Add latest changes from gitlab-org/gitlab@13-5-stable-eev13.5.0-rc42

8 files changed, 238 insertions, 4 deletions

diff --git a/spec/controllers/admin/application_settings_controller_spec.rb b/spec/controllers/admin/application_settings_controller_spec.rb
index 4f223811be8..f71f859a704 100644
--- a/spec/controllers/admin/application_settings_controller_spec.rb
+++ b/spec/controllers/admin/application_settings_controller_spec.rb
@@ -15,6 +15,37 @@ RSpec.describe Admin::ApplicationSettingsController do
     stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
   end
 
+  describe 'GET #integrations' do
+    before do
+      sign_in(admin)
+    end
+
+    context 'when GitLab.com' do
+      before do
+        allow(::Gitlab).to receive(:com?) { true }
+      end
+
+      it 'returns 404' do
+        get :integrations
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+
+    context 'when not GitLab.com' do
+      before do
+        allow(::Gitlab).to receive(:com?) { false }
+      end
+
+      it 'renders correct template' do
+        get :integrations
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response).to render_template('admin/application_settings/integrations')
+      end
+    end
+  end
+
   describe 'GET #usage_data with no access' do
     before do
       stub_usage_data_connections
@@ -56,6 +87,13 @@ RSpec.describe Admin::ApplicationSettingsController do
       sign_in(admin)
     end
 
+    it 'updates the require_admin_approval_after_user_signup setting' do
+      put :update, params: { application_setting: { require_admin_approval_after_user_signup: true } }
+
+      expect(response).to redirect_to(general_admin_application_settings_path)
+      expect(ApplicationSetting.current.require_admin_approval_after_user_signup).to eq(true)
+    end
+
     it 'updates the password_authentication_enabled_for_git setting' do
       put :update, params: { application_setting: { password_authentication_enabled_for_git: "0" } }
 
diff --git a/spec/controllers/admin/clusters_controller_spec.rb b/spec/controllers/admin/clusters_controller_spec.rb
index d2a569a9d48..69bdc79c5f5 100644
--- a/spec/controllers/admin/clusters_controller_spec.rb
+++ b/spec/controllers/admin/clusters_controller_spec.rb
@@ -416,6 +416,7 @@ RSpec.describe Admin::ClustersController do
           expect(cluster).to be_user
           expect(cluster).to be_kubernetes
           expect(cluster).to be_platform_kubernetes_rbac
+          expect(cluster).to be_namespace_per_environment
         end
       end
     end
@@ -585,6 +586,7 @@ RSpec.describe Admin::ClustersController do
           enabled: false,
           name: 'my-new-cluster-name',
           managed: false,
+          namespace_per_environment: false,
           base_domain: domain
         }
       }
@@ -599,6 +601,7 @@ RSpec.describe Admin::ClustersController do
       expect(cluster.enabled).to be_falsey
       expect(cluster.name).to eq('my-new-cluster-name')
       expect(cluster).not_to be_managed
+      expect(cluster).not_to be_namespace_per_environment
       expect(cluster.domain).to eq('test-domain.com')
     end
 
@@ -624,6 +627,7 @@ RSpec.describe Admin::ClustersController do
                 enabled: false,
                 name: 'my-new-cluster-name',
                 managed: false,
+                namespace_per_environment: false,
                 domain: domain
               }
             }
@@ -637,6 +641,7 @@ RSpec.describe Admin::ClustersController do
             expect(cluster.enabled).to be_falsey
             expect(cluster.name).to eq('my-new-cluster-name')
             expect(cluster).not_to be_managed
+            expect(cluster).not_to be_namespace_per_environment
           end
         end
 
