Add latest changes from gitlab-org/gitlab@13-5-stable-eev13.5.0-rc42

9 files changed, 218 insertions, 73 deletions

diff --git a/spec/support/shared_examples/controllers/access_tokens_controller_shared_examples.rb b/spec/support/shared_examples/controllers/access_tokens_controller_shared_examples.rb
new file mode 100644
index 00000000000..54d41f9a68c
--- /dev/null
+++ b/spec/support/shared_examples/controllers/access_tokens_controller_shared_examples.rb
@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples 'project access tokens available #index' do
+  let_it_be(:active_project_access_token) { create(:personal_access_token, user: bot_user) }
+  let_it_be(:inactive_project_access_token) { create(:personal_access_token, :revoked, user: bot_user) }
+
+  it 'retrieves active project access tokens' do
+    subject
+
+    expect(assigns(:active_project_access_tokens)).to contain_exactly(active_project_access_token)
+  end
+
+  it 'retrieves inactive project access tokens' do
+    subject
+
+    expect(assigns(:inactive_project_access_tokens)).to contain_exactly(inactive_project_access_token)
+  end
+
+  it 'lists all available scopes' do
+    subject
+
+    expect(assigns(:scopes)).to eq(Gitlab::Auth.resource_bot_scopes)
+  end
+
+  it 'retrieves newly created personal access token value' do
+    token_value = 'random-value'
+    allow(PersonalAccessToken).to receive(:redis_getdel).with("#{user.id}:#{project.id}").and_return(token_value)
+
+    subject
+
+    expect(assigns(:new_project_access_token)).to eq(token_value)
+  end
+end
+
+RSpec.shared_examples 'project access tokens available #create' do
+  def created_token
+    PersonalAccessToken.order(:created_at).last
+  end
+
+  it 'returns success message' do
+    subject
+
+    expect(response.flash[:notice]).to match('Your new project access token has been created.')
+  end
+
+  it 'creates project access token' do
+    subject
+
+    expect(created_token.name).to eq(access_token_params[:name])
+    expect(created_token.scopes).to eq(access_token_params[:scopes])
+    expect(created_token.expires_at).to eq(access_token_params[:expires_at])
+  end
+
+  it 'creates project bot user' do
+    subject
+
+    expect(created_token.user).to be_project_bot
+  end
+
+  it 'stores newly created token redis store' do
+    expect(PersonalAccessToken).to receive(:redis_store!)
+
+    subject
+  end
+
+  it { expect { subject }.to change { User.count }.by(1) }
+  it { expect { subject }.to change { PersonalAccessToken.count }.by(1) }
+
+  context 'when unsuccessful' do
+    before do
+      allow_next_instance_of(ResourceAccessTokens::CreateService) do |service|
+        allow(service).to receive(:execute).and_return ServiceResponse.error(message: 'Failed!')
+      end
+    end
+
+    it { expect(subject).to render_template(:index) }
+  end
+end
+
+RSpec.shared_examples 'project access tokens available #revoke' do
+  it 'calls delete user worker' do
+    expect(DeleteUserWorker).to receive(:perform_async).with(user.id, bot_user.id, skip_authorization: true)
+
+    subject
+  end
+
+  it 'removes membership of bot user' do
+    subject
+
+    expect(project.reload.bots).not_to include(bot_user)
+  end
+
+  it 'converts issuables of the bot user to ghost user' do
+    issue = create(:issue, author: bot_user)
+
+    subject
+
+    expect(issue.reload.author.ghost?).to be true
+  end
+
+  it 'deletes project bot user' do
+    subject
+
+    expect(User.exists?(bot_user.id)).to be_falsy
+  end
+end
diff --git a/spec/support/shared_examples/controllers/cache_control_shared_examples.rb b/spec/support/shared_examples/controllers/cache_control_shared_examples.rb
index 426d7f95222..5496e04e26c 100644
--- a/spec/support/shared_examples/controllers/cache_control_shared_examples.rb
+++ b/spec/support/shared_examples/controllers/cache_control_shared_examples.rb
@@ -2,7 +2,7 @@
 
