Add latest changes from gitlab-org/gitlab@master

5 files changed, 197 insertions, 5 deletions

diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb
index fb564bb398b..7dfa239cd1e 100644
--- a/spec/requests/api/groups_spec.rb
+++ b/spec/requests/api/groups_spec.rb
@@ -21,6 +21,47 @@ describe API::Groups do
     group2.add_owner(user2)
   end
 
+  shared_examples 'group avatar upload' do
+    context 'when valid' do
+      let(:file_path) { 'spec/fixtures/banana_sample.gif' }
+
+      it 'returns avatar url in response' do
+        make_upload_request
+
+        group_id = json_response['id']
+        expect(json_response['avatar_url']).to eq('http://localhost/uploads/'\
+                                                  '-/system/group/avatar/'\
+                                                  "#{group_id}/banana_sample.gif")
+      end
+    end
+
+    context 'when invalid' do
+      shared_examples 'invalid file upload request' do
+        it 'returns 400' do
+          make_upload_request
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(response.message).to eq('Bad Request')
+          expect(json_response['message'].to_s).to match(/#{message}/)
+        end
+      end
+
+      context 'when file format is not supported' do
+        let(:file_path) { 'spec/fixtures/doc_sample.txt' }
+        let(:message)   { 'file format is not supported. Please try one of the following supported formats: png, jpg, jpeg, gif, bmp, tiff, ico' }
+
+        it_behaves_like 'invalid file upload request'
+      end
+
+      context 'when file format is not supported' do
+        let(:file_path) { 'spec/fixtures/big-image.png' }
+        let(:message)   { 'is too big' }
+
+        it_behaves_like 'invalid file upload request'
+      end
+    end
+  end
+
   describe "GET /groups" do
     context "when unauthenticated" do
       it "returns public groups" do
@@ -539,6 +580,15 @@ describe API::Groups do
   describe 'PUT /groups/:id' do
     let(:new_group_name) { 'New Group'}
 
+    it_behaves_like 'group avatar upload' do
+      def make_upload_request
+        group_param = {
+          avatar: fixture_file_upload(file_path)
+        }
+        put api("/groups/#{group1.id}", user1), params: group_param
+      end
+    end
+
     context 'when authenticated as the group owner' do
       it 'updates the group' do
         put api("/groups/#{group1.id}", user1), params: {
@@ -940,6 +990,16 @@ describe API::Groups do
   end
 
   describe "POST /groups" do
+    it_behaves_like 'group avatar upload' do
+      def make_upload_request
+        params = attributes_for_group_api(request_access_enabled: false).tap do |attrs|
+          attrs[:avatar] = fixture_file_upload(file_path)
+        end
+
+        post api("/groups", user3), params: params
+      end
+    end
+
     context "when authenticated as user without group permissions" do
       it "does not create group" do
         group = attributes_for_group_api
diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb
index f0ab2f26900..d8fac47d6f6 100644
--- a/spec/requests/api/merge_requests_spec.rb
+++ b/spec/requests/api/merge_requests_spec.rb
@@ -1150,12 +1150,16 @@ describe API::MergeRequests do
 
   describe 'POST /projects/:id/merge_requests/:merge_request_iid/pipelines' do
     before do
-      stub_ci_pipeline_yaml_file(YAML.dump({
+      stub_ci_pipeline_yaml_file(ci_yaml)
+    end
+
+    let(:ci_yaml) do
+      YAML.dump({
         rspec: {
           script: 'ls',
           only: ['merge_requests']
         }
-      }))
+      })
     end
 
     let(:project) do
@@ -1208,6 +1212,18 @@ describe API::MergeRequests do
         expect(response).to have_gitlab_http_status(:not_found)
       end
     end
+
+    context 'when the .gitlab-ci.yml file is invalid' do
+      let(:ci_yaml) { 'invalid yaml file' }
+
+      it 'creates a failed pipeline' do
+        expect { request }.to change(Ci::Pipeline, :count).by(1)
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(json_response).to be_a Hash
+        expect(merge_request.pipelines_for_merge_request.last).to be_failed
+        expect(merge_request.pipelines_for_merge_request.last).to be_config_error
+      end
+    end
   end
 
