Merge remote-tracking branch 'upstream/master' into no-ivar-in-modules

* upstream/master: (1723 commits)
  Resolve "Editor icons"
  Refactor issuable destroy action
  Ignore routes matching legacy_*_redirect in route specs
  Gitlab::Git::RevList and LfsChanges use lazy popen
  Gitlab::Git::Popen can lazily hand output to a block
  Merge branch 'master-i18n' into 'master'
  Remove unique validation from external_url in Environment
  Expose `duration` in Job API entity
  Add TimeCop freeze for DST and Regular time
  Harcode project visibility
  update a changelog
  Put a condition to old migration that adds fast_forward column to MRs
  Expose project visibility as CI variable
  fix flaky tests by removing unneeded clicks and focus actions
  fix flaky test in gfm_autocomplete_spec.rb
  Use Gitlab::Git operations for repository mirroring
  Encapsulate git operations for mirroring in Gitlab::Git
  Create a Wiki Repository's raw_repository properly
  Add `Gitlab::Git::Repository#fetch` command
  Fix Gitlab::Metrics::System#real_time and #monotonic_time doc
  ...

89 files changed, 2195 insertions, 891 deletions

diff --git a/spec/controllers/admin/hooks_controller_spec.rb b/spec/controllers/admin/hooks_controller_spec.rb
index 1d1070e90f4..e6ba596117a 100644
--- a/spec/controllers/admin/hooks_controller_spec.rb
+++ b/spec/controllers/admin/hooks_controller_spec.rb
@@ -20,7 +20,7 @@ describe Admin::HooksController do
 
       post :create, hook: hook_params
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(SystemHook.all.size).to eq(1)
       expect(SystemHook.first).to have_attributes(hook_params)
     end
diff --git a/spec/controllers/admin/impersonations_controller_spec.rb b/spec/controllers/admin/impersonations_controller_spec.rb
index 8f1f0ba89ff..944680b3f42 100644
--- a/spec/controllers/admin/impersonations_controller_spec.rb
+++ b/spec/controllers/admin/impersonations_controller_spec.rb
@@ -22,7 +22,7 @@ describe Admin::ImpersonationsController do
         it "responds with status 404" do
           delete :destroy
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
 
         it "doesn't sign us in" do
@@ -46,7 +46,7 @@ describe Admin::ImpersonationsController do
           it "responds with status 404" do
             delete :destroy
 
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
 
           it "doesn't sign us in as the impersonator" do
@@ -65,7 +65,7 @@ describe Admin::ImpersonationsController do
             it "responds with status 404" do
               delete :destroy
 
-              expect(response).to have_http_status(404)
+              expect(response).to have_gitlab_http_status(404)
             end
 
             it "doesn't sign us in as the impersonator" do
diff --git a/spec/controllers/admin/projects_controller_spec.rb b/spec/controllers/admin/projects_controller_spec.rb
index 373260b3978..d5a3c250f31 100644
--- a/spec/controllers/admin/projects_controller_spec.rb
+++ b/spec/controllers/admin/projects_controller_spec.rb
@@ -27,7 +27,7 @@ describe Admin::ProjectsController do
 
       get :index
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
       expect(response.body).not_to match(pending_delete_project.name)
       expect(response.body).to match(project.name)
     end
diff --git a/spec/controllers/admin/runners_controller_spec.rb b/spec/controllers/admin/runners_controller_spec.rb
index b5fe40d0510..312dbdd0624 100644
--- a/spec/controllers/admin/runners_controller_spec.rb
+++ b/spec/controllers/admin/runners_controller_spec.rb
@@ -11,7 +11,7 @@ describe Admin::RunnersController do
     it 'lists all runners' do
       get :index
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
   end
 
@@ -19,13 +19,13 @@ describe Admin::RunnersController do
     it 'shows a particular runner' do
       get :show, id: runner.id
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
 
     it 'shows 404 for unknown runner' do
       get :show, id: 0
 
-      expect(response).to have_http_status(404)
+      expect(response).to have_gitlab_http_status(404)
     end
   end
 
@@ -39,7 +39,7 @@ describe Admin::RunnersController do
 
       runner.reload
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(runner.description).to eq(new_desc)
     end
   end
@@ -48,7 +48,7 @@ describe Admin::RunnersController do
     it 'destroys the runner' do
       delete :destroy, id: runner.id
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(Ci::Runner.find_by(id: runner.id)).to be_nil
     end
   end
@@ -63,7 +63,7 @@ describe Admin::RunnersController do
 
       runner.reload
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(runner.active).to eq(true)
     end
   end
@@ -78,7 +78,7 @@ describe Admin::RunnersController do
 
       runner.reload
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(runner.active).to eq(false)
     end
   end
diff --git a/spec/controllers/admin/services_controller_spec.rb b/spec/controllers/admin/services_controller_spec.rb
index 249bd948847..701211c2586 100644
--- a/spec/controllers/admin/services_controller_spec.rb
+++ b/spec/controllers/admin/services_controller_spec.rb
@@ -20,7 +20,7 @@ describe Admin::ServicesController do
         it 'successfully displays the template' do
           get :edit, id: service.id
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
     end
@@ -46,7 +46,7 @@ describe Admin::ServicesController do
 
       put :update, id: service.id, service: { active: true }
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
     end
 
     it 'does not call the propagation worker when service is not active' do
@@ -54,7 +54,7 @@ describe Admin::ServicesController do
 
       put :update, id: service.id, service: { properties: {} }
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
     end
   end
 end
diff --git a/spec/controllers/admin/spam_logs_controller_spec.rb b/spec/controllers/admin/spam_logs_controller_spec.rb
index 585ca31389d..7a96ef6a5cc 100644
--- a/spec/controllers/admin/spam_logs_controller_spec.rb
+++ b/spec/controllers/admin/spam_logs_controller_spec.rb
@@ -14,7 +14,7 @@ describe Admin::SpamLogsController do
     it 'lists all spam logs' do
       get :index
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
   end
 
@@ -22,14 +22,14 @@ describe Admin::SpamLogsController do
     it 'removes only the spam log when removing log' do
       expect { delete :destroy, id: first_spam.id }.to change { SpamLog.count }.by(-1)
       expect(User.find(user.id)).to be_truthy
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
 
     it 'removes user and his spam logs when removing the user' do
       delete :destroy, id: first_spam.id, remove_user: true
 
       expect(flash[:notice]).to eq "User #{user.username} was successfully removed."
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(SpamLog.count).to eq(0)
       expect { User.find(user.id) }.to raise_error(ActiveRecord::RecordNotFound)
     end
@@ -42,7 +42,7 @@ describe Admin::SpamLogsController do
     it 'submits the log as ham' do
       post :mark_as_ham, id: first_spam.id
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(SpamLog.find(first_spam.id).submitted_as_ham).to be_truthy
     end
   end
diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb
index aadd3317875..f044a068938 100644
--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -2,7 +2,7 @@ require 'spec_helper'
 
 describe Admin::UsersController do
   let(:user) { create(:user) }
-  let(:admin) { create(:admin) }
+  set(:admin) { create(:admin) }
 
   before do
     sign_in(admin)
@@ -19,7 +19,7 @@ describe Admin::UsersController do
     it 'deletes user and ghosts their contributions' do
       delete :destroy, id: user.username, format: :json
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
       expect(User.exists?(user.id)).to be_falsy
       expect(issue.reload.author).to be_ghost
     end
@@ -27,7 +27,7 @@ describe Admin::UsersController do
     it 'deletes the user and their contributions when hard delete is specified' do
       delete :destroy, id: user.username, hard_delete: true, format: :json
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
       expect(User.exists?(user.id)).to be_falsy
       expect(Issue.exists?(issue.id)).to be_falsy
     end
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 59a6cfbf4f5..b73ca0c2346 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -50,70 +50,36 @@ describe ApplicationController do
     end
   end
 
-  describe "#authenticate_user_from_token!" do
-    describe "authenticating a user from a private token" do
-      controller(described_class) do
-        def index
-          render text: "authenticated"
-        end
-      end
-
-      context "when the 'private_token' param is populated with the private token" do
-        it "logs the user in" do
-          get :index, private_token: user.private_token
-          expect(response).to have_http_status(200)
-          expect(response.body).to eq("authenticated")
-        end
-      end
-
-      context "when the 'PRIVATE-TOKEN' header is populated with the private token" do
-        it "logs the user in" do
-          @request.headers['PRIVATE-TOKEN'] = user.private_token
-          get :index
-          expect(response).to have_http_status(200)
-          expect(response.body).to eq("authenticated")
-        end
-      end
-
-      it "doesn't log the user in otherwise" do
-        @request.headers['PRIVATE-TOKEN'] = "token"
-        get :index, private_token: "token", authenticity_token: "token"
-        expect(response.status).not_to eq(200)
-        expect(response.body).not_to eq("authenticated")
+  describe "#authenticate_user_from_personal_access_token!" do
+    controller(described_class) do
+      def index
+        render text: 'authenticated'
       end
     end
 
-    describe "authenticating a user from a personal access token" do
-      controller(described_class) do
-        def index
-          render text: 'authenticated'
-        end
-      end
-
-      let(:personal_access_token) { create(:personal_access_token, user: user) }
+    let(:personal_access_token) { create(:personal_access_token, user: user) }
 
-      context "when the 'personal_access_token' param is populated with the personal access token" do
-        it "logs the user in" do
-          get :index, private_token: personal_access_token.token
-          expect(response).to have_http_status(200)
-          expect(response.body).to eq('authenticated')
-        end
+    context "when the 'personal_access_token' param is populated with the personal access token" do
+      it "logs the user in" do
+        get :index, private_token: personal_access_token.token
+        expect(response).to have_gitlab_http_status(200)
+        expect(response.body).to eq('authenticated')
       end
+    end
 
-      context "when the 'PERSONAL_ACCESS_TOKEN' header is populated with the personal access token" do
-        it "logs the user in" do
-          @request.headers["PRIVATE-TOKEN"] = personal_access_token.token
-          get :index
-          expect(response).to have_http_status(200)
-          expect(response.body).to eq('authenticated')
-        end
+    context "when the 'PERSONAL_ACCESS_TOKEN' header is populated with the personal access token" do
+      it "logs the user in" do
+        @request.headers["PRIVATE-TOKEN"] = personal_access_token.token
+        get :index
+        expect(response).to have_gitlab_http_status(200)
+        expect(response.body).to eq('authenticated')
       end
+    end
 
-      it "doesn't log the user in otherwise" do
-        get :index, private_token: "token"
-        expect(response.status).not_to eq(200)
-        expect(response.body).not_to eq('authenticated')
-      end
+    it "doesn't log the user in otherwise" do
+      get :index, private_token: "token"
+      expect(response.status).not_to eq(200)
+      expect(response.body).not_to eq('authenticated')
     end
   end
 
@@ -152,21 +118,25 @@ describe ApplicationController do
       end
     end
 
+    before do
+      sign_in user
+    end
+
     context 'when format is handled' do
       let(:requested_format) { :json }
 
       it 'returns 200 response' do
-        get :index, private_token: user.private_token, format: requested_format
+        get :index, format: requested_format
 
-        expect(response).to have_http_status 200
+        expect(response).to have_gitlab_http_status 200
       end
     end
 
     context 'when format is not handled' do
       it 'returns 404 response' do
-        get :index, private_token: user.private_token
+        get :index
 
-        expect(response).to have_http_status 404
+        expect(response).to have_gitlab_http_status 404
       end
     end
   end
@@ -183,7 +153,7 @@ describe ApplicationController do
         context 'when the request format is atom' do
           it "logs the user in" do
             get :index, rss_token: user.rss_token, format: :atom
-            expect(response).to have_http_status 200
+            expect(response).to have_gitlab_http_status 200
             expect(response.body).to eq 'authenticated'
           end
         end
@@ -191,7 +161,7 @@ describe ApplicationController do
         context 'when the request format is not atom' do
           it "doesn't log the user in" do
             get :index, rss_token: user.rss_token
-            expect(response.status).not_to have_http_status 200
+            expect(response.status).not_to have_gitlab_http_status 200
             expect(response.body).not_to eq 'authenticated'
           end
         end
@@ -221,6 +191,20 @@ describe ApplicationController do
     end
   end
 
+  describe '#set_page_title_header' do
+    let(:controller) { described_class.new }
+
+    it 'URI encodes UTF-8 characters in the title' do
+      response = double(headers: {})
+      allow_any_instance_of(PageLayoutHelper).to receive(:page_title).and_return('€100 · GitLab')
+      allow(controller).to receive(:response).and_return(response)
+
+      controller.send(:set_page_title_header)
+
+      expect(response.headers['Page-Title']).to eq('%E2%82%AC100%20%C2%B7%20GitLab')
+    end
+  end
+
   context 'two-factor authentication' do
     let(:controller) { described_class.new }
 
diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb
index be27bbb4283..73fff6eb5ca 100644
--- a/spec/controllers/autocomplete_controller_spec.rb
+++ b/spec/controllers/autocomplete_controller_spec.rb
@@ -30,7 +30,7 @@ describe AutocompleteController do
           get(:users, project_id: 'unknown')
         end
 
-        it { expect(response).to have_http_status(404) }
+        it { expect(response).to have_gitlab_http_status(404) }
       end
     end
 
@@ -59,7 +59,7 @@ describe AutocompleteController do
           get(:users, group_id: 'unknown')
         end
 
-        it { expect(response).to have_http_status(404) }
+        it { expect(response).to have_gitlab_http_status(404) }
       end
     end
 
@@ -138,7 +138,7 @@ describe AutocompleteController do
           get(:users, project_id: project.id)
         end
 
-        it { expect(response).to have_http_status(404) }
+        it { expect(response).to have_gitlab_http_status(404) }
       end
 
       describe 'GET #users with unknown project' do
@@ -146,7 +146,7 @@ describe AutocompleteController do
           get(:users, project_id: 'unknown')
         end
 
-        it { expect(response).to have_http_status(404) }
+        it { expect(response).to have_gitlab_http_status(404) }
       end
 
       describe 'GET #users with inaccessible group' do
@@ -155,7 +155,7 @@ describe AutocompleteController do
           get(:users, group_id: user.namespace.id)
         end
 
-        it { expect(response).to have_http_status(404) }
+        it { expect(response).to have_gitlab_http_status(404) }
       end
 
       describe 'GET #users with no project' do
diff --git a/spec/controllers/boards/issues_controller_spec.rb b/spec/controllers/boards/issues_controller_spec.rb
index 5163099cd98..44d504d5852 100644
--- a/spec/controllers/boards/issues_controller_spec.rb
+++ b/spec/controllers/boards/issues_controller_spec.rb
@@ -24,7 +24,7 @@ describe Boards::IssuesController do
       it 'returns a not found 404 response' do
         list_issues user: user, board: 999, list: list2
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -62,7 +62,7 @@ describe Boards::IssuesController do
         it 'returns a not found 404 response' do
           list_issues user: user, board: board, list: 999
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
@@ -93,7 +93,7 @@ describe Boards::IssuesController do
       it 'returns a forbidden 403 response' do
         list_issues user: user, board: board, list: list2
 
-        expect(response).to have_http_status(403)
+        expect(response).to have_gitlab_http_status(403)
       end
     end
 
@@ -116,7 +116,7 @@ describe Boards::IssuesController do
       it 'returns a successful 200 response' do
         create_issue user: user, board: board, list: list1, title: 'New issue'
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it 'returns the created issue' do
@@ -131,7 +131,7 @@ describe Boards::IssuesController do
         it 'returns an unprocessable entity 422 response' do
           create_issue user: user, board: board, list: list1, title: nil
 
-          expect(response).to have_http_status(422)
+          expect(response).to have_gitlab_http_status(422)
         end
       end
 
@@ -141,7 +141,7 @@ describe Boards::IssuesController do
 
           create_issue user: user, board: board, list: list, title: 'New issue'
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -149,7 +149,7 @@ describe Boards::IssuesController do
         it 'returns a not found 404 response' do
           create_issue user: user, board: 999, list: list1, title: 'New issue'
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -157,7 +157,7 @@ describe Boards::IssuesController do
         it 'returns a not found 404 response' do
           create_issue user: user, board: board, list: 999, title: 'New issue'
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
@@ -166,7 +166,7 @@ describe Boards::IssuesController do
       it 'returns a forbidden 403 response' do
         create_issue user: guest, board: board, list: list1, title: 'New issue'
 
-        expect(response).to have_http_status(403)
+        expect(response).to have_gitlab_http_status(403)
       end
     end
 
@@ -187,7 +187,7 @@ describe Boards::IssuesController do
       it 'returns a successful 200 response' do
         move user: user, board: board, issue: issue, from_list_id: list1.id, to_list_id: list2.id
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it 'moves issue to the desired list' do
@@ -201,19 +201,19 @@ describe Boards::IssuesController do
       it 'returns a unprocessable entity 422 response for invalid lists' do
         move user: user, board: board, issue: issue, from_list_id: nil, to_list_id: nil
 
-        expect(response).to have_http_status(422)
+        expect(response).to have_gitlab_http_status(422)
       end
 
       it 'returns a not found 404 response for invalid board id' do
         move user: user, board: 999, issue: issue, from_list_id: list1.id, to_list_id: list2.id
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
 
       it 'returns a not found 404 response for invalid issue id' do
         move user: user, board: board, issue: double(id: 999), from_list_id: list1.id, to_list_id: list2.id
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -227,7 +227,7 @@ describe Boards::IssuesController do
       it 'returns a forbidden 403 response' do
         move user: guest, board: board, issue: issue, from_list_id: list1.id, to_list_id: list2.id
 
-        expect(response).to have_http_status(403)
+        expect(response).to have_gitlab_http_status(403)
       end
     end
 
diff --git a/spec/controllers/boards/lists_controller_spec.rb b/spec/controllers/boards/lists_controller_spec.rb
index b11fce0fa58..a2b432af23a 100644
--- a/spec/controllers/boards/lists_controller_spec.rb
+++ b/spec/controllers/boards/lists_controller_spec.rb
@@ -15,7 +15,7 @@ describe Boards::ListsController do
     it 'returns a successful 200 response' do
       read_board_list user: user, board: board
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
       expect(response.content_type).to eq 'application/json'
     end
 
@@ -39,7 +39,7 @@ describe Boards::ListsController do
       it 'returns a forbidden 403 response' do
         read_board_list user: user, board: board
 
-        expect(response).to have_http_status(403)
+        expect(response).to have_gitlab_http_status(403)
       end
     end
 
@@ -60,7 +60,7 @@ describe Boards::ListsController do
       it 'returns a successful 200 response' do
         create_board_list user: user, board: board, label_id: label.id
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it 'returns the created list' do
@@ -75,7 +75,7 @@ describe Boards::ListsController do
         it 'returns a not found 404 response' do
           create_board_list user: user, board: board, label_id: nil
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -85,7 +85,7 @@ describe Boards::ListsController do
 
           create_board_list user: user, board: board, label_id: label.id
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
@@ -96,7 +96,7 @@ describe Boards::ListsController do
 
         create_board_list user: guest, board: board, label_id: label.id
 
-        expect(response).to have_http_status(403)
+        expect(response).to have_gitlab_http_status(403)
       end
     end
 
@@ -119,7 +119,7 @@ describe Boards::ListsController do
       it 'returns a successful 200 response' do
         move user: user, board: board, list: planning, position: 1
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it 'moves the list to the desired position' do
@@ -133,7 +133,7 @@ describe Boards::ListsController do
       it 'returns an unprocessable entity 422 response' do
         move user: user, board: board, list: planning, position: 6
 
-        expect(response).to have_http_status(422)
+        expect(response).to have_gitlab_http_status(422)
       end
     end
 
@@ -141,7 +141,7 @@ describe Boards::ListsController do
       it 'returns a not found 404 response' do
         move user: user, board: board, list: 999, position: 1
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -149,7 +149,7 @@ describe Boards::ListsController do
       it 'returns a forbidden 403 response' do
         move user: guest, board: board, list: planning, position: 6
 
-        expect(response).to have_http_status(403)
+        expect(response).to have_gitlab_http_status(403)
       end
     end
 
@@ -172,7 +172,7 @@ describe Boards::ListsController do
       it 'returns a successful 200 response' do
         remove_board_list user: user, board: board, list: planning
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it 'removes list from board' do
@@ -184,7 +184,7 @@ describe Boards::ListsController do
       it 'returns a not found 404 response' do
         remove_board_list user: user, board: board, list: 999
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -192,7 +192,7 @@ describe Boards::ListsController do
       it 'returns a forbidden 403 response' do
         remove_board_list user: guest, board: board, list: planning
 
-        expect(response).to have_http_status(403)
+        expect(response).to have_gitlab_http_status(403)
       end
     end
 
@@ -212,7 +212,7 @@ describe Boards::ListsController do
       it 'returns a successful 200 response' do
         generate_default_lists user: user, board: board
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it 'returns the defaults lists' do
@@ -228,7 +228,7 @@ describe Boards::ListsController do
 
         generate_default_lists user: user, board: board
 
-        expect(response).to have_http_status(422)
+        expect(response).to have_gitlab_http_status(422)
       end
     end
 
@@ -236,7 +236,7 @@ describe Boards::ListsController do
       it 'returns a forbidden 403 response' do
         generate_default_lists user: guest, board: board
 
-        expect(response).to have_http_status(403)
+        expect(response).to have_gitlab_http_status(403)
       end
     end
 
diff --git a/spec/controllers/concerns/group_tree_spec.rb b/spec/controllers/concerns/group_tree_spec.rb
new file mode 100644
index 00000000000..ba84fbf8564
--- /dev/null
+++ b/spec/controllers/concerns/group_tree_spec.rb
@@ -0,0 +1,89 @@
+require 'spec_helper'
+
+describe GroupTree do
+  let(:group) { create(:group, :public) }
+  let(:user) { create(:user) }
+
+  controller(ApplicationController) do
+    # `described_class` is not available in this context
+    include GroupTree # rubocop:disable RSpec/DescribedClass
+
+    def index
+      render_group_tree GroupsFinder.new(current_user).execute
+    end
+  end
+
+  before do
+    group.add_owner(user)
+    sign_in(user)
+  end
+
+  describe 'GET #index' do
+    it 'filters groups' do
+      other_group = create(:group, name: 'filter')
+      other_group.add_owner(user)
+
+      get :index, filter: 'filt', format: :json
+
+      expect(assigns(:groups)).to contain_exactly(other_group)
+    end
+
+    context 'for subgroups', :nested_groups do
+      it 'only renders root groups when no parent was given' do
+        create(:group, :public, parent: group)
+
+        get :index, format: :json
+
+        expect(assigns(:groups)).to contain_exactly(group)
+      end
+
+      it 'contains only the subgroup when a parent was given' do
+        subgroup = create(:group, :public, parent: group)
+
+        get :index, parent_id: group.id, format: :json
+
+        expect(assigns(:groups)).to contain_exactly(subgroup)
+      end
+
+      it 'allows filtering for subgroups and includes the parents for rendering' do
+        subgroup = create(:group, :public, parent: group, name: 'filter')
+
+        get :index, filter: 'filt', format: :json
+
+        expect(assigns(:groups)).to contain_exactly(group, subgroup)
+      end
+
+      it 'does not include groups the user does not have access to' do
+        parent = create(:group, :private)
+        subgroup = create(:group, :private, parent: parent, name: 'filter')
+        subgroup.add_developer(user)
+        _other_subgroup = create(:group, :private, parent: parent, name: 'filte')
+
+        get :index, filter: 'filt', format: :json
+
+        expect(assigns(:groups)).to contain_exactly(parent, subgroup)
+      end
+    end
+
+    context 'json content' do
+      it 'shows groups as json' do
+        get :index, format: :json
+
+        expect(json_response.first['id']).to eq(group.id)
+      end
+
+      context 'nested groups', :nested_groups do
+        it 'expands the tree when filtering' do
+          subgroup = create(:group, :public, parent: group, name: 'filter')
+
+          get :index, filter: 'filt', format: :json
+
+          children_response = json_response.first['children']
+
+          expect(json_response.first['id']).to eq(group.id)
+          expect(children_response.first['id']).to eq(subgroup.id)
+        end
+      end
+    end
+  end
+end
diff --git a/spec/controllers/concerns/lfs_request_spec.rb b/spec/controllers/concerns/lfs_request_spec.rb
new file mode 100644
index 00000000000..33b23db302a
--- /dev/null
+++ b/spec/controllers/concerns/lfs_request_spec.rb
@@ -0,0 +1,50 @@
+require 'spec_helper'
+
+describe LfsRequest do
+  include ProjectForksHelper
+
+  controller(Projects::GitHttpClientController) do
+    # `described_class` is not available in this context
+    include LfsRequest # rubocop:disable RSpec/DescribedClass
+
+    def show
+      storage_project
+
+      render nothing: true
+    end
+
+    def project
+      @project ||= Project.find(params[:id])
+    end
+
+    def download_request?
+      true
+    end
+
+    def ci?
+      false
+    end
+  end
+
+  let(:project) { create(:project, :public) }
+
+  before do
+    stub_lfs_setting(enabled: true)
+  end
+
+  describe '#storage_project' do
+    it 'assigns the project as storage project' do
+      get :show, id: project.id
+
+      expect(assigns(:storage_project)).to eq(project)
+    end
+
+    it 'assigns the source of a forked project' do
+      forked_project = fork_project(project)
+
+      get :show, id: forked_project.id
+
+      expect(assigns(:storage_project)).to eq(project)
+    end
+  end
+end
diff --git a/spec/controllers/dashboard/groups_controller_spec.rb b/spec/controllers/dashboard/groups_controller_spec.rb
new file mode 100644
index 00000000000..fb9d3efbac0
--- /dev/null
+++ b/spec/controllers/dashboard/groups_controller_spec.rb
@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe Dashboard::GroupsController do
+  let(:user) { create(:user) }
+
+  before do
+    sign_in(user)
+  end
+
+  it 'renders group trees' do
+    expect(described_class).to include(GroupTree)
+  end
+
+  it 'only includes projects the user is a member of' do
+    member_of_group = create(:group)
+    member_of_group.add_developer(user)
+    create(:group, :public)
+
+    get :index
+
+    expect(assigns(:groups)).to contain_exactly(member_of_group)
+  end
+end
diff --git a/spec/controllers/dashboard/milestones_controller_spec.rb b/spec/controllers/dashboard/milestones_controller_spec.rb
index 2dcb67d50f4..2f3d7be9abe 100644
--- a/spec/controllers/dashboard/milestones_controller_spec.rb
+++ b/spec/controllers/dashboard/milestones_controller_spec.rb
@@ -32,7 +32,7 @@ describe Dashboard::MilestonesController do
     it 'shows milestone page' do
       view_milestone
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
   end
 end
diff --git a/spec/controllers/dashboard/todos_controller_spec.rb b/spec/controllers/dashboard/todos_controller_spec.rb
index c8c6b9f41bf..d862e1447e3 100644
--- a/spec/controllers/dashboard/todos_controller_spec.rb
+++ b/spec/controllers/dashboard/todos_controller_spec.rb
@@ -18,19 +18,19 @@ describe Dashboard::TodosController do
 
         get :index, project_id: unauthorized_project.id
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
 
       it 'renders 404 when given project does not exists' do
         get :index, project_id: 999
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
 
       it 'renders 200 when filtering for "any project" todos' do
         get :index, project_id: ''
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it 'renders 200 when user has access on given project' do
@@ -38,7 +38,7 @@ describe Dashboard::TodosController do
 
         get :index, project_id: authorized_project.id
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
     end
 
