Merge commit '3a2b60f7' from 'master'

* commit '3a2b60f7a0109cdb84e8727a2625318a746e84dc': (151 commits)
  Fixed Karma spec
  Reject EE reserved namespace paths in CE as well
  Updated webpack config
  Include the bundler:audit job into the static-analysis job
  Document serializers
  Add artifact file page that uses the blob viewer
  Pipeline table mini graph dropdown remains open when table is refreshed
  Adds off for event hub
  Compile gitlab-shell go executables
  Allow to create new branch and empty WIP merge request from issue page
  Moved to a view spec
  Improving copy of CONTRIBUTING.md, PROCESS.md, and code_review.md
  Convert seconds to minutes and hours on chat notifations
  Disable navigation to Pages config if Pages is disabled
  Sort the network graph both by commit date and topographically.
  Add tooltips to note action buttons
  Add breadcrumb, build header and pipelines submenu to artifacts browser
  Update todos screenshots
  removes the possibility of commit messages having carriage returns
  Handle incoming emails from aliases correctly
  ...

9 files changed, 521 insertions, 12 deletions

diff --git a/spec/controllers/groups/milestones_controller_spec.rb b/spec/controllers/groups/milestones_controller_spec.rb
index 6e4b5f78e33..7cf2996ffd0 100644
--- a/spec/controllers/groups/milestones_controller_spec.rb
+++ b/spec/controllers/groups/milestones_controller_spec.rb
@@ -6,6 +6,16 @@ describe Groups::MilestonesController do
   let(:project2) { create(:empty_project, group: group) }
   let(:user)    { create(:user) }
   let(:title) { '肯定不是中文的问题' }
+  let(:milestone) do
+    project_milestone = create(:milestone, project: project)
+
+    GroupMilestone.build(
+      group,
+      [project],
+      project_milestone.title
+    )
+  end
+  let(:milestone_path) { group_milestone_path(group, milestone.safe_title, title: milestone.title) }
 
   before do
     sign_in(user)
@@ -14,6 +24,8 @@ describe Groups::MilestonesController do
     controller.instance_variable_set(:@group, group)
   end
 
