Add latest changes from gitlab-org/gitlab@master

4 files changed, 188 insertions, 0 deletions

diff --git a/spec/lib/gitlab/auth/auth_finders_spec.rb b/spec/lib/gitlab/auth/auth_finders_spec.rb
index 82ff8e7f76c..bffaaef4ed4 100644
--- a/spec/lib/gitlab/auth/auth_finders_spec.rb
+++ b/spec/lib/gitlab/auth/auth_finders_spec.rb
@@ -446,6 +446,93 @@ describe Gitlab::Auth::AuthFinders do
     end
   end
 
+  describe '#find_user_from_job_token' do
+    let(:job) { create(:ci_build, user: user) }
+    let(:route_authentication_setting) { { job_token_allowed: true } }
+
+    subject { find_user_from_job_token }
+
+    context 'when the job token is in the headers' do
+      it 'returns the user if valid job token' do
+        env[described_class::JOB_TOKEN_HEADER] = job.token
+
+        is_expected.to eq(user)
+        expect(@current_authenticated_job).to eq(job)
+      end
+
+      it 'returns nil without job token' do
+        env[described_class::JOB_TOKEN_HEADER] = ''
+
+        is_expected.to be_nil
+      end
+
+      it 'returns exception if invalid job token' do
+        env[described_class::JOB_TOKEN_HEADER] = 'invalid token'
+
+        expect { subject }.to raise_error(Gitlab::Auth::UnauthorizedError)
+      end
+
+      context 'when route is not allowed to be authenticated' do
+        let(:route_authentication_setting) { { job_token_allowed: false } }
+
+        it 'sets current_user to nil' do
+          env[described_class::JOB_TOKEN_HEADER] = job.token
+
+          allow_any_instance_of(Gitlab::UserAccess).to receive(:allowed?).and_return(true)
+
+          is_expected.to be_nil
+        end
+      end
+    end
+
+    context 'when the job token is in the params' do
+      shared_examples 'job token params' do |token_key_name|
+        before do
+          set_param(token_key_name, token)
+        end
+
+        context 'with valid job token' do
+          let(:token) { job.token }
+
+          it 'returns the user' do
+            is_expected.to eq(user)
+            expect(@current_authenticated_job).to eq(job)
+          end
+        end
+
+        context 'with empty job token' do
+          let(:token) { '' }
+
+          it 'returns nil' do
+            is_expected.to be_nil
+          end
+        end
+
+        context 'with invalid job token' do
+          let(:token) { 'invalid token' }
+
+          it 'returns exception' do
+            expect { subject }.to raise_error(Gitlab::Auth::UnauthorizedError)
+          end
+        end
+
+        context 'when route is not allowed to be authenticated' do
+          let(:route_authentication_setting) { { job_token_allowed: false } }
+          let(:token) { job.token }
+
+          it 'sets current_user to nil' do
+            allow_any_instance_of(Gitlab::UserAccess).to receive(:allowed?).and_return(true)
+
+            is_expected.to be_nil
+          end
+        end
+      end
+
+      it_behaves_like 'job token params', described_class::JOB_TOKEN_PARAM
+      it_behaves_like 'job token params', described_class::RUNNER_JOB_TOKEN_PARAM
+    end
+  end
+
   describe '#find_runner_from_token' do
     let(:runner) { create(:ci_runner) }
 
diff --git a/spec/lib/gitlab/auth/request_authenticator_spec.rb b/spec/lib/gitlab/auth/request_authenticator_spec.rb
index 4dbcd0df302..87c96803c3a 100644
--- a/spec/lib/gitlab/auth/request_authenticator_spec.rb
+++ b/spec/lib/gitlab/auth/request_authenticator_spec.rb
@@ -42,6 +42,8 @@ describe Gitlab::Auth::RequestAuthenticator do
   describe '#find_sessionless_user' do
     let!(:access_token_user) { build(:user) }
     let!(:feed_token_user) { build(:user) }
+    let!(:static_object_token_user) { build(:user) }
+    let!(:job_token_user) { build(:user) }
 
     it 'returns access_token user first' do
       allow_any_instance_of(described_class).to receive(:find_user_from_web_access_token).and_return(access_token_user)
@@ -56,6 +58,22 @@ describe Gitlab::Auth::RequestAuthenticator do
       expect(subject.find_sessionless_user([:api])).to eq feed_token_user
     end
 
