diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-29 23:57:06 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-29 23:57:35 +0000 |
| commit | 49f77b37b621ef7d909ed92c76423c9835a29ac7 (patch) | |
| tree | 3791b1fba5f4acddbc640600bc928b4dd4cc005f | |
| parent | 3263a137a1aee366ca86f1fe5fe066c8a48160d2 (diff) | |
| download | gitlab-ce-49f77b37b621ef7d909ed92c76423c9835a29ac7.tar.gz | |
Add latest changes from gitlab-org/security/gitlab@15-8-stable-ee
22 files changed, 47 insertions, 384 deletions
diff --git a/app/assets/javascripts/pages/projects/project.js b/app/assets/javascripts/pages/projects/project.js index 27659348dcc..4c9eb830ff6 100644 --- a/app/assets/javascripts/pages/projects/project.js +++ b/app/assets/javascripts/pages/projects/project.js @@ -118,10 +118,9 @@ export default class Project { const urlParams = { [fieldName]: ref }; if (params.group === BRANCH_GROUP_NAME) { urlParams.ref_type = BRANCH_REF_TYPE; - } else if (params.group === TAG_GROUP_NAME) { + } else { urlParams.ref_type = TAG_REF_TYPE; } - link.href = mergeUrlParams(urlParams, linkTarget); } diff --git a/app/assets/javascripts/repository/index.js b/app/assets/javascripts/repository/index.js index 0f6b159ffc5..e5d22f50d72 100644 --- a/app/assets/javascripts/repository/index.js +++ b/app/assets/javascripts/repository/index.js @@ -2,7 +2,7 @@ import { GlButton } from '@gitlab/ui'; import Vue from 'vue'; import Vuex from 'vuex'; import { parseBoolean } from '~/lib/utils/common_utils'; -import { joinPaths, escapeFileUrl, visitUrl } from '~/lib/utils/url_utility'; +import { escapeFileUrl, visitUrl } from '~/lib/utils/url_utility'; import { __ } from '~/locale'; import initWebIdeLink from '~/pages/projects/shared/web_ide_link'; import PerformancePlugin from '~/performance/vue_performance_plugin'; @@ -119,7 +119,7 @@ export default function setupVueRepositoryList() { if (!refSwitcherEl) return false; - const { projectId, projectRootPath, refType } = refSwitcherEl.dataset; + const { projectId, projectRootPath } = refSwitcherEl.dataset; return new Vue({ el: refSwitcherEl, @@ -127,12 +127,11 @@ export default function setupVueRepositoryList() { return createElement(RefSelector, { props: { projectId, - value: refType ? joinPaths('refs', refType, ref) : ref, - useSymbolicRefNames: true, + value: ref, }, on: { input(selectedRef) { - visitUrl(generateRefDestinationPath(projectRootPath, ref, selectedRef)); + visitUrl(generateRefDestinationPath(projectRootPath, selectedRef)); }, }, }); diff --git a/app/assets/javascripts/repository/utils/ref_switcher_utils.js b/app/assets/javascripts/repository/utils/ref_switcher_utils.js index fc0d521ad54..f296b5e9b4a 100644 --- a/app/assets/javascripts/repository/utils/ref_switcher_utils.js +++ b/app/assets/javascripts/repository/utils/ref_switcher_utils.js @@ -15,30 +15,22 @@ const NAMESPACE_TARGET_REGEX = /(\/-\/(blob|tree))\/.*?\/(.*)/; * @param {string} projectRootPath - The root path for a project. * @param {string} selectedRef - The selected ref from the ref dropdown. */ - -export function generateRefDestinationPath(projectRootPath, ref, selectedRef) { - const url = new URL(window.location.href); - const currentPath = url.pathname; - let refType = null; +export function generateRefDestinationPath(projectRootPath, selectedRef) { + const currentPath = window.location.pathname; + const encodedHash = '%23'; let namespace = '/-/tree'; let target; - let actualRef = selectedRef; - - const matches = selectedRef.match(/^refs\/(heads|tags)\/(.