@@ -57,11 +57,11 @@ describe Dashboard::TodosController do
         expect(response).to redirect_to(dashboard_todos_path(page: last_page))
       end
 
-      it 'redirects to correspondent page' do
+      it 'goes to the correct page' do
         get :index, page: last_page
 
         expect(assigns(:todos).current_page).to eq(last_page)
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it 'does not redirect to external sites when provided a host field' do
@@ -70,6 +70,30 @@ describe Dashboard::TodosController do
 
         expect(response).to redirect_to(dashboard_todos_path(page: last_page))
       end
+
+      context 'when providing no filters' do
+        it 'does not perform a query to get the page count, but gets that from the user' do
+          allow(controller).to receive(:current_user).and_return(user)
+
+          expect(user).to receive(:todos_pending_count).and_call_original
+
+          get :index, page: (last_page + 1).to_param, sort: :created_asc
+
+          expect(response).to redirect_to(dashboard_todos_path(page: last_page, sort: :created_asc))
+        end
+      end
+
+      context 'when providing filters' do
+        it 'performs a query to get the correct page count' do
+          allow(controller).to receive(:current_user).and_return(user)
+
+          expect(user).not_to receive(:todos_pending_count)
+
+          get :index, page: (last_page + 1).to_param, project_id: project.id
+
+          expect(response).to redirect_to(dashboard_todos_path(page: last_page, project_id: project.id))
+        end
+      end
     end
   end
 
@@ -80,7 +104,7 @@ describe Dashboard::TodosController do
       patch :restore, id: todo.id
 
       expect(todo.reload).to be_pending
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
       expect(json_response).to eq({ "count" => "1", "done_count" => "0" })
     end
   end
@@ -94,7 +118,7 @@ describe Dashboard::TodosController do
       todos.each do |todo|
         expect(todo.reload).to be_pending
       end
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
       expect(json_response).to eq({ 'count' => '2', 'done_count' => '0' })
     end
   end
diff --git a/spec/controllers/explore/groups_controller_spec.rb b/spec/controllers/explore/groups_controller_spec.rb
new file mode 100644
index 00000000000..9e0ad9ea86f
--- /dev/null
+++ b/spec/controllers/explore/groups_controller_spec.rb
@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe Explore::GroupsController do
+  let(:user) { create(:user) }
+
+  before do
+    sign_in(user)
+  end
+
+  it 'renders group trees' do
+    expect(described_class).to include(GroupTree)
+  end
+
+  it 'includes public projects' do
+    member_of_group = create(:group)
+    member_of_group.add_developer(user)
+    public_group = create(:group, :public)
+
+    get :index
+
+    expect(assigns(:groups)).to contain_exactly(member_of_group, public_group)
+  end
+end
diff --git a/spec/controllers/google_api/authorizations_controller_spec.rb b/spec/controllers/google_api/authorizations_controller_spec.rb
new file mode 100644
index 00000000000..80d553f0f34
--- /dev/null
+++ b/spec/controllers/google_api/authorizations_controller_spec.rb
@@ -0,0 +1,49 @@
+require 'spec_helper'
+
+describe GoogleApi::AuthorizationsController do
+  describe 'GET|POST #callback' do
+    let(:user) { create(:user) }
+    let(:token) { 'token' }
+    let(:expires_at) { 1.hour.since.strftime('%s') }
+
+    subject { get :callback, code: 'xxx', state: @state }
+
+    before do
+      sign_in(user)
+
+      allow_any_instance_of(GoogleApi::CloudPlatform::Client)
+        .to receive(:get_token).and_return([token, expires_at])
+    end
+
+    it 'sets token and expires_at in session' do
+      subject
+
+      expect(session[GoogleApi::CloudPlatform::Client.session_key_for_token])
+        .to eq(token)
+      expect(session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at])
+        .to eq(expires_at)
+    end
+
+    context 'when redirect uri key is stored in state' do
+      set(:project) { create(:project) }
+      let(:redirect_uri) { project_clusters_url(project).to_s }
+
+      before do
+        @state = GoogleApi::CloudPlatform::Client
+          .new_session_key_for_redirect_uri do |key|
+          session[key] = redirect_uri
+        end
+      end
+
+      it 'redirects to the URL stored in state param' do
+        expect(subject).to redirect_to(redirect_uri)
+      end
+    end
+
+    context 'when redirection url is not stored in state' do
+      it 'redirects to root_path' do
+        expect(subject).to redirect_to(root_path)
+      end
+    end
+  end
+end
diff --git a/spec/controllers/groups/children_controller_spec.rb b/spec/controllers/groups/children_controller_spec.rb
new file mode 100644
index 00000000000..4262d474e59
--- /dev/null
+++ b/spec/controllers/groups/children_controller_spec.rb
@@ -0,0 +1,286 @@
+require 'spec_helper'
+
+describe Groups::ChildrenController do
+  let(:group) { create(:group, :public) }
+  let(:user) { create(:user) }
+  let!(:group_member) { create(:group_member, group: group, user: user) }
+
+  describe 'GET #index' do
+    context 'for projects' do
+      let!(:public_project) { create(:project, :public, namespace: group) }
+      let!(:private_project) { create(:project, :private, namespace: group) }
+
+      context 'as a user' do
+        before do
+          sign_in(user)
+        end
+
+        it 'shows all children' do
+          get :index, group_id: group.to_param, format: :json
+
+          expect(assigns(:children)).to contain_exactly(public_project, private_project)
+        end
+
+        context 'being member of private subgroup' do
+          it 'shows public and private children the user is member of' do
+            group_member.destroy!
+            private_project.add_guest(user)
+
+            get :index, group_id: group.to_param, format: :json
+
+            expect(assigns(:children)).to contain_exactly(public_project, private_project)
+          end
+        end
+      end
+
+      context 'as a guest' do
+        it 'shows the public children' do
+          get :index, group_id: group.to_param, format: :json
+
+          expect(assigns(:children)).to contain_exactly(public_project)
+        end
+      end
+    end
+
+    context 'for subgroups', :nested_groups do
+      let!(:public_subgroup) { create(:group, :public, parent: group) }
+      let!(:private_subgroup) { create(:group, :private, parent: group) }
+      let!(:public_project) { create(:project, :public, namespace: group) }
+      let!(:private_project) { create(:project, :private, namespace: group) }
+
+      context 'as a user' do
+        before do
+          sign_in(user)
+        end
+
+        it 'shows all children' do
+          get :index, group_id: group.to_param, format: :json
+
+          expect(assigns(:children)).to contain_exactly(public_subgroup, private_subgroup, public_project, private_project)
+        end
+
+        context 'being member of private subgroup' do
+          it 'shows public and private children the user is member of' do
+            group_member.destroy!
+            private_subgroup.add_guest(user)
+            private_project.add_guest(user)
+
+            get :index, group_id: group.to_param, format: :json
+
+            expect(assigns(:children)).to contain_exactly(public_subgroup, private_subgroup, public_project, private_project)
+          end
+        end
+      end
+
+      context 'as a guest' do
+        it 'shows the public children' do
+          get :index, group_id: group.to_param, format: :json
+
+          expect(assigns(:children)).to contain_exactly(public_subgroup, public_project)
+        end
+      end
+
+      context 'filtering children' do
+        it 'expands the tree for matching projects' do
+          project = create(:project, :public, namespace: public_subgroup, name: 'filterme')
+
+          get :index, group_id: group.to_param, filter: 'filter', format: :json
+
+          group_json = json_response.first
+          project_json = group_json['children'].first
+
+          expect(group_json['id']).to eq(public_subgroup.id)
+          expect(project_json['id']).to eq(project.id)
+        end
+
+        it 'expands the tree for matching subgroups' do
+          matched_group = create(:group, :public, parent: public_subgroup, name: 'filterme')
+
+          get :index, group_id: group.to_param, filter: 'filter', format: :json
+
+          group_json = json_response.first
+          matched_group_json = group_json['children'].first
+
+          expect(group_json['id']).to eq(public_subgroup.id)
+          expect(matched_group_json['id']).to eq(matched_group.id)
+        end
+
+        it 'merges the trees correctly' do
+          shared_subgroup = create(:group, :public, parent: group, path: 'hardware')
+          matched_project_1 = create(:project, :public, namespace: shared_subgroup, name: 'mobile-soc')
+
+          l2_subgroup = create(:group, :public, parent: shared_subgroup, path: 'broadcom')
+          l3_subgroup = create(:group, :public,  parent: l2_subgroup, path: 'wifi-group')
+          matched_project_2 = create(:project, :public, namespace: l3_subgroup, name: 'mobile')
+
+          get :index, group_id: group.to_param, filter: 'mobile', format: :json
+
+          shared_group_json = json_response.first
+          expect(shared_group_json['id']).to eq(shared_subgroup.id)
+
+          matched_project_1_json = shared_group_json['children'].detect { |child| child['type'] == 'project' }
+          expect(matched_project_1_json['id']).to eq(matched_project_1.id)
+
+          l2_subgroup_json = shared_group_json['children'].detect { |child| child['type'] == 'group' }
+          expect(l2_subgroup_json['id']).to eq(l2_subgroup.id)
+
+          l3_subgroup_json = l2_subgroup_json['children'].first
+          expect(l3_subgroup_json['id']).to eq(l3_subgroup.id)
+
+          matched_project_2_json = l3_subgroup_json['children'].first
+          expect(matched_project_2_json['id']).to eq(matched_project_2.id)
+        end
+
+        it 'expands the tree upto a specified parent' do
+          subgroup = create(:group, :public, parent: group)
+          l2_subgroup = create(:group, :public, parent: subgroup)
+          create(:project, :public, namespace: l2_subgroup, name: 'test')
+
+          get :index, group_id: subgroup.to_param, filter: 'test', format: :json
+
+          expect(response).to have_http_status(200)
+        end
+
+        it 'returns an array with one element when only one result is matched' do
+          create(:project, :public, namespace: group, name: 'match')
+
+          get :index, group_id: group.to_param, filter: 'match', format: :json
+
+          expect(json_response).to be_kind_of(Array)
+          expect(json_response.size).to eq(1)
+        end
+
+        it 'returns an empty array when there are no search results' do
+          subgroup = create(:group, :public, parent: group)
+          l2_subgroup = create(:group, :public, parent: subgroup)
+          create(:project, :public, namespace: l2_subgroup, name: 'no-match')
+
+          get :index, group_id: subgroup.to_param, filter: 'test', format: :json
+
+          expect(json_response).to eq([])
+        end
+
+        it 'includes pagination headers' do
+          2.times { |i| create(:group, :public, parent: public_subgroup, name: "filterme#{i}") }
+
+          get :index, group_id: group.to_param, filter: 'filter', per_page: 1, format: :json
+
+          expect(response).to include_pagination_headers
+        end
+      end
+
+      context 'queries per rendered element', :request_store do
+        # We need to make sure the following counts are preloaded
+        # otherwise they will cause an extra query
+        # 1. Count of visible projects in the element
+        # 2. Count of visible subgroups in the element
+        # 3. Count of members of a group
+        let(:expected_queries_per_group) { 0 }
+        let(:expected_queries_per_project) { 0 }
+
+        def get_list
+          get :index, group_id: group.to_param, format: :json
+        end
+
+        it 'queries the expected amount for a group row' do
+          control = ActiveRecord::QueryRecorder.new { get_list }
+
+          _new_group = create(:group, :public, parent: group)
+
+          expect { get_list }.not_to exceed_query_limit(control).with_threshold(expected_queries_per_group)
+        end
+
+        it 'queries the expected amount for a project row' do
+          control = ActiveRecord::QueryRecorder.new { get_list }
+          _new_project = create(:project, :public, namespace: group)
+
+          expect { get_list }.not_to exceed_query_limit(control).with_threshold(expected_queries_per_project)
+        end
+
+        context 'when rendering hierarchies' do
+          # When loading hierarchies we load the all the ancestors for matched projects
+          # in 1 separate query
+          let(:extra_queries_for_hierarchies) { 1 }
+
+          def get_filtered_list
+            get :index, group_id: group.to_param, filter: 'filter', format: :json
+          end
+
+          it 'queries the expected amount when nested rows are increased for a group' do
+            matched_group = create(:group, :public, parent: group, name: 'filterme')
+
+            control = ActiveRecord::QueryRecorder.new { get_filtered_list }
+
+            matched_group.update!(parent: public_subgroup)
+
+            expect { get_filtered_list }.not_to exceed_query_limit(control).with_threshold(extra_queries_for_hierarchies)
+          end
+
+          it 'queries the expected amount when a new group match is added' do
+            create(:group, :public, parent: public_subgroup, name: 'filterme')
+
+            control = ActiveRecord::QueryRecorder.new { get_filtered_list }
+
+            create(:group, :public, parent: public_subgroup, name: 'filterme2')
+            create(:group, :public, parent: public_subgroup, name: 'filterme3')
+
+            expect { get_filtered_list }.not_to exceed_query_limit(control).with_threshold(extra_queries_for_hierarchies)
+          end
+
+          it 'queries the expected amount when nested rows are increased for a project' do
+            matched_project = create(:project, :public, namespace: group, name: 'filterme')
+
+            control = ActiveRecord::QueryRecorder.new { get_filtered_list }
+
+            matched_project.update!(namespace: public_subgroup)
+
+            expect { get_filtered_list }.not_to exceed_query_limit(control).with_threshold(extra_queries_for_hierarchies)
+          end
+        end
+      end
+    end
+
+    context 'pagination' do
+      let(:per_page) { 3 }
+
+      before do
+        allow(Kaminari.config).to receive(:default_per_page).and_return(per_page)
+      end
+
+      context 'with only projects' do
+        let!(:other_project) { create(:project, :public, namespace: group) }
+        let!(:first_page_projects) { create_list(:project, per_page, :public, namespace: group ) }
+
+        it 'has projects on the first page' do
+          get :index, group_id: group.to_param, sort: 'id_desc', format: :json
+
+          expect(assigns(:children)).to contain_exactly(*first_page_projects)
+        end
+
+        it 'has projects on the second page' do
+          get :index, group_id: group.to_param, sort: 'id_desc', page: 2, format: :json
+
+          expect(assigns(:children)).to contain_exactly(other_project)
+        end
+      end
+
+      context 'with subgroups and projects', :nested_groups do
+        let!(:first_page_subgroups) { create_list(:group,  per_page, :public,  parent: group) }
+        let!(:other_subgroup) { create(:group, :public, parent: group) }
+        let!(:next_page_projects) { create_list(:project, per_page, :public, namespace: group) }
+
+        it 'contains all subgroups' do
+          get :index, group_id: group.to_param, sort: 'id_asc', format: :json
+
+          expect(assigns(:children)).to contain_exactly(*first_page_subgroups)
+        end
+
+        it 'contains the project and group on the second page' do
+          get :index, group_id: group.to_param, sort: 'id_asc', page: 2, format: :json
+
+          expect(assigns(:children)).to contain_exactly(other_subgroup, *next_page_projects.take(per_page - 1))
+        end
+      end
+    end
+  end
+end
diff --git a/spec/controllers/groups/group_members_controller_spec.rb b/spec/controllers/groups/group_members_controller_spec.rb
index cce53f6697c..9c6d584f59b 100644
--- a/spec/controllers/groups/group_members_controller_spec.rb
+++ b/spec/controllers/groups/group_members_controller_spec.rb
@@ -8,7 +8,7 @@ describe Groups::GroupMembersController do
     it 'renders index with 200 status code' do
       get :index, group_id: group
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
       expect(response).to render_template(:index)
     end
   end
@@ -30,7 +30,7 @@ describe Groups::GroupMembersController do
                       user_ids: group_user.id,
                       access_level: Gitlab::Access::GUEST
 
-        expect(response).to have_http_status(403)
+        expect(response).to have_gitlab_http_status(403)
         expect(group.users).not_to include group_user
       end
     end
@@ -73,7 +73,7 @@ describe Groups::GroupMembersController do
       it 'returns 403' do
         delete :destroy, group_id: group, id: 42
 
-        expect(response).to have_http_status(403)
+        expect(response).to have_gitlab_http_status(403)
       end
     end
 
@@ -86,7 +86,7 @@ describe Groups::GroupMembersController do
         it 'returns 403' do
           delete :destroy, group_id: group, id: member
 
-          expect(response).to have_http_status(403)
+          expect(response).to have_gitlab_http_status(403)
           expect(group.members).to include member
         end
       end
@@ -123,7 +123,7 @@ describe Groups::GroupMembersController do
       it 'returns 404' do
         delete :leave, group_id: group
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -144,7 +144,7 @@ describe Groups::GroupMembersController do
         it 'supports json request' do
           delete :leave, group_id: group, format: :json
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
           expect(json_response['notice']).to eq "You left the \"#{group.name}\" group."
         end
       end
@@ -157,7 +157,7 @@ describe Groups::GroupMembersController do
         it 'cannot removes himself from the group' do
           delete :leave, group_id: group
 
-          expect(response).to have_http_status(403)
+          expect(response).to have_gitlab_http_status(403)
         end
       end
 
@@ -204,7 +204,7 @@ describe Groups::GroupMembersController do
       it 'returns 403' do
         post :approve_access_request, group_id: group, id: 42
 
-        expect(response).to have_http_status(403)
+        expect(response).to have_gitlab_http_status(403)
       end
     end
 
@@ -217,7 +217,7 @@ describe Groups::GroupMembersController do
         it 'returns 403' do
           post :approve_access_request, group_id: group, id: member
 
-          expect(response).to have_http_status(403)
+          expect(response).to have_gitlab_http_status(403)
           expect(group.members).not_to include member
         end
       end
diff --git a/spec/controllers/groups/labels_controller_spec.rb b/spec/controllers/groups/labels_controller_spec.rb
index 899d8ebd12b..da54aa9054c 100644
--- a/spec/controllers/groups/labels_controller_spec.rb
+++ b/spec/controllers/groups/labels_controller_spec.rb
@@ -16,7 +16,7 @@ describe Groups::LabelsController do
 
       post :toggle_subscription, group_id: group.to_param, id: label.to_param
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
   end
 end
diff --git a/spec/controllers/groups/milestones_controller_spec.rb b/spec/controllers/groups/milestones_controller_spec.rb
index fbbc67f3ae0..c1aba46be04 100644
--- a/spec/controllers/groups/milestones_controller_spec.rb
+++ b/spec/controllers/groups/milestones_controller_spec.rb
@@ -35,7 +35,7 @@ describe Groups::MilestonesController do
     it 'shows group milestones page' do
       get :index, group_id: group.to_param
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
 
     context 'as JSON' do
@@ -51,7 +51,7 @@ describe Groups::MilestonesController do
         expect(milestones.count).to eq(2)
         expect(milestones.first["title"]).to eq("group milestone")
         expect(milestones.second["title"]).to eq("legacy")
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(response.content_type).to eq 'application/json'
       end
     end
@@ -153,7 +153,7 @@ describe Groups::MilestonesController do
             it 'does not redirect' do
               get :index, group_id: group.to_param
 
-              expect(response).not_to have_http_status(301)
+              expect(response).not_to have_gitlab_http_status(301)
             end
           end
 
@@ -172,7 +172,7 @@ describe Groups::MilestonesController do
             it 'does not redirect' do
               get :show, group_id: group.to_param, id: title
 
-              expect(response).not_to have_http_status(301)
+              expect(response).not_to have_gitlab_http_status(301)
             end
           end
 
@@ -242,7 +242,7 @@ describe Groups::MilestonesController do
              group_id: group.to_param,
              milestone: { title: title }
 
-        expect(response).not_to have_http_status(404)
+        expect(response).not_to have_gitlab_http_status(404)
       end
 
       it 'does not redirect to the correct casing' do
@@ -250,7 +250,7 @@ describe Groups::MilestonesController do
              group_id: group.to_param,
              milestone: { title: title }
 
-        expect(response).not_to have_http_status(301)
+        expect(response).not_to have_gitlab_http_status(301)
       end
     end
 
@@ -262,7 +262,7 @@ describe Groups::MilestonesController do
              group_id: redirect_route.path,
              milestone: { title: title }
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
diff --git a/spec/controllers/groups/settings/ci_cd_controller_spec.rb b/spec/controllers/groups/settings/ci_cd_controller_spec.rb
index 2e0efb57c74..e9f0924caba 100644
--- a/spec/controllers/groups/settings/ci_cd_controller_spec.rb
+++ b/spec/controllers/groups/settings/ci_cd_controller_spec.rb
@@ -13,7 +13,7 @@ describe Groups::Settings::CiCdController do
     it 'renders show with 200 status code' do
       get :show, group_id: group
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
       expect(response).to render_template(:show)
     end
   end
diff --git a/spec/controllers/groups/variables_controller_spec.rb b/spec/controllers/groups/variables_controller_spec.rb
index 02f2fa46047..8ea98cd9e8f 100644
--- a/spec/controllers/groups/variables_controller_spec.rb
+++ b/spec/controllers/groups/variables_controller_spec.rb
@@ -48,7 +48,7 @@ describe Groups::VariablesController do
         post :update, group_id: group,
                       id: variable.id, variable: { key: '?', value: variable.value }
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(response).to render_template :show
       end
     end
diff --git a/spec/controllers/groups_controller_spec.rb b/spec/controllers/groups_controller_spec.rb
index b0564e27a68..a9cfd964dd5 100644
--- a/spec/controllers/groups_controller_spec.rb
+++ b/spec/controllers/groups_controller_spec.rb
@@ -1,4 +1,4 @@
-require 'rails_helper'
+require 'spec_helper'
 
 describe GroupsController do
   let(:user) { create(:user) }
@@ -32,6 +32,31 @@ describe GroupsController do
     end
   end
 
+  describe 'GET #show' do
+    before do
+      sign_in(user)
+      project
+    end
+
+    context 'as html' do
+      it 'assigns whether or not a group has children' do
+        get :show, id: group.to_param
+
+        expect(assigns(:has_children)).to be_truthy
+      end
+    end
+
+    context 'as atom' do
+      it 'assigns events for all the projects in the group' do
+        create(:event, project: project)
+
+        get :show, id: group.to_param, format: :atom
+
+        expect(assigns(:events)).not_to be_empty
+      end
+    end
+  end
+
   describe 'GET #new' do
     context 'when creating subgroups', :nested_groups do
       [true, false].each do |can_create_group_status|
@@ -150,42 +175,6 @@ describe GroupsController do
     end
   end
 