+    it 'returns static_object_token user if no feed_token user found' do
+      allow_any_instance_of(described_class)
+        .to receive(:find_user_from_static_object_token)
+        .and_return(static_object_token_user)
+
+      expect(subject.find_sessionless_user([:api])).to eq static_object_token_user
+    end
+
+    it 'returns job_token user if no static_object_token user found' do
+      allow_any_instance_of(described_class)
+        .to receive(:find_user_from_job_token)
+        .and_return(job_token_user)
+
+      expect(subject.find_sessionless_user([:api])).to eq job_token_user
+    end
+
     it 'returns nil if no user found' do
       expect(subject.find_sessionless_user([:api])).to be_blank
     end
@@ -67,6 +85,39 @@ describe Gitlab::Auth::RequestAuthenticator do
     end
   end
 
+  describe '#find_user_from_job_token' do
+    let!(:user) { build(:user) }
+    let!(:job) { build(:ci_build, user: user) }
+
+    before do
+      env[Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER] = 'token'
+    end
+
+    context 'with API requests' do
+      before do
+        env['SCRIPT_NAME'] = '/api/endpoint'
+      end
+
+      it 'tries to find the user' do
+        expect(::Ci::Build).to receive(:find_by_token).and_return(job)
+
+        expect(subject.find_sessionless_user([:api])).to eq user
+      end
+    end
+
+    context 'without API requests' do
+      before do
+        env['SCRIPT_NAME'] = '/web/endpoint'
+      end
+
+      it 'does not search for job users' do
+        expect(::Ci::Build).not_to receive(:find_by_token)
+
+        expect(subject.find_sessionless_user([:api])).to be_nil
+      end
+    end
+  end
+
   describe '#runner' do
     let!(:runner) { build(:ci_runner) }
 
diff --git a/spec/lib/gitlab/metrics/prometheus_spec.rb b/spec/lib/gitlab/metrics/prometheus_spec.rb
index b37624982e2..d4aa96a5b20 100644
--- a/spec/lib/gitlab/metrics/prometheus_spec.rb
+++ b/spec/lib/gitlab/metrics/prometheus_spec.rb
@@ -17,4 +17,21 @@ describe Gitlab::Metrics::Prometheus, :prometheus do
       expect(all_metrics.registry.metrics.count).to eq(0)
     end
   end
+
+  describe '#error_detected!' do
+    before do
+      allow(all_metrics).to receive(:metrics_folder_present?).and_return(true)
+      stub_application_setting(prometheus_metrics_enabled: true)
+    end
+
+    it 'disables Prometheus metrics' do
+      expect(all_metrics.error?).to be_falsey
+      expect(all_metrics.prometheus_metrics_enabled?).to be_truthy
+
+      all_metrics.error_detected!
+
+      expect(all_metrics.prometheus_metrics_enabled?).to be_falsey
+      expect(all_metrics.error?).to be_truthy
+    end
+  end
 end
diff --git a/spec/lib/gitlab/patch/action_dispatch_journey_formatter_spec.rb b/spec/lib/gitlab/patch/action_dispatch_journey_formatter_spec.rb
new file mode 100644
index 00000000000..5f0e1f40231
--- /dev/null
+++ b/spec/lib/gitlab/patch/action_dispatch_journey_formatter_spec.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Gitlab::Patch::ActionDispatchJourneyFormatter do
+  let(:group) { create(:group) }
+  let(:project) { create(:project, namespace: group) }
+  let(:pipeline) { create(:ci_empty_pipeline, project: project) }
+  let(:url) { Gitlab::Routing.url_helpers.project_pipeline_url(project, pipeline) }
+  let(:expected_path) { "#{project.full_path}/pipelines/#{pipeline.id}" }
+
+  context 'custom implementation of #missing_keys' do
+    before do
+      expect_any_instance_of(Gitlab::Patch::ActionDispatchJourneyFormatter).to receive(:missing_keys)
+    end
+
+    it 'generates correct url' do
+      expect(url).to end_with(expected_path)
+    end
+  end
+
+  context 'original implementation of #missing_keys' do
+    before do
+      allow_any_instance_of(Gitlab::Patch::ActionDispatchJourneyFormatter).to receive(:missing_keys) do |instance, route, parts|
+        instance.send(:old_missing_keys, route, parts) # test the old implementation
+      end
+    end
+
+    it 'generates correct url' do
+      expect(url).to end_with(expected_path)
+    end
+  end
+end