+)/); - if (matches) { - [, refType, actualRef] = matches; - } - if (refType) { - url.searchParams.set('ref_type', refType); - } else { - url.searchParams.delete('ref_type'); - } - const match = NAMESPACE_TARGET_REGEX.exec(currentPath); if (match) { [, namespace, , target] = match; } - url.pathname = joinPaths(projectRootPath, namespace, actualRef, target); - return url.toString(); + const destinationPath = joinPaths( + projectRootPath, + namespace, + encodeURI(selectedRef).replace(/#/g, encodedHash), + target, + ); + + return `${destinationPath}${window.location.hash}`; } diff --git a/app/controllers/concerns/confirm_email_warning.rb b/app/controllers/concerns/confirm_email_warning.rb index 2711c823275..ec5140bf223 100644 --- a/app/controllers/concerns/confirm_email_warning.rb +++ b/app/controllers/concerns/confirm_email_warning.rb @@ -1,7 +1,6 @@ # frozen_string_literal: true module ConfirmEmailWarning - include Gitlab::Utils::StrongMemoize extend ActiveSupport::Concern included do @@ -18,9 +17,11 @@ module ConfirmEmailWarning return unless current_user return if current_user.confirmed? + email = current_user.unconfirmed_email || current_user.email + flash.now[:warning] = format( confirm_warning_message, - email: email_to_display, + email: email, resend_link: view_context.link_to(_('Resend it'), user_confirmation_path(user: { email: email }), method: :post), update_link: view_context.link_to(_('Update it'), profile_path) ).html_safe @@ -28,16 +29,7 @@ module ConfirmEmailWarning private - def email - current_user.unconfirmed_email || current_user.email - end - strong_memoize_attr :email - def confirm_warning_message _("Please check your email (%{email}) to verify that you own this address and unlock the power of CI/CD. Didn't receive it? %{resend_link}. Wrong email address? %{update_link}.") end - - def email_to_display - html_escape(email) - end end diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb index dd2f980e880..4eda76f4f21 100644 --- a/app/controllers/projects/blob_controller.rb +++ b/app/controllers/projects/blob_controller.rb @@ -31,7 +31,6 @@ class Projects::BlobController < Projects::ApplicationController before_action :authorize_edit_tree!, only: [:new, :create, :update, :destroy] before_action :commit, except: [:new, :create] - before_action :check_for_ambiguous_ref, only: [:show] before_action :blob, except: [:new, :create] before_action :require_branch_head, only: [:edit, :update] before_action :editor_variables, except: [:show, :preview, :diff] @@ -146,15 +145,6 @@ class Projects::BlobController < Projects::ApplicationController end end - def check_for_ambiguous_ref - @ref_type = ref_type - - if @ref_type == ExtractsRef::BRANCH_REF_TYPE && ambiguous_ref?(@project, @ref) - branch = @project.repository.find_branch(@ref) - redirect_to project_blob_path(@project, File.join(branch.target, @path)) - end - end - def commit @commit ||= @repository.commit(@ref) diff --git a/app/controllers/projects/refs_controller.rb b/app/controllers/projects/refs_controller.rb index 0b52d03ab95..8ac6d872aae 100644 --- a/app/controllers/projects/refs_controller.rb +++ b/app/controllers/projects/refs_controller.rb @@ -22,7 +22,7 @@ class Projects::RefsController < Projects::ApplicationController when "tree" project_tree_path(@project, @id) when "blob" - project_blob_path(@project, @id, ref_type: ref_type) + project_blob_path(@project, @id) when "graph" if Feature.enabled?(:use_ref_type_parameter, @project) project_network_path(@project, @id, ref_type: ref_type) diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb index 1f7912e15df..737a6290431 100644 --- a/app/controllers/projects/tree_controller.rb +++ b/app/controllers/projects/tree_controller.rb @@ -28,15 +28,6 @@ class Projects::TreeController < Projects::ApplicationController def show return render_404 unless @commit - @ref_type = ref_type - if @ref_type == BRANCH_REF_TYPE && ambiguous_ref?(@project, @ref) - branch = @project.repository.find_branch(@ref) - if branch - redirect_to project_tree_path(@project, branch.target) - return - end - end - if tree.entries.empty? if @repository.blob_at(@commit.id, @path) redirect_to project_blob_path(@project, File.join(@ref, @path)) diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index ed7c163c108..ee2c268ff33 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -172,19 +172,11 @@ class ProjectsController < Projects::ApplicationController flash.now[:alert] = _("Project '%{project_name}' queued for deletion.") % { project_name: @project.name } end - if ambiguous_ref?