+  it_behaves_like 'milestone tabs'
+
   describe "#create" do
     it "creates group milestone with Chinese title" do
       post :create,
diff --git a/spec/controllers/projects/artifacts_controller_spec.rb b/spec/controllers/projects/artifacts_controller_spec.rb
new file mode 100644
index 00000000000..eff9fab8da2
--- /dev/null
+++ b/spec/controllers/projects/artifacts_controller_spec.rb
@@ -0,0 +1,188 @@
+require 'spec_helper'
+
+describe Projects::ArtifactsController do
+  let(:user) { create(:user) }
+  let(:project) { create(:project, :repository) }
+
+  let(:pipeline) do
+    create(:ci_pipeline,
+            project: project,
+            sha: project.commit.sha,
+            ref: project.default_branch,
+            status: 'success')
+  end
+
+  let(:build) { create(:ci_build, :success, :artifacts, pipeline: pipeline) }
+
+  before do
+    project.team << [user, :developer]
+
+    sign_in(user)
+  end
+
+  describe 'GET download' do
+    it 'sends the artifacts file' do
+      expect(controller).to receive(:send_file).with(build.artifacts_file.path, disposition: 'attachment').and_call_original
+
+      get :download, namespace_id: project.namespace, project_id: project, build_id: build
+    end
+  end
+
+  describe 'GET browse' do
+    context 'when the directory exists' do
+      it 'renders the browse view' do
+        get :browse, namespace_id: project.namespace, project_id: project, build_id: build, path: 'other_artifacts_0.1.2'
+
+        expect(response).to render_template('projects/artifacts/browse')
+      end
+    end
+
+    context 'when the directory does not exist' do
+      it 'responds Not Found' do
+        get :browse, namespace_id: project.namespace, project_id: project, build_id: build, path: 'unknown'
+
+        expect(response).to be_not_found
+      end
+    end
+  end
+
+  describe 'GET file' do
+    context 'when the file exists' do
+      it 'renders the file view' do
+        get :file, namespace_id: project.namespace, project_id: project, build_id: build, path: 'ci_artifacts.txt'
+
+        expect(response).to render_template('projects/artifacts/file')
+      end
+    end
+
+    context 'when the file does not exist' do
+      it 'responds Not Found' do
+        get :file, namespace_id: project.namespace, project_id: project, build_id: build, path: 'unknown'
+
+        expect(response).to be_not_found
+      end
+    end
+  end
+
+  describe 'GET raw' do
+    context 'when the file exists' do
+      it 'serves the file using workhorse' do
+        get :raw, namespace_id: project.namespace, project_id: project, build_id: build, path: 'ci_artifacts.txt'
+
+        send_data = response.headers[Gitlab::Workhorse::SEND_DATA_HEADER]
+
+        expect(send_data).to start_with('artifacts-entry:')
+
+        base64_params = send_data.sub(/\Aartifacts\-entry:/, '')
+        params = JSON.parse(Base64.urlsafe_decode64(base64_params))
+
+        expect(params.keys).to eq(%w(Archive Entry))
+        expect(params['Archive']).to end_with('build_artifacts.zip')
+        expect(params['Entry']).to eq(Base64.encode64('ci_artifacts.txt'))
+      end
+    end
+
+    context 'when the file does not exist' do
+      it 'responds Not Found' do
+        get :raw, namespace_id: project.namespace, project_id: project, build_id: build, path: 'unknown'
+
+        expect(response).to be_not_found
+      end
+    end
+  end
+
+  describe 'GET latest_succeeded' do
+    def params_from_ref(ref = pipeline.ref, job = build.name, path = 'browse')
+      {
+        namespace_id: project.namespace,
+        project_id: project,
+        ref_name_and_path: File.join(ref, path),
+        job: job
+      }
+    end
+
+    context 'cannot find the build' do
+      shared_examples 'not found' do
+        it { expect(response).to have_http_status(:not_found) }
+      end
+
+      context 'has no such ref' do
+        before do
+          get :latest_succeeded, params_from_ref('TAIL', build.name)
+        end
+
+        it_behaves_like 'not found'
+      end
+
+      context 'has no such build' do
+        before do
+          get :latest_succeeded, params_from_ref(pipeline.ref, 'NOBUILD')
+        end
+
+        it_behaves_like 'not found'
+      end
+
+      context 'has no path' do
+        before do
+          get :latest_succeeded, params_from_ref(pipeline.sha, build.name, '')
+        end
+
+        it_behaves_like 'not found'
+      end
+    end
+
+    context 'found the build and redirect' do
+      shared_examples 'redirect to the build' do
+        it 'redirects' do
+          path = browse_namespace_project_build_artifacts_path(
+            project.namespace,
+            project,
+            build)
+
+          expect(response).to redirect_to(path)
+        end
+      end
+
+      context 'with regular branch' do
+        before do
+          pipeline.update(ref: 'master',
+                          sha: project.commit('master').sha)
+
+          get :latest_succeeded, params_from_ref('master')
+        end
+
+        it_behaves_like 'redirect to the build'
+      end
+
+      context 'with branch name containing slash' do
+        before do
+          pipeline.update(ref: 'improve/awesome',
+                          sha: project.commit('improve/awesome').sha)
+
+          get :latest_succeeded, params_from_ref('improve/awesome')
+        end
+
+        it_behaves_like 'redirect to the build'
+      end
+
+      context 'with branch name and path containing slashes' do
+        before do
+          pipeline.update(ref: 'improve/awesome',
+                          sha: project.commit('improve/awesome').sha)
+
+          get :latest_succeeded, params_from_ref('improve/awesome', build.name, 'file/README.md')
+        end
+
+        it 'redirects' do
+          path = file_namespace_project_build_artifacts_path(
+            project.namespace,
+            project,
+            build,
+            'README.md')
+
+          expect(response).to redirect_to(path)
+        end
+      end
+    end
+  end
+end
diff --git a/spec/controllers/projects/branches_controller_spec.rb b/spec/controllers/projects/branches_controller_spec.rb
index d20e7368086..8f915d9d210 100644
--- a/spec/controllers/projects/branches_controller_spec.rb
+++ b/spec/controllers/projects/branches_controller_spec.rb
@@ -14,7 +14,7 @@ describe Projects::BranchesController do
     controller.instance_variable_set(:@project, project)
   end
 
-  describe "POST create" do
+  describe "POST create with HTML format" do
     render_views
 
     context "on creation of a new branch" do
@@ -152,6 +152,42 @@ describe Projects::BranchesController do
     end
   end
 