-  describe 'GET #subgroups', :nested_groups do
-    let!(:public_subgroup) { create(:group, :public, parent: group) }
-    let!(:private_subgroup) { create(:group, :private, parent: group) }
-
-    context 'as a user' do
-      before do
-        sign_in(user)
-      end
-
-      it 'shows all subgroups' do
-        get :subgroups, id: group.to_param
-
-        expect(assigns(:nested_groups)).to contain_exactly(public_subgroup, private_subgroup)
-      end
-
-      context 'being member of private subgroup' do
-        it 'shows public and private subgroups the user is member of' do
-          group_member.destroy!
-          private_subgroup.add_guest(user)
-
-          get :subgroups, id: group.to_param
-
-          expect(assigns(:nested_groups)).to contain_exactly(public_subgroup, private_subgroup)
-        end
-      end
-    end
-
-    context 'as a guest' do
-      it 'shows the public subgroups' do
-        get :subgroups, id: group.to_param
-
-        expect(assigns(:nested_groups)).to contain_exactly(public_subgroup)
-      end
-    end
-  end
-
   describe 'GET #issues' do
     let(:issue_1) { create(:issue, project: project) }
     let(:issue_2) { create(:issue, project: project) }
@@ -274,7 +263,7 @@ describe GroupsController do
     it 'updates the path successfully' do
       post :update, id: group.to_param, group: { path: 'new_path' }
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(controller).to set_flash[:notice]
     end
 
@@ -345,7 +334,7 @@ describe GroupsController do
               it 'does not redirect' do
                 get :issues, id: group.to_param
 
-                expect(response).not_to have_http_status(301)
+                expect(response).not_to have_gitlab_http_status(301)
               end
             end
 
@@ -364,7 +353,7 @@ describe GroupsController do
               it 'does not redirect' do
                 get :show, id: group.to_param
 
-                expect(response).not_to have_http_status(301)
+                expect(response).not_to have_gitlab_http_status(301)
               end
             end
 
@@ -425,62 +414,62 @@ describe GroupsController do
           end
         end
       end
-    end
 
-    context 'for a POST request' do
-      context 'when requesting the canonical path with different casing' do
-        it 'does not 404' do
-          post :update, id: group.to_param.upcase, group: { path: 'new_path' }
+      context 'for a POST request' do
+        context 'when requesting the canonical path with different casing' do
+          it 'does not 404' do
+            post :update, id: group.to_param.upcase, group: { path: 'new_path' }
 
-          expect(response).not_to have_http_status(404)
-        end
+            expect(response).not_to have_gitlab_http_status(404)
+          end
 
-        it 'does not redirect to the correct casing' do
-          post :update, id: group.to_param.upcase, group: { path: 'new_path' }
+          it 'does not redirect to the correct casing' do
+            post :update, id: group.to_param.upcase, group: { path: 'new_path' }
 
-          expect(response).not_to have_http_status(301)
+            expect(response).not_to have_gitlab_http_status(301)
+          end
         end
-      end
 
-      context 'when requesting a redirected path' do
-        let(:redirect_route) { group.redirect_routes.create(path: 'old-path') }
+        context 'when requesting a redirected path' do
+          let(:redirect_route) { group.redirect_routes.create(path: 'old-path') }
 
-        it 'returns not found' do
-          post :update, id: redirect_route.path, group: { path: 'new_path' }
+          it 'returns not found' do
+            post :update, id: redirect_route.path, group: { path: 'new_path' }
 
-          expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
+          end
         end
       end
-    end
 
-    context 'for a DELETE request' do
-      context 'when requesting the canonical path with different casing' do
-        it 'does not 404' do
-          delete :destroy, id: group.to_param.upcase
+      context 'for a DELETE request' do
+        context 'when requesting the canonical path with different casing' do
+          it 'does not 404' do
+            delete :destroy, id: group.to_param.upcase
 
-          expect(response).not_to have_http_status(404)
-        end
+            expect(response).not_to have_gitlab_http_status(404)
+          end
 
-        it 'does not redirect to the correct casing' do
-          delete :destroy, id: group.to_param.upcase
+          it 'does not redirect to the correct casing' do
+            delete :destroy, id: group.to_param.upcase
 
-          expect(response).not_to have_http_status(301)
+            expect(response).not_to have_gitlab_http_status(301)
+          end
         end
-      end
 
-      context 'when requesting a redirected path' do
-        let(:redirect_route) { group.redirect_routes.create(path: 'old-path') }
+        context 'when requesting a redirected path' do
+          let(:redirect_route) { group.redirect_routes.create(path: 'old-path') }
 
-        it 'returns not found' do
-          delete :destroy, id: redirect_route.path
+          it 'returns not found' do
+            delete :destroy, id: redirect_route.path
 
-          expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
+          end
         end
       end
     end
-  end
 
-  def group_moved_message(redirect_route, group)
-    "Group '#{redirect_route.path}' was moved to '#{group.full_path}'. Please update any links and bookmarks that may still have the old path."
+    def group_moved_message(redirect_route, group)
+      "Group '#{redirect_route.path}' was moved to '#{group.full_path}'. Please update any links and bookmarks that may still have the old path."
+    end
   end
 end
diff --git a/spec/controllers/health_check_controller_spec.rb b/spec/controllers/health_check_controller_spec.rb
index 03da6287774..2cead1770c9 100644
--- a/spec/controllers/health_check_controller_spec.rb
+++ b/spec/controllers/health_check_controller_spec.rb
@@ -100,7 +100,7 @@ describe HealthCheckController do
       it 'supports failure plaintext response' do
         get :index
 
-        expect(response).to have_http_status(500)
+        expect(response).to have_gitlab_http_status(500)
         expect(response.content_type).to eq 'text/plain'
         expect(response.body).to include('The server is on fire')
       end
@@ -108,7 +108,7 @@ describe HealthCheckController do
       it 'supports failure json response' do
         get :index, format: :json
 
-        expect(response).to have_http_status(500)
+        expect(response).to have_gitlab_http_status(500)
         expect(response.content_type).to eq 'application/json'
         expect(json_response['healthy']).to be false
         expect(json_response['message']).to include('The server is on fire')
@@ -117,7 +117,7 @@ describe HealthCheckController do
       it 'supports failure xml response' do
         get :index, format: :xml
 
-        expect(response).to have_http_status(500)
+        expect(response).to have_gitlab_http_status(500)
         expect(response.content_type).to eq 'application/xml'
         expect(xml_response['healthy']).to be false
         expect(xml_response['message']).to include('The server is on fire')
@@ -126,7 +126,7 @@ describe HealthCheckController do
       it 'supports failure responses for specific checks' do
         get :index, checks: 'email', format: :json
 
-        expect(response).to have_http_status(500)
+        expect(response).to have_gitlab_http_status(500)
         expect(response.content_type).to eq 'application/json'
         expect(json_response['healthy']).to be false
         expect(json_response['message']).to include('Email is on fire')
diff --git a/spec/controllers/help_controller_spec.rb b/spec/controllers/help_controller_spec.rb
index d3489324a9c..f75048f422c 100644
--- a/spec/controllers/help_controller_spec.rb
+++ b/spec/controllers/help_controller_spec.rb
@@ -100,7 +100,7 @@ describe HelpController do
     context 'for UI Development Kit' do
       it 'renders found' do
         get :ui
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
     end
   end
diff --git a/spec/controllers/invites_controller_spec.rb b/spec/controllers/invites_controller_spec.rb
index e00403118a0..6c09ca7dc66 100644
--- a/spec/controllers/invites_controller_spec.rb
+++ b/spec/controllers/invites_controller_spec.rb
@@ -15,7 +15,7 @@ describe InvitesController do
       get :accept, id: token
       member.reload
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(member.user).to eq(user)
       expect(flash[:notice]).to include 'You have been granted'
     end
@@ -26,7 +26,7 @@ describe InvitesController do
       get :decline, id: token
       expect {member.reload}.to raise_error ActiveRecord::RecordNotFound
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(flash[:notice]).to include 'You have declined the invitation to join'
     end
   end
diff --git a/spec/controllers/metrics_controller_spec.rb b/spec/controllers/metrics_controller_spec.rb
index 7b0976e3e67..4aed2a25baa 100644
--- a/spec/controllers/metrics_controller_spec.rb
+++ b/spec/controllers/metrics_controller_spec.rb
@@ -59,17 +59,6 @@ describe MetricsController do
         expect(response.body).to match(/^redis_shared_state_ping_latency_seconds [0-9\.]+$/)
       end
 
-      it 'returns file system check metrics' do
-        get :index
-
-        expect(response.body).to match(/^filesystem_access_latency_seconds{shard="default"} [0-9\.]+$/)
-        expect(response.body).to match(/^filesystem_accessible{shard="default"} 1$/)
-        expect(response.body).to match(/^filesystem_write_latency_seconds{shard="default"} [0-9\.]+$/)
-        expect(response.body).to match(/^filesystem_writable{shard="default"} 1$/)
-        expect(response.body).to match(/^filesystem_read_latency_seconds{shard="default"} [0-9\.]+$/)
-        expect(response.body).to match(/^filesystem_readable{shard="default"} 1$/)
-      end
-
       context 'prometheus metrics are disabled' do
         before do
           allow(Gitlab::Metrics).to receive(:prometheus_metrics_enabled?).and_return(false)
diff --git a/spec/controllers/notification_settings_controller_spec.rb b/spec/controllers/notification_settings_controller_spec.rb
index bef815ee1f7..9014b8b5084 100644
--- a/spec/controllers/notification_settings_controller_spec.rb
+++ b/spec/controllers/notification_settings_controller_spec.rb
@@ -110,7 +110,7 @@ describe NotificationSettingsController do
              project_id: private_project.id,
              notification_setting: { level: :participating }
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
@@ -172,7 +172,7 @@ describe NotificationSettingsController do
             id: notification_setting,
             notification_setting: { level: :participating }
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
diff --git a/spec/controllers/oauth/applications_controller_spec.rb b/spec/controllers/oauth/applications_controller_spec.rb
index 552899eb36c..b38652e7ab9 100644
--- a/spec/controllers/oauth/applications_controller_spec.rb
+++ b/spec/controllers/oauth/applications_controller_spec.rb
@@ -12,7 +12,7 @@ describe Oauth::ApplicationsController do
       it 'shows list of applications' do
         get :index
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it 'redirects back to profile page if OAuth applications are disabled' do
@@ -21,7 +21,7 @@ describe Oauth::ApplicationsController do
 
         get :index
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
         expect(response).to redirect_to(profile_path)
       end
     end
diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb
index ac7f73c6e81..004b463e745 100644
--- a/spec/controllers/oauth/authorizations_controller_spec.rb
+++ b/spec/controllers/oauth/authorizations_controller_spec.rb
@@ -28,7 +28,7 @@ describe Oauth::AuthorizationsController do
       it 'returns 200 code and renders error view' do
         get :new
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(response).to render_template('doorkeeper/authorizations/error')
       end
     end
@@ -37,7 +37,7 @@ describe Oauth::AuthorizationsController do
       it 'returns 200 code and renders view' do
         get :new, params
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(response).to render_template('doorkeeper/authorizations/new')
       end
 
@@ -48,7 +48,7 @@ describe Oauth::AuthorizationsController do
         get :new, params
 
         expect(request.session['user_return_to']).to be_nil
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
       end
     end
   end
diff --git a/spec/controllers/passwords_controller_spec.rb b/spec/controllers/passwords_controller_spec.rb
index cdaa88bbf5d..8778bff1190 100644
--- a/spec/controllers/passwords_controller_spec.rb
+++ b/spec/controllers/passwords_controller_spec.rb
@@ -12,7 +12,7 @@ describe PasswordsController do
 
         post :create
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
       end
     end
 
diff --git a/spec/controllers/profiles/accounts_controller_spec.rb b/spec/controllers/profiles/accounts_controller_spec.rb
index d387aba227b..f8d9d7e39ee 100644
--- a/spec/controllers/profiles/accounts_controller_spec.rb
+++ b/spec/controllers/profiles/accounts_controller_spec.rb
@@ -11,7 +11,7 @@ describe Profiles::AccountsController do
     it 'renders 404 if someone tries to unlink a non existent provider' do
       delete :unlink, provider: 'github'
 
-      expect(response).to have_http_status(404)
+      expect(response).to have_gitlab_http_status(404)
     end
 
     [:saml, :cas3].each do |provider|
@@ -23,7 +23,7 @@ describe Profiles::AccountsController do
 
           delete :unlink, provider: provider.to_s
 
-          expect(response).to have_http_status(302)
+          expect(response).to have_gitlab_http_status(302)
           expect(user.reload.identities).to include(identity)
         end
       end
@@ -38,7 +38,7 @@ describe Profiles::AccountsController do
 
           delete :unlink, provider: provider.to_s
 
-          expect(response).to have_http_status(302)
+          expect(response).to have_gitlab_http_status(302)
           expect(user.reload.identities).not_to include(identity)
         end
       end
diff --git a/spec/controllers/profiles/emails_controller_spec.rb b/spec/controllers/profiles/emails_controller_spec.rb
new file mode 100644
index 00000000000..ecf14aad54f
--- /dev/null
+++ b/spec/controllers/profiles/emails_controller_spec.rb
@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe Profiles::EmailsController do
+  let(:user) { create(:user) }
+
+  before do
+    sign_in(user)
+  end
+
+  describe '#create' do
+    let(:email_params) { { email: "add_email@example.com" } }
+
+    it 'sends an email confirmation' do
+      expect { post(:create, { email: email_params }) }.to change { ActionMailer::Base.deliveries.size }
+      expect(ActionMailer::Base.deliveries.last.to).to eq [email_params[:email]]
+      expect(ActionMailer::Base.deliveries.last.subject).to match "Confirmation instructions"
+    end
+  end
+
+  describe '#resend_confirmation_instructions' do
+    let(:email_params) { { email: "add_email@example.com" } }
+
+    it 'resends an email confirmation' do
+      email = user.emails.create(email: 'add_email@example.com')
+
+      expect { put(:resend_confirmation_instructions, { id: email }) }.to change { ActionMailer::Base.deliveries.size }
+      expect(ActionMailer::Base.deliveries.last.to).to eq [email_params[:email]]
+      expect(ActionMailer::Base.deliveries.last.subject).to match "Confirmation instructions"
+    end
+
+    it 'unable to resend an email confirmation' do
+      expect { put(:resend_confirmation_instructions, { id: 1 }) }.not_to change { ActionMailer::Base.deliveries.size }
+    end
+  end
+end
diff --git a/spec/controllers/profiles_controller_spec.rb b/spec/controllers/profiles_controller_spec.rb
index b52b63e05a4..d380978b86e 100644
--- a/spec/controllers/profiles_controller_spec.rb
+++ b/spec/controllers/profiles_controller_spec.rb
@@ -1,9 +1,10 @@
 require('spec_helper')
 
-describe ProfilesController do
-  describe "PUT update" do
-    it "allows an email update from a user without an external email address" do
-      user = create(:user)
+describe ProfilesController, :request_store do
+  let(:user) { create(:user) }
+
+  describe 'PUT update' do
+    it 'allows an email update from a user without an external email address' do
       sign_in(user)
 
       put :update,
@@ -15,7 +16,21 @@ describe ProfilesController do
       expect(user.unconfirmed_email).to eq('john@gmail.com')
     end
 
-    it "ignores an email update from a user with an external email address" do
+    it "allows an email update without confirmation if existing verified email" do
+      user = create(:user)
+      create(:email, :confirmed, user: user, email: 'john@gmail.com')
+      sign_in(user)
+
+      put :update,
+          user: { email: "john@gmail.com", name: "John" }
+
+      user.reload
+
+      expect(response.status).to eq(302)
+      expect(user.unconfirmed_email).to eq nil
+    end
+
+    it 'ignores an email update from a user with an external email address' do
       stub_omniauth_setting(sync_profile_from_provider: ['ldap'])
       stub_omniauth_setting(sync_profile_attributes: true)
 
@@ -32,7 +47,7 @@ describe ProfilesController do
       expect(ldap_user.unconfirmed_email).not_to eq('john@gmail.com')
     end
 
-    it "ignores an email and name update but allows a location update from a user with external email and name, but not external location" do
+    it 'ignores an email and name update but allows a location update from a user with external email and name, but not external location' do
       stub_omniauth_setting(sync_profile_from_provider: ['ldap'])
       stub_omniauth_setting(sync_profile_attributes: true)
 
@@ -51,4 +66,35 @@ describe ProfilesController do
       expect(ldap_user.location).to eq('City, Country')
     end
   end
+
+  describe 'PUT update_username' do
+    let(:namespace) { user.namespace }
+    let(:project) { create(:project_empty_repo, namespace: namespace) }
+    let(:gitlab_shell) { Gitlab::Shell.new }
+    let(:new_username) { 'renamedtosomethingelse' }
+
+    it 'allows username change' do
+      sign_in(user)
+
+      put :update_username,
+        user: { username: new_username }
+
+      user.reload
+
+      expect(response.status).to eq(302)
+      expect(user.username).to eq(new_username)
+    end
+
+    it 'moves dependent projects to new namespace' do
+      sign_in(user)
+
+      put :update_username,
+        user: { username: new_username }
+
+      user.reload
+
+      expect(response.status).to eq(302)
+      expect(gitlab_shell.exists?(project.repository_storage_path, "#{new_username}/#{project.path}.git")).to be_truthy
+    end
+  end
 end
diff --git a/spec/controllers/projects/artifacts_controller_spec.rb b/spec/controllers/projects/artifacts_controller_spec.rb
index caa63e7bd22..d1051741430 100644
--- a/spec/controllers/projects/artifacts_controller_spec.rb
+++ b/spec/controllers/projects/artifacts_controller_spec.rb
@@ -1,8 +1,8 @@
 require 'spec_helper'
 
 describe Projects::ArtifactsController do
-  let(:user) { create(:user) }
-  let(:project) { create(:project, :repository) }
+  set(:user) { create(:user) }
+  set(:project) { create(:project, :repository, :public) }
 
   let(:pipeline) do
     create(:ci_pipeline,
@@ -15,7 +15,7 @@ describe Projects::ArtifactsController do
   let(:job) { create(:ci_build, :success, :artifacts, pipeline: pipeline) }
 
   before do
-    project.team << [user, :developer]
+    project.add_developer(user)
 
     sign_in(user)
   end
@@ -47,19 +47,67 @@ describe Projects::ArtifactsController do
   end
 
   describe 'GET file' do
-    context 'when the file exists' do
-      it 'renders the file view' do
-        get :file, namespace_id: project.namespace, project_id: project, job_id: job, path: 'ci_artifacts.txt'
+    before do
+      allow(Gitlab.config.pages).to receive(:enabled).and_return(true)
+    end
 
-        expect(response).to render_template('projects/artifacts/file')
+    context 'when the file is served by GitLab Pages' do
+      before do
+        allow(Gitlab.config.pages).to receive(:artifacts_server).and_return(true)
+      end
+
+      context 'when the file exists' do
+        it 'renders the file view' do
+          get :file, namespace_id: project.namespace, project_id: project, job_id: job, path: 'ci_artifacts.txt'
+
+          expect(response).to have_gitlab_http_status(302)
+        end
+      end
+
+      context 'when the file does not exist' do
+        it 'responds Not Found' do
+          get :file, namespace_id: project.namespace, project_id: project, job_id: job, path: 'unknown'
+
+          expect(response).to be_not_found
+        end
       end
     end
 
-    context 'when the file does not exist' do
-      it 'responds Not Found' do
-        get :file, namespace_id: project.namespace, project_id: project, job_id: job, path: 'unknown'
+    context 'when the file is served through Rails' do
+      context 'when the file exists' do
+        it 'renders the file view' do
+          get :file, namespace_id: project.namespace, project_id: project, job_id: job, path: 'ci_artifacts.txt'
 
-        expect(response).to be_not_found
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(response).to render_template('projects/artifacts/file')
+        end
+      end
+
+      context 'when the file does not exist' do
+        it 'responds Not Found' do
+          get :file, namespace_id: project.namespace, project_id: project, job_id: job, path: 'unknown'
+
+          expect(response).to be_not_found
+        end
+      end
+    end
+
+    context 'when the project is private' do
+      let(:private_project) { create(:project, :repository, :private) }
+      let(:pipeline) { create(:ci_pipeline, project: private_project) }
+      let(:job) { create(:ci_build, :success, :artifacts, pipeline: pipeline) }
+
+      before do
+        private_project.add_developer(user)
+
+        allow(Gitlab.config.pages).to receive(:artifacts_server).and_return(true)
+      end
+
+      it 'does not redirect the request' do
+        get :file, namespace_id: private_project.namespace, project_id: private_project, job_id: job, path: 'ci_artifacts.txt'
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response).to render_template('projects/artifacts/file')
       end
     end
   end
@@ -95,7 +143,7 @@ describe Projects::ArtifactsController do
 
     context 'cannot find the job' do
       shared_examples 'not found' do
-        it { expect(response).to have_http_status(:not_found) }
+        it { expect(response).to have_gitlab_http_status(:not_found) }
       end
 
       context 'has no such ref' do
diff --git a/spec/controllers/projects/badges_controller_spec.rb b/spec/controllers/projects/badges_controller_spec.rb
index d68200164e4..e7cddf8cfbf 100644
--- a/spec/controllers/projects/badges_controller_spec.rb
+++ b/spec/controllers/projects/badges_controller_spec.rb
@@ -13,13 +13,13 @@ describe Projects::BadgesController do
   it 'requests the pipeline badge successfully' do
     get_badge(:pipeline)
 
-    expect(response).to have_http_status(:ok)
+    expect(response).to have_gitlab_http_status(:ok)
   end
 
   it 'requests the coverage badge successfully' do
     get_badge(:coverage)
 
-    expect(response).to have_http_status(:ok)
+    expect(response).to have_gitlab_http_status(:ok)
   end
 
   def get_badge(badge)
diff --git a/spec/controllers/projects/blame_controller_spec.rb b/spec/controllers/projects/blame_controller_spec.rb
index c086b386381..54282aa4001 100644
--- a/spec/controllers/projects/blame_controller_spec.rb
+++ b/spec/controllers/projects/blame_controller_spec.rb
@@ -28,7 +28,7 @@ describe Projects::BlameController do
 
     context "invalid file" do
       let(:id) { 'master/files/ruby/missing_file.rb'}
-      it { expect(response).to have_http_status(404) }
+      it { expect(response).to have_gitlab_http_status(404) }
     end
   end
 end
diff --git a/spec/controllers/projects/blob_controller_spec.rb b/spec/controllers/projects/blob_controller_spec.rb
index 64b9af7b845..6a1c07b4a0b 100644
--- a/spec/controllers/projects/blob_controller_spec.rb
+++ b/spec/controllers/projects/blob_controller_spec.rb
@@ -1,6 +1,8 @@
 require 'rails_helper'
 
 describe Projects::BlobController do
+  include ProjectForksHelper
+
   let(:project) { create(:project, :public, :repository) }
 
   describe "GET show" do
@@ -151,7 +153,7 @@ describe Projects::BlobController do
       end
 
       it 'redirects to blob show' do
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
     end
 
@@ -165,7 +167,7 @@ describe Projects::BlobController do
       end
 
       it 'redirects to blob show' do
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
     end
   end
@@ -226,9 +228,8 @@ describe Projects::BlobController do
     end
 
     context 'when user has forked project' do
-      let(:forked_project_link) { create(:forked_project_link, forked_from_project: project) }
-      let!(:forked_project) { forked_project_link.forked_to_project }
-      let(:guest) { forked_project.owner }
+      let!(:forked_project) { fork_project(project, guest, namespace: guest.namespace, repository: true) }
+      let(:guest) { create(:user) }
 
       before do
         sign_in(guest)
diff --git a/spec/controllers/projects/boards_controller_spec.rb b/spec/controllers/projects/boards_controller_spec.rb
index 9e2e9a39481..84cde33d944 100644
--- a/spec/controllers/projects/boards_controller_spec.rb
+++ b/spec/controllers/projects/boards_controller_spec.rb
@@ -45,7 +45,7 @@ describe Projects::BoardsController do
       it 'returns a not found 404 response' do
         list_boards
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -85,7 +85,7 @@ describe Projects::BoardsController do
       it 'returns a not found 404 response' do
         read_board board: board
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -95,7 +95,7 @@ describe Projects::BoardsController do
 
         read_board board: another_board
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
diff --git a/spec/controllers/projects/branches_controller_spec.rb b/spec/controllers/projects/branches_controller_spec.rb
index 5e0b57e9b2e..973d6fed288 100644
--- a/spec/controllers/projects/branches_controller_spec.rb
+++ b/spec/controllers/projects/branches_controller_spec.rb
@@ -62,7 +62,7 @@ describe Projects::BranchesController do
         let(:branch) { "feature%2Ftest" }
         let(:ref) { "<script>alert('ref');</script>" }
         it { is_expected.to render_template('new') }
-        it { project.repository.branch_names.include?('feature/test') }
+        it { project.repository.branch_exists?('feature/test') }
       end
     end
 
@@ -128,7 +128,7 @@ describe Projects::BranchesController do
             issue_iid: issue.iid
 
           expect(response.location).to include(project_new_blob_path(project, branch))
-          expect(response).to have_http_status(302)
+          expect(response).to have_gitlab_http_status(302)
         end
       end
 
@@ -161,7 +161,7 @@ describe Projects::BranchesController do
       it 'returns a successful 200 response' do
         create_branch name: 'my-branch', ref: 'master'
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it 'returns the created branch' do
@@ -175,7 +175,7 @@ describe Projects::BranchesController do
       it 'returns an unprocessable entity 422 response' do
         create_branch name: "<script>alert('merge');</script>", ref: "<script>alert('ref');</script>"
 