 RSpec.shared_examples 'project cache control headers' do
   before do
-    project.update(visibility_level: visibility_level)
+    project.update!(visibility_level: visibility_level)
   end
 
   context 'when project is public' do
diff --git a/spec/support/shared_examples/controllers/destroy_hook_shared_examples.rb b/spec/support/shared_examples/controllers/destroy_hook_shared_examples.rb
new file mode 100644
index 00000000000..710aa333dec
--- /dev/null
+++ b/spec/support/shared_examples/controllers/destroy_hook_shared_examples.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples 'Web hook destroyer' do
+  it 'displays a message about synchronous delete', :aggregate_failures do
+    expect_next_instance_of(WebHooks::DestroyService) do |instance|
+      expect(instance).to receive(:execute).with(anything).and_call_original
+    end
+
+    delete :destroy, params: params
+
+    expect(response).to have_gitlab_http_status(:found)
+    expect(flash[:notice]).to eq("#{hook.model_name.human} was deleted")
+  end
+
+  it 'displays a message about async delete', :aggregate_failures do
+    expect_next_instance_of(WebHooks::DestroyService) do |instance|
+      expect(instance).to receive(:execute).with(anything).and_return({ status: :success, async: true } )
+    end
+
+    delete :destroy, params: params
+
+    expect(response).to have_gitlab_http_status(:found)
+    expect(flash[:notice]).to eq("#{hook.model_name.human} was scheduled for deletion")
+  end
+
+  it 'displays an error if deletion failed', :aggregate_failures do
+    expect_next_instance_of(WebHooks::DestroyService) do |instance|
+      expect(instance).to receive(:execute).with(anything).and_return({ status: :error, async: true, message: "failed" } )
+    end
+
+    delete :destroy, params: params
+
+    expect(response).to have_gitlab_http_status(:found)
+    expect(flash[:alert]).to eq("failed")
+  end
+end
diff --git a/spec/support/shared_examples/controllers/githubish_import_controller_shared_examples.rb b/spec/support/shared_examples/controllers/githubish_import_controller_shared_examples.rb
index 8bc91f72b8c..2fcc88ef36a 100644
--- a/spec/support/shared_examples/controllers/githubish_import_controller_shared_examples.rb
+++ b/spec/support/shared_examples/controllers/githubish_import_controller_shared_examples.rb
@@ -262,7 +262,7 @@ RSpec.shared_examples 'a GitHub-ish import controller: POST create' do
       context "when the namespace is owned by the GitLab user" do
         before do
           user.username = other_username
-          user.save
+          user.save!
         end
 
         it "takes the existing namespace" do
diff --git a/spec/support/shared_examples/controllers/known_sign_in_shared_examples.rb b/spec/support/shared_examples/controllers/known_sign_in_shared_examples.rb
index 7f26155f9d6..3f147f942ba 100644
--- a/spec/support/shared_examples/controllers/known_sign_in_shared_examples.rb
+++ b/spec/support/shared_examples/controllers/known_sign_in_shared_examples.rb
@@ -59,7 +59,7 @@ RSpec.shared_examples 'known sign in' do
     it 'notifies the user when the cookie is expired' do
       stub_cookie
 
-      Timecop.freeze((KnownSignIn::KNOWN_SIGN_IN_COOKIE_EXPIRY + 1.day).from_now) do
+      travel_to((KnownSignIn::KNOWN_SIGN_IN_COOKIE_EXPIRY + 1.day).from_now) do
         expect_next_instance_of(NotificationService) do |instance|
           expect(instance).to receive(:unknown_sign_in)
         end
diff --git a/spec/support/shared_examples/controllers/milestone_tabs_shared_examples.rb b/spec/support/shared_examples/controllers/milestone_tabs_shared_examples.rb
index 925c45005f0..2d35b1681ea 100644
--- a/spec/support/shared_examples/controllers/milestone_tabs_shared_examples.rb
+++ b/spec/support/shared_examples/controllers/milestone_tabs_shared_examples.rb
@@ -2,9 +2,28 @@
 
 RSpec.shared_examples 'milestone tabs' do
   def go(path, extra_params = {})
-    params = { namespace_id: project.namespace.to_param, project_id: project, id: milestone.iid }
+    get path, params: request_params.merge(extra_params)
+  end
+
+  describe '#issues' do
+    context 'as html' do
+      before do
+        go(:issues, format: 'html')
+      end
 