+  describe 'POST create with JSON format' do
+    before do
+      sign_in(user)
+    end
+
+    context 'with valid params' do
+      it 'returns a successful 200 response' do
+        create_branch name: 'my-branch', ref: 'master'
+
+        expect(response).to have_http_status(200)
+      end
+
+      it 'returns the created branch' do
+        create_branch name: 'my-branch', ref: 'master'
+
+        expect(response).to match_response_schema('branch')
+      end
+    end
+
+    context 'with invalid params' do
+      it 'returns an unprocessable entity 422 response' do
+        create_branch name: "<script>alert('merge');</script>", ref: "<script>alert('ref');</script>"
+
+        expect(response).to have_http_status(422)
+      end
+    end
+
+    def create_branch(name:, ref:)
+      post :create, namespace_id: project.namespace.to_param,
+                    project_id: project.to_param,
+                    branch_name: name,
+                    ref: ref,
+                    format: :json
+    end
+  end
+
   describe "POST destroy with HTML format" do
     render_views
 
diff --git a/spec/controllers/projects/deploy_keys_controller_spec.rb b/spec/controllers/projects/deploy_keys_controller_spec.rb
new file mode 100644
index 00000000000..efe1a78415b
--- /dev/null
+++ b/spec/controllers/projects/deploy_keys_controller_spec.rb
@@ -0,0 +1,66 @@
+require 'spec_helper'
+
+describe Projects::DeployKeysController do
+  let(:project) { create(:project, :repository) }
+  let(:user) { create(:user) }
+
+  before do
+    project.team << [user, :master]
+
+    sign_in(user)
+  end
+
+  describe 'GET index' do
+    let(:params) do
+      { namespace_id: project.namespace, project_id: project }
+    end
+
+    context 'when html requested' do
+      it 'redirects to blob' do
+        get :index, params
+
+        expect(response).to redirect_to(namespace_project_settings_repository_path(params))
+      end
+    end
+
+    context 'when json requested' do
+      let(:project2) { create(:empty_project, :internal)}
+      let(:project_private) { create(:empty_project, :private)}
+
+      let(:deploy_key_internal) do
+        create(:deploy_key, key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCdMHEHyhRjbhEZVddFn6lTWdgEy5Q6Bz4nwGB76xWZI5YT/1WJOMEW+sL5zYd31kk7sd3FJ5L9ft8zWMWrr/iWXQikC2cqZK24H1xy+ZUmrRuJD4qGAaIVoyyzBL+avL+lF8J5lg6YSw8gwJY/lX64/vnJHUlWw2n5BF8IFOWhiw== dummy@gitlab.com')
+      end
+      let(:deploy_key_actual) do
+        create(:deploy_key, key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDNd/UJWhPrpb+b/G5oL109y57yKuCxE+WUGJGYaj7WQKsYRJmLYh1mgjrl+KVyfsWpq4ylOxIfFSnN9xBBFN8mlb0Fma5DC7YsSsibJr3MZ19ZNBprwNcdogET7aW9I0In7Wu5f2KqI6e5W/spJHCy4JVxzVMUvk6Myab0LnJ2iQ== dummy@gitlab.com')
+      end
+      let!(:deploy_key_public) { create(:deploy_key, public: true) }
+
+      let!(:deploy_keys_project_internal) do
+        create(:deploy_keys_project, project: project2, deploy_key: deploy_key_internal)
+      end
+
+      let!(:deploy_keys_actual_project) do
+        create(:deploy_keys_project, project: project, deploy_key: deploy_key_actual)
+      end
+
+      let!(:deploy_keys_project_private) do
+        create(:deploy_keys_project, project: project_private, deploy_key: create(:another_deploy_key))
+      end
+
+      before do
+        project2.team << [user, :developer]
+      end
+
+      it 'returns json in a correct format' do
+        get :index, params.merge(format: :json)
+
+        json = JSON.parse(response.body)
+
+        expect(json.keys).to match_array(%w(enabled_keys available_project_keys public_keys))
+        expect(json['enabled_keys'].count).to eq(1)
+        expect(json['available_project_keys'].count).to eq(1)
+        expect(json['public_keys'].count).to eq(1)
+      end
+    end
+  end
+end
diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb
index 79034b8d24d..5f1f892821a 100644
--- a/spec/controllers/projects/issues_controller_spec.rb
+++ b/spec/controllers/projects/issues_controller_spec.rb
@@ -756,4 +756,28 @@ describe Projects::IssuesController do
       expect(response).to have_http_status(200)
     end
   end
+
+  describe 'POST create_merge_request' do
+    before do
+      project.add_developer(user)
+      sign_in(user)
+    end
+
+    it 'creates a new merge request' do
+      expect { create_merge_request }.to change(project.merge_requests, :count).by(1)
+    end
+
+    it 'render merge request as json' do
+      create_merge_request
+
+      expect(response).to match_response_schema('merge_request')
+    end
+
+    def create_merge_request
+      post :create_merge_request, namespace_id: project.namespace.to_param,
+                                  project_id: project.to_param,
+                                  id: issue.to_param,
+                                  format: :json
+    end
+  end
 end
diff --git a/spec/controllers/projects/milestones_controller_spec.rb b/spec/controllers/projects/milestones_controller_spec.rb
index 47e61c3cea8..84a61b2784e 100644
--- a/spec/controllers/projects/milestones_controller_spec.rb
+++ b/spec/controllers/projects/milestones_controller_spec.rb
@@ -7,6 +7,7 @@ describe Projects::MilestonesController do
   let(:issue) { create(:issue, project: project, milestone: milestone) }
   let!(:label) { create(:label, project: project, title: 'Issue Label', issues: [issue]) }
   let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, milestone: milestone) }
+  let(:milestone_path) { namespace_project_milestone_path }
 