(@project, @ref) - branch = @project.repository.find_branch(@ref) - - # The files view would render a ref other than the default branch - # This redirect can be removed once the view is fixed - redirect_to(project_tree_path(@project, branch.target), alert: _("The default branch of this project clashes with another ref")) - return - end - respond_to do |format| format.html do @notification_setting = current_user.notification_settings_for(@project) if current_user @project = @project.present(current_user: current_user) + render_landing_page end diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index cd05cc1763d..b85a57f81cd 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -404,6 +404,7 @@ class ProjectPolicy < BasePolicy end rule { can?(:metrics_dashboard) }.policy do + enable :read_prometheus enable :read_deployment end diff --git a/app/views/projects/tree/_tree_header.html.haml b/app/views/projects/tree/_tree_header.html.haml index 543cbc4e4e4..fd807350245 100644 --- a/app/views/projects/tree/_tree_header.html.haml +++ b/app/views/projects/tree/_tree_header.html.haml @@ -2,7 +2,7 @@ .tree-ref-container.gl-display-flex.mb-2.mb-md-0 .tree-ref-holder - #js-tree-ref-switcher{ data: { project_id: @project.id, ref_type: @ref_type.to_s, project_root_path: project_path(@project) } } + #js-tree-ref-switcher{ data: { project_id: @project.id, project_root_path: project_path(@project) } } #js-repo-breadcrumb{ data: breadcrumb_data_attributes } diff --git a/lib/extracts_ref.rb b/lib/extracts_ref.rb index 23f93ad1317..f22996df0a5 100644 --- a/lib/extracts_ref.rb +++ b/lib/extracts_ref.rb @@ -5,8 +5,7 @@ # Can be extended for different types of repository object, e.g. Project or Snippet module ExtractsRef InvalidPathError = Class.new(StandardError) - BRANCH_REF_TYPE = 'heads' - TAG_REF_TYPE = 'tags' + # Given a string containing both a Git tree-ish, such as a branch or tag, and # a filesystem path joined by forward slashes, attempts to separate the two. # @@ -92,7 +91,7 @@ module ExtractsRef def ref_type return unless params[:ref_type].present? - params[:ref_type] == TAG_REF_TYPE ? TAG_REF_TYPE : BRANCH_REF_TYPE + params[:ref_type] == 'tags' ? 'tags' : 'heads' end private @@ -155,13 +154,4 @@ module ExtractsRef def repository_container raise NotImplementedError end - - def ambiguous_ref?(project, ref) - return true if project.repository.ambiguous_ref?(ref) - - return false unless ref&.starts_with?('refs/') - - unprefixed_ref = ref.sub(%r{^refs/(heads|tags)/}, '') - project.repository.commit(unprefixed_ref).present? - end end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index f8626094af5..ae06cb3ae7a 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -42005,9 +42005,6 @@ msgstr "" msgid "The default branch for this project has been changed. Please update your bookmarks." msgstr "" -msgid "The default branch of this project clashes with another ref" -msgstr "" - msgid "The dependency list details information about the components used within your project." msgstr "" diff --git a/spec/controllers/concerns/confirm_email_warning_spec.rb b/spec/controllers/concerns/confirm_email_warning_spec.rb index b8a4b94aa66..334c156e1ae 100644 --- a/spec/controllers/concerns/confirm_email_warning_spec.rb +++ b/spec/controllers/concerns/confirm_email_warning_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe ConfirmEmailWarning, feature_category: :system_access do +RSpec.describe ConfirmEmailWarning do before do stub_feature_flags(soft_email_confirmation: true) end @@ -82,38 +82,6 @@ RSpec.describe ConfirmEmailWarning, feature_category: :system_access do it { is_expected.to set_confirm_warning_for(user.email) } end end - - context 'when user is being impersonated' do - let(:impersonator) { create(:admin) } - - before do - allow(controller).to receive(:session).and_return({ impersonator_id: impersonator.id }) - - get :index - end - - it { is_expected.to set_confirm_warning_for(user.email) } - - context 'when impersonated user email has html in their email' do - let(:user) { create(:user, confirmed_at: nil, unconfirmed_email: "malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>") } - - it { is_expected.to set_confirm_warning_for("malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>") } - end - end - - context 'when user is not being impersonated' do - before do - get :index - end - - it { is_expected.to set_confirm_warning_for(user.email) } - - context 'when user email has html in their email' do - let(:user) { create(:user, confirmed_at: nil, unconfirmed_email: "malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>") } - - it { is_expected.to set_confirm_warning_for("malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>") } - end - end end end end diff --git a/spec/controllers/projects/blob_controller_spec.rb b/spec/controllers/projects/blob_controller_spec.rb index ec92d92e2a9..887a5ba598f 100644 --- a/spec/controllers/projects/blob_controller_spec.rb +++ b/spec/controllers/projects/blob_controller_spec.rb @@ -2,16 +2,15 @@ require 'spec_helper' -RSpec.describe Projects::BlobController, feature_category: :source_code_management do +RSpec.describe Projects::BlobController do include ProjectForksHelper let(:project) { create(:project, :public, :repository, previous_default_branch: previous_default_branch) } let(:previous_default_branch) { nil } describe "GET show" do - let(:params) { { namespace_id: project.namespace, project_id: project, id: id } } - let(:request) do - get(:show, params: params) + def request + get(:show, params: { namespace_id: project.namespace, project_id: project, id: id }) end render_views @@ -19,32 +18,8 @@ RSpec.describe Projects::BlobController, feature_category: :source_code_manageme context 'with file path' do before do expect(::Gitlab::GitalyClient).to receive(:allow_ref_name_caching).and_call_original - project.repository.add_tag(project.creator, 'ambiguous_ref', RepoHelpers.sample_commit.id) - project.repository.add_branch(project.creator, 'ambiguous_ref', RepoHelpers.another_sample_commit.id) - request - end - - context 'when the ref is ambiguous' do - let(:ref) { 'ambiguous_ref' } - let(:path) { 'README.md' } - let(:id) { "#{ref}/#{path}" } - let(:params) { { namespace_id: project.namespace, project_id: project, id: id, ref_type: ref_type } } - context 'and explicitly requesting a branch' do - let(:ref_type) { 'heads' } - - it 'redirects to blob#show with sha for the branch' do - expect(response).to redirect_to(project_blob_path(project, "#{RepoHelpers.another_sample_commit.id}/#{path}")) - end - end - - context 'and explicitly requesting a tag' do - let(:ref_type) { 'tags' } - - it 'responds with success' do - expect(response).to be_ok - end - end + request end context "valid branch, valid file" do diff --git a/spec/controllers/projects/clusters_controller_spec.rb b/spec/controllers/projects/clusters_controller_spec.rb index 64c77726527..894f0f8354d 100644 --- a/spec/controllers/projects/clusters_controller_spec.rb +++ b/spec/controllers/projects/clusters_controller_spec.rb @@ -7,7 +7,7 @@ RSpec.describe Projects::ClustersController do include GoogleApi::CloudPlatformHelpers include KubernetesHelpers - let_it_be_with_reload(:project) { create(:project) } + let_it_be(:project) { create(:project) } let(:user) { create(:user) } @@ -140,27 +140,6 @@ RSpec.describe Projects::ClustersController do expect(response).to redirect_to(new_user_session_path) end end - - context 'with a public project' do - before do - project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) - project.project_feature.update!