Merge remote-tracking branch 'upstream/master' into 33149-rename-more-builds33149-rename-more-builds

* upstream/master: (460 commits)
  Center dropdown for pipeline's  mini graph
  Documentation bugfix of invalid JSON payload example of Create a commit with multiple files and actions
  Fix filename method of GitlabUploader to return always real filename
  Ignore CVE-2017-5029 in Nokogiri
  Refactor atom builder by using xml.atom layout
  Let PhantomJS load local images
  Add a changelog entry
  Only add a description change note when no tasks are updated
  Doc: Add the need to upgrade to Go 1.8.3 in the 9.1->9.2 documentation as the upgrade fails with Go 1.5 (installed with Gitlab 8.1)
  Use gitaly 0.11.2
  Add the ability to perform background migrations
  Always render warnings icon in orange
  Fix a few translation for zh_TW
  Improve Job detail view to make it refreshed in real-time instead of reloading
  Attempts to run RSpec tests twice (1 retry)
  ignore name validation on importing
  Only show hover state on links and buttons
  Use vue files for navigation tabs and buttons
  doc: add example of scheduler when
  Add test for u2f helper and changelog entry
  ...

18 files changed, 272 insertions, 91 deletions

diff --git a/spec/controllers/admin/groups_controller_spec.rb b/spec/controllers/admin/groups_controller_spec.rb
index c29b2fe8946..ddf38967dd7 100644
--- a/spec/controllers/admin/groups_controller_spec.rb
+++ b/spec/controllers/admin/groups_controller_spec.rb
@@ -36,6 +36,15 @@ describe Admin::GroupsController do
       expect(group.users).to include group_user
     end
 
+    it 'can add unlimited members' do
+      put :members_update, id: group,
+                           user_ids: 1.upto(1000).to_a.join(','),
+                           access_level: Gitlab::Access::GUEST
+
+      expect(response).to set_flash.to 'Users were successfully added.'
+      expect(response).to redirect_to(admin_group_path(group))
+    end
+
     it 'adds no user to members' do
       put :members_update, id: group,
                            user_ids: '',
diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb
index 2c9d1ffc9c2..4c3a5ec49ef 100644
--- a/spec/controllers/autocomplete_controller_spec.rb
+++ b/spec/controllers/autocomplete_controller_spec.rb
@@ -170,22 +170,32 @@ describe AutocompleteController do
     end
 
     context 'author of issuable included' do
-      before do
-        sign_in(user)
-      end
-
       let(:body) { JSON.parse(response.body) }
 
-      it 'includes the author' do
-        get(:users, author_id: non_member.id)
+      context 'authenticated' do
+        before do
+          sign_in(user)
+        end
+
+        it 'includes the author' do
+          get(:users, author_id: non_member.id)
+
+          expect(body.first["username"]).to eq non_member.username
+        end
+
+        it 'rejects non existent user ids' do
+          get(:users, author_id: 99999)
 
-        expect(body.first["username"]).to eq non_member.username
+          expect(body.collect { |u| u['id'] }).not_to include(99999)
+        end
       end
 
-      it 'rejects non existent user ids' do
-        get(:users, author_id: 99999)
+      context 'without authenticating' do
+        it 'returns empty result' do
+          get(:users, author_id: non_member.id)
 
-        expect(body.collect { |u| u['id'] }).not_to include(99999)
+          expect(body).to be_empty
+        end
       end
     end
 
diff --git a/spec/controllers/dashboard/milestones_controller_spec.rb b/spec/controllers/dashboard/milestones_controller_spec.rb
new file mode 100644
index 00000000000..424f39fd3b8
--- /dev/null
+++ b/spec/controllers/dashboard/milestones_controller_spec.rb
@@ -0,0 +1,38 @@
+require 'spec_helper'
+
+describe Dashboard::MilestonesController do
+  let(:project) { create(:empty_project) }
+  let(:user)    { create(:user) }
+  let(:project_milestone) { create(:milestone, project: project) }
+  let(:milestone) do
+    DashboardMilestone.build(
+      [project],
+      project_milestone.title
+    )
+  end
+  let(:issue) { create(:issue, project: project, milestone: project_milestone) }
+  let!(:label) { create(:label, project: project, title: 'Issue Label', issues: [issue]) }
+  let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, milestone: project_milestone) }
+  let(:milestone_path) { dashboard_milestone_path(milestone.safe_title, title: milestone.title) }
+
+  before do
+    sign_in(user)
+    project.team << [user, :master]
+  end
+
+  it_behaves_like 'milestone tabs'
+
+  describe "#show" do
+    render_views
+
+    def view_milestone
+      get :show, id: milestone.safe_title, title: milestone.title
+    end
+
+    it 'shows milestone page' do
+      view_milestone
+
+      expect(response).to have_http_status(200)
+    end
+  end
+end
diff --git a/spec/controllers/groups/group_members_controller_spec.rb b/spec/controllers/groups/group_members_controller_spec.rb
index 60db0192dfd..ed4ad7b600e 100644
--- a/spec/controllers/groups/group_members_controller_spec.rb
+++ b/spec/controllers/groups/group_members_controller_spec.rb
@@ -124,6 +124,13 @@ describe Groups::GroupMembersController do
           expect(response).to redirect_to(dashboard_groups_path)
           expect(group.users).not_to include user
         end
+
+        it 'supports json request' do
+          delete :leave, group_id: group, format: :json
+
+          expect(response).to have_http_status(200)
+          expect(json_response['notice']).to eq "You left the \"#{group.name}\" group."
+        end
       end
 