-        expect(response).to have_http_status(422)
+        expect(response).to have_gitlab_http_status(422)
       end
     end
 
@@ -202,7 +202,7 @@ describe Projects::BranchesController do
            namespace_id: project.namespace,
            project_id: project
 
-      expect(response).to have_http_status(303)
+      expect(response).to have_gitlab_http_status(303)
     end
   end
 
@@ -226,28 +226,28 @@ describe Projects::BranchesController do
       context "valid branch name, valid source" do
         let(:branch) { "feature" }
 
-        it { expect(response).to have_http_status(200) }
+        it { expect(response).to have_gitlab_http_status(200) }
         it { expect(response.body).to be_blank }
       end
 
       context "valid branch name with unencoded slashes" do
         let(:branch) { "improve/awesome" }
 
-        it { expect(response).to have_http_status(200) }
+        it { expect(response).to have_gitlab_http_status(200) }
         it { expect(response.body).to be_blank }
       end
 
       context "valid branch name with encoded slashes" do
         let(:branch) { "improve%2Fawesome" }
 
-        it { expect(response).to have_http_status(200) }
+        it { expect(response).to have_gitlab_http_status(200) }
         it { expect(response.body).to be_blank }
       end
 
       context "invalid branch name, valid ref" do
         let(:branch) { "no-branch" }
 
-        it { expect(response).to have_http_status(404) }
+        it { expect(response).to have_gitlab_http_status(404) }
         it { expect(response.body).to be_blank }
       end
     end
@@ -263,7 +263,7 @@ describe Projects::BranchesController do
           expect(json_response).to eql("message" => 'Branch was removed')
         end
 
-        it { expect(response).to have_http_status(200) }
+        it { expect(response).to have_gitlab_http_status(200) }
       end
 
       context 'valid branch name with unencoded slashes' do
@@ -273,7 +273,7 @@ describe Projects::BranchesController do
           expect(json_response).to eql('message' => 'Branch was removed')
         end
 
-        it { expect(response).to have_http_status(200) }
+        it { expect(response).to have_gitlab_http_status(200) }
       end
 
       context "valid branch name with encoded slashes" do
@@ -283,7 +283,7 @@ describe Projects::BranchesController do
           expect(json_response).to eql('message' => 'Branch was removed')
         end
 
-        it { expect(response).to have_http_status(200) }
+        it { expect(response).to have_gitlab_http_status(200) }
       end
 
       context 'invalid branch name, valid ref' do
@@ -293,7 +293,7 @@ describe Projects::BranchesController do
           expect(json_response).to eql('message' => 'No such branch')
         end
 
-        it { expect(response).to have_http_status(404) }
+        it { expect(response).to have_gitlab_http_status(404) }
       end
     end
 
@@ -341,7 +341,7 @@ describe Projects::BranchesController do
       it 'responds with status 404' do
         destroy_all_merged
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
@@ -379,7 +379,7 @@ describe Projects::BranchesController do
             project_id: project,
             format: :html
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
     end
   end
diff --git a/spec/controllers/projects/clusters_controller_spec.rb b/spec/controllers/projects/clusters_controller_spec.rb
new file mode 100644
index 00000000000..bd924a1c7be
--- /dev/null
+++ b/spec/controllers/projects/clusters_controller_spec.rb
@@ -0,0 +1,308 @@
+require 'spec_helper'
+
+describe Projects::ClustersController do
+  set(:user) { create(:user) }
+  set(:project) { create(:project) }
+  let(:role) { :master }
+
+  before do
+    project.team << [user, role]
+
+    sign_in(user)
+  end
+
+  describe 'GET index' do
+    subject do
+      get :index, namespace_id: project.namespace,
+                  project_id: project
+    end
+
+    context 'when cluster is already created' do
+      let!(:cluster) { create(:gcp_cluster, :created_on_gke, project: project) }
+
+      it 'redirects to show a cluster' do
+        subject
+
+        expect(response).to redirect_to(project_cluster_path(project, cluster))
+      end
+    end
+
+    context 'when we do not have cluster' do
+      it 'redirects to create a cluster' do
+        subject
+
+        expect(response).to redirect_to(new_project_cluster_path(project))
+      end
+    end
+  end
+
+  describe 'GET login' do
+    render_views
+
+    subject do
+      get :login, namespace_id: project.namespace,
+                  project_id: project
+    end
+
+    context 'when we do have omniauth configured' do
+      it 'shows login button' do
+        subject
+
+        expect(response.body).to include('auth_buttons/signin_with_google')
+      end
+    end
+
+    context 'when we do not have omniauth configured' do
+      before do
+        stub_omniauth_setting(providers: [])
+      end
+
+      it 'shows notice message' do
+        subject
+
+        expect(response.body).to include('Ask your GitLab administrator if you want to use this service.')
+      end
+    end
+  end
+
+  shared_examples 'requires to login' do
+    it 'redirects to create a cluster' do
+      subject
+
+      expect(response).to redirect_to(login_project_clusters_path(project))
+    end
+  end
+
+  describe 'GET new' do
+    render_views
+
+    subject do
+      get :new, namespace_id: project.namespace,
+                project_id: project
+    end
+
+    context 'when logged' do
+      before do
+        make_logged_in
+      end
+
+      it 'shows a creation form' do
+        subject
+
+        expect(response.body).to include('Create cluster')
+      end
+    end
+
+    context 'when not logged' do
+      it_behaves_like 'requires to login'
+    end
+  end
+
+  describe 'POST create' do
+    subject do
+      post :create, params.merge(namespace_id: project.namespace,
+                                 project_id: project)
+    end
+
+    context 'when not logged' do
+      let(:params) { {} }
+
+      it_behaves_like 'requires to login'
+    end
+
+    context 'when logged in' do
+      before do
+        make_logged_in
+      end
+
+      context 'when all required parameters are set' do
+        let(:params) do
+          {
+            cluster: {
+              gcp_cluster_name: 'new-cluster',
+              gcp_project_id: '111'
+            }
+          }
+        end
+
+        before do
+          expect(ClusterProvisionWorker).to receive(:perform_async) { }
+        end
+
+        it 'creates a new cluster' do
+          expect { subject }.to change { Gcp::Cluster.count }
+
+          expect(response).to redirect_to(project_cluster_path(project, project.cluster))
+        end
+      end
+
+      context 'when not all required parameters are set' do
+        render_views
+
+        let(:params) do
+          {
+            cluster: {
+              project_namespace: 'some namespace'
+            }
+          }
+        end
+
+        it 'shows an error message' do
+          expect { subject }.not_to change { Gcp::Cluster.count }
+
+          expect(response).to render_template(:new)
+        end
+      end
+    end
+  end
+
+  describe 'GET status' do
+    let(:cluster) { create(:gcp_cluster, :created_on_gke, project: project) }
+
+    subject do
+      get :status, namespace_id: project.namespace,
+                   project_id: project,
+                   id: cluster,
+                   format: :json
+    end
+
+    it "responds with matching schema" do
+      subject
+
+      expect(response).to have_gitlab_http_status(:ok)
+      expect(response).to match_response_schema('cluster_status')
+    end
+  end
+
+  describe 'GET show' do
+    render_views
+
+    let(:cluster) { create(:gcp_cluster, :created_on_gke, project: project) }
+
+    subject do
+      get :show, namespace_id: project.namespace,
+                 project_id: project,
+                 id: cluster
+    end
+
+    context 'when logged as master' do
+      it "allows to update cluster" do
+        subject
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response.body).to include("Save")
+      end
+
+      it "allows remove integration" do
+        subject
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response.body).to include("Remove integration")
+      end
+    end
+
+    context 'when logged as developer' do
+      let(:role) { :developer }
+
+      it "does not allow to access page" do
+        subject
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+  end
+
+  describe 'PUT update' do
+    render_views
+
+    let(:service) { project.build_kubernetes_service }
+    let(:cluster) { create(:gcp_cluster, :created_on_gke, project: project, service: service) }
+    let(:params) { {} }
+
+    subject do
+      put :update, params.merge(namespace_id: project.namespace,
+                                project_id: project,
+                                id: cluster)
+    end
+
+    context 'when logged as master' do
+      context 'when valid params are used' do
+        let(:params) do
+          {
+            cluster: { enabled: false }
+          }
+        end
+
+        it "redirects back to show page" do
+          subject
+
+          expect(response).to redirect_to(project_cluster_path(project, project.cluster))
+          expect(flash[:notice]).to eq('Cluster was successfully updated.')
+        end
+      end
+
+      context 'when invalid params are used' do
+        let(:params) do
+          {
+            cluster: { project_namespace: 'my Namespace 321321321 #' }
+          }
+        end
+
+        it "rejects changes" do
+          subject
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(response).to render_template(:show)
+        end
+      end
+    end
+
+    context 'when logged as developer' do
+      let(:role) { :developer }
+
+      it "does not allow to update cluster" do
+        subject
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+  end
+
+  describe 'delete update' do
+    let(:cluster) { create(:gcp_cluster, :created_on_gke, project: project) }
+
+    subject do
+      delete :destroy, namespace_id: project.namespace,
+                       project_id: project,
+                       id: cluster
+    end
+
+    context 'when logged as master' do
+      it "redirects back to clusters list" do
+        subject
+
+        expect(response).to redirect_to(project_clusters_path(project))
+        expect(flash[:notice]).to eq('Cluster integration was successfully removed.')
+      end
+    end
+
+    context 'when logged as developer' do
+      let(:role) { :developer }
+
+      it "does not allow to destroy cluster" do
+        subject
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+  end
+
+  def make_logged_in
+    session[GoogleApi::CloudPlatform::Client.session_key_for_token] = '1234'
+    session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] = in_hour.to_i.to_s
+  end
+
+  def in_hour
+    Time.now + 1.hour
+  end
+end
diff --git a/spec/controllers/projects/commit_controller_spec.rb b/spec/controllers/projects/commit_controller_spec.rb
index df53863482d..4612fc6e441 100644
--- a/spec/controllers/projects/commit_controller_spec.rb
+++ b/spec/controllers/projects/commit_controller_spec.rb
@@ -157,7 +157,7 @@ describe Projects::CommitController do
             id: commit.id)
 
         expect(response).not_to be_success
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -206,7 +206,7 @@ describe Projects::CommitController do
             id: master_pickable_commit.id)
 
         expect(response).not_to be_success
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -286,7 +286,7 @@ describe Projects::CommitController do
           end
 
           it 'returns a 404' do
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
         end
       end
@@ -298,7 +298,7 @@ describe Projects::CommitController do
         end
 
         it 'returns a 404' do
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
@@ -309,7 +309,7 @@ describe Projects::CommitController do
       end
 
       it 'returns a 404' do
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
@@ -356,7 +356,7 @@ describe Projects::CommitController do
       end
 
       it 'returns a 404' do
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
diff --git a/spec/controllers/projects/commits_controller_spec.rb b/spec/controllers/projects/commits_controller_spec.rb
index e26731fb691..c459d732507 100644
--- a/spec/controllers/projects/commits_controller_spec.rb
+++ b/spec/controllers/projects/commits_controller_spec.rb
@@ -10,9 +10,36 @@ describe Projects::CommitsController do
   end
 
   describe "GET show" do
-    context "when the ref name ends in .atom" do
-      render_views
+    render_views
+
+    context 'with file path' do
+      before do
+        get(:show,
+            namespace_id: project.namespace,
+            project_id: project,
+            id: id)
+      end
+
+      context "valid branch, valid file" do
+        let(:id) { 'master/README.md' }
+
+        it { is_expected.to respond_with(:success) }
+      end
+
+      context "valid branch, invalid file" do
+        let(:id) { 'master/invalid-path.rb' }
 
+        it { is_expected.to respond_with(:not_found) }
+      end
+
+      context "invalid branch, valid file" do
+        let(:id) { 'invalid-branch/README.md' }
+
+        it { is_expected.to respond_with(:not_found) }
+      end
+    end
+
+    context "when the ref name ends in .atom" do
       context "when the ref does not exist with the suffix" do
         it "renders as atom" do
           get(:show,
diff --git a/spec/controllers/projects/compare_controller_spec.rb b/spec/controllers/projects/compare_controller_spec.rb
index b4f9fd9b7a2..fe5818da0bc 100644
--- a/spec/controllers/projects/compare_controller_spec.rb
+++ b/spec/controllers/projects/compare_controller_spec.rb
@@ -133,7 +133,7 @@ describe Projects::CompareController do
           end
 
           it 'returns a 404' do
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
         end
       end
@@ -145,7 +145,7 @@ describe Projects::CompareController do
         end
 
         it 'returns a 404' do
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
@@ -156,7 +156,7 @@ describe Projects::CompareController do
       end
 
       it 'returns a 404' do
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -166,7 +166,7 @@ describe Projects::CompareController do
       end
 
       it 'returns a 404' do
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
diff --git a/spec/controllers/projects/deployments_controller_spec.rb b/spec/controllers/projects/deployments_controller_spec.rb
index 3daff1eeea3..3164fd5c143 100644
--- a/spec/controllers/projects/deployments_controller_spec.rb
+++ b/spec/controllers/projects/deployments_controller_spec.rb
@@ -67,7 +67,7 @@ describe Projects::DeploymentsController do
 
         it 'returns a empty response 204 resposne' do
           get :metrics, deployment_params(id: deployment.id)
-          expect(response).to have_http_status(204)
+          expect(response).to have_gitlab_http_status(204)
           expect(response.body).to eq('')
         end
       end
@@ -142,7 +142,7 @@ describe Projects::DeploymentsController do
 
         it 'returns a empty response 204 response' do
           get :additional_metrics, deployment_params(id: deployment.id, format: :json)
-          expect(response).to have_http_status(204)
+          expect(response).to have_gitlab_http_status(204)
           expect(response.body).to eq('')
         end
       end
diff --git a/spec/controllers/projects/discussions_controller_spec.rb b/spec/controllers/projects/discussions_controller_spec.rb
index fe62898fa9b..3bf676637a2 100644
--- a/spec/controllers/projects/discussions_controller_spec.rb
+++ b/spec/controllers/projects/discussions_controller_spec.rb
@@ -25,7 +25,7 @@ describe Projects::DiscussionsController do
       it "returns status 404" do
         post :resolve, request_params
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -42,7 +42,7 @@ describe Projects::DiscussionsController do
         it "returns status 404" do
           post :resolve, request_params
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -69,7 +69,7 @@ describe Projects::DiscussionsController do
         it "returns status 200" do
           post :resolve, request_params
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
     end
@@ -86,7 +86,7 @@ describe Projects::DiscussionsController do
       it "returns status 404" do
         delete :unresolve, request_params
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -103,7 +103,7 @@ describe Projects::DiscussionsController do
         it "returns status 404" do
           delete :unresolve, request_params
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -117,7 +117,7 @@ describe Projects::DiscussionsController do
         it "returns status 200" do
           delete :unresolve, request_params
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
     end
diff --git a/spec/controllers/projects/environments_controller_spec.rb b/spec/controllers/projects/environments_controller_spec.rb
index 5a95f4f6199..ff9ab53d8c3 100644
--- a/spec/controllers/projects/environments_controller_spec.rb
+++ b/spec/controllers/projects/environments_controller_spec.rb
@@ -19,7 +19,7 @@ describe Projects::EnvironmentsController do
       it 'responds with status code 200' do
         get :index, environment_params
 
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
       end
     end
 
@@ -59,7 +59,7 @@ describe Projects::EnvironmentsController do
         end
 
         it 'sets the polling interval header' do
-          expect(response).to have_http_status(:ok)
+          expect(response).to have_gitlab_http_status(:ok)
           expect(response.headers['Poll-Interval']).to eq("3000")
         end
       end
@@ -137,7 +137,7 @@ describe Projects::EnvironmentsController do
         params[:id] = 12345
         get :show, params
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
@@ -155,7 +155,7 @@ describe Projects::EnvironmentsController do
       patch_params = environment_params.merge(environment: { external_url: 'https://git.gitlab.com' })
       patch :update, patch_params
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
     end
   end
 
@@ -166,7 +166,7 @@ describe Projects::EnvironmentsController do
 
         patch :stop, environment_params(format: :json)
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -179,7 +179,7 @@ describe Projects::EnvironmentsController do
 
         patch :stop, environment_params(format: :json)
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(json_response).to eq(
           { 'redirect_url' =>
               project_job_url(project, action) })
@@ -193,7 +193,7 @@ describe Projects::EnvironmentsController do
 
         patch :stop, environment_params(format: :json)
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(json_response).to eq(
           { 'redirect_url' =>
               project_environment_url(project, environment) })
@@ -206,7 +206,7 @@ describe Projects::EnvironmentsController do
       it 'responds with a status code 200' do
         get :terminal, environment_params
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it 'loads the terminals for the enviroment' do
@@ -220,7 +220,7 @@ describe Projects::EnvironmentsController do
       it 'responds with a status code 404' do
         get :terminal, environment_params(id: 666)
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
@@ -244,7 +244,7 @@ describe Projects::EnvironmentsController do
 
           get :terminal_websocket_authorize, environment_params
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
           expect(response.headers["Content-Type"]).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
           expect(response.body).to eq('{"workhorse":"response"}')
         end
@@ -254,7 +254,7 @@ describe Projects::EnvironmentsController do
         it 'returns 404' do
           get :terminal_websocket_authorize, environment_params(id: 666)
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
@@ -290,7 +290,7 @@ describe Projects::EnvironmentsController do
         it 'returns a metrics JSON document' do
           get :metrics, environment_params(format: :json)
 
-          expect(response).to have_http_status(204)
+          expect(response).to have_gitlab_http_status(204)
           expect(json_response).to eq({})
         end
       end
@@ -330,7 +330,7 @@ describe Projects::EnvironmentsController do
         it 'returns a metrics JSON document' do
           get :additional_metrics, environment_params(format: :json)
 
-          expect(response).to have_http_status(204)
+          expect(response).to have_gitlab_http_status(204)
           expect(json_response).to eq({})
         end
       end
diff --git a/spec/controllers/projects/forks_controller_spec.rb b/spec/controllers/projects/forks_controller_spec.rb
index dc8290c438e..1bedb8ebdff 100644
--- a/spec/controllers/projects/forks_controller_spec.rb
+++ b/spec/controllers/projects/forks_controller_spec.rb
@@ -89,7 +89,7 @@ describe Projects::ForksController do
 
         get_new
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
     end
 
@@ -118,7 +118,7 @@ describe Projects::ForksController do
 
         post_create
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
         expect(response).to redirect_to(namespace_project_import_path(user.namespace, project))
       end
     end
diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb
index b4a22a46b51..4dbbaecdd6d 100644
--- a/spec/controllers/projects/issues_controller_spec.rb
+++ b/spec/controllers/projects/issues_controller_spec.rb
@@ -20,7 +20,7 @@ describe Projects::IssuesController do
 
           get :index, namespace_id: project.namespace, project_id: project
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -28,7 +28,7 @@ describe Projects::IssuesController do
         it 'renders the "index" template' do
           get :index, namespace_id: project.namespace, project_id: project
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
           expect(response).to render_template(:index)
         end
       end
@@ -45,7 +45,7 @@ describe Projects::IssuesController do
       it "returns index" do
         get :index, namespace_id: project.namespace, project_id: project
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it "returns 301 if request path doesn't match project path" do
@@ -59,7 +59,7 @@ describe Projects::IssuesController do
         project.save!
 
         get :index, namespace_id: project.namespace, project_id: project
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -89,7 +89,7 @@ describe Projects::IssuesController do
           page: last_page.to_param
 
         expect(assigns(:issues).current_page).to eq(last_page)
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it 'does not redirect to external sites when provided a host field' do
@@ -166,7 +166,7 @@ describe Projects::IssuesController do
 
           get :new, namespace_id: project.namespace, project_id: project
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -174,7 +174,7 @@ describe Projects::IssuesController do
         it 'renders the "new" template' do
           get :new, namespace_id: project.namespace, project_id: project
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
           expect(response).to render_template(:new)
         end
       end
@@ -207,162 +207,6 @@ describe Projects::IssuesController do
     end
   end
 
-  describe 'PUT #update' do
-    before do
-      sign_in(user)
-      project.team << [user, :developer]
-    end
-
-    it_behaves_like 'update invalid issuable', Issue
-
-    context 'changing the assignee' do
-      it 'limits the attributes exposed on the assignee' do
-        assignee = create(:user)
-        project.add_developer(assignee)
-
-        put :update,
-          namespace_id: project.namespace.to_param,
-          project_id: project,
-          id: issue.iid,
-          issue: { assignee_ids: [assignee.id] },
-          format: :json
-        body = JSON.parse(response.body)
-
-        expect(body['assignees'].first.keys)
-          .to match_array(%w(id name username avatar_url state web_url))
-      end
-    end
-
-    context 'Akismet is enabled' do
-      let(:project) { create(:project_empty_repo, :public) }
-
-      before do
-        stub_application_setting(recaptcha_enabled: true)
-        allow_any_instance_of(SpamService).to receive(:check_for_spam?).and_return(true)
-      end
-
-      context 'when an issue is not identified as spam' do
-        before do
-          allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(false)
-          allow_any_instance_of(AkismetService).to receive(:spam?).and_return(false)
-        end
-
-        it 'normally updates the issue' do
-          expect { update_issue(title: 'Foo') }.to change { issue.reload.title }.to('Foo')
-        end
-      end
-
-      context 'when an issue is identified as spam' do
-        before do
-          allow_any_instance_of(AkismetService).to receive(:spam?).and_return(true)
-        end
-
-        context 'when captcha is not verified' do
-          def update_spam_issue
-            update_issue(title: 'Spam Title', description: 'Spam lives here')
-          end
-
-          before do
-            allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(false)
-          end
-
-          it 'rejects an issue recognized as a spam' do
-            expect(Gitlab::Recaptcha).to receive(:load_configurations!).and_return(true)
-            expect { update_spam_issue }.not_to change { issue.reload.title }
-          end
-
-          it 'rejects an issue recognized as a spam when recaptcha disabled' do
-            stub_application_setting(recaptcha_enabled: false)
-
-            expect { update_spam_issue }.not_to change { issue.reload.title }
-          end
-
-          it 'creates a spam log' do
-            update_spam_issue
-
-            spam_logs = SpamLog.all
-
-            expect(spam_logs.count).to eq(1)
-            expect(spam_logs.first.title).to eq('Spam Title')
-            expect(spam_logs.first.recaptcha_verified).to be_falsey
-          end
-
-          context 'as HTML' do
-            it 'renders verify template' do
-              update_spam_issue
-
-              expect(response).to render_template(:verify)
-            end
-          end
-
-          context 'as JSON' do
-            before do
-              update_issue({ title: 'Spam Title', description: 'Spam lives here' }, format: :json)
-            end
-
-            it 'renders json errors' do
-              expect(json_response)
-                .to eql("errors" => ["Your issue has been recognized as spam. Please, change the content or solve the reCAPTCHA to proceed."])
-            end
-
-            it 'returns 422 status' do
-              expect(response).to have_http_status(422)
-            end
-          end
-        end
-
-        context 'when captcha is verified' do
-          let(:spammy_title) { 'Whatever' }
-          let!(:spam_logs) { create_list(:spam_log, 2, user: user, title: spammy_title) }
-
-          def update_verified_issue
-            update_issue({ title: spammy_title },
-                         { spam_log_id: spam_logs.last.id,
-                           recaptcha_verification: true })
-          end
-
-          before do
-            allow_any_instance_of(described_class).to receive(:verify_recaptcha)
-              .and_return(true)
-          end
-
-          it 'redirect to issue page' do
-            update_verified_issue
-
-            expect(response)
-              .to redirect_to(project_issue_path(project, issue))
-          end
-
-          it 'accepts an issue after recaptcha is verified' do
-            expect { update_verified_issue }.to change { issue.reload.title }.to(spammy_title)
-          end
-
-          it 'marks spam log as recaptcha_verified' do
-            expect { update_verified_issue }.to change { SpamLog.last.recaptcha_verified }.from(false).to(true)
-          end
-
-          it 'does not mark spam log as recaptcha_verified when it does not belong to current_user' do
-            spam_log = create(:spam_log)
-
-            expect { update_issue(spam_log_id: spam_log.id, recaptcha_verification: true) }
-              .not_to change { SpamLog.last.recaptcha_verified }
-          end
-        end
-      end
-
-      def update_issue(issue_params = {}, additional_params = {})
-        params = {
-          namespace_id: project.namespace.to_param,
-          project_id: project,
-          id: issue.iid,
-          issue: issue_params
-        }.merge(additional_params)
-
-        put :update, params
-      end
-    end
-  end
-
   describe 'POST #move' do
     before do
       sign_in(user)
@@ -380,7 +224,7 @@ describe Projects::IssuesController do
         it 'moves issue to another project' do
           move_issue
 
-          expect(response).to have_http_status :ok
+          expect(response).to have_gitlab_http_status :ok
           expect(another_project.issues).not_to be_empty
         end
       end
@@ -389,7 +233,7 @@ describe Projects::IssuesController do
         it 'responds with 404' do
           move_issue
 
-          expect(response).to have_http_status :not_found
+          expect(response).to have_gitlab_http_status :not_found
         end
       end
 
