Merge remote-tracking branch 'upstream/master' into 24196-protected-variables

* upstream/master: (89 commits)
  Revert "Merge branch 'grpc-1.3.4' into 'master'"
  Return nil when looking up config for unknown LDAP provider
  Avoid crash when trying to parse string with invalid UTF-8 sequence
  Enable Gitaly by default in GitLab 9.3
  Don’t create comment on JIRA if link already exists
  Disable sub_group_issuables_spec.rb for mysql
  Fix math rendering on blob pages
  Add changelog
  Don't allow to pass a user to ProjectWiki#http_url_to_repo
  Revert "Merge branch '1937-https-clone-url-username' into 'master'
"
  Fix bottom padding for build page
  Fix /unsubscribe slash command creating extra todos
  Fix omniauth-google-oauth2 dependencies in Gemfile.lock
  Update looks job log
  'New issue'/'New merge request' dropdowns should show only projects with issues/merge requests feature enabled
  Fix spec for Members::AuthorizedDestroyService
  31616-add-uptime-of-gitlab-instance-in-admin-area
  Set head pipeline when creating merge requests
  Create a separate helper to check if we show particular tab on a search page
  Add performance deltas between app deployments on Merge Request widget
  ...

9 files changed, 228 insertions, 16 deletions

diff --git a/spec/lib/gitlab/cache/ci/project_pipeline_status_spec.rb b/spec/lib/gitlab/cache/ci/project_pipeline_status_spec.rb
index b386852b196..cfb5cba054e 100644
--- a/spec/lib/gitlab/cache/ci/project_pipeline_status_spec.rb
+++ b/spec/lib/gitlab/cache/ci/project_pipeline_status_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Gitlab::Cache::Ci::ProjectPipelineStatus, :redis do
-  let(:project) { create(:project) }
+  let!(:project) { create(:project) }
   let(:pipeline_status) { described_class.new(project) }
   let(:cache_key) { "projects/#{project.id}/pipeline_status" }
 
@@ -18,7 +18,7 @@ describe Gitlab::Cache::Ci::ProjectPipelineStatus, :redis do
     let(:sha) { '424d1b73bc0d3cb726eb7dc4ce17a4d48552f8c6' }
     let(:ref) { 'master' }
     let(:pipeline_info) { { sha: sha, status: status, ref: ref } }
-    let(:project_without_status) { create(:project) }
+    let!(:project_without_status) { create(:project) }
 
     describe '.load_in_batch_for_projects' do
       it 'preloads pipeline_status on projects' do
diff --git a/spec/lib/gitlab/git/encoding_helper_spec.rb b/spec/lib/gitlab/git/encoding_helper_spec.rb
index 1a3bf802a07..48fc817d857 100644
--- a/spec/lib/gitlab/git/encoding_helper_spec.rb
+++ b/spec/lib/gitlab/git/encoding_helper_spec.rb
@@ -2,7 +2,7 @@ require "spec_helper"
 
 describe Gitlab::Git::EncodingHelper do
   let(:ext_class) { Class.new { extend Gitlab::Git::EncodingHelper } }
-  let(:binary_string) { File.join(SEED_STORAGE_PATH, 'gitlab_logo.png') }
+  let(:binary_string) { File.read(Rails.root + "spec/fixtures/dk.png") }
 
   describe '#encode!' do
     [
diff --git a/spec/lib/gitlab/group_hierarchy_spec.rb b/spec/lib/gitlab/group_hierarchy_spec.rb
new file mode 100644
index 00000000000..5d0ed1522b3
--- /dev/null
+++ b/spec/lib/gitlab/group_hierarchy_spec.rb
@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+describe Gitlab::GroupHierarchy, :postgresql do
+  let!(:parent) { create(:group) }
+  let!(:child1) { create(:group, parent: parent) }
+  let!(:child2) { create(:group, parent: child1) }
+
+  describe '#base_and_ancestors' do
+    let(:relation) do
+      described_class.new(Group.where(id: child2.id)).base_and_ancestors
+    end
+
+    it 'includes the base rows' do
+      expect(relation).to include(child2)
+    end
+
+    it 'includes all of the ancestors' do
+      expect(relation).to include(parent, child1)
+    end
+  end
+
+  describe '#base_and_descendants' do
+    let(:relation) do
+      described_class.new(Group.where(id: parent.id)).base_and_descendants
+    end
+
+    it 'includes the base rows' do
+      expect(relation).to include(parent)
+    end
+
+    it 'includes all the descendants' do
+      expect(relation).to include(child1, child2)
+    end
+  end
+
+  describe '#all_groups' do
+    let(:relation) do
+      described_class.new(Group.where(id: child1.id)).all_groups
+    end
+
+    it 'includes the base rows' do
+      expect(relation).to include(child1)
+    end
+
+    it 'includes the ancestors' do
+      expect(relation).to include(parent)
+    end
+
+    it 'includes the descendants' do
+      expect(relation).to include(child2)
+    end
+  end
+end
diff --git a/spec/lib/gitlab/import_export/members_mapper_spec.rb b/spec/lib/gitlab/import_export/members_mapper_spec.rb
index b9d4e59e770..3e0291c9ae9 100644
--- a/spec/lib/gitlab/import_export/members_mapper_spec.rb
+++ b/spec/lib/gitlab/import_export/members_mapper_spec.rb
@@ -2,9 +2,9 @@ require 'spec_helper'
 