-    get path, params: params.merge(extra_params)
+      it 'redirects to milestone#show' do
+        expect(response).to redirect_to(milestone_path)
+      end
+    end
+
+    context 'as json' do
+      it 'renders the issues tab template to a string' do
+        go(:issues, format: 'json')
+
+        expect(response).to render_template('shared/milestones/_issues_tab')
+        expect(json_response).to have_key('html')
+      end
+    end
   end
 
   describe '#merge_requests' do
diff --git a/spec/support/shared_examples/controllers/sessionless_auth_controller_shared_examples.rb b/spec/support/shared_examples/controllers/sessionless_auth_controller_shared_examples.rb
index f2a97a86df6..b67eb0d99fd 100644
--- a/spec/support/shared_examples/controllers/sessionless_auth_controller_shared_examples.rb
+++ b/spec/support/shared_examples/controllers/sessionless_auth_controller_shared_examples.rb
@@ -44,7 +44,7 @@ RSpec.shared_examples 'authenticates sessionless user' do |path, format, params|
           .to increment(:user_unauthenticated_counter)
       end
 
-      personal_access_token.update(scopes: [:read_user])
+      personal_access_token.update!(scopes: [:read_user])
 
       get path, params: default_params.merge(private_token: personal_access_token.token)
 
diff --git a/spec/support/shared_examples/controllers/unique_hll_events_examples.rb b/spec/support/shared_examples/controllers/unique_hll_events_examples.rb
index 7e5a225f020..cf7ee17ea13 100644
--- a/spec/support/shared_examples/controllers/unique_hll_events_examples.rb
+++ b/spec/support/shared_examples/controllers/unique_hll_events_examples.rb
@@ -1,47 +1,24 @@
 # frozen_string_literal: true
+#
+# Requires a context containing:
+# - request
+# - expected_type
+# - target_id
 
 RSpec.shared_examples 'tracking unique hll events' do |feature_flag|
-  context 'when format is HTML' do
-    let(:format) { :html }
+  it 'tracks unique event' do
+    expect(Gitlab::UsageDataCounters::HLLRedisCounter).to receive(:track_event).with(expected_type, target_id)
 
-    it 'tracks unique event' do
-      expect(Gitlab::UsageDataCounters::HLLRedisCounter).to receive(:track_event).with(expected_type, target_id)
-
-      subject
-    end
-
-    it 'tracks unique event if DNT is not enabled' do
-      expect(Gitlab::UsageDataCounters::HLLRedisCounter).to receive(:track_event).with(expected_type, target_id)
-      request.headers['DNT'] = '0'
-
-      subject
-    end
-
-    it 'does not track unique event if DNT is enabled' do
-      expect(Gitlab::UsageDataCounters::HLLRedisCounter).not_to receive(:track_event).with(expected_type, target_id)
-      request.headers['DNT'] = '1'
-
-      subject
-    end
-
-    context 'when feature flag is disabled' do
-      it 'does not track unique event' do
-        stub_feature_flags(feature_flag => false)
-
-        expect(Gitlab::UsageDataCounters::HLLRedisCounter).not_to receive(:track_event).with(expected_type, target_id)
-
-        subject
-      end
-    end
+    request
   end
 
-  context 'when format is JSON' do
-    let(:format) { :json }
+  context 'when feature flag is disabled' do
+    it 'does not track unique event' do
+      stub_feature_flags(feature_flag => false)
 
-    it 'does not track unique event if the format is JSON' do
-      expect(Gitlab::UsageDataCounters::HLLRedisCounter).not_to receive(:track_event).with(expected_type, target_id)
+      expect(Gitlab::UsageDataCounters::HLLRedisCounter).not_to receive(:track_event)
 