@@ -404,6 +248,45 @@ describe Projects::IssuesController do
     end
   end
 
+  describe 'PUT #update' do
+    subject do
+      put :update,
+        namespace_id: project.namespace,
+        project_id: project,
+        id: issue.to_param,
+        issue: { title: 'New title' }, format: :json
+    end
+
+    before do
+      sign_in(user)
+    end
+
+    context 'when user has access to update issue' do
+      before do
+        project.add_developer(user)
+      end
+
+      it 'updates the issue' do
+        subject
+
+        expect(response).to have_http_status(:ok)
+        expect(issue.reload.title).to eq('New title')
+      end
+    end
+
+    context 'when user does not have access to update issue' do
+      before do
+        project.add_guest(user)
+      end
+
+      it 'responds with 404' do
+        subject
+
+        expect(response).to have_http_status(:not_found)
+      end
+    end
+  end
+
   describe 'Confidential Issues' do
     let(:project) { create(:project_empty_repo, :public) }
     let(:assignee) { create(:assignee) }
@@ -485,14 +368,14 @@ describe Projects::IssuesController do
         sign_out(:user)
         go(id: unescaped_parameter_value.to_param)
 
-        expect(response).to have_http_status :not_found
+        expect(response).to have_gitlab_http_status :not_found
       end
 
       it 'returns 404 for non project members' do
         sign_in(non_member)
         go(id: unescaped_parameter_value.to_param)
 
-        expect(response).to have_http_status :not_found
+        expect(response).to have_gitlab_http_status :not_found
       end
 
       it 'returns 404 for project members with guest role' do
@@ -500,21 +383,21 @@ describe Projects::IssuesController do
         project.team << [member, :guest]
         go(id: unescaped_parameter_value.to_param)
 
-        expect(response).to have_http_status :not_found
+        expect(response).to have_gitlab_http_status :not_found
       end
 
       it "returns #{http_status[:success]} for author" do
         sign_in(author)
         go(id: unescaped_parameter_value.to_param)
 
-        expect(response).to have_http_status http_status[:success]
+        expect(response).to have_gitlab_http_status http_status[:success]
       end
 
       it "returns #{http_status[:success]} for assignee" do
         sign_in(assignee)
         go(id: request_forgery_timing_attack.to_param)
 
-        expect(response).to have_http_status http_status[:success]
+        expect(response).to have_gitlab_http_status http_status[:success]
       end
 
       it "returns #{http_status[:success]} for project members" do
@@ -522,14 +405,154 @@ describe Projects::IssuesController do
         project.team << [member, :developer]
         go(id: unescaped_parameter_value.to_param)
 
-        expect(response).to have_http_status http_status[:success]
+        expect(response).to have_gitlab_http_status http_status[:success]
       end
 
       it "returns #{http_status[:success]} for admin" do
         sign_in(admin)
         go(id: unescaped_parameter_value.to_param)
 
-        expect(response).to have_http_status http_status[:success]
+        expect(response).to have_gitlab_http_status http_status[:success]
+      end
+    end
+
+    describe 'PUT #update' do
+      def update_issue(issue_params: {}, additional_params: {}, id: nil)
+        id ||= issue.iid
+        params = {
+          namespace_id: project.namespace.to_param,
+          project_id: project,
+          id: id,
+          issue: { title: 'New title' }.merge(issue_params),
+          format: :json
+        }.merge(additional_params)
+
+        put :update, params
+      end
+
+      def go(id:)
+        update_issue(id: id)
+      end
+
+      before do
+        sign_in(user)
+        project.team << [user, :developer]
+      end
+
+      it_behaves_like 'restricted action', success: 200
+      it_behaves_like 'update invalid issuable', Issue
+
+      context 'changing the assignee' do
+        it 'limits the attributes exposed on the assignee' do
+          assignee = create(:user)
+          project.add_developer(assignee)
+
+          update_issue(issue_params: { assignee_ids: [assignee.id] })
+
+          body = JSON.parse(response.body)
+
+          expect(body['assignees'].first.keys)
+            .to match_array(%w(id name username avatar_url state web_url))
+        end
+      end
+
+      context 'Akismet is enabled' do
+        before do
+          project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+          stub_application_setting(recaptcha_enabled: true)
+          allow_any_instance_of(SpamService).to receive(:check_for_spam?).and_return(true)
+        end
+
+        context 'when an issue is not identified as spam' do
+          before do
+            allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(false)
+            allow_any_instance_of(AkismetService).to receive(:spam?).and_return(false)
+          end
+
+          it 'normally updates the issue' do
+            expect { update_issue(issue_params: { title: 'Foo' }) }.to change { issue.reload.title }.to('Foo')
+          end
+        end
+
+        context 'when an issue is identified as spam' do
+          before do
+            allow_any_instance_of(AkismetService).to receive(:spam?).and_return(true)
+          end
+
+          context 'when captcha is not verified' do
+            before do
+              allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(false)
+            end
+
+            it 'rejects an issue recognized as a spam' do
+              expect { update_issue }.not_to change { issue.reload.title }
+            end
+
+            it 'rejects an issue recognized as a spam when recaptcha disabled' do
+              stub_application_setting(recaptcha_enabled: false)
+
+              expect { update_issue }.not_to change { issue.reload.title }
+            end
+
+            it 'creates a spam log' do
+              update_issue(issue_params: { title: 'Spam title' })
+
+              spam_logs = SpamLog.all
+
+              expect(spam_logs.count).to eq(1)
+              expect(spam_logs.first.title).to eq('Spam title')
+              expect(spam_logs.first.recaptcha_verified).to be_falsey
+            end
+
+            it 'renders json errors' do
+              update_issue
+
+              expect(json_response)
+                .to eql("errors" => ["Your issue has been recognized as spam. Please, change the content or solve the reCAPTCHA to proceed."])
+            end
+
+            it 'returns 422 status' do
+              update_issue
+
+              expect(response).to have_gitlab_http_status(422)
+            end
+          end
+
+          context 'when captcha is verified' do
+            let(:spammy_title) { 'Whatever' }
+            let!(:spam_logs) { create_list(:spam_log, 2, user: user, title: spammy_title) }
+
+            def update_verified_issue
+              update_issue(
+                issue_params: { title: spammy_title },
+                additional_params: { spam_log_id: spam_logs.last.id, recaptcha_verification: true })
+            end
+
+            before do
+              allow_any_instance_of(described_class).to receive(:verify_recaptcha)
+                .and_return(true)
+            end
+
+            it 'returns 200 status' do
+              expect(response).to have_gitlab_http_status(200)
+            end
+
+            it 'accepts an issue after recaptcha is verified' do
+              expect { update_verified_issue }.to change { issue.reload.title }.to(spammy_title)
+            end
+
+            it 'marks spam log as recaptcha_verified' do
+              expect { update_verified_issue }.to change { SpamLog.last.recaptcha_verified }.from(false).to(true)
+            end
+
+            it 'does not mark spam log as recaptcha_verified when it does not belong to current_user' do
+              spam_log = create(:spam_log)
+
+              expect { update_issue(issue_params: { spam_log_id: spam_log.id, recaptcha_verification: true }) }
+                .not_to change { SpamLog.last.recaptcha_verified }
+            end
+          end
+        end
       end
     end
 
@@ -569,7 +592,7 @@ describe Projects::IssuesController do
         it 'returns 200' do
           go(id: issue.iid)
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
     end
@@ -817,7 +840,7 @@ describe Projects::IssuesController do
 
       it "rejects a developer to destroy an issue" do
         delete :destroy, namespace_id: project.namespace, project_id: project, id: issue.iid
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -833,12 +856,12 @@ describe Projects::IssuesController do
       it "deletes the issue" do
         delete :destroy, namespace_id: project.namespace, project_id: project, id: issue.iid
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
         expect(controller).to set_flash[:notice].to(/The issue was successfully deleted\./)
       end
 
       it 'delegates the update of the todos count cache to TodoService' do
-        expect_any_instance_of(TodoService).to receive(:destroy_issue).with(issue, owner).once
+        expect_any_instance_of(TodoService).to receive(:destroy_issuable).with(issue, owner).once
 
         delete :destroy, namespace_id: project.namespace, project_id: project, id: issue.iid
       end
@@ -857,7 +880,7 @@ describe Projects::IssuesController do
                                   project_id: project, id: issue.iid, name: "thumbsup")
       end.to change { issue.award_emoji.count }.by(1)
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
   end
 
@@ -889,47 +912,48 @@ describe Projects::IssuesController do
 
   describe 'GET #discussions' do
     let!(:discussion) { create(:discussion_note_on_issue, noteable: issue, project: issue.project) }
-
-    before do
-      project.add_developer(user)
-      sign_in(user)
-    end
-
-    it 'returns discussion json' do
-      get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid
-
-      expect(JSON.parse(response.body).first.keys).to match_array(%w[id reply_id expanded notes individual_note])
-    end
-
-    context 'with cross-reference system note', :request_store do
-      let(:new_issue) { create(:issue) }
-      let(:cross_reference) { "mentioned in #{new_issue.to_reference(issue.project)}" }
-
+    context 'when authenticated' do
       before do
-        create(:discussion_note_on_issue, :system, noteable: issue, project: issue.project, note: cross_reference)
+        project.add_developer(user)
+        sign_in(user)
       end
 
-      it 'filters notes that the user should not see' do
+      it 'returns discussion json' do
         get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid
 
-        expect(JSON.parse(response.body).count).to eq(1)
+        expect(json_response.first.keys).to match_array(%w[id reply_id expanded notes individual_note])
       end
 
-      it 'does not result in N+1 queries' do
-        # Instantiate the controller variables to ensure QueryRecorder has an accurate base count
-        get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid
+      context 'with cross-reference system note', :request_store do
+        let(:new_issue) { create(:issue) }
+        let(:cross_reference) { "mentioned in #{new_issue.to_reference(issue.project)}" }
 
-        RequestStore.clear!
+        before do
+          create(:discussion_note_on_issue, :system, noteable: issue, project: issue.project, note: cross_reference)
+        end
 
-        control_count = ActiveRecord::QueryRecorder.new do
+        it 'filters notes that the user should not see' do
           get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid
-        end.count
 
-        RequestStore.clear!
+          expect(JSON.parse(response.body).count).to eq(1)
+        end
+
+        it 'does not result in N+1 queries' do
+          # Instantiate the controller variables to ensure QueryRecorder has an accurate base count
+          get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid
+
+          RequestStore.clear!
 
-        create_list(:discussion_note_on_issue, 2, :system, noteable: issue, project: issue.project, note: cross_reference)
+          control_count = ActiveRecord::QueryRecorder.new do
+            get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid
+          end.count
 
-        expect { get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid }.not_to exceed_query_limit(control_count)
+          RequestStore.clear!
+
+          create_list(:discussion_note_on_issue, 2, :system, noteable: issue, project: issue.project, note: cross_reference)
+
+          expect { get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid }.not_to exceed_query_limit(control_count)
+        end
       end
     end
   end
diff --git a/spec/controllers/projects/jobs_controller_spec.rb b/spec/controllers/projects/jobs_controller_spec.rb
index fdd7e6f173f..f9688949a19 100644
--- a/spec/controllers/projects/jobs_controller_spec.rb
+++ b/spec/controllers/projects/jobs_controller_spec.rb
@@ -20,7 +20,7 @@ describe Projects::JobsController do
       end
 
       it 'has only pending builds' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(assigns(:builds).first.status).to eq('pending')
       end
     end
@@ -33,7 +33,7 @@ describe Projects::JobsController do
       end
 
       it 'has only running jobs' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(assigns(:builds).first.status).to eq('running')
       end
     end
@@ -46,7 +46,7 @@ describe Projects::JobsController do
       end
 
       it 'has only finished jobs' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(assigns(:builds).first.status).to eq('success')
       end
     end
@@ -62,7 +62,7 @@ describe Projects::JobsController do
         end
 
         it 'redirects to the page' do
-          expect(response).to have_http_status(:ok)
+          expect(response).to have_gitlab_http_status(:ok)
           expect(assigns(:builds).current_page).to eq(last_page)
         end
       end
@@ -107,7 +107,7 @@ describe Projects::JobsController do
         end
 
         it 'has a job' do
-          expect(response).to have_http_status(:ok)
+          expect(response).to have_gitlab_http_status(:ok)
           expect(assigns(:build).id).to eq(job.id)
         end
       end
@@ -118,7 +118,7 @@ describe Projects::JobsController do
         end
 
         it 'renders not_found' do
-          expect(response).to have_http_status(:not_found)
+          expect(response).to have_gitlab_http_status(:not_found)
         end
       end
     end
@@ -136,7 +136,7 @@ describe Projects::JobsController do
       end
 
       it 'exposes needed information' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(json_response['raw_path']).to match(/jobs\/\d+\/raw\z/)
         expect(json_response.dig('merge_request', 'path')).to match(/merge_requests\/\d+\z/)
         expect(json_response['new_issue_path'])
@@ -163,7 +163,7 @@ describe Projects::JobsController do
       let(:job) { create(:ci_build, :trace, pipeline: pipeline) }
 
       it 'returns a trace' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(json_response['id']).to eq job.id
         expect(json_response['status']).to eq job.status
         expect(json_response['html']).to eq('BUILD TRACE')
@@ -174,7 +174,7 @@ describe Projects::JobsController do
       let(:job) { create(:ci_build, pipeline: pipeline) }
 
       it 'returns no traces' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(json_response['id']).to eq job.id
         expect(json_response['status']).to eq job.status
         expect(json_response['html']).to be_nil
@@ -185,7 +185,7 @@ describe Projects::JobsController do
       let(:job) { create(:ci_build, :unicode_trace, pipeline: pipeline) }
 
       it 'returns a trace with Unicode' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(json_response['id']).to eq job.id
         expect(json_response['status']).to eq job.status
         expect(json_response['html']).to include("ヾ(´༎ຶД༎ຶ`)ﾉ")
@@ -212,11 +212,11 @@ describe Projects::JobsController do
     end
 
     it 'return a detailed job status in json' do
-      expect(response).to have_http_status(:ok)
+      expect(response).to have_gitlab_http_status(:ok)
       expect(json_response['text']).to eq status.text
       expect(json_response['label']).to eq status.label
       expect(json_response['icon']).to eq status.icon
-      expect(json_response['favicon']).to eq "/assets/ci_favicons/#{status.favicon}.ico"
+      expect(json_response['favicon']).to match_asset_path "/assets/ci_favicons/#{status.favicon}.ico"
     end
   end
 
@@ -232,7 +232,7 @@ describe Projects::JobsController do
       let(:job) { create(:ci_build, :retryable, pipeline: pipeline) }
 
       it 'redirects to the retried job page' do
-        expect(response).to have_http_status(:found)
+        expect(response).to have_gitlab_http_status(:found)
         expect(response).to redirect_to(namespace_project_job_path(id: Ci::Build.last.id))
       end
     end
@@ -241,7 +241,7 @@ describe Projects::JobsController do
       let(:job) { create(:ci_build, pipeline: pipeline) }
 
       it 'renders unprocessable_entity' do
-        expect(response).to have_http_status(:unprocessable_entity)
+        expect(response).to have_gitlab_http_status(:unprocessable_entity)
       end
     end
 
@@ -268,7 +268,7 @@ describe Projects::JobsController do
       let(:job) { create(:ci_build, :playable, pipeline: pipeline) }
 
       it 'redirects to the played job page' do
-        expect(response).to have_http_status(:found)
+        expect(response).to have_gitlab_http_status(:found)
         expect(response).to redirect_to(namespace_project_job_path(id: job.id))
       end
 
@@ -281,7 +281,7 @@ describe Projects::JobsController do
       let(:job) { create(:ci_build, pipeline: pipeline) }
 
       it 'renders unprocessable_entity' do
-        expect(response).to have_http_status(:unprocessable_entity)
+        expect(response).to have_gitlab_http_status(:unprocessable_entity)
       end
     end
 
@@ -304,7 +304,7 @@ describe Projects::JobsController do
       let(:job) { create(:ci_build, :cancelable, pipeline: pipeline) }
 
       it 'redirects to the canceled job page' do
-        expect(response).to have_http_status(:found)
+        expect(response).to have_gitlab_http_status(:found)
         expect(response).to redirect_to(namespace_project_job_path(id: job.id))
       end
 
@@ -317,7 +317,7 @@ describe Projects::JobsController do
       let(:job) { create(:ci_build, :canceled, pipeline: pipeline) }
 
       it 'returns unprocessable_entity' do
-        expect(response).to have_http_status(:unprocessable_entity)
+        expect(response).to have_gitlab_http_status(:unprocessable_entity)
       end
     end
 
@@ -342,7 +342,7 @@ describe Projects::JobsController do
       end
 
       it 'redirects to a index page' do
-        expect(response).to have_http_status(:found)
+        expect(response).to have_gitlab_http_status(:found)
         expect(response).to redirect_to(namespace_project_jobs_path)
       end
 
@@ -359,7 +359,7 @@ describe Projects::JobsController do
       end
 
       it 'redirects to a index page' do
-        expect(response).to have_http_status(:found)
+        expect(response).to have_gitlab_http_status(:found)
         expect(response).to redirect_to(namespace_project_jobs_path)
       end
     end
@@ -382,7 +382,7 @@ describe Projects::JobsController do
       let(:job) { create(:ci_build, :erasable, :trace, pipeline: pipeline) }
 
       it 'redirects to the erased job page' do
-        expect(response).to have_http_status(:found)
+        expect(response).to have_gitlab_http_status(:found)
         expect(response).to redirect_to(namespace_project_job_path(id: job.id))
       end
 
@@ -400,7 +400,7 @@ describe Projects::JobsController do
       let(:job) { create(:ci_build, :erased, pipeline: pipeline) }
 
       it 'returns unprocessable_entity' do
-        expect(response).to have_http_status(:unprocessable_entity)
+        expect(response).to have_gitlab_http_status(:unprocessable_entity)
       end
     end
 
@@ -420,7 +420,7 @@ describe Projects::JobsController do
       let(:job) { create(:ci_build, :trace, pipeline: pipeline) }
 
       it 'send a trace file' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(response.content_type).to eq 'text/plain; charset=utf-8'
         expect(response.body).to eq 'BUILD TRACE'
       end
@@ -430,7 +430,7 @@ describe Projects::JobsController do
       let(:job) { create(:ci_build, pipeline: pipeline) }
 
       it 'returns not_found' do
-        expect(response).to have_http_status(:not_found)
+        expect(response).to have_gitlab_http_status(:not_found)
       end
     end
 
diff --git a/spec/controllers/projects/labels_controller_spec.rb b/spec/controllers/projects/labels_controller_spec.rb
index f4e2dca883d..cf83f2f3265 100644
--- a/spec/controllers/projects/labels_controller_spec.rb
+++ b/spec/controllers/projects/labels_controller_spec.rb
@@ -78,7 +78,7 @@ describe Projects::LabelsController do
       it 'creates labels' do
         post :generate, namespace_id: personal_project.namespace.to_param, project_id: personal_project
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
       end
     end
 
@@ -86,7 +86,7 @@ describe Projects::LabelsController do
       it 'creates labels' do
         post :generate, namespace_id: project.namespace.to_param, project_id: project
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
       end
     end
   end
@@ -97,7 +97,7 @@ describe Projects::LabelsController do
 
       toggle_subscription(label)
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
 
     it 'allows user to toggle subscription on group labels' do
@@ -105,7 +105,7 @@ describe Projects::LabelsController do
 
       toggle_subscription(group_label)
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
 
     def toggle_subscription(label)
@@ -121,7 +121,7 @@ describe Projects::LabelsController do
       it 'denies access' do
         post :promote, namespace_id: project.namespace.to_param, project_id: project, id: label_1.to_param
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -170,7 +170,7 @@ describe Projects::LabelsController do
             it 'does not redirect' do
               get :index, namespace_id: project.namespace, project_id: project.to_param
 
-              expect(response).not_to have_http_status(301)
+              expect(response).not_to have_gitlab_http_status(301)
             end
           end
 
@@ -203,13 +203,13 @@ describe Projects::LabelsController do
       it 'does not 404' do
         post :generate, namespace_id: project.namespace, project_id: project
 
-        expect(response).not_to have_http_status(404)
+        expect(response).not_to have_gitlab_http_status(404)
       end
 
       it 'does not redirect to the correct casing' do
         post :generate, namespace_id: project.namespace, project_id: project
 
-        expect(response).not_to have_http_status(301)
+        expect(response).not_to have_gitlab_http_status(301)
       end
     end
 
@@ -219,7 +219,7 @@ describe Projects::LabelsController do
       it 'returns not found' do
         post :generate, namespace_id: project.namespace, project_id: project.to_param + 'old'
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
diff --git a/spec/controllers/projects/mattermosts_controller_spec.rb b/spec/controllers/projects/mattermosts_controller_spec.rb
index 4eea7041d29..33d48ff94d1 100644
--- a/spec/controllers/projects/mattermosts_controller_spec.rb
+++ b/spec/controllers/projects/mattermosts_controller_spec.rb
@@ -20,7 +20,7 @@ describe Projects::MattermostsController do
           namespace_id: project.namespace.to_param,
           project_id: project)
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
   end
 
diff --git a/spec/controllers/projects/merge_requests/conflicts_controller_spec.rb b/spec/controllers/projects/merge_requests/conflicts_controller_spec.rb
index 393d38c6e6b..2d7647a6e12 100644
--- a/spec/controllers/projects/merge_requests/conflicts_controller_spec.rb
+++ b/spec/controllers/projects/merge_requests/conflicts_controller_spec.rb
@@ -17,8 +17,8 @@ describe Projects::MergeRequests::ConflictsController do
   describe 'GET show' do
     context 'when the conflicts cannot be resolved in the UI' do
       before do
-        allow_any_instance_of(Gitlab::Conflict::Parser)
-          .to receive(:parse).and_raise(Gitlab::Conflict::Parser::UnmergeableFile)
+        allow(Gitlab::Git::Conflict::Parser).to receive(:parse)
+          .and_raise(Gitlab::Git::Conflict::Parser::UnmergeableFile)
 
         get :show,
             namespace_id: merge_request_with_conflicts.project.namespace.to_param,
@@ -28,7 +28,7 @@ describe Projects::MergeRequests::ConflictsController do
       end
 
       it 'returns a 200 status code' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
       end
 
       it 'returns JSON with a message' do
@@ -109,14 +109,14 @@ describe Projects::MergeRequests::ConflictsController do
 
     context 'when the conflicts cannot be resolved in the UI' do
       before do
-        allow_any_instance_of(Gitlab::Conflict::Parser)
-          .to receive(:parse).and_raise(Gitlab::Conflict::Parser::UnmergeableFile)
+        allow(Gitlab::Git::Conflict::Parser).to receive(:parse)
+          .and_raise(Gitlab::Git::Conflict::Parser::UnmergeableFile)
 
         conflict_for_path('files/ruby/regex.rb')
       end
 
       it 'returns a 404 status code' do
-        expect(response).to have_http_status(:not_found)
+        expect(response).to have_gitlab_http_status(:not_found)
       end
     end
 
@@ -126,7 +126,7 @@ describe Projects::MergeRequests::ConflictsController do
       end
 
       it 'returns a 404 status code' do
-        expect(response).to have_http_status(:not_found)
+        expect(response).to have_gitlab_http_status(:not_found)
       end
     end
 
@@ -138,7 +138,7 @@ describe Projects::MergeRequests::ConflictsController do
       end
 
       it 'returns a 200 status code' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
       end
 
       it 'returns the file in JSON format' do
@@ -198,7 +198,7 @@ describe Projects::MergeRequests::ConflictsController do
       end
 
       it 'returns an OK response' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
       end
     end
 