 describe Gitlab::ImportExport::MembersMapper, services: true do
   describe 'map members' do
-    let(:user) { create(:admin, authorized_projects_populated: true) }
+    let(:user) { create(:admin) }
     let(:project) { create(:empty_project, :public, name: 'searchable_project') }
-    let(:user2) { create(:user, authorized_projects_populated: true) }
+    let(:user2) { create(:user) }
     let(:exported_user_id) { 99 }
     let(:exported_members) do
       [{
@@ -74,7 +74,7 @@ describe Gitlab::ImportExport::MembersMapper, services: true do
     end
 
     context 'user is not an admin' do
-      let(:user) { create(:user, authorized_projects_populated: true) }
+      let(:user) { create(:user) }
 
       it 'does not map a project member' do
         expect(members_mapper.map[exported_user_id]).to eq(user.id)
@@ -94,7 +94,7 @@ describe Gitlab::ImportExport::MembersMapper, services: true do
     end
 
     context 'importer same as group member' do
-      let(:user2) { create(:admin, authorized_projects_populated: true) }
+      let(:user2) { create(:admin) }
       let(:group) { create(:group) }
       let(:project) { create(:empty_project, :public, name: 'searchable_project', namespace: group) }
       let(:members_mapper) do
diff --git a/spec/lib/gitlab/o_auth/provider_spec.rb b/spec/lib/gitlab/o_auth/provider_spec.rb
new file mode 100644
index 00000000000..1e2a1f8c039
--- /dev/null
+++ b/spec/lib/gitlab/o_auth/provider_spec.rb
@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+describe Gitlab::OAuth::Provider, lib: true do
+  describe '#config_for' do
+    context 'for an LDAP provider' do
+      context 'when the provider exists' do
+        it 'returns the config' do
+          expect(described_class.config_for('ldapmain')).to be_a(Hash)
+        end
+      end
+
+      context 'when the provider does not exist' do
+        it 'returns nil' do
+          expect(described_class.config_for('ldapfoo')).to be_nil
+        end
+      end
+    end
+
+    context 'for an OmniAuth provider' do
+      before do
+        provider = OpenStruct.new(
+          name: 'google',
+          app_id: 'asd123',
+          app_secret: 'asd123'
+        )
+        allow(Gitlab.config.omniauth).to receive(:providers).and_return([provider])
+      end
+
+      context 'when the provider exists' do
+        it 'returns the config' do
+          expect(described_class.config_for('google')).to be_a(OpenStruct)
+        end
+      end
+
+      context 'when the provider does not exist' do
+        it 'returns nil' do
+          expect(described_class.config_for('foo')).to be_nil
+        end
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/project_authorizations_spec.rb b/spec/lib/gitlab/project_authorizations_spec.rb
new file mode 100644
index 00000000000..67321f43710
--- /dev/null
+++ b/spec/lib/gitlab/project_authorizations_spec.rb
@@ -0,0 +1,73 @@
+require 'spec_helper'
+
+describe Gitlab::ProjectAuthorizations do
+  let(:group) { create(:group) }
+  let!(:owned_project) { create(:empty_project) }
+  let!(:other_project) { create(:empty_project) }
+  let!(:group_project) { create(:empty_project, namespace: group) }
+
+  let(:user) { owned_project.namespace.owner }
+
+  def map_access_levels(rows)
+    rows.each_with_object({}) do |row, hash|
+      hash[row.project_id] = row.access_level
+    end
+  end
+
+  before do
+    other_project.team << [user, :reporter]
+    group.add_developer(user)
+  end
+
+  let(:authorizations) do
+    klass = if Group.supports_nested_groups?
+              Gitlab::ProjectAuthorizations::WithNestedGroups
+            else
+              Gitlab::ProjectAuthorizations::WithoutNestedGroups
+            end
+
+    klass.new(user).calculate
+  end
+
+  it 'returns the correct number of authorizations' do
+    expect(authorizations.length).to eq(3)
+  end
+
+  it 'includes the correct projects' do
+    expect(authorizations.pluck(:project_id)).
+      to include(owned_project.id, other_project.id, group_project.id)
+  end
+
+  it 'includes the correct access levels' do
+    mapping = map_access_levels(authorizations)
+
+    expect(mapping[owned_project.id]).to eq(Gitlab::Access::MASTER)
+    expect(mapping[other_project.id]).to eq(Gitlab::Access::REPORTER)
+    expect(mapping[group_project.id]).to eq(Gitlab::Access::DEVELOPER)
+  end
+
+  if Group.supports_nested_groups?
+    context 'with nested groups' do
+      let!(:nested_group) { create(:group, parent: group) }
+      let!(:nested_project) { create(:empty_project, namespace: nested_group) }
+
+      it 'includes nested groups' do
+        expect(authorizations.pluck(:project_id)).to include(nested_project.id)
+      end
+
+      it 'inherits access levels when the user is not a member of a nested group' do
+        mapping = map_access_levels(authorizations)
+
+        expect(mapping[nested_project.id]).to eq(Gitlab::Access::DEVELOPER)
+      end
+
+      it 'uses the greatest access level when a user is a member of a nested group' do
+        nested_group.add_master(user)
+
+        mapping = map_access_levels(authorizations)
+
+        expect(mapping[nested_project.id]).to eq(Gitlab::Access::MASTER)
+      end
+    end
+  end
+end
diff --git a/spec/lib/gitlab/project_search_results_spec.rb b/spec/lib/gitlab/project_search_results_spec.rb
index 1b8690ba613..3d22784909d 100644
--- a/spec/lib/gitlab/project_search_results_spec.rb
+++ b/spec/lib/gitlab/project_search_results_spec.rb
@@ -123,8 +123,8 @@ describe Gitlab::ProjectSearchResults, lib: true do
     context 'when wiki is internal' do
       let(:project) { create(:project, :public, :wiki_private) }
 