       context 'and is an owner' do
diff --git a/spec/controllers/health_controller_spec.rb b/spec/controllers/health_controller_spec.rb
index b8b6e0c3a88..e7c19b47a6a 100644
--- a/spec/controllers/health_controller_spec.rb
+++ b/spec/controllers/health_controller_spec.rb
@@ -54,43 +54,4 @@ describe HealthController do
       end
     end
   end
-
-  describe '#metrics' do
-    context 'authorization token provided' do
-      before do
-        request.headers['TOKEN'] = token
-      end
-
-      it 'returns DB ping metrics' do
-        get :metrics
-        expect(response.body).to match(/^db_ping_timeout 0$/)
-        expect(response.body).to match(/^db_ping_success 1$/)
-        expect(response.body).to match(/^db_ping_latency [0-9\.]+$/)
-      end
-
-      it 'returns Redis ping metrics' do
-        get :metrics
-        expect(response.body).to match(/^redis_ping_timeout 0$/)
-        expect(response.body).to match(/^redis_ping_success 1$/)
-        expect(response.body).to match(/^redis_ping_latency [0-9\.]+$/)
-      end
-
-      it 'returns file system check metrics' do
-        get :metrics
-        expect(response.body).to match(/^filesystem_access_latency{shard="default"} [0-9\.]+$/)
-        expect(response.body).to match(/^filesystem_accessible{shard="default"} 1$/)
-        expect(response.body).to match(/^filesystem_write_latency{shard="default"} [0-9\.]+$/)
-        expect(response.body).to match(/^filesystem_writable{shard="default"} 1$/)
-        expect(response.body).to match(/^filesystem_read_latency{shard="default"} [0-9\.]+$/)
-        expect(response.body).to match(/^filesystem_readable{shard="default"} 1$/)
-      end
-    end
-
-    context 'without authorization token' do
-      it 'returns proper response' do
-        get :metrics
-        expect(response.status).to eq(404)
-      end
-    end
-  end
 end
diff --git a/spec/controllers/metrics_controller_spec.rb b/spec/controllers/metrics_controller_spec.rb
new file mode 100644
index 00000000000..044c9f179ed
--- /dev/null
+++ b/spec/controllers/metrics_controller_spec.rb
@@ -0,0 +1,70 @@
+require 'spec_helper'
+
+describe MetricsController do
+  include StubENV
+
+  let(:token) { current_application_settings.health_check_access_token }
+  let(:json_response) { JSON.parse(response.body) }
+  let(:metrics_multiproc_dir) { Dir.mktmpdir }
+
+  before do
+    stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
+    stub_env('prometheus_multiproc_dir', metrics_multiproc_dir)
+    allow(Gitlab::Metrics).to receive(:prometheus_metrics_enabled?).and_return(true)
+  end
+
+  describe '#index' do
+    context 'authorization token provided' do
+      before do
+        request.headers['TOKEN'] = token
+      end
+
+      it 'returns DB ping metrics' do
+        get :index
+
+        expect(response.body).to match(/^db_ping_timeout 0$/)
+        expect(response.body).to match(/^db_ping_success 1$/)
+        expect(response.body).to match(/^db_ping_latency [0-9\.]+$/)
+      end
+
+      it 'returns Redis ping metrics' do
+        get :index
+
+        expect(response.body).to match(/^redis_ping_timeout 0$/)
+        expect(response.body).to match(/^redis_ping_success 1$/)
+        expect(response.body).to match(/^redis_ping_latency [0-9\.]+$/)
+      end
+
+      it 'returns file system check metrics' do
+        get :index
+
+        expect(response.body).to match(/^filesystem_access_latency{shard="default"} [0-9\.]+$/)
+        expect(response.body).to match(/^filesystem_accessible{shard="default"} 1$/)
+        expect(response.body).to match(/^filesystem_write_latency{shard="default"} [0-9\.]+$/)
+        expect(response.body).to match(/^filesystem_writable{shard="default"} 1$/)
+        expect(response.body).to match(/^filesystem_read_latency{shard="default"} [0-9\.]+$/)
+        expect(response.body).to match(/^filesystem_readable{shard="default"} 1$/)
+      end
+
+      context 'prometheus metrics are disabled' do
+        before do
+          allow(Gitlab::Metrics).to receive(:prometheus_metrics_enabled?).and_return(false)
+        end
+
+        it 'returns proper response' do
+          get :index
+
+          expect(response.status).to eq(404)
+        end
+      end
+    end
+
+    context 'without authorization token' do
+      it 'returns proper response' do
+        get :index
+
+        expect(response.status).to eq(404)
+      end
+    end
+  end
+end
diff --git a/spec/controllers/profiles_controller_spec.rb b/spec/controllers/profiles_controller_spec.rb
new file mode 100644
index 00000000000..9d60dab12d1
--- /dev/null
+++ b/spec/controllers/profiles_controller_spec.rb
@@ -0,0 +1,31 @@
+require('spec_helper')
+
+describe ProfilesController do
+  describe "PUT update" do
+    it "allows an email update from a user without an external email address" do
+      user = create(:user)
+      sign_in(user)
+
+      put :update,
+          user: { email: "john@gmail.com", name: "John" }
+
+      user.reload
+
+      expect(response.status).to eq(302)
+      expect(user.unconfirmed_email).to eq('john@gmail.com')
+    end
+
+    it "ignores an email update from a user with an external email address" do
+      ldap_user = create(:omniauth_user, external_email: true)
+      sign_in(ldap_user)
+
+      put :update,
+          user: { email: "john@gmail.com", name: "John" }
+
+      ldap_user.reload
+
+      expect(response.status).to eq(302)
+      expect(ldap_user.unconfirmed_email).not_to eq('john@gmail.com')
+    end
+  end
+end
diff --git a/spec/controllers/projects/boards/lists_controller_spec.rb b/spec/controllers/projects/boards/lists_controller_spec.rb
index 432f3c53c90..0f2664262e8 100644
--- a/spec/controllers/projects/boards/lists_controller_spec.rb
+++ b/spec/controllers/projects/boards/lists_controller_spec.rb
@@ -27,7 +27,7 @@ describe Projects::Boards::ListsController do
       parsed_response = JSON.parse(response.body)
 