   before do
     sign_in(user)
@@ -14,6 +15,8 @@ describe Projects::MilestonesController do
     controller.instance_variable_set(:@project, project)
   end
 
+  it_behaves_like 'milestone tabs'
+
   describe "#show" do
     render_views
 
diff --git a/spec/controllers/projects/pages_controller_spec.rb b/spec/controllers/projects/pages_controller_spec.rb
new file mode 100644
index 00000000000..df35d8e86b9
--- /dev/null
+++ b/spec/controllers/projects/pages_controller_spec.rb
@@ -0,0 +1,57 @@
+require 'spec_helper'
+
+describe Projects::PagesController do
+  let(:user) { create(:user) }
+  let(:project) { create(:empty_project, :public, :access_requestable) }
+
+  let(:request_params) do
+    {
+      namespace_id: project.namespace,
+      project_id: project
+    }
+  end
+
+  before do
+    allow(Gitlab.config.pages).to receive(:enabled).and_return(true)
+    sign_in(user)
+    project.add_master(user)
+  end
+
+  describe 'GET show' do
+    it 'returns 200 status' do
+      get :show, request_params
+
+      expect(response).to have_http_status(200)
+    end
+  end
+
+  describe 'DELETE destroy' do
+    it 'returns 302 status' do
+      delete :destroy, request_params
+
+      expect(response).to have_http_status(302)
+    end
+  end
+
+  context 'pages disabled' do
+    before do
+      allow(Gitlab.config.pages).to receive(:enabled).and_return(false)
+    end
+
+    describe 'GET show' do
+      it 'returns 404 status' do
+        get :show, request_params
+
+        expect(response).to have_http_status(404)
+      end
+    end
+
+    describe 'DELETE destroy' do
+      it 'returns 404 status' do
+        delete :destroy, request_params
+
+        expect(response).to have_http_status(404)
+      end
+    end
+  end
+end
diff --git a/spec/controllers/projects/pages_domains_controller_spec.rb b/spec/controllers/projects/pages_domains_controller_spec.rb
index 2362df895a8..33853c4b9d0 100644
--- a/spec/controllers/projects/pages_domains_controller_spec.rb
+++ b/spec/controllers/projects/pages_domains_controller_spec.rb
@@ -1,8 +1,9 @@
 require 'spec_helper'
 
 describe Projects::PagesDomainsController do
-  let(:user)    { create(:user) }
-  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+  let(:project) { create(:empty_project) }
+  let!(:pages_domain) { create(:pages_domain, project: project) }
 
   let(:request_params) do
     {
@@ -11,14 +12,17 @@ describe Projects::PagesDomainsController do
     }
   end
 
+  let(:pages_domain_params) do
+    build(:pages_domain, :with_certificate, :with_key, domain: 'my.otherdomain.com').slice(:key, :certificate, :domain)
+  end
+
   before do
+    allow(Gitlab.config.pages).to receive(:enabled).and_return(true)
     sign_in(user)
-    project.team << [user, :master]
+    project.add_master(user)
   end
 
   describe 'GET show' do
-    let!(:pages_domain)   { create(:pages_domain, project: project) }
-
     it "displays the 'show' page" do
       get(:show, request_params.merge(id: pages_domain.domain))
 