@@ -224,7 +224,7 @@ describe Projects::MergeRequests::ConflictsController do
       end
 
       it 'returns a 400 error' do
-        expect(response).to have_http_status(:bad_request)
+        expect(response).to have_gitlab_http_status(:bad_request)
       end
 
       it 'has a message with the name of the first missing section' do
@@ -254,7 +254,7 @@ describe Projects::MergeRequests::ConflictsController do
       end
 
       it 'returns a 400 error' do
-        expect(response).to have_http_status(:bad_request)
+        expect(response).to have_gitlab_http_status(:bad_request)
       end
 
       it 'has a message with the name of the missing file' do
@@ -292,7 +292,7 @@ describe Projects::MergeRequests::ConflictsController do
       end
 
       it 'returns a 400 error' do
-        expect(response).to have_http_status(:bad_request)
+        expect(response).to have_gitlab_http_status(:bad_request)
       end
 
       it 'has a message with the path of the problem file' do
diff --git a/spec/controllers/projects/merge_requests/creations_controller_spec.rb b/spec/controllers/projects/merge_requests/creations_controller_spec.rb
index fc4cec53374..7fdddc02fd3 100644
--- a/spec/controllers/projects/merge_requests/creations_controller_spec.rb
+++ b/spec/controllers/projects/merge_requests/creations_controller_spec.rb
@@ -112,7 +112,7 @@ describe Projects::MergeRequests::CreationsController do
         end
 
         it 'returns a 404' do
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
diff --git a/spec/controllers/projects/merge_requests/diffs_controller_spec.rb b/spec/controllers/projects/merge_requests/diffs_controller_spec.rb
index fad2c8f3ab7..18a70bec103 100644
--- a/spec/controllers/projects/merge_requests/diffs_controller_spec.rb
+++ b/spec/controllers/projects/merge_requests/diffs_controller_spec.rb
@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 describe Projects::MergeRequests::DiffsController do
+  include ProjectForksHelper
+
   let(:project) { create(:project, :repository) }
   let(:user)    { project.owner }
   let(:merge_request) { create(:merge_request_with_diffs, target_project: project, source_project: project) }
@@ -37,12 +39,12 @@ describe Projects::MergeRequests::DiffsController do
         render_views
 
         let(:project) { create(:project, :repository) }
-        let(:fork_project) { create(:forked_project_with_submodules) }
-        let(:merge_request) { create(:merge_request_with_diffs, source_project: fork_project, source_branch: 'add-submodule-version-bump', target_branch: 'master', target_project: project) }
+        let(:forked_project) { fork_project_with_submodules(project) }
+        let(:merge_request) { create(:merge_request_with_diffs, source_project: forked_project, source_branch: 'add-submodule-version-bump', target_branch: 'master', target_project: project) }
 
         before do
-          fork_project.build_forked_project_link(forked_to_project_id: fork_project.id, forked_from_project_id: project.id)
-          fork_project.save
+          project.add_developer(user)
+
           merge_request.reload
           go
         end
@@ -117,7 +119,7 @@ describe Projects::MergeRequests::DiffsController do
           end
 
           it 'returns a 404' do
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
         end
       end
@@ -129,7 +131,7 @@ describe Projects::MergeRequests::DiffsController do
         end
 
         it 'returns a 404' do
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
@@ -140,7 +142,7 @@ describe Projects::MergeRequests::DiffsController do
       end
 
       it 'returns a 404' do
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -153,7 +155,7 @@ describe Projects::MergeRequests::DiffsController do
       end
 
       it 'returns a 404' do
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
diff --git a/spec/controllers/projects/merge_requests_controller_spec.rb b/spec/controllers/projects/merge_requests_controller_spec.rb
index 6775012bab5..bfdad85c082 100644
--- a/spec/controllers/projects/merge_requests_controller_spec.rb
+++ b/spec/controllers/projects/merge_requests_controller_spec.rb
@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 describe Projects::MergeRequestsController do
+  include ProjectForksHelper
+
   let(:project) { create(:project, :repository) }
   let(:user)    { project.owner }
   let(:merge_request) { create(:merge_request_with_diffs, target_project: project, source_project: project) }
@@ -81,33 +83,21 @@ describe Projects::MergeRequestsController do
     end
 
     describe 'as json' do
-      context 'with basic param' do
+      context 'with basic serializer param' do
         it 'renders basic MR entity as json' do
-          go(basic: true, format: :json)
+          go(serializer: 'basic', format: :json)
 
           expect(response).to match_response_schema('entities/merge_request_basic')
         end
       end
 
-      context 'without basic param' do
+      context 'without basic serializer param' do
         it 'renders the merge request in the json format' do
           go(format: :json)
 
           expect(response).to match_response_schema('entities/merge_request')
         end
       end
-
-      context 'number of queries', :request_store do
-        it 'verifies number of queries' do
-          # pre-create objects
-          merge_request
-
-          recorded = ActiveRecord::QueryRecorder.new { go(format: :json) }
-
-          expect(recorded.count).to be_within(5).of(30)
-          expect(recorded.cached_count).to eq(0)
-        end
-      end
     end
 
     describe "as diff" do
@@ -153,7 +143,7 @@ describe Projects::MergeRequestsController do
         get_merge_requests(last_page)
 
         expect(assigns(:merge_requests).current_page).to eq(last_page)
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it 'does not redirect to external sites when provided a host field' do
@@ -196,17 +186,23 @@ describe Projects::MergeRequestsController do
   end
 
   describe 'PUT update' do
+    def update_merge_request(mr_params, additional_params = {})
+      params = {
+        namespace_id: project.namespace,
+        project_id: project,
+        id: merge_request.iid,
+        merge_request: mr_params
+      }.merge(additional_params)
+
+      put :update, params
+    end
+
     context 'changing the assignee' do
       it 'limits the attributes exposed on the assignee' do
         assignee = create(:user)
         project.add_developer(assignee)
 
-        put :update,
-          namespace_id: project.namespace.to_param,
-          project_id: project,
-          id: merge_request.iid,
-          merge_request: { assignee_id: assignee.id },
-          format: :json
+        update_merge_request({ assignee_id: assignee.id }, format: :json)
         body = JSON.parse(response.body)
 
         expect(body['assignee'].keys)
@@ -214,26 +210,31 @@ describe Projects::MergeRequestsController do
       end
     end
 
+    context 'when user does not have access to update issue' do
+      before do
+        reporter = create(:user)
+        project.add_reporter(reporter)
+        sign_in(reporter)
+      end
+
+      it 'responds with 404' do
+        update_merge_request(title: 'New title')
+
+        expect(response).to have_http_status(:not_found)
+      end
+    end
+
     context 'there is no source project' do
       let(:project)       { create(:project, :repository) }
-      let(:fork_project)  { create(:forked_project_with_submodules) }
-      let(:merge_request) { create(:merge_request, source_project: fork_project, source_branch: 'add-submodule-version-bump', target_branch: 'master', target_project: project) }
+      let(:forked_project)  { fork_project_with_submodules(project) }
+      let!(:merge_request) { create(:merge_request, source_project: forked_project, source_branch: 'add-submodule-version-bump', target_branch: 'master', target_project: project) }
 
       before do
-        fork_project.build_forked_project_link(forked_to_project_id: fork_project.id, forked_from_project_id: project.id)
-        fork_project.save
-        merge_request.reload
-        fork_project.destroy
+        forked_project.destroy
       end
 
       it 'closes MR without errors' do
-        post :update,
-            namespace_id: project.namespace,
-            project_id: project,
-            id: merge_request.iid,
-            merge_request: {
-              state_event: 'close'
-            }
+        update_merge_request(state_event: 'close')
 
         expect(response).to redirect_to([merge_request.target_project.namespace.becomes(Namespace), merge_request.target_project, merge_request])
         expect(merge_request.reload.closed?).to be_truthy
@@ -242,13 +243,7 @@ describe Projects::MergeRequestsController do
       it 'allows editing of a closed merge request' do
         merge_request.close!
 
-        put :update,
-            namespace_id: project.namespace,
-            project_id: project,
-            id: merge_request.iid,
-            merge_request: {
-              title: 'New title'
-            }
+        update_merge_request(title: 'New title')
 
         expect(response).to redirect_to([merge_request.target_project.namespace.becomes(Namespace), merge_request.target_project, merge_request])
         expect(merge_request.reload.title).to eq 'New title'
@@ -257,13 +252,7 @@ describe Projects::MergeRequestsController do
       it 'does not allow to update target branch closed merge request' do
         merge_request.close!
 
-        put :update,
-            namespace_id: project.namespace,
-            project_id: project,
-            id: merge_request.iid,
-            merge_request: {
-              target_branch: 'new_branch'
-            }
+        update_merge_request(target_branch: 'new_branch')
 
         expect { merge_request.reload.target_branch }.not_to change { merge_request.target_branch }
       end
@@ -291,7 +280,7 @@ describe Projects::MergeRequestsController do
       end
 
       it 'returns 404' do
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -447,7 +436,7 @@ describe Projects::MergeRequestsController do
     it "denies access to users unless they're admin or project owner" do
       delete :destroy, namespace_id: project.namespace, project_id: project, id: merge_request.iid
 
-      expect(response).to have_http_status(404)
+      expect(response).to have_gitlab_http_status(404)
     end
 
     context "when the user is owner" do
@@ -462,12 +451,12 @@ describe Projects::MergeRequestsController do
       it "deletes the merge request" do
         delete :destroy, namespace_id: project.namespace, project_id: project, id: merge_request.iid
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
         expect(controller).to set_flash[:notice].to(/The merge request was successfully deleted\./)
       end
 
       it 'delegates the update of the todos count cache to TodoService' do
-        expect_any_instance_of(TodoService).to receive(:destroy_merge_request).with(merge_request, owner).once
+        expect_any_instance_of(TodoService).to receive(:destroy_issuable).with(merge_request, owner).once
 
         delete :destroy, namespace_id: project.namespace, project_id: project, id: merge_request.iid
       end
@@ -552,7 +541,7 @@ describe Projects::MergeRequestsController do
       subject
     end
 
-    it { is_expected.to have_http_status(:success) }
+    it { is_expected.to have_gitlab_http_status(:success) }
 
     it 'renders MergeRequest as JSON' do
       subject
@@ -611,21 +600,16 @@ describe Projects::MergeRequestsController do
 
   describe 'GET ci_environments_status' do
     context 'the environment is from a forked project' do
-      let!(:forked)       { create(:project, :repository) }
+      let!(:forked)       { fork_project(project, user, repository: true) }
       let!(:environment)  { create(:environment, project: forked) }
       let!(:deployment)   { create(:deployment, environment: environment, sha: forked.commit.id, ref: 'master') }
       let(:admin)         { create(:admin) }
 
       let(:merge_request) do
-        create(:forked_project_link, forked_to_project: forked,
-                                     forked_from_project: project)
-
         create(:merge_request, source_project: forked, target_project: project)
       end
 
       before do
-        forked.team << [user, :master]
-
         get :ci_environments_status,
           namespace_id: merge_request.project.namespace.to_param,
           project_id: merge_request.project,
@@ -654,11 +638,11 @@ describe Projects::MergeRequestsController do
       end
 
       it 'return a detailed head_pipeline status in json' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(json_response['text']).to eq status.text
         expect(json_response['label']).to eq status.label
         expect(json_response['icon']).to eq status.icon
-        expect(json_response['favicon']).to eq "/assets/ci_favicons/#{status.favicon}.ico"
+        expect(json_response['favicon']).to match_asset_path "/assets/ci_favicons/#{status.favicon}.ico"
       end
     end
 
@@ -668,7 +652,7 @@ describe Projects::MergeRequestsController do
       end
 
       it 'return empty' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(json_response).to be_empty
       end
     end
diff --git a/spec/controllers/projects/milestones_controller_spec.rb b/spec/controllers/projects/milestones_controller_spec.rb
index 62f1fb1f697..209979e642d 100644
--- a/spec/controllers/projects/milestones_controller_spec.rb
+++ b/spec/controllers/projects/milestones_controller_spec.rb
@@ -27,7 +27,7 @@ describe Projects::MilestonesController do
     it 'shows milestone page' do
       view_milestone
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
   end
 
@@ -86,4 +86,32 @@ describe Projects::MilestonesController do
       expect(last_note).to eq('removed milestone')
     end
   end
+
+  describe '#promote' do
+    context 'promotion succeeds' do
+      before do
+        group = create(:group)
+        group.add_developer(user)
+        milestone.project.update(namespace: group)
+      end
+
+      it 'shows group milestone' do
+        post :promote, namespace_id: project.namespace.id, project_id: project.id, id: milestone.iid
+
+        group_milestone = assigns(:milestone)
+
+        expect(response).to redirect_to(group_milestone_path(project.group, group_milestone.iid))
+        expect(flash[:notice]).to eq('Milestone has been promoted to group milestone.')
+      end
+    end
+
+    context 'promotion fails' do
+      it 'shows project milestone' do
+        post :promote, namespace_id: project.namespace.id, project_id: project.id, id: milestone.iid
+
+        expect(response).to redirect_to(project_milestone_path(project, milestone))
+        expect(flash[:alert]).to eq('Promotion failed - Project does not belong to a group.')
+      end
+    end
+  end
 end
diff --git a/spec/controllers/projects/notes_controller_spec.rb b/spec/controllers/projects/notes_controller_spec.rb
index 6ffe41b8608..5f5a789d5cc 100644
--- a/spec/controllers/projects/notes_controller_spec.rb
+++ b/spec/controllers/projects/notes_controller_spec.rb
@@ -1,6 +1,8 @@
 require 'spec_helper'
 
 describe Projects::NotesController do
+  include ProjectForksHelper
+
   let(:user)    { create(:user) }
   let(:project) { create(:project) }
   let(:issue)   { create(:issue, project: project) }
@@ -57,6 +59,7 @@ describe Projects::NotesController do
         expect(note_json[:id]).to eq(note.id)
         expect(note_json[:discussion_html]).not_to be_nil
         expect(note_json[:diff_discussion_html]).to be_nil
+        expect(note_json[:discussion_line_code]).to be_nil
       end
     end
 
@@ -72,6 +75,7 @@ describe Projects::NotesController do
         expect(note_json[:id]).to eq(note.id)
         expect(note_json[:discussion_html]).not_to be_nil
         expect(note_json[:diff_discussion_html]).not_to be_nil
+        expect(note_json[:discussion_line_code]).not_to be_nil
       end
     end
 
@@ -90,6 +94,7 @@ describe Projects::NotesController do
           expect(note_json[:id]).to eq(note.id)
           expect(note_json[:discussion_html]).not_to be_nil
           expect(note_json[:diff_discussion_html]).to be_nil
+          expect(note_json[:discussion_line_code]).to be_nil
         end
       end
 
@@ -102,6 +107,20 @@ describe Projects::NotesController do
           expect(note_json[:id]).to eq(note.id)
           expect(note_json[:discussion_html]).to be_nil
           expect(note_json[:diff_discussion_html]).to be_nil
+          expect(note_json[:discussion_line_code]).to be_nil
+        end
+
+        context 'when user cannot read commit' do
+          before do
+            allow(Ability).to receive(:allowed?).and_call_original
+            allow(Ability).to receive(:allowed?).with(user, :download_code, project).and_return(false)
+          end
+
+          it 'renders 404' do
+            get :index, params
+
+            expect(response).to have_gitlab_http_status(404)
+          end
         end
       end
     end
@@ -118,6 +137,41 @@ describe Projects::NotesController do
         expect(note_json[:html]).not_to be_nil
         expect(note_json[:discussion_html]).to be_nil
         expect(note_json[:diff_discussion_html]).to be_nil
+        expect(note_json[:discussion_line_code]).to be_nil
+      end
+    end
+
+    context 'with cross-reference system note', :request_store do
+      let(:new_issue) { create(:issue) }
+      let(:cross_reference) { "mentioned in #{new_issue.to_reference(issue.project)}" }
+
+      before do
+        note
+        create(:discussion_note_on_issue, :system, noteable: issue, project: issue.project, note: cross_reference)
+      end
+
+      it 'filters notes that the user should not see' do
+        get :index, request_params
+
+        expect(parsed_response[:notes].count).to eq(1)
+        expect(note_json[:id]).to eq(note.id)
+      end
+
+      it 'does not result in N+1 queries' do
+        # Instantiate the controller variables to ensure QueryRecorder has an accurate base count
+        get :index, request_params
+
+        RequestStore.clear!
+
+        control_count = ActiveRecord::QueryRecorder.new do
+          get :index, request_params
+        end.count
+
+        RequestStore.clear!
+
+        create_list(:discussion_note_on_issue, 2, :system, noteable: issue, project: issue.project, note: cross_reference)
+
+        expect { get :index, request_params }.not_to exceed_query_limit(control_count)
       end
     end
   end
@@ -144,13 +198,13 @@ describe Projects::NotesController do
     it "returns status 302 for html" do
       post :create, request_params
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
     end
 
     it "returns status 200 for json" do
       post :create, request_params.merge(format: :json)
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
 
     context 'when merge_request_diff_head_sha present' do
@@ -169,25 +223,23 @@ describe Projects::NotesController do
       it "returns status 302 for html" do
         post :create, request_params
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
       end
     end
 
     context 'when creating a commit comment from an MR fork' do
       let(:project) { create(:project, :repository) }
 
-      let(:fork_project) do
-        create(:project, :repository).tap do |fork|
-          create(:forked_project_link, forked_to_project: fork, forked_from_project: project)
-        end
+      let(:forked_project) do
+        fork_project(project, nil, repository: true)
       end
 
       let(:merge_request) do
-        create(:merge_request, source_project: fork_project, target_project: project, source_branch: 'feature', target_branch: 'master')
+        create(:merge_request, source_project: forked_project, target_project: project, source_branch: 'feature', target_branch: 'master')
       end
 
       let(:existing_comment) do
-        create(:note_on_commit, note: 'a note', project: fork_project, commit_id: merge_request.commit_shas.first)
+        create(:note_on_commit, note: 'a note', project: forked_project, commit_id: merge_request.commit_shas.first)
       end
 
       def post_create(extra_params = {})
@@ -197,7 +249,7 @@ describe Projects::NotesController do
                project_id: project,
                target_type: 'merge_request',
                target_id: merge_request.id,
-               note_project_id: fork_project.id,
+               note_project_id: forked_project.id,
                in_reply_to_discussion_id: existing_comment.discussion_id
              }.merge(extra_params)
       end
@@ -206,7 +258,7 @@ describe Projects::NotesController do
         it 'returns a 404' do
           post_create(note_project_id: Project.maximum(:id).succ)
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -214,21 +266,71 @@ describe Projects::NotesController do
         it 'returns a 404' do
           post_create
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
       context 'when the user has access to the fork' do
-        let(:discussion) { fork_project.notes.find_discussion(existing_comment.discussion_id) }
+        let(:discussion) { forked_project.notes.find_discussion(existing_comment.discussion_id) }
 
         before do
-          fork_project.add_developer(user)
+          forked_project.add_developer(user)
 
           existing_comment
         end
 
         it 'creates the note' do
-          expect { post_create }.to change { fork_project.notes.count }.by(1)
+          expect { post_create }.to change { forked_project.notes.count }.by(1)
+        end
+      end
+    end
+
+    context 'when the merge request discussion is locked' do
+      before do
+        project.update_attribute(:visibility_level, Gitlab::VisibilityLevel::PUBLIC)
+        merge_request.update_attribute(:discussion_locked, true)
+      end
+
+      context 'when a noteable is not found' do
+        it 'returns 404 status' do
+          request_params[:note][:noteable_id] = 9999
+          post :create, request_params.merge(format: :json)
+
+          expect(response).to have_gitlab_http_status(404)
+        end
+      end
+
+      context 'when a user is a team member' do
+        it 'returns 302 status for html' do
+          post :create, request_params
+
+          expect(response).to have_gitlab_http_status(302)
+        end
+
+        it 'returns 200 status for json' do
+          post :create, request_params.merge(format: :json)
+
+          expect(response).to have_gitlab_http_status(200)
+        end
+
+        it 'creates a new note' do
+          expect { post :create, request_params }.to change { Note.count }.by(1)
+        end
+      end
+
+      context 'when a user is not a team member' do
+        before do
+          project.project_member(user).destroy
+        end
+
+        it 'returns 404 status' do
+          post :create, request_params
+
+          expect(response).to have_gitlab_http_status(404)
+        end
+
+        it 'does not create a new note' do
+          expect { post :create, request_params }.not_to change { Note.count }
         end
       end
     end
@@ -253,7 +355,7 @@ describe Projects::NotesController do
       it "returns status 200 for html" do
         delete :destroy, request_params
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it "deletes the note" do
@@ -270,7 +372,7 @@ describe Projects::NotesController do
       it "returns status 404" do
         delete :destroy, request_params
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
@@ -286,7 +388,7 @@ describe Projects::NotesController do
         post(:toggle_award_emoji, request_params.merge(name: "thumbsup"))
       end.to change { note.award_emoji.count }.by(1)
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
 
     it "removes the already awarded emoji" do
@@ -296,7 +398,7 @@ describe Projects::NotesController do
         post(:toggle_award_emoji, request_params.merge(name: "thumbsup"))
       end.to change { AwardEmoji.count }.by(-1)
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
   end
 
@@ -314,7 +416,7 @@ describe Projects::NotesController do
         it "returns status 404" do
           post :resolve, request_params
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -331,7 +433,7 @@ describe Projects::NotesController do
           it "returns status 404" do
             post :resolve, request_params
 
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
         end
 
@@ -358,7 +460,7 @@ describe Projects::NotesController do
           it "returns status 200" do
             post :resolve, request_params
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
         end
       end
@@ -375,7 +477,7 @@ describe Projects::NotesController do
         it "returns status 404" do
           delete :unresolve, request_params
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -392,7 +494,7 @@ describe Projects::NotesController do
           it "returns status 404" do
             delete :unresolve, request_params
 
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
         end
 
@@ -406,7 +508,7 @@ describe Projects::NotesController do
           it "returns status 200" do
             delete :unresolve, request_params
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
         end
       end
diff --git a/spec/controllers/projects/pages_controller_spec.rb b/spec/controllers/projects/pages_controller_spec.rb
index 83c7744a231..4705c50de7e 100644
--- a/spec/controllers/projects/pages_controller_spec.rb
+++ b/spec/controllers/projects/pages_controller_spec.rb
@@ -21,7 +21,7 @@ describe Projects::PagesController do
     it 'returns 200 status' do
       get :show, request_params
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
 
     context 'when the project is in a subgroup' do
@@ -31,7 +31,7 @@ describe Projects::PagesController do
       it 'returns a 404 status code' do
         get :show, request_params
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
@@ -40,7 +40,7 @@ describe Projects::PagesController do
     it 'returns 302 status' do
       delete :destroy, request_params
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
     end
   end
 
@@ -53,7 +53,7 @@ describe Projects::PagesController do
       it 'returns 404 status' do
         get :show, request_params
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -61,7 +61,7 @@ describe Projects::PagesController do
       it 'returns 404 status' do
         delete :destroy, request_params
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
diff --git a/spec/controllers/projects/pages_domains_controller_spec.rb b/spec/controllers/projects/pages_domains_controller_spec.rb
index ad4d7da3bdd..e9e7d357d9c 100644
--- a/spec/controllers/projects/pages_domains_controller_spec.rb
+++ b/spec/controllers/projects/pages_domains_controller_spec.rb
@@ -26,7 +26,7 @@ describe Projects::PagesDomainsController do
     it "displays the 'show' page" do
       get(:show, request_params.merge(id: pages_domain.domain))
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
       expect(response).to render_template('show')
     end
   end
@@ -35,7 +35,7 @@ describe Projects::PagesDomainsController do
     it "displays the 'new' page" do
       get(:new, request_params)
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
       expect(response).to render_template('new')
     end
   end
@@ -69,7 +69,7 @@ describe Projects::PagesDomainsController do
       it 'returns 404 status' do
         get(:show, request_params.merge(id: pages_domain.domain))
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -77,7 +77,7 @@ describe Projects::PagesDomainsController do
       it 'returns 404 status' do
         get :new, request_params
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -85,7 +85,7 @@ describe Projects::PagesDomainsController do
       it "returns 404 status" do
         post(:create, request_params.merge(pages_domain: pages_domain_params))
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -93,7 +93,7 @@ describe Projects::PagesDomainsController do
       it "deletes the pages domain" do
         delete(:destroy, request_params.merge(id: pages_domain.domain))
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
diff --git a/spec/controllers/projects/pipeline_schedules_controller_spec.rb b/spec/controllers/projects/pipeline_schedules_controller_spec.rb
index 4ac0559c679..4e52e261920 100644
--- a/spec/controllers/projects/pipeline_schedules_controller_spec.rb
+++ b/spec/controllers/projects/pipeline_schedules_controller_spec.rb
@@ -15,7 +15,7 @@ describe Projects::PipelineSchedulesController do
     it 'renders the index view' do
       visit_pipelines_schedules
 
-      expect(response).to have_http_status(:ok)
+      expect(response).to have_gitlab_http_status(:ok)
       expect(response).to render_template(:index)
     end
 
@@ -35,7 +35,7 @@ describe Projects::PipelineSchedulesController do
       end
 
       it 'only shows active pipeline schedules' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(assigns(:schedules)).to include(pipeline_schedule)
         expect(assigns(:schedules)).not_to include(inactive_pipeline_schedule)
       end
@@ -57,7 +57,7 @@ describe Projects::PipelineSchedulesController do
     it 'initializes a pipeline schedule model' do
       get :new, namespace_id: project.namespace.to_param, project_id: project
 
-      expect(response).to have_http_status(:ok)
+      expect(response).to have_gitlab_http_status(:ok)
       expect(assigns(:schedule)).to be_a_new(Ci::PipelineSchedule)
     end
   end
@@ -87,7 +87,7 @@ describe Projects::PipelineSchedulesController do
             .to change { Ci::PipelineSchedule.count }.by(1)
             .and change { Ci::PipelineScheduleVariable.count }.by(1)
 
-          expect(response).to have_http_status(:found)
+          expect(response).to have_gitlab_http_status(:found)
 
           Ci::PipelineScheduleVariable.last.tap do |v|
             expect(v.key).to eq("AAA")
@@ -158,7 +158,7 @@ describe Projects::PipelineSchedulesController do
             expect { go }.to change { Ci::PipelineScheduleVariable.count }.by(1)
 
             pipeline_schedule.reload
-            expect(response).to have_http_status(:found)
+            expect(response).to have_gitlab_http_status(:found)
             expect(pipeline_schedule.variables.last.key).to eq('AAA')
             expect(pipeline_schedule.variables.last.value).to eq('AAA123')
           end
@@ -324,7 +324,7 @@ describe Projects::PipelineSchedulesController do
       it 'loads the pipeline schedule' do
         get :edit, namespace_id: project.namespace.to_param, project_id: project, id: pipeline_schedule.id
 