       expect(response).to match_response_schema('lists')
-      expect(parsed_response.length).to eq 2
+      expect(parsed_response.length).to eq 3
     end
 
     context 'with unauthorized user' do
diff --git a/spec/controllers/projects/branches_controller_spec.rb b/spec/controllers/projects/branches_controller_spec.rb
index f285e5333d6..f9e21f9d8f6 100644
--- a/spec/controllers/projects/branches_controller_spec.rb
+++ b/spec/controllers/projects/branches_controller_spec.rb
@@ -367,19 +367,5 @@ describe Projects::BranchesController do
         expect(parsed_response.first).to eq 'master'
       end
     end
-
-    context 'show_all = true' do
-      it 'returns all the branches name' do
-        get :index,
-            namespace_id: project.namespace,
-            project_id: project,
-            format: :json,
-            show_all: true
-
-        parsed_response = JSON.parse(response.body)
-
-        expect(parsed_response.length).to eq(project.repository.branches.count)
-      end
-    end
   end
 end
diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb
index a38ae2eb990..b65e9e0dfc0 100644
--- a/spec/controllers/projects/issues_controller_spec.rb
+++ b/spec/controllers/projects/issues_controller_spec.rb
@@ -260,6 +260,7 @@ describe Projects::IssuesController do
             before { allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(false) }
 
             it 'rejects an issue recognized as a spam' do
+              expect(Gitlab::Recaptcha).to receive(:load_configurations!).and_return(true)
               expect { update_spam_issue }.not_to change{ issue.reload.title }
             end
 
diff --git a/spec/controllers/projects/jobs_controller_spec.rb b/spec/controllers/projects/jobs_controller_spec.rb
index 519232770a2..472e5fc51a0 100644
--- a/spec/controllers/projects/jobs_controller_spec.rb
+++ b/spec/controllers/projects/jobs_controller_spec.rb
@@ -69,18 +69,11 @@ describe Projects::JobsController do
         Ci::Build::AVAILABLE_STATUSES.each do |status|
           create_job(status, status)
         end
-
-        RequestStore.begin!
-      end
-
-      after do
-        RequestStore.end!
-        RequestStore.clear!
       end
 