   describe 'POST /projects/:id/merge_requests' do
diff --git a/spec/requests/api/project_snippets_spec.rb b/spec/requests/api/project_snippets_spec.rb
index 16903d9d6d0..ba5de430f7d 100644
--- a/spec/requests/api/project_snippets_spec.rb
+++ b/spec/requests/api/project_snippets_spec.rb
@@ -6,6 +6,12 @@ describe API::ProjectSnippets do
   let_it_be(:project) { create(:project, :public) }
   let_it_be(:user) { create(:user) }
   let_it_be(:admin) { create(:admin) }
+  let_it_be(:project_no_snippets) { create(:project, :snippets_disabled) }
+
+  before do
+    project_no_snippets.add_developer(admin)
+    project_no_snippets.add_developer(user)
+  end
 
   describe "GET /projects/:project_id/snippets/:id/user_agent_detail" do
     let(:snippet) { create(:project_snippet, :public, project: project) }
@@ -32,6 +38,12 @@ describe API::ProjectSnippets do
 
       expect(response).to have_gitlab_http_status(:forbidden)
     end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { get api("/projects/#{project_no_snippets.id}/snippets/123/user_agent_detail", admin) }
+      end
+    end
   end
 
   describe 'GET /projects/:project_id/snippets/' do
@@ -63,6 +75,12 @@ describe API::ProjectSnippets do
       expect(json_response).to be_an Array
       expect(json_response.size).to eq(0)
     end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { get api("/projects/#{project_no_snippets.id}/snippets", user) }
+      end
+    end
   end
 
   describe 'GET /projects/:project_id/snippets/:id' do
@@ -85,6 +103,12 @@ describe API::ProjectSnippets do
       expect(response).to have_gitlab_http_status(:not_found)
       expect(json_response['message']).to eq('404 Not found')
     end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { get api("/projects/#{project_no_snippets.id}/snippets/123", user) }
+      end
+    end
   end
 
   describe 'POST /projects/:project_id/snippets/' do
@@ -244,11 +268,17 @@ describe API::ProjectSnippets do
         end
       end
     end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { post api("/projects/#{project_no_snippets.id}/snippets", user), params: params }
+      end
+    end
   end
 
   describe 'PUT /projects/:project_id/snippets/:id/' do
     let(:visibility_level) { Snippet::PUBLIC }
-    let(:snippet) { create(:project_snippet, author: admin, visibility_level: visibility_level) }
+    let(:snippet) { create(:project_snippet, author: admin, visibility_level: visibility_level, project: project) }
 
     it 'updates snippet' do
       new_content = 'New content'
@@ -354,10 +384,16 @@ describe API::ProjectSnippets do
         end
       end
     end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { put api("/projects/#{project_no_snippets.id}/snippets/123", admin), params: { description: 'foo' } }
+      end
+    end
   end
 
   describe 'DELETE /projects/:project_id/snippets/:id/' do
-    let(:snippet) { create(:project_snippet, author: admin) }
+    let(:snippet) { create(:project_snippet, author: admin, project: project) }
 
     it 'deletes snippet' do
       delete api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin)
@@ -375,10 +411,16 @@ describe API::ProjectSnippets do
     it_behaves_like '412 response' do
       let(:request) { api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin) }
     end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { delete api("/projects/#{project_no_snippets.id}/snippets/123", admin) }
+      end
+    end
   end
 
   describe 'GET /projects/:project_id/snippets/:id/raw' do
-    let(:snippet) { create(:project_snippet, author: admin) }
+    let(:snippet) { create(:project_snippet, author: admin, project: project) }
 
