Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc42

3 files changed, 97 insertions, 19 deletions

diff --git a/spec/features/users/active_sessions_spec.rb b/spec/features/users/active_sessions_spec.rb
index 8e2e16e555e..fab9f0884ae 100644
--- a/spec/features/users/active_sessions_spec.rb
+++ b/spec/features/users/active_sessions_spec.rb
@@ -3,7 +3,7 @@
 require 'spec_helper'
 
 RSpec.describe 'Active user sessions', :clean_gitlab_redis_shared_state do
-  it 'Successful login adds a new active user login' do
+  it 'successful login adds a new active user login' do
     now = Time.zone.parse('2018-03-12 09:06')
     Timecop.freeze(now) do
       user = create(:user)
@@ -26,7 +26,7 @@ RSpec.describe 'Active user sessions', :clean_gitlab_redis_shared_state do
     end
   end
 
-  it 'Successful login cleans up obsolete entries' do
+  it 'successful login cleans up obsolete entries' do
     user = create(:user)
 
     Gitlab::Redis::SharedState.with do |redis|
@@ -40,7 +40,7 @@ RSpec.describe 'Active user sessions', :clean_gitlab_redis_shared_state do
     end
   end
 
-  it 'Sessionless login does not clean up obsolete entries' do
+  it 'sessionless login does not clean up obsolete entries' do
     user = create(:user)
     personal_access_token = create(:personal_access_token, user: user)
 
@@ -56,7 +56,7 @@ RSpec.describe 'Active user sessions', :clean_gitlab_redis_shared_state do
     end
   end
 
-  it 'Logout deletes the active user login' do
+  it 'logout deletes the active user login' do
     user = create(:user)
     gitlab_sign_in(user)
     expect(current_path).to eq root_path
diff --git a/spec/features/users/login_spec.rb b/spec/features/users/login_spec.rb
index 0761c1871d3..e4a8d836413 100644
--- a/spec/features/users/login_spec.rb
+++ b/spec/features/users/login_spec.rb
@@ -742,28 +742,65 @@ RSpec.describe 'Login' do
       end
 
       context 'when the user did not enable 2FA' do
-        it 'asks to set 2FA before asking to accept the terms' do
-          expect(authentication_metrics)
-            .to increment(:user_authenticated_counter)
+        context 'when `vue_2fa_recovery_codes` feature flag is disabled' do
+          before do
+            stub_feature_flags(vue_2fa_recovery_codes: false)
+          end
 
-          visit new_user_session_path
+          it 'asks to set 2FA before asking to accept the terms' do
+            expect(authentication_metrics)
+              .to increment(:user_authenticated_counter)
 
-          fill_in 'user_login', with: user.email
-          fill_in 'user_password', with: '12345678'
+            visit new_user_session_path
 
-          click_button 'Sign in'
+            fill_in 'user_login', with: user.email
+            fill_in 'user_password', with: '12345678'
 
-          expect_to_be_on_terms_page
-          click_button 'Accept terms'
+            click_button 'Sign in'
+
+            expect_to_be_on_terms_page
+            click_button 'Accept terms'
+
+            expect(current_path).to eq(profile_two_factor_auth_path)
+
+            fill_in 'pin_code', with: user.reload.current_otp
 
-          expect(current_path).to eq(profile_two_factor_auth_path)
+            click_button 'Register with two-factor app'
 
-          fill_in 'pin_code', with: user.reload.current_otp
+            expect(page).to have_content('Congratulations! You have enabled Two-factor Authentication!')
 
-          click_button 'Register with two-factor app'
-          click_link 'Proceed'
+            click_link 'Proceed'
 
-          expect(current_path).to eq(profile_account_path)
+            expect(current_path).to eq(profile_account_path)
+          end
+        end
+
+        context 'when `vue_2fa_recovery_codes` feature flag is enabled' do
+          it 'asks to set 2FA before asking to accept the terms', :js do
+            expect(authentication_metrics)
+              .to increment(:user_authenticated_counter)
+
+            visit new_user_session_path
+
+            fill_in 'user_login', with: user.email
+            fill_in 'user_password', with: '12345678'
+
+            click_button 'Sign in'
+
+            expect_to_be_on_terms_page
+            click_button 'Accept terms'
+
+            expect(current_path).to eq(profile_two_factor_auth_path)
+
+            fill_in 'pin_code', with: user.reload.current_otp
+
+            click_button 'Register with two-factor app'
+            click_button 'Copy codes'
+            click_link 'Proceed'
+
+            expect(current_path).to eq(profile_account_path)
+            expect(page).to have_content('Congratulations! You have enabled Two-factor Authentication!')
+          end
         end
       end
 
diff --git a/spec/features/users/show_spec.rb b/spec/features/users/show_spec.rb
index aebe2cc602d..6aeb3023db8 100644
--- a/spec/features/users/show_spec.rb
+++ b/spec/features/users/show_spec.rb
@@ -7,7 +7,7 @@ RSpec.describe 'User page' do
 
   let_it_be(:user) { create(:user, bio: '**Lorem** _ipsum_ dolor sit [amet](https://example.com)') }
 
-  subject { visit(user_path(user)) }
+  subject(:visit_profile) { visit(user_path(user)) }
 
   context 'with public profile' do
     it 'shows all the tabs' do
@@ -123,6 +123,47 @@ RSpec.describe 'User page' do
     end
   end
 
+  context 'with unconfirmed user' do
+    let_it_be(:user) { create(:user, :unconfirmed) }
+
+    shared_examples 'unconfirmed user profile' do
+      before do
+        visit_profile
+      end
+
+      it 'shows user name as unconfirmed' do
+        expect(page).to have_css(".cover-title", text: 'Unconfirmed user')
+      end
+
+      it 'shows no tab' do
+        expect(page).to have_css("div.profile-header")
+        expect(page).not_to have_css("ul.nav-links")
+      end
+
+      it 'shows no additional fields' do
+        expect(page).not_to have_css(".profile-user-bio")
+        expect(page).not_to have_css(".profile-link-holder")
+      end
+
+      it 'shows private profile message' do
+        expect(page).to have_content("This user has a private profile")
+      end
+    end
+
+    context 'when visited by an authenticated user' do
+      before do
+        authenticated_user = create(:user)
+        sign_in(authenticated_user)
+      end
+
+      it_behaves_like 'unconfirmed user profile'
+    end
+
+    context 'when visited by an unauthenticated user' do
+      it_behaves_like 'unconfirmed user profile'
+    end
+  end
+
   it 'shows the status if there was one' do
     create(:user_status, user: user, message: "Working hard!")