-      it "verifies number of queries" do
+      it 'verifies number of queries', :request_store do
         recorded = ActiveRecord::QueryRecorder.new { get_index }
-        expect(recorded.count).to be_within(5).of(8)
+        expect(recorded.count).to be_within(5).of(7)
       end
 
       def create_job(name, status)
diff --git a/spec/controllers/projects/labels_controller_spec.rb b/spec/controllers/projects/labels_controller_spec.rb
index 130b0b744b5..bf1776eb320 100644
--- a/spec/controllers/projects/labels_controller_spec.rb
+++ b/spec/controllers/projects/labels_controller_spec.rb
@@ -117,7 +117,7 @@ describe Projects::LabelsController do
     let!(:promoted_label_name) { "Promoted Label" }
     let!(:label_1) { create(:label, title: promoted_label_name, project: project) }
 
-    context 'not group owner' do
+    context 'not group reporters' do
       it 'denies access' do
         post :promote, namespace_id: project.namespace.to_param, project_id: project, id: label_1.to_param
 
@@ -125,9 +125,9 @@ describe Projects::LabelsController do
       end
     end
 
-    context 'group owner' do
+    context 'group reporter' do
       before do
-        GroupMember.add_users(group, [user], :owner)
+        group.add_reporter(user)
       end
 
       it 'gives access' do
diff --git a/spec/controllers/projects/merge_requests_controller_spec.rb b/spec/controllers/projects/merge_requests_controller_spec.rb
index a25db7a65fb..6e1c91738db 100644
--- a/spec/controllers/projects/merge_requests_controller_spec.rb
+++ b/spec/controllers/projects/merge_requests_controller_spec.rb
@@ -119,14 +119,14 @@ describe Projects::MergeRequestsController do
         end
       end
 
-      context 'number of queries' do
+      context 'number of queries', :request_store do
         it 'verifies number of queries' do
           # pre-create objects
           merge_request
 
           recorded = ActiveRecord::QueryRecorder.new { go(format: :json) }
 
-          expect(recorded.count).to be_within(5).of(59)
+          expect(recorded.count).to be_within(5).of(30)
           expect(recorded.cached_count).to eq(0)
         end
       end
diff --git a/spec/controllers/projects/pipelines_controller_spec.rb b/spec/controllers/projects/pipelines_controller_spec.rb
index c880da1e36a..954f89e3854 100644
--- a/spec/controllers/projects/pipelines_controller_spec.rb
+++ b/spec/controllers/projects/pipelines_controller_spec.rb
@@ -49,21 +49,14 @@ describe Projects::PipelinesController do
       expect(json_response['details']).to have_key 'stages'
     end
 
-    context 'when the pipeline has multiple stages and groups' do
+    context 'when the pipeline has multiple stages and groups', :request_store do
       before do
-        RequestStore.begin!
-
         create_build('build', 0, 'build')
         create_build('test', 1, 'rspec 0')
         create_build('deploy', 2, 'production')
         create_build('post deploy', 3, 'pages 0')
       end
 
-      after do
-        RequestStore.end!
-        RequestStore.clear!
-      end
-
       let(:project) { create(:project) }
       let(:pipeline) do
         create(:ci_empty_pipeline, project: project, user: user, sha: project.commit.id)
diff --git a/spec/controllers/projects/project_members_controller_spec.rb b/spec/controllers/projects/project_members_controller_spec.rb
index a4b4392d7cc..2294d5df581 100644
--- a/spec/controllers/projects/project_members_controller_spec.rb
+++ b/spec/controllers/projects/project_members_controller_spec.rb
@@ -36,7 +36,7 @@ describe Projects::ProjectMembersController do
       before { project.team << [user, :master] }
 
       it 'adds user to members' do
-        expect_any_instance_of(Members::CreateService).to receive(:execute).and_return(true)
+        expect_any_instance_of(Members::CreateService).to receive(:execute).and_return(status: :success)
 
         post :create, namespace_id: project.namespace,
                       project_id: project,
@@ -48,14 +48,14 @@ describe Projects::ProjectMembersController do
       end
 
       it 'adds no user to members' do
-        expect_any_instance_of(Members::CreateService).to receive(:execute).and_return(false)
+        expect_any_instance_of(Members::CreateService).to receive(:execute).and_return(status: :failure, message: 'Message')
 
         post :create, namespace_id: project.namespace,
                       project_id: project,
                       user_ids: '',
                       access_level: Gitlab::Access::GUEST
 