-      it 'finds wiki blobs for members' do
-        project.add_reporter(user)
+      it 'finds wiki blobs for guest' do
+        project.add_guest(user)
 
         is_expected.not_to be_empty
       end
diff --git a/spec/lib/gitlab/sql/recursive_cte_spec.rb b/spec/lib/gitlab/sql/recursive_cte_spec.rb
new file mode 100644
index 00000000000..25146860615
--- /dev/null
+++ b/spec/lib/gitlab/sql/recursive_cte_spec.rb
@@ -0,0 +1,49 @@
+require 'spec_helper'
+
+describe Gitlab::SQL::RecursiveCTE, :postgresql do
+  let(:cte) { described_class.new(:cte_name) }
+
+  describe '#to_arel' do
+    it 'generates an Arel relation for the CTE body' do
+      rel1 = User.where(id: 1)
+      rel2 = User.where(id: 2)
+
+      cte << rel1
+      cte << rel2
+
+      sql = cte.to_arel.to_sql
+      name = ActiveRecord::Base.connection.quote_table_name(:cte_name)
+
+      sql1, sql2 = ActiveRecord::Base.connection.unprepared_statement do
+        [rel1.except(:order).to_sql, rel2.except(:order).to_sql]
+      end
+
+      expect(sql).to eq("#{name} AS (#{sql1}\nUNION\n#{sql2})")
+    end
+  end
+
+  describe '#alias_to' do
+    it 'returns an alias for the CTE' do
+      table = Arel::Table.new(:kittens)
+
+      source_name = ActiveRecord::Base.connection.quote_table_name(:cte_name)
+      alias_name = ActiveRecord::Base.connection.quote_table_name(:kittens)
+
+      expect(cte.alias_to(table).to_sql).to eq("#{source_name} AS #{alias_name}")
+    end
+  end
+
+  describe '#apply_to' do
+    it 'applies a CTE to an ActiveRecord::Relation' do
+      user = create(:user)
+      cte = described_class.new(:cte_name)
+
+      cte << User.where(id: user.id)
+
+      relation = cte.apply_to(User.all)
+
+      expect(relation.to_sql).to match(/WITH RECURSIVE.+cte_name/)
+      expect(relation.to_a).to eq(User.where(id: user.id).to_a)
+    end
+  end
+end
diff --git a/spec/lib/gitlab/url_sanitizer_spec.rb b/spec/lib/gitlab/url_sanitizer_spec.rb
index fc144a2556a..6bce724a3f6 100644
--- a/spec/lib/gitlab/url_sanitizer_spec.rb
+++ b/spec/lib/gitlab/url_sanitizer_spec.rb
@@ -62,11 +62,6 @@ describe Gitlab::UrlSanitizer, lib: true do
     end
   end
 
-  describe '.http_credentials_for_user' do
-    it { expect(described_class.http_credentials_for_user(user)).to eq({ user: 'john.doe' }) }
-    it { expect(described_class.http_credentials_for_user('foo')).to eq({}) }
-  end
-
   describe '#sanitized_url' do
     it { expect(url_sanitizer.sanitized_url).to eq("https://github.com/me/project.git") }
   end
@@ -76,7 +71,7 @@ describe Gitlab::UrlSanitizer, lib: true do
 
     context 'when user is given to #initialize' do
       let(:url_sanitizer) do
-        described_class.new("https://github.com/me/project.git", credentials: described_class.http_credentials_for_user(user))
+        described_class.new("https://github.com/me/project.git", credentials: { user: user.username })
       end
 
       it { expect(url_sanitizer.credentials).to eq({ user: 'john.doe' }) }
@@ -94,7 +89,7 @@ describe Gitlab::UrlSanitizer, lib: true do
 
     context 'when user is given to #initialize' do
       let(:url_sanitizer) do
-        described_class.new("https://github.com/me/project.git", credentials: described_class.http_credentials_for_user(user))
+        described_class.new("https://github.com/me/project.git", credentials: { user: user.username })
       end
 
       it { expect(url_sanitizer.full_url).to eq("https://john.doe@github.com/me/project.git") }