diff --git a/spec/controllers/admin/hooks_controller_spec.rb b/spec/controllers/admin/hooks_controller_spec.rb
index 8975f746dd7..17c4222530d 100644
--- a/spec/controllers/admin/hooks_controller_spec.rb
+++ b/spec/controllers/admin/hooks_controller_spec.rb
@@ -29,4 +29,12 @@ RSpec.describe Admin::HooksController do
       expect(SystemHook.first).to have_attributes(hook_params)
     end
   end
+
+  describe 'DELETE #destroy' do
+    let!(:hook) { create(:system_hook) }
+    let!(:log) { create(:web_hook_log, web_hook: hook) }
+    let(:params) { { id: hook } }
+
+    it_behaves_like 'Web hook destroyer'
+  end
 end
diff --git a/spec/controllers/admin/instance_review_controller_spec.rb b/spec/controllers/admin/instance_review_controller_spec.rb
new file mode 100644
index 00000000000..d15894eeb5d
--- /dev/null
+++ b/spec/controllers/admin/instance_review_controller_spec.rb
@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Admin::InstanceReviewController do
+  include UsageDataHelpers
+
+  let(:admin) { create(:admin) }
+  let(:subscriptions_url) { ::Gitlab::SubscriptionPortal::SUBSCRIPTIONS_URL }
+
+  before do
+    sign_in(admin)
+  end
+
+  context 'GET #index' do
+    let!(:group) { create(:group) }
+    let!(:projects) { create_list(:project, 2, group: group) }
+
+    subject { post :index }
+
+    context 'with usage ping enabled' do
+      before do
+        stub_application_setting(usage_ping_enabled: true)
+        stub_usage_data_connections
+        ::Gitlab::UsageData.data(force_refresh: true)
+        subject
+      end
+
+      it 'redirects to the customers app with correct params' do
+        params = { instance_review: {
+          email: admin.email,
+          last_name: admin.name,
+          version: ::Gitlab::VERSION,
+          users_count: 5,
+          projects_count: 2,
+          groups_count: 1,
+          issues_count: 0,
+          merge_requests_count: 0,
+          internal_pipelines_count: 0,
+          external_pipelines_count: 0,
+          labels_count: 0,
+          milestones_count: 0,
+          snippets_count: 0,
+          notes_count: 0
+        } }.to_query
+
+        expect(response).to redirect_to("#{subscriptions_url}/instance_review?#{params}")
+      end
+    end
+
+    context 'with usage ping disabled' do
+      before do
+        stub_application_setting(usage_ping_enabled: false)
+        subject
+      end
+
+      it 'redirects to the customers app with correct params' do
+        params = { instance_review: {
+          email: admin.email,
+          last_name: admin.name,
+          version: ::Gitlab::VERSION
+        } }.to_query
+
+        expect(response).to redirect_to("#{subscriptions_url}/instance_review?#{params}")
+      end
+    end
+  end
+end
diff --git a/spec/controllers/admin/integrations_controller_spec.rb b/spec/controllers/admin/integrations_controller_spec.rb
index 4b1806a43d2..1a13d016b73 100644
--- a/spec/controllers/admin/integrations_controller_spec.rb
+++ b/spec/controllers/admin/integrations_controller_spec.rb
@@ -20,6 +20,18 @@ RSpec.describe Admin::IntegrationsController do
         end
       end
     end
+
+    context 'when GitLab.com' do
+      before do
+        allow(::Gitlab).to receive(:com?) { true }
+      end
+
+      it 'returns 404' do
+        get :edit, params: { id: Service.available_services_names.sample }
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
   end
 
   describe '#update' do
@@ -43,7 +55,7 @@ RSpec.describe Admin::IntegrationsController do
       end
 
       it 'calls to PropagateIntegrationWorker' do
-        expect(PropagateIntegrationWorker).to have_received(:perform_async).with(integration.id, false)
+        expect(PropagateIntegrationWorker).to have_received(:perform_async).with(integration.id)
       end
     end
 
diff --git a/spec/controllers/admin/runners_controller_spec.rb b/spec/controllers/admin/runners_controller_spec.rb
index 013eee19409..3fffc50475c 100644
--- a/spec/controllers/admin/runners_controller_spec.rb
+++ b/spec/controllers/admin/runners_controller_spec.rb
@@ -151,4 +151,21 @@ RSpec.describe Admin::RunnersController do
       expect(runner.active).to eq(false)
     end
   end
+
+  describe 'GET #runner_setup_scripts' do
+    it 'renders the setup scripts' do
+      get :runner_setup_scripts, params: { os: 'linux', arch: 'amd64' }
+
+      expect(response).to have_gitlab_http_status(:ok)
+      expect(json_response).to have_key("install")
+      expect(json_response).to have_key("register")
+    end
+
+    it 'renders errors if they occur' do
+      get :runner_setup_scripts, params: { os: 'foo', arch: 'bar' }
+
+      expect(response).to have_gitlab_http_status(:bad_request)
+      expect(json_response).to have_key("errors")
+    end
+  end
 end
diff --git a/spec/controllers/admin/sessions_controller_spec.rb b/spec/controllers/admin/sessions_controller_spec.rb
index 35982e57034..5fa7a7f278d 100644
--- a/spec/controllers/admin/sessions_controller_spec.rb
+++ b/spec/controllers/admin/sessions_controller_spec.rb
@@ -109,7 +109,7 @@ RSpec.describe Admin::SessionsController, :do_not_mock_admin_mode do
         # triggering the auth form will request admin mode
         get :new
 