-      subject
+      request
     end
   end
 end
diff --git a/spec/support/shared_examples/controllers/wiki_actions_shared_examples.rb b/spec/support/shared_examples/controllers/wiki_actions_shared_examples.rb
index 4ca400dd87b..a6ad8fc594c 100644
--- a/spec/support/shared_examples/controllers/wiki_actions_shared_examples.rb
+++ b/spec/support/shared_examples/controllers/wiki_actions_shared_examples.rb
@@ -15,10 +15,10 @@ RSpec.shared_examples 'wiki controller actions' do
   end
 
   describe 'GET #new' do
-    subject { get :new, params: routing_params }
+    subject(:request) { get :new, params: routing_params }
 
     it 'redirects to #show and appends a `random_title` param' do
-      subject
+      request
 
       expect(response).to be_redirect
       expect(response.redirect_url).to match(%r{
@@ -35,7 +35,7 @@ RSpec.shared_examples 'wiki controller actions' do
       end
 
       it 'redirects to the wiki container and displays an error message' do
-        subject
+        request
 
         expect(response).to redirect_to(container)
         expect(flash[:notice]).to eq('Could not create Wiki Repository at this time. Please try again later.')
@@ -146,13 +146,13 @@ RSpec.shared_examples 'wiki controller actions' do
 
     let(:random_title) { nil }
 
-    subject { get :show, params: routing_params.merge(id: id, random_title: random_title) }
+    subject(:request) { get :show, params: routing_params.merge(id: id, random_title: random_title) }
 
     context 'when page exists' do
       let(:id) { wiki_title }
 
       it 'renders the page' do
-        subject
+        request
 
         expect(response).to have_gitlab_http_status(:ok)
         expect(response).to render_template('shared/wikis/show')
@@ -161,19 +161,26 @@ RSpec.shared_examples 'wiki controller actions' do
         expect(assigns(:sidebar_limited)).to be(false)
       end
 
-      it 'increases the page view counter' do
-        expect do
-          subject
+      context 'page view tracking' do
+        it_behaves_like 'tracking unique hll events', :track_unique_wiki_page_views do
+          let(:target_id) { 'wiki_action' }
+          let(:expected_type) { instance_of(String) }
+        end
 
-          expect(response).to have_gitlab_http_status(:ok)
-        end.to change { Gitlab::UsageDataCounters::WikiPageCounter.read(:view) }.by(1)
+        it 'increases the page view counter' do
+          expect do
+            request
+
+            expect(response).to have_gitlab_http_status(:ok)
+          end.to change { Gitlab::UsageDataCounters::WikiPageCounter.read(:view) }.by(1)
+        end
       end
 
       context 'when page content encoding is invalid' do
         it 'sets flash error' do
           allow(controller).to receive(:valid_encoding?).and_return(false)
 
-          subject
+          request
 
           expect(response).to have_gitlab_http_status(:ok)
           expect(response).to render_template('shared/wikis/show')
@@ -187,7 +194,7 @@ RSpec.shared_examples 'wiki controller actions' do
 
       context 'when the user can create pages' do
         before do
-          subject
+          request
 
           expect(response).to have_gitlab_http_status(:ok)
           expect(response).to render_template('shared/wikis/edit')
@@ -212,7 +219,7 @@ RSpec.shared_examples 'wiki controller actions' do
         end
 
         it 'shows the empty state' do
-          subject
+          request
 
           expect(response).to have_gitlab_http_status(:ok)
           expect(response).to render_template('shared/wikis/empty')
@@ -226,10 +233,10 @@ RSpec.shared_examples 'wiki controller actions' do
       where(:file_name) { ['dk.png', 'unsanitized.svg', 'git-cheat-sheet.pdf'] }
 
       with_them do
-        let(:id) { upload_file_to_wiki(container, user, file_name) }
+        let(:id) { upload_file_to_wiki(wiki, user, file_name) }
 
         it 'delivers the file with the correct headers' do
-          subject
+          request
 
           expect(response).to have_gitlab_http_status(:ok)
           expect(response.headers['Content-Disposition']).to match(/^inline/)
@@ -255,7 +262,7 @@ RSpec.shared_examples 'wiki controller actions' do
       let(:id_param) { 'invalid' }
 
       it 'redirects to show' do
-        subject
+        request
 
         expect(response).to redirect_to_wiki(wiki, 'invalid')
       end
@@ -265,7 +272,7 @@ RSpec.shared_examples 'wiki controller actions' do
       let(:id_param) { ' ' }
 
       it 'redirects to the home page' do
-        subject
+        request
 
         expect(response).to redirect_to_wiki(wiki, 'home')
       end
@@ -275,7 +282,7 @@ RSpec.shared_examples 'wiki controller actions' do
       it 'redirects to show' do
         allow(controller).to receive(:valid_encoding?).and_return(false)
 