-        expect(response).to set_flash.to 'No users specified.'
+        expect(response).to set_flash.to 'Message'
         expect(response).to redirect_to(namespace_project_settings_members_path(project.namespace, project))
       end
     end
diff --git a/spec/controllers/projects/snippets_controller_spec.rb b/spec/controllers/projects/snippets_controller_spec.rb
index 24a59caff4e..8c23c46798e 100644
--- a/spec/controllers/projects/snippets_controller_spec.rb
+++ b/spec/controllers/projects/snippets_controller_spec.rb
@@ -78,8 +78,18 @@ describe Projects::SnippetsController do
       post :create, {
         namespace_id: project.namespace.to_param,
         project_id: project,
-        project_snippet: { title: 'Title', content: 'Content' }.merge(snippet_params)
+        project_snippet: { title: 'Title', content: 'Content', description: 'Description' }.merge(snippet_params)
       }.merge(additional_params)
+
+      Snippet.last
+    end
+
+    it 'creates the snippet correctly' do
+      snippet = create_snippet(project, visibility_level: Snippet::PRIVATE)
+
+      expect(snippet.title).to eq('Title')
+      expect(snippet.content).to eq('Content')
+      expect(snippet.description).to eq('Description')
     end
 
     context 'when the snippet is spam' do
diff --git a/spec/controllers/snippets_controller_spec.rb b/spec/controllers/snippets_controller_spec.rb
index 930415a4778..9073c39f562 100644
--- a/spec/controllers/snippets_controller_spec.rb
+++ b/spec/controllers/snippets_controller_spec.rb
@@ -171,12 +171,50 @@ describe SnippetsController do
       sign_in(user)
 
       post :create, {
-        personal_snippet: { title: 'Title', content: 'Content' }.merge(snippet_params)
+        personal_snippet: { title: 'Title', content: 'Content', description: 'Description' }.merge(snippet_params)
       }.merge(additional_params)
 
       Snippet.last
     end
 
+    it 'creates the snippet correctly' do
+      snippet = create_snippet(visibility_level: Snippet::PRIVATE)
+
+      expect(snippet.title).to eq('Title')
+      expect(snippet.content).to eq('Content')
+      expect(snippet.description).to eq('Description')
+    end
+
+    context 'when the snippet description contains a file' do
+      let(:picture_file) { '/temp/secret56/picture.jpg' }
+      let(:text_file) { '/temp/secret78/text.txt' }
+      let(:description) do
+        "Description with picture: ![picture](/uploads#{picture_file}) and "\
+        "text: [text.txt](/uploads#{text_file})"
+      end
+
+      before do
+        allow(FileUtils).to receive(:mkdir_p)
+        allow(FileUtils).to receive(:move)
+      end
+
+      subject { create_snippet({ description: description }, { files: [picture_file, text_file] }) }
+
+      it 'creates the snippet' do
+        expect { subject }.to change { Snippet.count }.by(1)
+      end
+
+      it 'stores the snippet description correctly' do
+        snippet = subject
+
+        expected_description = "Description with picture: "\
+          "![picture](/uploads/personal_snippet/#{snippet.id}/secret56/picture.jpg) and "\
+          "text: [text.txt](/uploads/personal_snippet/#{snippet.id}/secret78/text.txt)"
+
+        expect(snippet.description).to eq(expected_description)
+      end
+    end
+
     context 'when the snippet is spam' do
       before do
         allow_any_instance_of(AkismetService).to receive(:is_spam?).and_return(true)
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index 8000c9dec61..01a0659479b 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -92,6 +92,40 @@ describe UploadsController do
           end
         end
       end
+
+      context 'temporal with valid image' do
+        subject do
+          post :create, model: 'personal_snippet', file: jpg, format: :json
+        end
+
+        it 'returns a content with original filename, new link, and correct type.' do
+          subject
+
+          expect(response.body).to match '\"alt\":\"rails_sample\"'
+          expect(response.body).to match "\"url\":\"/uploads/temp"
+        end
+
+        it 'does not create an Upload record' do
+          expect { subject }.not_to change { Upload.count }
+        end
+      end
+
+      context 'temporal with valid non-image file' do
+        subject do
+          post :create, model: 'personal_snippet', file: txt, format: :json
+        end
+
+        it 'returns a content with original filename, new link, and correct type.' do
+          subject
+
+          expect(response.body).to match '\"alt\":\"doc_sample.txt\"'
+          expect(response.body).to match "\"url\":\"/uploads/temp"
+        end
+
+        it 'does not create an Upload record' do
+          expect { subject }.not_to change { Upload.count }
+        end
+      end
     end
   end