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(assigns(:schedule)).to eq(pipeline_schedule)
       end
     end
@@ -376,7 +376,7 @@ describe Projects::PipelineSchedulesController do
       end
 
       it 'does not delete the pipeline schedule' do
-        expect(response).to have_http_status(:not_found)
+        expect(response).to have_gitlab_http_status(:not_found)
       end
     end
 
@@ -391,7 +391,7 @@ describe Projects::PipelineSchedulesController do
           delete :destroy, namespace_id: project.namespace.to_param, project_id: project, id: pipeline_schedule.id
         end.to change { project.pipeline_schedules.count }.by(-1)
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
       end
     end
   end
diff --git a/spec/controllers/projects/pipelines_controller_spec.rb b/spec/controllers/projects/pipelines_controller_spec.rb
index f9d77c7ad03..1604a2da485 100644
--- a/spec/controllers/projects/pipelines_controller_spec.rb
+++ b/spec/controllers/projects/pipelines_controller_spec.rb
@@ -3,33 +3,37 @@ require 'spec_helper'
 describe Projects::PipelinesController do
   include ApiHelpers
 
-  let(:user) { create(:user) }
-  let(:project) { create(:project, :public) }
+  set(:user) { create(:user) }
+  set(:project) { create(:project, :public, :repository) }
   let(:feature) { ProjectFeature::DISABLED }
 
   before do
     stub_not_protect_default_branch
     project.add_developer(user)
-    project.project_feature.update(
-      builds_access_level: feature)
+    project.project_feature.update(builds_access_level: feature)
 
     sign_in(user)
   end
 
   describe 'GET index.json' do
     before do
-      create(:ci_empty_pipeline, status: 'pending', project: project)
-      create(:ci_empty_pipeline, status: 'running', project: project)
-      create(:ci_empty_pipeline, status: 'created', project: project)
-      create(:ci_empty_pipeline, status: 'success', project: project)
+      branch_head = project.commit
+      parent = branch_head.parent
 
-      get :index, namespace_id: project.namespace,
-                  project_id: project,
-                  format: :json
+      create(:ci_empty_pipeline, status: 'pending', project: project, sha: branch_head.id)
+      create(:ci_empty_pipeline, status: 'running', project: project, sha: branch_head.id)
+      create(:ci_empty_pipeline, status: 'created', project: project, sha: parent.id)
+      create(:ci_empty_pipeline, status: 'success', project: project, sha: parent.id)
+    end
+
+    subject do
+      get :index, namespace_id: project.namespace, project_id: project, format: :json
     end
 
     it 'returns JSON with serialized pipelines' do
-      expect(response).to have_http_status(:ok)
+      subject
+
+      expect(response).to have_gitlab_http_status(:ok)
       expect(response).to match_response_schema('pipeline')
 
       expect(json_response).to include('pipelines')
@@ -39,6 +43,12 @@ describe Projects::PipelinesController do
       expect(json_response['count']['pending']).to eq 1
       expect(json_response['count']['finished']).to eq 1
     end
+
+    context 'when performing gitaly calls', :request_store do
+      it 'limits the Gitaly requests' do
+        expect { subject }.to change { Gitlab::GitalyClient.get_request_count }.by(8)
+      end
+    end
   end
 
   describe 'GET show JSON' do
@@ -47,7 +57,7 @@ describe Projects::PipelinesController do
     it 'returns the pipeline' do
       get_pipeline_json
 
-      expect(response).to have_http_status(:ok)
+      expect(response).to have_gitlab_http_status(:ok)
       expect(json_response).not_to be_an(Array)
       expect(json_response['id']).to be(pipeline.id)
       expect(json_response['details']).to have_key 'stages'
@@ -101,7 +111,7 @@ describe Projects::PipelinesController do
       end
 
       it 'returns html source for stage dropdown' do
-        expect(response).to have_http_status(:ok)
+        expect(response).to have_gitlab_http_status(:ok)
         expect(response).to render_template('projects/pipelines/_stage')
         expect(json_response).to include('html')
       end
@@ -113,7 +123,7 @@ describe Projects::PipelinesController do
       end
 
       it 'responds with not found' do
-        expect(response).to have_http_status(:not_found)
+        expect(response).to have_gitlab_http_status(:not_found)
       end
     end
 
@@ -138,11 +148,11 @@ describe Projects::PipelinesController do
     end
 
     it 'return a detailed pipeline status in json' do
-      expect(response).to have_http_status(:ok)
+      expect(response).to have_gitlab_http_status(:ok)
       expect(json_response['text']).to eq status.text
       expect(json_response['label']).to eq status.label
       expect(json_response['icon']).to eq status.icon
-      expect(json_response['favicon']).to eq "/assets/ci_favicons/#{status.favicon}.ico"
+      expect(json_response['favicon']).to match_asset_path("/assets/ci_favicons/#{status.favicon}.ico")
     end
   end
 
@@ -161,14 +171,14 @@ describe Projects::PipelinesController do
       let(:feature) { ProjectFeature::ENABLED }
 
       it 'retries a pipeline without returning any content' do
-        expect(response).to have_http_status(:no_content)
+        expect(response).to have_gitlab_http_status(:no_content)
         expect(build.reload).to be_retried
       end
     end
 
     context 'when builds are disabled' do
       it 'fails to retry pipeline' do
-        expect(response).to have_http_status(:not_found)
+        expect(response).to have_gitlab_http_status(:not_found)
       end
     end
   end
@@ -188,14 +198,14 @@ describe Projects::PipelinesController do
       let(:feature) { ProjectFeature::ENABLED }
 
       it 'cancels a pipeline without returning any content' do
-        expect(response).to have_http_status(:no_content)
+        expect(response).to have_gitlab_http_status(:no_content)
         expect(pipeline.reload).to be_canceled
       end
     end
 
     context 'when builds are disabled' do
       it 'fails to retry pipeline' do
-        expect(response).to have_http_status(:not_found)
+        expect(response).to have_gitlab_http_status(:not_found)
       end
     end
   end
diff --git a/spec/controllers/projects/pipelines_settings_controller_spec.rb b/spec/controllers/projects/pipelines_settings_controller_spec.rb
index ee46ad00947..21b6a6d45f5 100644
--- a/spec/controllers/projects/pipelines_settings_controller_spec.rb
+++ b/spec/controllers/projects/pipelines_settings_controller_spec.rb
@@ -25,7 +25,7 @@ describe Projects::PipelinesSettingsController do
       let(:params) { { enabled: '', domain: 'mepmep.md' } }
 
       it 'redirects to the settings page' do
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
         expect(flash[:notice]).to eq("Pipelines settings for '#{project.name}' were successfully updated.")
       end
 
diff --git a/spec/controllers/projects/project_members_controller_spec.rb b/spec/controllers/projects/project_members_controller_spec.rb
index 3cb1bec5ea2..a34dc27a5ed 100644
--- a/spec/controllers/projects/project_members_controller_spec.rb
+++ b/spec/controllers/projects/project_members_controller_spec.rb
@@ -8,7 +8,7 @@ describe Projects::ProjectMembersController do
     it 'should have the project_members address with a 200 status code' do
       get :index, namespace_id: project.namespace, project_id: project
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
   end
 
@@ -30,7 +30,7 @@ describe Projects::ProjectMembersController do
                       user_ids: project_user.id,
                       access_level: Gitlab::Access::GUEST
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
         expect(project.users).not_to include project_user
       end
     end
@@ -79,7 +79,7 @@ describe Projects::ProjectMembersController do
                          project_id: project,
                          id: 42
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -94,7 +94,7 @@ describe Projects::ProjectMembersController do
                            project_id: project,
                            id: member
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
           expect(project.members).to include member
         end
       end
@@ -137,7 +137,7 @@ describe Projects::ProjectMembersController do
         delete :leave, namespace_id: project.namespace,
                        project_id: project
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -168,7 +168,7 @@ describe Projects::ProjectMembersController do
           delete :leave, namespace_id: project.namespace,
                          project_id: project
 
-          expect(response).to have_http_status(403)
+          expect(response).to have_gitlab_http_status(403)
         end
       end
 
@@ -221,7 +221,7 @@ describe Projects::ProjectMembersController do
                                       project_id: project,
                                       id: 42
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -236,7 +236,7 @@ describe Projects::ProjectMembersController do
                                         project_id: project,
                                         id: member
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
           expect(project.members).not_to include member
         end
       end
diff --git a/spec/controllers/projects/prometheus_controller_spec.rb b/spec/controllers/projects/prometheus_controller_spec.rb
index 8407a53272a..bbfe78d305a 100644
--- a/spec/controllers/projects/prometheus_controller_spec.rb
+++ b/spec/controllers/projects/prometheus_controller_spec.rb
@@ -24,7 +24,7 @@ describe Projects::PrometheusController do
         it 'returns no content response' do
           get :active_metrics, project_params(format: :json)
 
-          expect(response).to have_http_status(204)
+          expect(response).to have_gitlab_http_status(204)
         end
       end
 
@@ -38,7 +38,7 @@ describe Projects::PrometheusController do
         it 'returns no content response' do
           get :active_metrics, project_params(format: :json)
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
           expect(json_response).to eq(sample_response.deep_stringify_keys)
         end
       end
@@ -47,7 +47,7 @@ describe Projects::PrometheusController do
         it 'returns not found response' do
           get :active_metrics, project_params
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
diff --git a/spec/controllers/projects/raw_controller_spec.rb b/spec/controllers/projects/raw_controller_spec.rb
index b4eaab29fed..3a0c3faa7b4 100644
--- a/spec/controllers/projects/raw_controller_spec.rb
+++ b/spec/controllers/projects/raw_controller_spec.rb
@@ -13,7 +13,7 @@ describe Projects::RawController do
             project_id: public_project,
             id: id)
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(response.header['Content-Type']).to eq('text/plain; charset=utf-8')
         expect(response.header['Content-Disposition'])
             .to eq('inline')
@@ -30,7 +30,7 @@ describe Projects::RawController do
             project_id: public_project,
             id: id)
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(response.header['Content-Type']).to eq('image/jpeg')
         expect(response.header[Gitlab::Workhorse::SEND_DATA_HEADER]).to start_with('git-blob:')
       end
@@ -59,7 +59,7 @@ describe Projects::RawController do
                 project_id: public_project,
                 id: id)
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
         end
 
@@ -70,7 +70,7 @@ describe Projects::RawController do
                 project_id: public_project,
                 id: id)
 
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
         end
       end
@@ -86,7 +86,7 @@ describe Projects::RawController do
               project_id: public_project,
               id: id)
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
           expect(response.header['Content-Type']).to eq('text/plain; charset=utf-8')
           expect(response.header['Content-Disposition'])
               .to eq('inline')
diff --git a/spec/controllers/projects/registry/repositories_controller_spec.rb b/spec/controllers/projects/registry/repositories_controller_spec.rb
index 2805968dcd9..17769a14def 100644
--- a/spec/controllers/projects/registry/repositories_controller_spec.rb
+++ b/spec/controllers/projects/registry/repositories_controller_spec.rb
@@ -35,13 +35,20 @@ describe Projects::Registry::RepositoriesController do
           it 'successfully renders container repositories' do
             go_to_index
 
-            expect(response).to have_http_status(:ok)
+            expect(response).to have_gitlab_http_status(:ok)
           end
 
           it 'creates a root container repository' do
             expect { go_to_index }.to change { ContainerRepository.all.count }.by(1)
             expect(ContainerRepository.first).to be_root_repository
           end
+
+          it 'json has a list of projects' do
+            go_to_index(format: :json)
+
+            expect(response).to have_gitlab_http_status(:ok)
+            expect(response).to match_response_schema('registry/repositories')
+          end
         end
 
         context 'when there are no tags for this repository' do
@@ -52,12 +59,37 @@ describe Projects::Registry::RepositoriesController do
           it 'successfully renders container repositories' do
             go_to_index
 
-            expect(response).to have_http_status(:ok)
+            expect(response).to have_gitlab_http_status(:ok)
           end
 
           it 'does not ensure root container repository' do
             expect { go_to_index }.not_to change { ContainerRepository.all.count }
           end
+
+          it 'responds with json if asked' do
+            go_to_index(format: :json)
+
+            expect(response).to have_gitlab_http_status(:ok)
+            expect(json_response).to be_kind_of(Array)
+          end
+        end
+      end
+    end
+
+    describe 'DELETE destroy' do
+      context 'when root container repository exists' do
+        let!(:repository) do
+          create(:container_repository, :root, project: project)
+        end
+
+        before do
+          stub_container_registry_tags(repository: :any, tags: [])
+        end
+
+        it 'deletes a repository' do
+          expect { delete_repository(repository) }.to change { ContainerRepository.all.count }.by(-1)
+
+          expect(response).to have_gitlab_http_status(:no_content)
         end
       end
     end
@@ -68,7 +100,7 @@ describe Projects::Registry::RepositoriesController do
       it 'responds with 404' do
         go_to_index
 
-        expect(response).to have_http_status(:not_found)
+        expect(response).to have_gitlab_http_status(:not_found)
       end
 
       it 'does not ensure root container repository' do
@@ -77,8 +109,16 @@ describe Projects::Registry::RepositoriesController do
     end
   end
 
-  def go_to_index
+  def go_to_index(format: :html)
     get :index, namespace_id: project.namespace,
-                project_id: project
+                project_id: project,
+                format: format
+  end
+
+  def delete_repository(repository)
+    delete :destroy, namespace_id: project.namespace,
+                     project_id: project,
+                     id: repository,
+                     format: :json
   end
 end
diff --git a/spec/controllers/projects/registry/tags_controller_spec.rb b/spec/controllers/projects/registry/tags_controller_spec.rb
index f4af3587d23..7fee8fd44ff 100644
--- a/spec/controllers/projects/registry/tags_controller_spec.rb
+++ b/spec/controllers/projects/registry/tags_controller_spec.rb
@@ -4,24 +4,83 @@ describe Projects::Registry::TagsController do
   let(:user)    { create(:user) }
   let(:project) { create(:project, :private) }
 
+  let(:repository) do
+    create(:container_repository, name: 'image', project: project)
+  end
+
   before do
     sign_in(user)
     stub_container_registry_config(enabled: true)
   end
 
-  context 'when user has access to registry' do
+  describe 'GET index' do
+    let(:tags) do
+      Array.new(40) { |i| "tag#{i}" }
+    end
+
     before do
-      project.add_developer(user)
+      stub_container_registry_tags(repository: /image/, tags: tags)
     end
 
-    describe 'POST destroy' do
+    context 'when user can control the registry' do
+      before do
+        project.add_developer(user)
+      end
+
+      it 'receive a list of tags' do
+        get_tags
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response).to match_response_schema('registry/tags')
+        expect(response).to include_pagination_headers
+      end
+    end
+
+    context 'when user can read the registry' do
+      before do
+        project.add_reporter(user)
+      end
+
+      it 'receive a list of tags' do
+        get_tags
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response).to match_response_schema('registry/tags')
+        expect(response).to include_pagination_headers
+      end
+    end
+
+    context 'when user does not have access to registry' do
+      before do
+        project.add_guest(user)
+      end
+
+      it 'does not receive a list of tags' do
+        get_tags
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+
+    private
+
+    def get_tags
+      get :index, namespace_id: project.namespace,
+                  project_id: project,
+                  repository_id: repository,
+                  format: :json
+    end
+  end
+
+  describe 'POST destroy' do
+    context 'when user has access to registry' do
+      before do
+        project.add_developer(user)
+      end
+
       context 'when there is matching tag present' do
         before do
-          stub_container_registry_tags(repository: /image/, tags: %w[rc1 test.])
-        end
-
-        let(:repository) do
-          create(:container_repository, name: 'image', project: project)
+          stub_container_registry_tags(repository: repository.path, tags: %w[rc1 test.])
         end
 
         it 'makes it possible to delete regular tag' do
@@ -37,12 +96,15 @@ describe Projects::Registry::TagsController do
         end
       end
     end
-  end
 
-  def destroy_tag(name)
-    post :destroy, namespace_id: project.namespace,
-                   project_id: project,
-                   repository_id: repository,
-                   id: name
+    private
+
+    def destroy_tag(name)
+      post :destroy, namespace_id: project.namespace,
+                     project_id: project,
+                     repository_id: repository,
+                     id: name,
+                     format: :json
+    end
   end
 end
diff --git a/spec/controllers/projects/repositories_controller_spec.rb b/spec/controllers/projects/repositories_controller_spec.rb
index f712d1e0d63..8b777eb68ca 100644
--- a/spec/controllers/projects/repositories_controller_spec.rb
+++ b/spec/controllers/projects/repositories_controller_spec.rb
@@ -35,7 +35,7 @@ describe Projects::RepositoriesController do
         it "renders Not Found" do
           get :archive, namespace_id: project.namespace, project_id: project, ref: "master", format: "zip"
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
diff --git a/spec/controllers/projects/runners_controller_spec.rb b/spec/controllers/projects/runners_controller_spec.rb
index 2b6f988fd9c..89a13f3c976 100644
--- a/spec/controllers/projects/runners_controller_spec.rb
+++ b/spec/controllers/projects/runners_controller_spec.rb
@@ -29,7 +29,7 @@ describe Projects::RunnersController do
 
       runner.reload
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(runner.description).to eq(new_desc)
     end
   end
@@ -38,7 +38,7 @@ describe Projects::RunnersController do
     it 'destroys the runner' do
       delete :destroy, params
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(Ci::Runner.find_by(id: runner.id)).to be_nil
     end
   end
@@ -53,7 +53,7 @@ describe Projects::RunnersController do
 
       runner.reload
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(runner.active).to eq(true)
     end
   end
@@ -68,7 +68,7 @@ describe Projects::RunnersController do
 
       runner.reload
 
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(runner.active).to eq(false)
     end
   end
diff --git a/spec/controllers/projects/services_controller_spec.rb b/spec/controllers/projects/services_controller_spec.rb
index efba9cc7306..a907da2b60f 100644
--- a/spec/controllers/projects/services_controller_spec.rb
+++ b/spec/controllers/projects/services_controller_spec.rb
@@ -19,7 +19,7 @@ describe Projects::ServicesController do
 
         put :test, namespace_id: project.namespace, project_id: project, id: service.to_param
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
diff --git a/spec/controllers/projects/settings/ci_cd_controller_spec.rb b/spec/controllers/projects/settings/ci_cd_controller_spec.rb
index a8f4b79b64c..b8fe0f46f57 100644
--- a/spec/controllers/projects/settings/ci_cd_controller_spec.rb
+++ b/spec/controllers/projects/settings/ci_cd_controller_spec.rb
@@ -13,7 +13,7 @@ describe Projects::Settings::CiCdController do
     it 'renders show with 200 status code' do
       get :show, namespace_id: project.namespace, project_id: project
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
       expect(response).to render_template(:show)
     end
   end
diff --git a/spec/controllers/projects/settings/integrations_controller_spec.rb b/spec/controllers/projects/settings/integrations_controller_spec.rb
index e0f9a5b24a6..3068837f394 100644
--- a/spec/controllers/projects/settings/integrations_controller_spec.rb
+++ b/spec/controllers/projects/settings/integrations_controller_spec.rb
@@ -13,7 +13,7 @@ describe Projects::Settings::IntegrationsController do
     it 'renders show with 200 status code' do
       get :show, namespace_id: project.namespace, project_id: project
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
       expect(response).to render_template(:show)
     end
   end
diff --git a/spec/controllers/projects/settings/repository_controller_spec.rb b/spec/controllers/projects/settings/repository_controller_spec.rb
index f73471f8ca8..3a4014b7768 100644
--- a/spec/controllers/projects/settings/repository_controller_spec.rb
+++ b/spec/controllers/projects/settings/repository_controller_spec.rb
@@ -13,7 +13,7 @@ describe Projects::Settings::RepositoryController do
     it 'renders show with 200 status code' do
       get :show, namespace_id: project.namespace, project_id: project
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
       expect(response).to render_template(:show)
     end
   end
diff --git a/spec/controllers/projects/snippets_controller_spec.rb b/spec/controllers/projects/snippets_controller_spec.rb
index 3a1550aa730..e7c0b484ede 100644
--- a/spec/controllers/projects/snippets_controller_spec.rb
+++ b/spec/controllers/projects/snippets_controller_spec.rb
@@ -29,7 +29,7 @@ describe Projects::SnippetsController do
           project_id: project, page: last_page.to_param
 
         expect(assigns(:snippets).current_page).to eq(last_page)
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
     end
 
@@ -41,7 +41,7 @@ describe Projects::SnippetsController do
           get :index, namespace_id: project.namespace, project_id: project
 
           expect(assigns(:snippets)).not_to include(project_snippet)
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
 
@@ -54,7 +54,7 @@ describe Projects::SnippetsController do
           get :index, namespace_id: project.namespace, project_id: project
 
           expect(assigns(:snippets)).to include(project_snippet)
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
 
@@ -67,7 +67,7 @@ describe Projects::SnippetsController do
           get :index, namespace_id: project.namespace, project_id: project
 
           expect(assigns(:snippets)).to include(project_snippet)
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
     end
@@ -316,7 +316,7 @@ describe Projects::SnippetsController do
           it 'responds with status 404' do
             get action, namespace_id: project.namespace, project_id: project, id: project_snippet.to_param
 
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
         end
 
@@ -329,7 +329,7 @@ describe Projects::SnippetsController do
             get action, namespace_id: project.namespace, project_id: project, id: project_snippet.to_param
 
             expect(assigns(:snippet)).to eq(project_snippet)
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
         end
 
@@ -342,7 +342,7 @@ describe Projects::SnippetsController do
             get action, namespace_id: project.namespace, project_id: project, id: project_snippet.to_param
 
             expect(assigns(:snippet)).to eq(project_snippet)
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
         end
       end
@@ -352,7 +352,7 @@ describe Projects::SnippetsController do
           it 'responds with status 404' do
             get action, namespace_id: project.namespace, project_id: project, id: 42
 
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
         end
 
@@ -364,7 +364,7 @@ describe Projects::SnippetsController do
           it 'responds with status 404' do
             get action, namespace_id: project.namespace, project_id: project, id: 42
 
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
         end
       end
diff --git a/spec/controllers/projects/todos_controller_spec.rb b/spec/controllers/projects/todos_controller_spec.rb
index 41d211ed1bb..4622e27e60f 100644
--- a/spec/controllers/projects/todos_controller_spec.rb
+++ b/spec/controllers/projects/todos_controller_spec.rb
@@ -28,13 +28,13 @@ describe Projects::TodosController do
             go
           end.to change { user.todos.count }.by(1)
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
 
         it 'returns todo path and pending count' do
           go
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
           expect(json_response['count']).to eq 1
           expect(json_response['delete_path']).to match(/\/dashboard\/todos\/\d{1}/)
         end
@@ -47,7 +47,7 @@ describe Projects::TodosController do
             go
           end.to change { user.todos.count }.by(0)
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
 
         it 'does not create todo for issue when user not logged in' do
@@ -55,7 +55,7 @@ describe Projects::TodosController do
             go
           end.to change { user.todos.count }.by(0)
 
-          expect(response).to have_http_status(302)
+          expect(response).to have_gitlab_http_status(302)
         end
       end
 
@@ -68,7 +68,7 @@ describe Projects::TodosController do
 
         it "doesn't create todo" do
           expect { go }.not_to change { user.todos.count }
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
@@ -96,13 +96,13 @@ describe Projects::TodosController do
             go
           end.to change { user.todos.count }.by(1)
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
 
         it 'returns todo path and pending count' do
           go
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
           expect(json_response['count']).to eq 1
           expect(json_response['delete_path']).to match(/\/dashboard\/todos\/\d{1}/)
         end
@@ -115,7 +115,7 @@ describe Projects::TodosController do
             go
           end.to change { user.todos.count }.by(0)
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
 
         it 'does not create todo for merge request user has no access to' do
@@ -123,7 +123,7 @@ describe Projects::TodosController do
             go
           end.to change { user.todos.count }.by(0)
 
-          expect(response).to have_http_status(302)
+          expect(response).to have_gitlab_http_status(302)
         end
       end
 
@@ -136,7 +136,7 @@ describe Projects::TodosController do
 
         it "doesn't create todo" do
           expect { go }.not_to change { user.todos.count }
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
diff --git a/spec/controllers/projects/tree_controller_spec.rb b/spec/controllers/projects/tree_controller_spec.rb
index 775f3998f5d..65b821c9486 100644
--- a/spec/controllers/projects/tree_controller_spec.rb
+++ b/spec/controllers/projects/tree_controller_spec.rb
@@ -64,7 +64,7 @@ describe Projects::TreeController do
 
     context "valid SHA commit ID with path" do
       let(:id) { '6d39438/.gitignore' }
-      it { expect(response).to have_http_status(302) }
+      it { expect(response).to have_gitlab_http_status(302) }
     end
   end
 
diff --git a/spec/controllers/projects/uploads_controller_spec.rb b/spec/controllers/projects/uploads_controller_spec.rb
index 488bcf31371..c2550b1efa7 100644
--- a/spec/controllers/projects/uploads_controller_spec.rb
+++ b/spec/controllers/projects/uploads_controller_spec.rb
@@ -18,7 +18,7 @@ describe Projects::UploadsController do
           namespace_id: project.namespace.to_param,
           project_id: project,
           format: :json
-        expect(response).to have_http_status(422)
+        expect(response).to have_gitlab_http_status(422)
       end
     end
 