(metrics_dashboard_access_level: ProjectFeature::ENABLED) - end - - context 'with guest user' do - let(:prometheus_body) { nil } - - before do - project.add_guest(user) - end - - it 'returns 404' do - get :prometheus_proxy, params: prometheus_proxy_params - - expect(response).to have_gitlab_http_status(:not_found) - end - end - end end end diff --git a/spec/controllers/projects/environments/prometheus_api_controller_spec.rb b/spec/controllers/projects/environments/prometheus_api_controller_spec.rb index 6b0c164e432..68d50cf19f0 100644 --- a/spec/controllers/projects/environments/prometheus_api_controller_spec.rb +++ b/spec/controllers/projects/environments/prometheus_api_controller_spec.rb @@ -4,7 +4,7 @@ require 'spec_helper' RSpec.describe Projects::Environments::PrometheusApiController do let_it_be(:user) { create(:user) } - let_it_be_with_reload(:project) { create(:project) } + let_it_be(:project) { create(:project) } let_it_be(:proxyable) { create(:environment, project: project) } before do @@ -70,27 +70,6 @@ RSpec.describe Projects::Environments::PrometheusApiController do expect(response).to redirect_to(new_user_session_path) end end - - context 'with a public project' do - before do - project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) - project.project_feature.update!(metrics_dashboard_access_level: ProjectFeature::ENABLED) - end - - context 'with guest user' do - let(:prometheus_body) { nil } - - before do - project.add_guest(user) - end - - it 'returns 404' do - get :prometheus_proxy, params: prometheus_proxy_params - - expect(response).to have_gitlab_http_status(:not_found) - end - end - end end end end diff --git a/spec/controllers/projects/refs_controller_spec.rb b/spec/controllers/projects/refs_controller_spec.rb index e36eb1207c1..a7a8361ae20 100644 --- a/spec/controllers/projects/refs_controller_spec.rb +++ b/spec/controllers/projects/refs_controller_spec.rb @@ -31,7 +31,7 @@ RSpec.describe Projects::RefsController, feature_category: :source_code_manageme 'tree' | nil | lazy { project_tree_path(project, id) } 'tree' | 'heads' | lazy { project_tree_path(project, id) } 'blob' | nil | lazy { project_blob_path(project, id) } - 'blob' | 'heads' | lazy { project_blob_path(project, id, ref_type: 'heads') } + 'blob' | 'heads' | lazy { project_blob_path(project, id) } 'graph' | nil | lazy { project_network_path(project, id) } 'graph' | 'heads' | lazy { project_network_path(project, id) } 'graphs' | nil | lazy { project_graph_path(project, id) } @@ -60,7 +60,7 @@ RSpec.describe Projects::RefsController, feature_category: :source_code_manageme 'tree' | nil | lazy { project_tree_path(project, id) } 'tree' | 'heads' | lazy { project_tree_path(project, id) } 'blob' | nil | lazy { project_blob_path(project, id) } - 'blob' | 'heads' | lazy { project_blob_path(project, id, ref_type: 'heads') } + 'blob' | 'heads' | lazy { project_blob_path(project, id) } 'graph' | nil | lazy { project_network_path(project, id) } 'graph' | 'heads' | lazy { project_network_path(project, id, ref_type: 'heads') } 'graphs' | nil | lazy { project_graph_path(project, id) } diff --git a/spec/controllers/projects/tree_controller_spec.rb b/spec/controllers/projects/tree_controller_spec.rb index 37149e1d3ca..9bc3065b6da 100644 --- a/spec/controllers/projects/tree_controller_spec.rb +++ b/spec/controllers/projects/tree_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Projects::TreeController, feature_category: :source_code_management do +RSpec.describe Projects::TreeController do let(:project) { create(:project, :repository, previous_default_branch: previous_default_branch) } let(:previous_default_branch) { nil } let(:user) { create(:user) } @@ -15,41 +15,18 @@ RSpec.describe Projects::TreeController, feature_category: :source_code_manageme end describe "GET show" do - let(:params) do - { - namespace_id: project.namespace.to_param, project_id: project, id: id - } - end - # Make sure any errors accessing the tree in our views bubble up to this spec render_views before do expect(::Gitlab::GitalyClient).to receive(:allow_ref_name_caching).and_call_original - project.repository.add_tag(project.creator, 'ambiguous_ref', RepoHelpers.sample_commit.id) - project.repository.add_branch(project.creator, 'ambiguous_ref', RepoHelpers.another_sample_commit.id) - get :show, params: params - end - - context 'when the ref is ambiguous' do - let(:id) { 'ambiguous_ref' } - let(:params) { { namespace_id: project.namespace, project_id: project, id: id, ref_type: ref_type } } - - context 'and explicitly