@@ -37,10 +41,6 @@ describe Projects::PagesDomainsController do
   end
 
   describe 'POST create' do
-    let(:pages_domain_params) do
-      build(:pages_domain, :with_certificate, :with_key).slice(:key, :certificate, :domain)
-    end
-
     it "creates a new pages domain" do
       expect do
         post(:create, request_params.merge(pages_domain: pages_domain_params))
@@ -51,8 +51,6 @@ describe Projects::PagesDomainsController do
   end
 
   describe 'DELETE destroy' do
-    let!(:pages_domain)   { create(:pages_domain, project: project) }
-
     it "deletes the pages domain" do
       expect do
         delete(:destroy, request_params.merge(id: pages_domain.domain))
@@ -61,4 +59,42 @@ describe Projects::PagesDomainsController do
       expect(response).to redirect_to(namespace_project_pages_path(project.namespace, project))
     end
   end
+
+  context 'pages disabled' do
+    before do
+      allow(Gitlab.config.pages).to receive(:enabled).and_return(false)
+    end
+
+    describe 'GET show' do
+      it 'returns 404 status' do
+        get(:show, request_params.merge(id: pages_domain.domain))
+
+        expect(response).to have_http_status(404)
+      end
+    end
+
+    describe 'GET new' do
+      it 'returns 404 status' do
+        get :new, request_params
+
+        expect(response).to have_http_status(404)
+      end
+    end
+
+    describe 'POST create' do
+      it "returns 404 status" do
+        post(:create, request_params.merge(pages_domain: pages_domain_params))
+
+        expect(response).to have_http_status(404)
+      end
+    end
+
+    describe 'DELETE destroy' do
+      it "deletes the pages domain" do
+        delete(:destroy, request_params.merge(id: pages_domain.domain))
+
+        expect(response).to have_http_status(404)
+      end
+    end
+  end
 end
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index f67d26da0ac..7dedfe160a6 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -8,6 +8,93 @@ end
 describe UploadsController do
   let!(:user) { create(:user, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
 
+  describe 'POST create' do
+    let(:model)   { 'personal_snippet' }
+    let(:snippet) { create(:personal_snippet, :public) }
+    let(:jpg)     { fixture_file_upload(Rails.root + 'spec/fixtures/rails_sample.jpg', 'image/jpg') }
+    let(:txt)     { fixture_file_upload(Rails.root + 'spec/fixtures/doc_sample.txt', 'text/plain') }
+
+    context 'when a user does not have permissions to upload a file' do
+      it "returns 401 when the user is not logged in" do
+        post :create, model: model, id: snippet.id, format: :json
+
+        expect(response).to have_http_status(401)
+      end
+
+      it "returns 404 when user can't comment on a snippet" do
+        private_snippet = create(:personal_snippet, :private)
+
+        sign_in(user)
+        post :create, model: model, id: private_snippet.id, format: :json
+
+        expect(response).to have_http_status(404)
+      end
+    end
+
+    context 'when a user is logged in' do
+      before do
+        sign_in(user)
+      end
+
+      it "returns an error without file" do
+        post :create, model: model, id: snippet.id, format: :json
+
+        expect(response).to have_http_status(422)
+      end
+
+      it "returns an error with invalid model" do
+        expect { post :create, model: 'invalid', id: snippet.id, format: :json }
+        .to raise_error(ActionController::UrlGenerationError)
+      end
+
+      it "returns 404 status when object not found" do
+        post :create, model: model, id: 9999, format: :json
+
+        expect(response).to have_http_status(404)
+      end
+
+      context 'with valid image' do
+        before do
+          post :create, model: 'personal_snippet', id: snippet.id, file: jpg, format: :json
+        end
+
+        it 'returns a content with original filename, new link, and correct type.' do
+          expect(response.body).to match '\"alt\":\"rails_sample\"'
+          expect(response.body).to match "\"url\":\"/uploads"
+        end
+
+        it 'creates a corresponding Upload record' do
+          upload = Upload.last
+
+          aggregate_failures do
+            expect(upload).to exist
+            expect(upload.model).to eq snippet
+          end
+        end
+      end
+
+      context 'with valid non-image file' do
+        before do
+          post :create, model: 'personal_snippet', id: snippet.id, file: txt, format: :json
+        end
+
+        it 'returns a content with original filename, new link, and correct type.' do
+          expect(response.body).to match '\"alt\":\"doc_sample.txt\"'
+          expect(response.body).to match "\"url\":\"/uploads"
+        end
+
+        it 'creates a corresponding Upload record' do
+          upload = Upload.last
+
+          aggregate_failures do
+            expect(upload).to exist
+            expect(upload.model).to eq snippet
+          end
+        end
+      end
+    end
+  end
+
   describe "GET show" do
     context 'Content-Disposition security measures' do
       let(:project) { create(:empty_project, :public) }