-        Timecop.freeze(Gitlab::Auth::CurrentUserMode::ADMIN_MODE_REQUESTED_GRACE_PERIOD.from_now) do
+        travel_to(Gitlab::Auth::CurrentUserMode::ADMIN_MODE_REQUESTED_GRACE_PERIOD.from_now) do
           post :create, params: { user: { password: user.password } }
 
           expect(response).to redirect_to(new_admin_session_path)
diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb
index 6301da74f4a..5312a0db7f5 100644
--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -23,6 +23,12 @@ RSpec.describe Admin::UsersController do
 
       expect(assigns(:users)).to eq([admin])
     end
+
+    it 'eager loads authorized projects association' do
+      get :index
+
+      expect(assigns(:users).first.association(:authorized_projects)).to be_loaded
+    end
   end
 
   describe 'GET :id' do
@@ -96,6 +102,58 @@ RSpec.describe Admin::UsersController do
     end
   end
 
+  describe 'PUT #approve' do
+    let(:user) { create(:user, :blocked_pending_approval) }
+
+    subject { put :approve, params: { id: user.username } }
+
+    context 'when feature is disabled' do
+      before do
+        stub_feature_flags(admin_approval_for_new_user_signups: false)
+      end
+
+      it 'responds with access denied' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+
+    context 'when feature is enabled' do
+      before do
+        stub_feature_flags(admin_approval_for_new_user_signups: true)
+      end
+
+      context 'when successful' do
+        it 'activates the user' do
+          subject
+
+          user.reload
+
+          expect(user).to be_active
+          expect(flash[:notice]).to eq('Successfully approved')
+        end
+      end
+
+      context 'when unsuccessful' do
+        let(:user) { create(:user, :blocked) }
+
+        it 'displays the error' do
+          subject
+
+          expect(flash[:alert]).to eq('The user you are trying to approve is not pending an approval')
+        end
+
+        it 'does not activate the user' do
+          subject
+
+          user.reload
+          expect(user).not_to be_active
+        end
+      end
+    end
+  end
+
   describe 'PUT #activate' do
     shared_examples 'a request that activates the user' do
       it 'activates the user' do
@@ -184,6 +242,17 @@ RSpec.describe Admin::UsersController do
         expect(flash[:notice]).to eq('Error occurred. A blocked user cannot be deactivated')
       end
     end
+
+    context 'for an internal user' do
+      it 'does not deactivate the user' do
+        internal_user = User.alert_bot
+
+        put :deactivate, params: { id: internal_user.username }
+
+        expect(internal_user.reload.deactivated?).to be_falsey
+        expect(flash[:notice]).to eq('Internal users cannot be deactivated')
+      end
+    end
   end
 
   describe 'PUT block/:id' do
@@ -321,7 +390,7 @@ RSpec.describe Admin::UsersController do
 
   describe 'POST update' do
     context 'when the password has changed' do
-      def update_password(user, password = User.random_password, password_confirmation = password)
+      def update_password(user, password = User.random_password, password_confirmation = password, format = :html)
         params = {
           id: user.to_param,
           user: {
@@ -330,7 +399,7 @@ RSpec.describe Admin::UsersController do
           }
         }
 
-        post :update, params: params
+        post :update, params: params, format: format
       end
 
       context 'when admin changes their own password' do
@@ -429,6 +498,23 @@ RSpec.describe Admin::UsersController do
             .not_to change { user.reload.encrypted_password }
         end
       end
+
+      context 'when the update fails' do
+        let(:password) { User.random_password }
+
+        before do
+          expect_next_instance_of(Users::UpdateService) do |service|
+            allow(service).to receive(:execute).and_return({ message: 'failed', status: :error })
+          end
+        end
+
+        it 'returns a 500 error' do
+          expect { update_password(admin, password, password, :json) }
+            .not_to change { admin.reload.password_expired? }
+
+          expect(response).to have_gitlab_http_status(:error)
+        end
+      end
     end
 
     context 'admin notes' do