requesting a branch' do - let(:ref_type) { 'heads' } - - it 'redirects to blob#show with sha for the branch' do - expect(response).to redirect_to(project_tree_path(project, RepoHelpers.another_sample_commit.id)) - end - end - - context 'and explicitly requesting a tag' do - let(:ref_type) { 'tags' } - it 'responds with success' do - expect(response).to be_ok - end - end + get(:show, + params: { + namespace_id: project.namespace.to_param, + project_id: project, + id: id + }) end context "valid branch, no path" do diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index 8c81a1414ce..bc58eaa1d6f 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -163,69 +163,6 @@ RSpec.describe ProjectsController do expect(assigns(:notification_setting).level).to eq("watch") end end - - context 'when there is a tag with the same name as the default branch' do - let_it_be(:tagged_project) { create(:project, :public, :custom_repo, files: ['somefile']) } - let(:tree_with_default_branch) do - branch = tagged_project.repository.find_branch(tagged_project.default_branch) - project_tree_path(tagged_project, branch.target) - end - - before do - tagged_project.repository.create_file( - tagged_project.creator, - 'file_for_tag', - 'content for file', - message: "Automatically created file", - branch_name: 'branch-to-tag' - ) - - tagged_project.repository.add_tag( - tagged_project.creator, - tagged_project.default_branch, # tag name - 'branch-to-tag' # target - ) - end - - it 'redirects to tree view for the default branch' do - get :show, params: { namespace_id: tagged_project.namespace, id: tagged_project } - expect(response).to redirect_to(tree_with_default_branch) - end - end - - context 'when the default branch name can resolve to another ref' do - let!(:project_with_default_branch) do - create(:project, :public, :custom_repo, files: ['somefile']).tap do |p| - p.repository.create_branch("refs/heads/refs/heads/#{other_ref}", 'master') - p.change_head("refs/heads/#{other_ref}") - end.reload - end - - let(:other_ref) { 'branch-name' } - - context 'but there is no other ref' do - it 'responds with ok' do - get :show, params: { namespace_id: project_with_default_branch.namespace, id: project_with_default_branch } - expect(response).to be_ok - end - end - - context 'and that other ref exists' do - let(:tree_with_default_branch) do - branch = project_with_default_branch.repository.find_branch(project_with_default_branch.default_branch) - project_tree_path(project_with_default_branch, branch.target) - end - - before do - project_with_default_branch.repository.create_branch(other_ref, 'master') - end - - it 'redirects to tree view for the default branch' do - get :show, params: { namespace_id: project_with_default_branch.namespace, id: project_with_default_branch } - expect(response).to redirect_to(tree_with_default_branch) - end - end - end end describe "when project repository is disabled" do diff --git a/spec/features/admin/users/user_spec.rb b/spec/features/admin/users/user_spec.rb index 66129617220..1552d4e6187 100644 --- a/spec/features/admin/users/user_spec.rb +++ b/spec/features/admin/users/user_spec.rb @@ -271,36 +271,6 @@ RSpec.describe 'Admin::Users::User', feature_category: :user_management do icon = first('[data-testid="incognito-icon"]') expect(icon).not_to be nil end - - context 'when viewing the confirm email warning', :js do - let_it_be(:another_user) { create(:user, :unconfirmed) } - - let(:warning_alert) { page.find(:css, '[data-testid="alert-warning"]') } - let(:expected_styling) { { 'pointer-events' => 'none', 'cursor' => 'default' } } - - context 'with an email that does not contain HTML' do - before do - subject - end - - it 'displays the warning alert including the email' do - expect(warning_alert.text).to include("Please check your email (#{another_user.email}) to verify") - end - end - - context 'with an email that contains HTML' do - let(:malicious_email) { "malicious@test.com<form><input/title='<script>alert(document.domain)</script>'>" } - let(:another_user) { create(:user, confirmed_at: nil, unconfirmed_email: malicious_email) } - - before do - subject - end - - it 'displays the impersonation alert, excludes email, and disables links' do - expect(warning_alert.text).to include("check your email (#{another_user.unconfirmed_email}) to verify") - end - end - end end context 'ending impersonation' do diff --git a/spec/frontend/repository/utils/ref_switcher_utils_spec.js b/spec/frontend/repository/utils/ref_switcher_utils_spec.js index 220dbf17398..4d0250fffbf 100644 --- a/spec/frontend/repository/utils/ref_switcher_utils_spec.js +++ b/spec/frontend/repository/utils/ref_switcher_utils_spec.js @@ -1,6 +1,5 @@ import { generateRefDestinationPath } from '~/repository/utils/ref_switcher_utils'; import setWindowLocation from 'helpers/set_window_location_helper'; -import { TEST_HOST } from 'spec/test_constants'; import { refWithSpecialCharMock, encodedRefWithSpecialCharMock } from '../mock_data'; const projectRootPath = 'root/Project1'; @@ -17,38 +16,14 @@ describe('generateRefDestinationPath', () => { ${`${projectRootPath}/-/blob/${currentRef}/dir1/test.js`} | ${`${projectRootPath}/-/blob/${selectedRef}/dir1/test.js`} ${`${projectRootPath}/-/blob/${currentRef}/dir1/dir2/test.js`} | ${`${projectRootPath}/-/blob/${selectedRef}/dir1/dir2/test.js`} ${`${projectRootPath}/-/blob/${currentRef}/dir1/dir2/test.js#L123`} | ${`${projectRootPath}/-/blob/${selectedRef}/dir1/dir2/test.js#L123`} - `('generates the correct destination path for $currentPath', ({ currentPath, result }) => { + `('generates the correct destination path for $currentPath', ({ currentPath, result }) => { setWindowLocation(currentPath); - expect(generateRefDestinationPath(projectRootPath, currentRef, selectedRef)).toBe( - `${TEST_HOST}/${result}`, - ); - }); - - describe('when using symbolic ref names', () => { - it.each` - currentPath | nextRef | result - ${`${projectRootPath}/-/blob/${currentRef}/dir1/dir2/test.js#L123`} | ${'someHash'} | ${`${projectRootPath}/-/blob/someHash/dir1/dir2/test.js#L123`} - ${`${projectRootPath}/-/blob/${currentRef}/dir1/dir2/test.js#L123`} | ${'refs/heads/prefixedByUseSymbolicRefNames'} | ${`${projectRootPath}/-/blob/prefixedByUseSymbolicRefNames/dir1/dir2/test.js?ref_type=heads#L123`} - ${`${projectRootPath}/-/blob/${currentRef}/dir1/dir2/test.js#L123`} | ${'refs/tags/prefixedByUseSymbolicRefNames'} | ${`${projectRootPath}/-/blob/prefixedByUseSymbolicRefNames/dir1/dir2/test.js?ref_type=tags#L123`} - ${`${projectRootPath}/-/tree/${currentRef}/dir1/dir2/test.js#L123`} | ${'refs/heads/prefixedByUseSymbolicRefNames'} | ${`${projectRootPath}/-/tree/prefixedByUseSymbolicRefNames/dir1/dir2/test.js?ref_type=heads#L123`} - ${`${projectRootPath}/-/tree/${currentRef}/dir1/dir2/test.js#L123`} | ${'refs/tags/prefixedByUseSymbolicRefNames'} | ${`${projectRootPath}/-/tree/prefixedByUseSymbolicRefNames/dir1/dir2/test.js?ref_type=tags#L123`} - ${`${projectRootPath}/-/tree/${currentRef}/dir1/dir2/test.js#L123`} | ${'refs/heads/refs/heads/branchNameContainsPrefix'} | ${`${projectRootPath}/-/tree/refs/heads/branchNameContainsPrefix/dir1/dir2/test.js?ref_type=heads#L123`} - `( - 'generates the correct destination path for $currentPath with ref type when it can be extracted', - ({ currentPath, result, nextRef }) => { - setWindowLocation(currentPath); - expect(generateRefDestinationPath(projectRootPath, currentRef, nextRef)).toBe( - `${TEST_HOST}/${result}`, - ); - }, - ); + expect(generateRefDestinationPath(projectRootPath, selectedRef)).toBe(result); }); it('encodes the selected ref', () => { const result = `${projectRootPath}/-/tree/${encodedRefWithSpecialCharMock}`; - expect(generateRefDestinationPath(projectRootPath, currentRef, refWithSpecialCharMock)).toBe( - `${TEST_HOST}/${result}`, - ); + expect(generateRefDestinationPath(projectRootPath, refWithSpecialCharMock)).toBe(result); }); }); diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 52d1e70d7a0..2a4a169e5c5 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -697,39 +697,6 @@ RSpec.describe ProjectPolicy, feature_category: :authentication_and_authorizatio end end - describe 'read_prometheus', feature_category: :metrics do - using RSpec::Parameterized::TableSyntax - - before do - project.project_feature.update!