     it 'returns raw text' do
       get api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/raw", admin)
@@ -394,5 +436,11 @@ describe API::ProjectSnippets do
       expect(response).to have_gitlab_http_status(:not_found)
       expect(json_response['message']).to eq('404 Snippet Not Found')
     end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { get api("/projects/#{project_no_snippets.id}/snippets/123/raw", admin) }
+      end
+    end
   end
 end
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index 59c394d8d8d..858fdc783ee 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -2935,6 +2935,26 @@ describe API::Projects do
         expect(response).to have_gitlab_http_status(:conflict)
         expect(json_response['message']['name']).to eq(['has already been taken'])
       end
+
+      it 'forks to the same namespace with alternative path and name' do
+        post api("/projects/#{project.id}/fork", user), params: { path: 'path_2', name: 'name_2' }
+
+        expect(response).to have_gitlab_http_status(:created)
+        expect(json_response['name']).to eq('name_2')
+        expect(json_response['path']).to eq('path_2')
+        expect(json_response['owner']['id']).to eq(user.id)
+        expect(json_response['namespace']['id']).to eq(user.namespace.id)
+        expect(json_response['forked_from_project']['id']).to eq(project.id)
+        expect(json_response['import_status']).to eq('scheduled')
+      end
+
+      it 'fails to fork to the same namespace without alternative path and name' do
+        post api("/projects/#{project.id}/fork", user)
+
+        expect(response).to have_gitlab_http_status(:conflict)
+        expect(json_response['message']['path']).to eq(['has already been taken'])
+        expect(json_response['message']['name']).to eq(['has already been taken'])
+      end
     end
 
     context 'when unauthenticated' do
diff --git a/spec/requests/api/remote_mirrors_spec.rb b/spec/requests/api/remote_mirrors_spec.rb
index 065d9c7ca5b..2186fe375ac 100644
--- a/spec/requests/api/remote_mirrors_spec.rb
+++ b/spec/requests/api/remote_mirrors_spec.rb
@@ -39,6 +39,54 @@ describe API::RemoteMirrors do
     end
   end
 
+  describe 'POST /projects/:id/remote_mirrors' do
+    let(:route) { "/projects/#{project.id}/remote_mirrors" }
+
+    shared_examples 'creates a remote mirror' do
+      it 'creates a remote mirror and returns reponse' do
+        project.add_maintainer(user)
+
+        post api(route, user), params: params
+
+        enabled = params.fetch(:enabled, false)
+        expect(response).to have_gitlab_http_status(:success)
+        expect(response).to match_response_schema('remote_mirror')
+        expect(json_response['enabled']).to eq(enabled)
+      end
+    end
+
+    it 'requires `admin_remote_mirror` permission' do
+      post api(route, developer)
+
+      expect(response).to have_gitlab_http_status(:unauthorized)
+    end
+
+    context 'creates a remote mirror' do
+      context 'disabled by default' do
+        let(:params) { { url: 'https://foo:bar@test.com' } }
+
+        it_behaves_like 'creates a remote mirror'
+      end
+
+      context 'enabled' do
+        let(:params) { { url: 'https://foo:bar@test.com', enabled: true } }
+
+        it_behaves_like 'creates a remote mirror'
+      end
+    end
+
+    it 'returns error if url is invalid' do
+      project.add_maintainer(user)
+
+      post api(route, user), params: {
+        url: 'ftp://foo:bar@test.com'
+      }
+
+      expect(response).to have_gitlab_http_status(:bad_request)
+      expect(json_response['message']['url']).to eq(["is blocked: Only allowed schemes are ssh, git, http, https"])
+    end
+  end
+
   describe 'PUT /projects/:id/remote_mirrors/:mirror_id' do
     let(:route) { ->(id) { "/projects/#{project.id}/remote_mirrors/#{id}" } }
     let(:mirror) { project.remote_mirrors.first }