-        subject
+        request
 
         expect(response).to redirect_to_wiki(wiki, wiki.list_pages.first)
       end
@@ -288,7 +295,7 @@ RSpec.shared_examples 'wiki controller actions' do
         allow(page).to receive(:content).and_return(nil)
         allow(controller).to receive(:page).and_return(page)
 
-        subject
+        request
 
         expect(response).to redirect_to_wiki(wiki, page)
       end
@@ -298,7 +305,7 @@ RSpec.shared_examples 'wiki controller actions' do
   describe 'GET #edit' do
     let(:id_param) { wiki_title }
 
-    subject { get(:edit, params: routing_params.merge(id: id_param)) }
+    subject(:request) { get(:edit, params: routing_params.merge(id: id_param)) }
 
     it_behaves_like 'edit action'
 
@@ -306,7 +313,7 @@ RSpec.shared_examples 'wiki controller actions' do
       render_views
 
       it 'shows the edit page' do
-        subject
+        request
 
         expect(response).to have_gitlab_http_status(:ok)
         expect(response.body).to include(s_('Wiki|Edit Page'))
@@ -319,7 +326,7 @@ RSpec.shared_examples 'wiki controller actions' do
     let(:new_content) { 'New content' }
     let(:id_param) { wiki_title }
 
-    subject do
+    subject(:request) do
       patch(:update,
             params: routing_params.merge(
               id: id_param,
@@ -333,7 +340,7 @@ RSpec.shared_examples 'wiki controller actions' do
       render_views
 
       it 'updates the page' do
-        subject
+        request
 
         wiki_page = wiki.list_pages(load_content: true).first
 
@@ -348,7 +355,7 @@ RSpec.shared_examples 'wiki controller actions' do
       end
 
       it 'renders the empty state' do
-        subject
+        request
 
         expect(response).to render_template('shared/wikis/empty')
       end
@@ -359,7 +366,7 @@ RSpec.shared_examples 'wiki controller actions' do
     let(:new_title) { 'New title' }
     let(:new_content) { 'New content' }
 
-    subject do
+    subject(:request) do
       post(:create,
             params: routing_params.merge(
               wiki: { title: new_title, content: new_content }
@@ -369,7 +376,7 @@ RSpec.shared_examples 'wiki controller actions' do
     context 'when page is valid' do
       it 'creates the page' do
         expect do
-          subject
+          request
         end.to change { wiki.list_pages.size }.by 1
 
         wiki_page = wiki.find_page(new_title)
@@ -384,7 +391,7 @@ RSpec.shared_examples 'wiki controller actions' do
 
       it 'renders the edit state' do
         expect do
-          subject
+          request
         end.not_to change { wiki.list_pages.size }
 
         expect(response).to render_template('shared/wikis/edit')
@@ -395,7 +402,7 @@ RSpec.shared_examples 'wiki controller actions' do
   describe 'DELETE #destroy' do
     let(:id_param) { wiki_title }
 
-    subject do
+    subject(:request) do
       delete(:destroy,
             params: routing_params.merge(
               id: id_param
@@ -405,7 +412,7 @@ RSpec.shared_examples 'wiki controller actions' do
     context 'when page exists' do
       it 'deletes the page' do
         expect do
-          subject
+          request
         end.to change { wiki.list_pages.size }.by(-1)
       end
 
@@ -418,7 +425,7 @@ RSpec.shared_examples 'wiki controller actions' do
 
         it 'renders the edit state' do
           expect do
-            subject
+            request
           end.not_to change { wiki.list_pages.size }
 
           expect(response).to render_template('shared/wikis/edit')
@@ -432,7 +439,7 @@ RSpec.shared_examples 'wiki controller actions' do
 
       it 'renders 404' do
         expect do
-          subject
+          request
         end.not_to change { wiki.list_pages.size }
 
         expect(response).to have_gitlab_http_status(:not_found)