(metrics_dashboard_access_level: ProjectFeature::ENABLED) - end - - let(:policy) { :read_prometheus } - - where(:project_visibility, :role, :allowed) do - :public | :anonymous | false - :public | :guest | false - :public | :reporter | true - :internal | :anonymous | false - :internal | :guest | false - :internal | :reporter | true - :private | :anonymous | false - :private | :guest | false - :private | :reporter | true - end - - with_them do - let(:current_user) { public_send(role) } - let(:project) { public_send("#{project_visibility}_project") } - - if params[:allowed] - it { is_expected.to be_allowed(policy) } - else - it { is_expected.not_to be_allowed(policy) } - end - end - end - describe 'update_max_artifacts_size' do context 'when no user' do let(:current_user) { anonymous } @@ -1005,7 +972,7 @@ RSpec.describe ProjectPolicy, feature_category: :authentication_and_authorizatio let(:current_user) { guest } it { is_expected.to be_allowed(:metrics_dashboard) } - it { is_expected.to be_disallowed(:read_prometheus) } + it { is_expected.to be_allowed(:read_prometheus) } it { is_expected.to be_allowed(:read_deployment) } it { is_expected.to be_allowed(:read_metrics_user_starred_dashboard) } it { is_expected.to be_allowed(:create_metrics_user_starred_dashboard) } @@ -1015,7 +982,7 @@ RSpec.describe ProjectPolicy, feature_category: :authentication_and_authorizatio let(:current_user) { anonymous } it { is_expected.to be_allowed(:metrics_dashboard) } - it { is_expected.to be_disallowed(:read_prometheus) } + it { is_expected.to be_allowed(:read_prometheus) } it { is_expected.to be_allowed(:read_deployment) } it { is_expected.to be_disallowed(:read_metrics_user_starred_dashboard) } it { is_expected.to be_disallowed(:create_metrics_user_starred_dashboard) } @@ -1041,14 +1008,12 @@ RSpec.describe ProjectPolicy, feature_category: :authentication_and_authorizatio let(:current_user) { guest } it { is_expected.to be_disallowed(:metrics_dashboard) } - it { is_expected.to be_disallowed(:read_prometheus) } end context 'with anonymous' do let(:current_user) { anonymous } it { is_expected.to be_disallowed(:metrics_dashboard) } - it { is_expected.to be_disallowed(:read_prometheus) } end end @@ -1071,7 +1036,7 @@ RSpec.describe ProjectPolicy, feature_category: :authentication_and_authorizatio let(:current_user) { guest } it { is_expected.to be_allowed(:metrics_dashboard) } - it { is_expected.to be_disallowed(:read_prometheus) } + it { is_expected.to be_allowed(:read_prometheus) } it { is_expected.to be_allowed(:read_deployment) } it { is_expected.to be_allowed(:read_metrics_user_starred_dashboard) } it { is_expected.to be_allowed(:create_metrics_user_starred_dashboard) } @@ -1081,7 +1046,6 @@ RSpec.describe ProjectPolicy, feature_category: :authentication_and_authorizatio let(:current_user) { anonymous } it { is_expected.to be_disallowed(:metrics_dashboard) } - it { is_expected.to be_disallowed(:read_prometheus) } end end end @@ -1104,14 +1068,12 @@ RSpec.describe ProjectPolicy, feature_category: :authentication_and_authorizatio let(:current_user) { guest } it { is_expected.to be_disallowed(:metrics_dashboard) } - it { is_expected.to be_disallowed(:read_prometheus) } end context 'with anonymous' do let(:current_user) { anonymous } it { is_expected.to be_disallowed(:metrics_dashboard) } - it { is_expected.to be_disallowed(:read_prometheus) } end end @@ -1130,14 +1092,12 @@ RSpec.describe ProjectPolicy, feature_category: :authentication_and_authorizatio let(:current_user) { guest } it { is_expected.to be_disallowed(:metrics_dashboard) } - it { is_expected.to be_disallowed(:read_prometheus) } end context 'with anonymous' do let(:current_user) { anonymous } it { is_expected.to be_disallowed(:metrics_dashboard) } - it { is_expected.to be_disallowed(:read_prometheus) } end end end |