@@ -90,7 +90,7 @@ describe Projects::UploadsController do
           it "responds with status 200" do
             go
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
         end
 
@@ -98,7 +98,7 @@ describe Projects::UploadsController do
           it "responds with status 404" do
             go
 
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
         end
       end
@@ -117,7 +117,7 @@ describe Projects::UploadsController do
           it "responds with status 200" do
             go
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
         end
 
@@ -125,7 +125,7 @@ describe Projects::UploadsController do
           it "responds with status 404" do
             go
 
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
         end
       end
@@ -151,7 +151,7 @@ describe Projects::UploadsController do
             it "responds with status 200" do
               go
 
-              expect(response).to have_http_status(200)
+              expect(response).to have_gitlab_http_status(200)
             end
           end
 
@@ -192,7 +192,7 @@ describe Projects::UploadsController do
             it "responds with status 200" do
               go
 
-              expect(response).to have_http_status(200)
+              expect(response).to have_gitlab_http_status(200)
             end
           end
 
@@ -200,7 +200,7 @@ describe Projects::UploadsController do
             it "responds with status 404" do
               go
 
-              expect(response).to have_http_status(404)
+              expect(response).to have_gitlab_http_status(404)
             end
           end
         end
@@ -220,7 +220,7 @@ describe Projects::UploadsController do
               it "responds with status 200" do
                 go
 
-                expect(response).to have_http_status(200)
+                expect(response).to have_gitlab_http_status(200)
               end
             end
 
@@ -228,7 +228,7 @@ describe Projects::UploadsController do
               it "responds with status 404" do
                 go
 
-                expect(response).to have_http_status(404)
+                expect(response).to have_gitlab_http_status(404)
               end
             end
           end
@@ -237,7 +237,7 @@ describe Projects::UploadsController do
             it "responds with status 404" do
               go
 
-              expect(response).to have_http_status(404)
+              expect(response).to have_gitlab_http_status(404)
             end
           end
         end
diff --git a/spec/controllers/projects/variables_controller_spec.rb b/spec/controllers/projects/variables_controller_spec.rb
index 6957fb43c19..d065cd00d00 100644
--- a/spec/controllers/projects/variables_controller_spec.rb
+++ b/spec/controllers/projects/variables_controller_spec.rb
@@ -50,7 +50,7 @@ describe Projects::VariablesController do
         post :update, namespace_id: project.namespace.to_param, project_id: project,
                       id: variable.id, variable: { key: '?', value: variable.value }
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(response).to render_template :show
       end
     end
diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb
index 4459e227fb3..b1d7157e447 100644
--- a/spec/controllers/projects_controller_spec.rb
+++ b/spec/controllers/projects_controller_spec.rb
@@ -1,6 +1,8 @@
 require('spec_helper')
 
 describe ProjectsController do
+  include ProjectForksHelper
+
   let(:project) { create(:project) }
   let(:public_project) { create(:project, :public) }
   let(:user) { create(:user) }
@@ -22,7 +24,7 @@ describe ProjectsController do
 
             get :new, namespace_id: group.id
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
             expect(response).to render_template('new')
           end
         end
@@ -31,7 +33,7 @@ describe ProjectsController do
           it 'responds with status 404' do
             get :new, namespace_id: group.id
 
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
             expect(response).not_to render_template('new')
           end
         end
@@ -139,8 +141,9 @@ describe ProjectsController do
       end
     end
 
-    context 'when the storage is not available', broken_storage: true do
-      let(:project) { create(:project, :broken_storage) }
+    context 'when the storage is not available', :broken_storage do
+      set(:project) { create(:project, :broken_storage) }
+
       before do
         project.add_developer(user)
         sign_in(user)
@@ -149,7 +152,7 @@ describe ProjectsController do
       it 'renders a 503' do
         get :show, namespace_id: project.namespace, id: project
 
-        expect(response).to have_http_status(503)
+        expect(response).to have_gitlab_http_status(503)
       end
     end
 
@@ -219,6 +222,14 @@ describe ProjectsController do
         get :show, namespace_id: public_project.namespace, id: public_project
         expect(response).to render_template('_files')
       end
+
+      it "renders the readme view" do
+        allow(controller).to receive(:current_user).and_return(user)
+        allow(user).to receive(:project_view).and_return('readme')
+
+        get :show, namespace_id: public_project.namespace, id: public_project
+        expect(response).to render_template('_readme')
+      end
     end
 
     context "when the url contains .atom" do
@@ -246,7 +257,7 @@ describe ProjectsController do
 
         get :show, namespace_id: project.namespace, id: project, format: :git
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
         expect(response).to redirect_to(namespace_project_path)
       end
     end
@@ -269,7 +280,7 @@ describe ProjectsController do
 
         expect(project.path).to include 'renamed_path'
         expect(assigns(:repository).path).to include project.path
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
       end
     end
 
@@ -285,7 +296,25 @@ describe ProjectsController do
           .not_to change { project.reload.path }
 
         expect(controller).to set_flash[:alert].to(/container registry tags/)
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
+      end
+    end
+
+    it 'updates Fast Forward Merge attributes' do
+      controller.instance_variable_set(:@project, project)
+
+      params = {
+        merge_method: :ff
+      }
+
+      put :update,
+          namespace_id: project.namespace,
+          id: project.id,
+          project: params
+
+      expect(response).to have_gitlab_http_status(302)
+      params.each do |param, value|
+        expect(project.public_send(param)).to eq(value)
       end
     end
 
@@ -316,7 +345,7 @@ describe ProjectsController do
       project.reload
 
       expect(project.namespace).to eq(new_namespace)
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
 
     context 'when new namespace is empty' do
@@ -335,7 +364,7 @@ describe ProjectsController do
         project.reload
 
         expect(project.namespace).to eq(old_namespace)
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(flash[:alert]).to eq 'Please select a new namespace for your project.'
       end
     end
@@ -352,16 +381,16 @@ describe ProjectsController do
       delete :destroy, namespace_id: project.namespace, id: project
 
       expect { Project.find(orig_id) }.to raise_error(ActiveRecord::RecordNotFound)
-      expect(response).to have_http_status(302)
+      expect(response).to have_gitlab_http_status(302)
       expect(response).to redirect_to(dashboard_projects_path)
     end
 
     context "when the project is forked" do
       let(:project)      { create(:project, :repository) }
-      let(:fork_project) { create(:project, :repository, forked_from_project: project) }
+      let(:forked_project) { fork_project(project, nil, repository: true) }
       let(:merge_request) do
         create(:merge_request,
-          source_project: fork_project,
+          source_project: forked_project,
           target_project: project)
       end
 
@@ -369,7 +398,7 @@ describe ProjectsController do
         project.merge_requests << merge_request
         sign_in(admin)
 
-        delete :destroy, namespace_id: fork_project.namespace, id: fork_project
+        delete :destroy, namespace_id: forked_project.namespace, id: forked_project
 
         expect(merge_request.reload.state).to eq('closed')
       end
@@ -391,7 +420,7 @@ describe ProjectsController do
     end
 
     it 'has http status 200' do
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
 
     it 'changes the user incoming email token' do
@@ -436,18 +465,14 @@ describe ProjectsController do
       end
 
       context 'with forked project' do
-        let(:project_fork) { create(:project, :repository, namespace: user.namespace) }
-
-        before do
-          create(:forked_project_link, forked_to_project: project_fork)
-        end
+        let(:forked_project) { fork_project(create(:project, :public), user) }
 
         it 'removes fork from project' do
           delete(:remove_fork,
-              namespace_id: project_fork.namespace.to_param,
-              id: project_fork.to_param, format: :js)
+              namespace_id: forked_project.namespace.to_param,
+              id: forked_project.to_param, format: :js)
 
-          expect(project_fork.forked?).to be_falsey
+          expect(forked_project.reload.forked?).to be_falsey
           expect(flash[:notice]).to eq('The fork relationship has been removed.')
           expect(response).to render_template(:remove_fork)
         end
@@ -471,7 +496,7 @@ describe ProjectsController do
       delete(:remove_fork,
           namespace_id: project.namespace,
           id: project, format: :js)
-      expect(response).to have_http_status(401)
+      expect(response).to have_gitlab_http_status(401)
     end
   end
 
@@ -519,7 +544,7 @@ describe ProjectsController do
             get :show, namespace_id: public_project.namespace, id: public_project
 
             expect(assigns(:project)).to eq(public_project)
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
         end
 
@@ -558,13 +583,13 @@ describe ProjectsController do
         it 'does not 404' do
           post :toggle_star, namespace_id: public_project.namespace, id: public_project.path.upcase
 
-          expect(response).not_to have_http_status(404)
+          expect(response).not_to have_gitlab_http_status(404)
         end
 
         it 'does not redirect to the correct casing' do
           post :toggle_star, namespace_id: public_project.namespace, id: public_project.path.upcase
 
-          expect(response).not_to have_http_status(301)
+          expect(response).not_to have_gitlab_http_status(301)
         end
       end
 
@@ -574,7 +599,7 @@ describe ProjectsController do
         it 'returns not found' do
           post :toggle_star, namespace_id: 'foo', id: 'bar'
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
@@ -588,13 +613,13 @@ describe ProjectsController do
         it 'does not 404' do
           delete :destroy, namespace_id: project.namespace, id: project.path.upcase
 
-          expect(response).not_to have_http_status(404)
+          expect(response).not_to have_gitlab_http_status(404)
         end
 
         it 'does not redirect to the correct casing' do
           delete :destroy, namespace_id: project.namespace, id: project.path.upcase
 
-          expect(response).not_to have_http_status(301)
+          expect(response).not_to have_gitlab_http_status(301)
         end
       end
 
@@ -604,7 +629,7 @@ describe ProjectsController do
         it 'returns not found' do
           delete :destroy, namespace_id: 'foo', id: 'bar'
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
@@ -621,7 +646,7 @@ describe ProjectsController do
       it 'returns 302' do
         get :export, namespace_id: project.namespace, id: project
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
       end
     end
 
@@ -633,7 +658,7 @@ describe ProjectsController do
       it 'returns 404' do
         get :export, namespace_id: project.namespace, id: project
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
@@ -649,7 +674,7 @@ describe ProjectsController do
       it 'returns 302' do
         get :download_export, namespace_id: project.namespace, id: project
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
       end
     end
 
@@ -661,7 +686,7 @@ describe ProjectsController do
       it 'returns 404' do
         get :download_export, namespace_id: project.namespace, id: project
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
@@ -677,7 +702,7 @@ describe ProjectsController do
       it 'returns 302' do
         post :remove_export, namespace_id: project.namespace, id: project
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
       end
     end
 
@@ -689,7 +714,7 @@ describe ProjectsController do
       it 'returns 404' do
         post :remove_export, namespace_id: project.namespace, id: project
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
@@ -705,7 +730,7 @@ describe ProjectsController do
       it 'returns 302' do
         post :generate_new_export, namespace_id: project.namespace, id: project
 
-        expect(response).to have_http_status(302)
+        expect(response).to have_gitlab_http_status(302)
       end
     end
 
@@ -717,7 +742,7 @@ describe ProjectsController do
       it 'returns 404' do
         post :generate_new_export, namespace_id: project.namespace, id: project
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
   end
diff --git a/spec/controllers/registrations_controller_spec.rb b/spec/controllers/registrations_controller_spec.rb
index 5a4ab39ab86..1d3ddfbd220 100644
--- a/spec/controllers/registrations_controller_spec.rb
+++ b/spec/controllers/registrations_controller_spec.rb
@@ -76,12 +76,68 @@ describe RegistrationsController do
       sign_in(user)
     end
 
-    it 'schedules the user for destruction' do
-      expect(DeleteUserWorker).to receive(:perform_async).with(user.id, user.id, {})
+    def expect_failure(message)
+      expect(flash[:alert]).to eq(message)
+      expect(response.status).to eq(303)
+      expect(response).to redirect_to profile_account_path
+    end
+
+    def expect_password_failure
+      expect_failure('Invalid password')
+    end
+
+    def expect_username_failure
+      expect_failure('Invalid username')
+    end
+
+    def expect_success
+      expect(flash[:notice]).to eq 'Account scheduled for removal.'
+      expect(response.status).to eq(303)
+      expect(response).to redirect_to new_user_session_path
+    end
 
-      post(:destroy)
+    context 'user requires password confirmation' do
+      it 'fails if password confirmation is not provided' do
+        post :destroy
 
-      expect(response.status).to eq(302)
+        expect_password_failure
+      end
+
+      it 'fails if password confirmation is wrong' do
+        post :destroy, password: 'wrong password'
+
+        expect_password_failure
+      end
+
+      it 'succeeds if password is confirmed' do
+        post :destroy, password: '12345678'
+
+        expect_success
+      end
+    end
+
+    context 'user does not require password confirmation' do
+      before do
+        stub_application_setting(password_authentication_enabled: false)
+      end
+
+      it 'fails if username confirmation is not provided' do
+        post :destroy
+
+        expect_username_failure
+      end
+
+      it 'fails if username confirmation is wrong' do
+        post :destroy, username: 'wrong username'
+
+        expect_username_failure
+      end
+
+      it 'succeeds if username is confirmed' do
+        post :destroy, username: user.username
+
+        expect_success
+      end
     end
   end
 end
diff --git a/spec/controllers/sent_notifications_controller_spec.rb b/spec/controllers/sent_notifications_controller_spec.rb
index 31593ce7311..54a9af92f07 100644
--- a/spec/controllers/sent_notifications_controller_spec.rb
+++ b/spec/controllers/sent_notifications_controller_spec.rb
@@ -69,7 +69,7 @@ describe SentNotificationsController do
         end
 
         it 'returns a 404' do
-          expect(response).to have_http_status(:not_found)
+          expect(response).to have_gitlab_http_status(:not_found)
         end
       end
 
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index a22fd8eaf9b..55bd4352bd3 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -19,7 +19,7 @@ describe SessionsController do
         it 'redirects to :omniauth_authorize_path' do
           get(:new)
 
-          expect(response).to have_http_status(302)
+          expect(response).to have_gitlab_http_status(302)
           expect(response).to redirect_to('/saml')
         end
       end
@@ -28,7 +28,7 @@ describe SessionsController do
         it 'responds with 200' do
           get(:new, auto_sign_in: 'false')
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
     end
diff --git a/spec/controllers/snippets/notes_controller_spec.rb b/spec/controllers/snippets/notes_controller_spec.rb
index 225753333ee..e6148ea1734 100644
--- a/spec/controllers/snippets/notes_controller_spec.rb
+++ b/spec/controllers/snippets/notes_controller_spec.rb
@@ -20,7 +20,7 @@ describe Snippets::NotesController do
       end
 
       it "returns status 200" do
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it "returns not empty array of notes" do
@@ -37,7 +37,7 @@ describe Snippets::NotesController do
         it "returns status 404" do
           get :index, { snippet_id: internal_snippet }
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -49,7 +49,7 @@ describe Snippets::NotesController do
         it "returns status 200" do
           get :index, { snippet_id: internal_snippet }
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
     end
@@ -63,7 +63,7 @@ describe Snippets::NotesController do
         it "returns status 404" do
           get :index, { snippet_id: private_snippet }
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -75,7 +75,7 @@ describe Snippets::NotesController do
         it "returns status 404" do
           get :index, { snippet_id: private_snippet }
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -89,7 +89,7 @@ describe Snippets::NotesController do
         it "returns status 200" do
           get :index, { snippet_id: private_snippet }
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
 
         it "returns 1 note" do
@@ -134,7 +134,7 @@ describe Snippets::NotesController do
       it "returns status 200" do
         delete :destroy, request_params
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
 
       it "deletes the note" do
@@ -162,7 +162,7 @@ describe Snippets::NotesController do
       it "returns status 404" do
         delete :destroy, request_params
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
 
       it "does not update the note" do
@@ -182,7 +182,7 @@ describe Snippets::NotesController do
     it "toggles the award emoji" do
       expect { subject }.to change { note.award_emoji.count }.by(1)
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
 
     it "removes the already awarded emoji when it exists" do
@@ -190,7 +190,7 @@ describe Snippets::NotesController do
 
       expect { subject }.to change { AwardEmoji.count }.by(-1)
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
   end
 end
diff --git a/spec/controllers/snippets_controller_spec.rb b/spec/controllers/snippets_controller_spec.rb
index be273acb69b..9effe47ab05 100644
--- a/spec/controllers/snippets_controller_spec.rb
+++ b/spec/controllers/snippets_controller_spec.rb
@@ -40,7 +40,7 @@ describe SnippetsController do
       it 'responds with status 200' do
         get :new
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
       end
     end
 
@@ -69,7 +69,7 @@ describe SnippetsController do
           it 'responds with status 404' do
             get :show, id: other_personal_snippet.to_param
 
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
         end
 
@@ -78,7 +78,7 @@ describe SnippetsController do
             get :show, id: personal_snippet.to_param
 
             expect(assigns(:snippet)).to eq(personal_snippet)
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
         end
       end
@@ -104,7 +104,7 @@ describe SnippetsController do
           get :show, id: personal_snippet.to_param
 
           expect(assigns(:snippet)).to eq(personal_snippet)
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
 
@@ -129,7 +129,7 @@ describe SnippetsController do
           get :show, id: personal_snippet.to_param
 
           expect(assigns(:snippet)).to eq(personal_snippet)
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
 
@@ -138,7 +138,7 @@ describe SnippetsController do
           get :show, id: personal_snippet.to_param
 
           expect(assigns(:snippet)).to eq(personal_snippet)
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
     end
@@ -152,7 +152,7 @@ describe SnippetsController do
         it 'responds with status 404' do
           get :show, id: 'doesntexist'
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
@@ -432,7 +432,7 @@ describe SnippetsController do
           it 'responds with status 404' do
             get :raw, id: other_personal_snippet.to_param
 
-            expect(response).to have_http_status(404)
+            expect(response).to have_gitlab_http_status(404)
           end
         end
 
@@ -443,7 +443,7 @@ describe SnippetsController do
 
           it 'responds with status 200' do
             expect(assigns(:snippet)).to eq(personal_snippet)
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
 
           it 'has expected headers' do
@@ -475,7 +475,7 @@ describe SnippetsController do
           get :raw, id: personal_snippet.to_param
 
           expect(assigns(:snippet)).to eq(personal_snippet)
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
 
@@ -500,7 +500,7 @@ describe SnippetsController do
           get :raw, id: personal_snippet.to_param
 
           expect(assigns(:snippet)).to eq(personal_snippet)
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
 
         context 'CRLF line ending' do
@@ -527,7 +527,7 @@ describe SnippetsController do
           get :raw, id: personal_snippet.to_param
 
           expect(assigns(:snippet)).to eq(personal_snippet)
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
       end
     end
@@ -541,7 +541,7 @@ describe SnippetsController do
         it 'responds with status 404' do
           get :raw, id: 'doesntexist'
 
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
 
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index b29f3d861be..7e42e43345c 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -18,7 +18,7 @@ describe UploadsController do
       it "returns 401 when the user is not logged in" do
         post :create, model: model, id: snippet.id, format: :json
 
-        expect(response).to have_http_status(401)
+        expect(response).to have_gitlab_http_status(401)
       end
 
       it "returns 404 when user can't comment on a snippet" do
@@ -27,7 +27,7 @@ describe UploadsController do
         sign_in(user)
         post :create, model: model, id: private_snippet.id, format: :json
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
     end
 
@@ -39,7 +39,7 @@ describe UploadsController do
       it "returns an error without file" do
         post :create, model: model, id: snippet.id, format: :json
 
-        expect(response).to have_http_status(422)
+        expect(response).to have_gitlab_http_status(422)
       end
 
       it "returns an error with invalid model" do
@@ -50,7 +50,7 @@ describe UploadsController do
       it "returns 404 status when object not found" do
         post :create, model: model, id: 9999, format: :json
 
-        expect(response).to have_http_status(404)
+        expect(response).to have_gitlab_http_status(404)
       end
 
       context 'with valid image' do
@@ -174,7 +174,7 @@ describe UploadsController do
           it "responds with status 200" do
             get :show, model: "user", mounted_as: "avatar", id: user.id, filename: "image.png"
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
 
           it_behaves_like 'content not cached without revalidation' do
@@ -190,7 +190,7 @@ describe UploadsController do
         it "responds with status 200" do
           get :show, model: "user", mounted_as: "avatar", id: user.id, filename: "image.png"
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
         end
 
         it_behaves_like 'content not cached without revalidation' do
@@ -214,7 +214,7 @@ describe UploadsController do
           it "responds with status 200" do
             get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
 
           it_behaves_like 'content not cached without revalidation' do
@@ -233,7 +233,7 @@ describe UploadsController do
           it "responds with status 200" do
             get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
 
           it_behaves_like 'content not cached without revalidation' do
@@ -285,7 +285,7 @@ describe UploadsController do
               it "responds with status 200" do
                 get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
 
-                expect(response).to have_http_status(200)
+                expect(response).to have_gitlab_http_status(200)
               end
 
               it_behaves_like 'content not cached without revalidation' do
@@ -301,7 +301,7 @@ describe UploadsController do
             it "responds with status 404" do
               get :show, model: "project", mounted_as: "avatar", id: project.id, filename: "image.png"
 
-              expect(response).to have_http_status(404)
+              expect(response).to have_gitlab_http_status(404)
             end
           end
         end
@@ -316,7 +316,7 @@ describe UploadsController do
           it "responds with status 200" do
             get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
 
           it_behaves_like 'content not cached without revalidation' do
@@ -335,7 +335,7 @@ describe UploadsController do
           it "responds with status 200" do
             get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
 
           it_behaves_like 'content not cached without revalidation' do
@@ -378,7 +378,7 @@ describe UploadsController do
               it "responds with status 200" do
                 get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
 
-                expect(response).to have_http_status(200)
+                expect(response).to have_gitlab_http_status(200)
               end
 
               it_behaves_like 'content not cached without revalidation' do
@@ -394,7 +394,7 @@ describe UploadsController do
             it "responds with status 404" do
               get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
 
-              expect(response).to have_http_status(404)
+              expect(response).to have_gitlab_http_status(404)
             end
           end
         end
@@ -414,7 +414,7 @@ describe UploadsController do
           it "responds with status 200" do
             get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
 
           it_behaves_like 'content not cached without revalidation' do
@@ -433,7 +433,7 @@ describe UploadsController do
           it "responds with status 200" do
             get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
 
           it_behaves_like 'content not cached without revalidation' do
@@ -485,7 +485,7 @@ describe UploadsController do
               it "responds with status 200" do
                 get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
 
-                expect(response).to have_http_status(200)
+                expect(response).to have_gitlab_http_status(200)
               end
 
               it_behaves_like 'content not cached without revalidation' do
@@ -501,7 +501,7 @@ describe UploadsController do
             it "responds with status 404" do
               get :show, model: "note", mounted_as: "attachment", id: note.id, filename: "image.png"
 
-              expect(response).to have_http_status(404)
+              expect(response).to have_gitlab_http_status(404)
             end
           end
         end
@@ -516,7 +516,7 @@ describe UploadsController do
           it 'responds with status 200' do
             get :show, model: 'appearance', mounted_as: 'header_logo', id: appearance.id, filename: 'dk.png'
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
 
           it_behaves_like 'content not cached without revalidation' do
@@ -535,7 +535,7 @@ describe UploadsController do
           it 'responds with status 200' do
             get :show, model: 'appearance', mounted_as: 'logo', id: appearance.id, filename: 'dk.png'
 
-            expect(response).to have_http_status(200)
+            expect(response).to have_gitlab_http_status(200)
           end
 
           it_behaves_like 'content not cached without revalidation' do
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 2cecd2646fc..01ab59aa363 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -24,7 +24,7 @@ describe UsersController do
         it 'renders the show template' do
           get :show, username: user.username
 
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
           expect(response).to render_template('show')
         end
       end
@@ -49,7 +49,7 @@ describe UsersController do
 
         it 'renders show' do
           get :show, username: user.username
-          expect(response).to have_http_status(200)
+          expect(response).to have_gitlab_http_status(200)
           expect(response).to render_template('show')
         end
       end
@@ -70,7 +70,7 @@ describe UsersController do
 
         it 'renders 404' do
           get :show, username: 'nonexistent'
-          expect(response).to have_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
         end
       end
     end
@@ -82,7 +82,7 @@ describe UsersController do
 
       get :calendar, username: user.username, format: :json
 
-      expect(response).to have_http_status(200)
+      expect(response).to have_gitlab_http_status(200)
     end
 
     context 'forked project' do
@@ -139,7 +139,7 @@ describe UsersController do
     context 'format html' do
       it 'renders snippets page' do
         get :snippets, username: user.username
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(response).to render_template('show')
       end
     end
@@ -147,7 +147,7 @@ describe UsersController do
     context 'format json' do
       it 'response with snippets json data' do
         get :snippets, username: user.username, format: :json
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(JSON.parse(response.body)).to have_key('html')
       end
     end