: true, rejection_code: nil)
-    )
   end
 
   after do
@@ -39,54 +36,88 @@
       end
     end
 
-    context 'build permissions' do
-      context 'when owner is a user' do
-        context 'on repo level' do
-          context 'when value is nil' do
-            before { repository.permissions.create(user: user, build: nil) }
+    context 'when owner active plan' do
+      before do
+        stub_request(:post, /http:\/\/localhost:9292\/(users|organizations)\/(.+)\/authorize_build/).to_return(
+          body: MultiJson.dump(allowed: true, rejection_code: nil)
+        )
+      end
+      context 'build permissions' do
+        context 'when owner is a user' do
+          context 'on repo level' do
+            context 'when value is nil' do
+              before { repository.permissions.create(user: user, build: nil) }
 
-            include_examples 'restarts the job'
-          end
+              include_examples 'restarts the job'
+            end
 
-          context 'when value is true' do
-            before { repository.permissions.create(user: user, build: true) }
+            context 'when value is true' do
+              before { repository.permissions.create(user: user, build: true) }
 
-            include_examples 'restarts the job'
-          end
+              include_examples 'restarts the job'
+            end
 
-          context 'when value is false' do
-            before { repository.permissions.create(user: user, build: false) }
+            context 'when value is false' do
+              before { repository.permissions.create(user: user, build: false) }
 
-            include_examples 'does not restart the job'
+              include_examples 'does not restart the job'
+            end
           end
         end
-      end
 
-      context 'when owner is an organization' do
-        let(:owner) { FactoryBot.create(:org) }
+        context 'when owner is an organization' do
+          let(:owner) { FactoryBot.create(:org) }
 
-        before { repository.permissions.create(user: user, build: true) }
+          before { repository.permissions.create(user: user, build: true) }
 
-        context 'on organization level' do
-          context 'when value is nil' do
-            before { owner.memberships.create(user: user, build_permission: nil) }
+          context 'on organization level' do
+            context 'when value is nil' do
+              before { owner.memberships.create(user: user, build_permission: nil) }
 
-            include_examples 'restarts the job'
-          end
+              include_examples 'restarts the job'
+            end
 
-          context 'when value is true' do
-            before { owner.memberships.create(user: user, build_permission: true) }
+            context 'when value is true' do
+              before { owner.memberships.create(user: user, build_permission: true) }
 
-            include_examples 'restarts the job'
-          end
+              include_examples 'restarts the job'
+            end
 
-          context 'when value is false' do
-            before { owner.memberships.create(user: user, build_permission: false) }
+            context 'when value is false' do
+              before { owner.memberships.create(user: user, build_permission: false) }
 
-            include_examples 'does not restart the job'
+              include_examples 'does not restart the job'
+            end
           end
         end
       end
     end
+
+    context 'when customer does not have active plan' do
+      before do
+        stub_request(:post, /http:\/\/localhost:9292\/(users|organizations)\/(.+)\/authorize_build/)
+          .to_return(status: 404, body: JSON.dump(error: 'Not Found'))
+      end
+
+      context 'when customer has no old subscription' do
+        include_examples 'does not restart the job'
+      end
+
+      context 'when customer has an old active subscription' do
+        before do
+          repository.permissions.create(user: user, build: true)
+          FactoryBot.create(:valid_stripe_subs, owner: owner)
+        end
+
+        include_examples 'restarts the job'
+      end
+
+      context 'when customer has an old canceled subscription' do
+        let(:subscription) { FactoryBot.create(:canceled_stripe_subs, owner: owner) }
+
+        include_examples 'does not restart the job'
+      end
+
+    end
   end
 end

spec/v3/services/job/restart_spec.rb

@@ -242,7 +242,7 @@
 
         it 'restarts the job' do
           post("/v3/job/#{job.id}/restart", params, headers)
-          expect(last_response.status).to eq(202)
+          expect(last_response.status).to eq(403)
         end
       end