Add latest changes from gitlab-org/gitlab@master

10 files changed, 204 insertions, 71 deletions

diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 5e33421854b..ed91b5973b8 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -842,4 +842,48 @@ describe ApplicationController do
       end
     end
   end
+
+  describe '#require_role' do
+    controller(described_class) do
+      def index; end
+    end
+
+    let(:user) { create(:user) }
+    let(:experiment_enabled) { true }
+
+    before do
+      stub_experiment(signup_flow: experiment_enabled)
+    end
+
+    context 'experiment enabled and user with required role' do
+      before do
+        user.set_role_required!
+        sign_in(user)
+        get :index
+      end
+
+      it { is_expected.to redirect_to users_sign_up_welcome_path }
+    end
+
+    context 'experiment enabled and user without a role' do
+      before do
+        sign_in(user)
+        get :index
+      end
+
+      it { is_expected.not_to redirect_to users_sign_up_welcome_path }
+    end
+
+    context 'experiment disabled and user with required role' do
+      let(:experiment_enabled) { false }
+
+      before do
+        user.set_role_required!
+        sign_in(user)
+        get :index
+      end
+
+      it { is_expected.not_to redirect_to users_sign_up_welcome_path }
+    end
+  end
 end
diff --git a/spec/controllers/registrations_controller_spec.rb b/spec/controllers/registrations_controller_spec.rb
index 5d87dbdee8b..ebeed94c274 100644
--- a/spec/controllers/registrations_controller_spec.rb
+++ b/spec/controllers/registrations_controller_spec.rb
@@ -114,9 +114,14 @@ describe RegistrationsController do
     context 'when invisible captcha is enabled' do
       before do
         stub_feature_flags(invisible_captcha: true)
+        InvisibleCaptcha.timestamp_enabled = true
         InvisibleCaptcha.timestamp_threshold = treshold
       end
 
+      after do
+        InvisibleCaptcha.timestamp_enabled = false
+      end
+
       let(:treshold) { 4 }
       let(:session_params) { { invisible_captcha_timestamp: form_rendered_time.iso8601 } }
       let(:form_rendered_time) { Time.current }
diff --git a/spec/factories/users.rb b/spec/factories/users.rb
index e3d20c1f46c..f83c137b758 100644
--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
@@ -6,6 +6,7 @@ FactoryBot.define do
     name { generate(:name) }
     username { generate(:username) }
     password { "12345678" }
+    role { 'software_developer' }
     confirmed_at { Time.now }
     confirmation_token { nil }
     can_create_group { true }
diff --git a/spec/features/invites_spec.rb b/spec/features/invites_spec.rb
index 1e054a7b358..2a1980346e9 100644
--- a/spec/features/invites_spec.rb
+++ b/spec/features/invites_spec.rb
@@ -10,7 +10,6 @@ describe 'Invites' do
   let(:group_invite) { group.group_members.invite.last }
 
   before do
-    stub_feature_flags(invisible_captcha: false)
     project.add_maintainer(owner)
     group.add_user(owner, Gitlab::Access::OWNER)
     group.add_developer('user@example.com', owner)
diff --git a/spec/features/users/signup_spec.rb b/spec/features/users/signup_spec.rb
index 0846ec8dfb4..562d6fcab1b 100644
--- a/spec/features/users/signup_spec.rb
+++ b/spec/features/users/signup_spec.rb
@@ -5,10 +5,6 @@ require 'spec_helper'
 shared_examples 'Signup' do
   include TermsHelper
 
-  before do
-    stub_feature_flags(invisible_captcha: false)
-  end
-
   let(:new_user) { build_stubbed(:user) }
 
   describe 'username validation', :js do
@@ -129,35 +125,43 @@ shared_examples 'Signup' do
 
   describe 'user\'s full name validation', :js do
     before do
-      visit new_user_registration_path
+      if Gitlab::Experimentation.enabled?(:signup_flow)
+        user = create(:user, role: nil)
+        sign_in(user)
+        visit users_sign_up_welcome_path
+        @user_name_field = 'user_name'
+      else
+        visit new_user_registration_path
+        @user_name_field = 'new_user_name'
+      end
     end
 
     it 'does not show an error border if the user\'s fullname length is not longer than 128 characters' do
-      fill_in 'new_user_name', with: 'u' * 128
+      fill_in @user_name_field, with: 'u' * 128
 
       expect(find('.name')).not_to have_css '.gl-field-error-outline'
     end
 
     it 'shows an error border if the user\'s fullname contains an emoji' do
-      simulate_input('#new_user_name', 'Ehsan 🦋')
+      simulate_input("##{@user_name_field}", 'Ehsan 🦋')
 
       expect(find('.name')).to have_css '.gl-field-error-outline'
     end
 
     it 'shows an error border if the user\'s fullname is longer than 128 characters' do
-      fill_in 'new_user_name', with: 'n' * 129
+      fill_in @user_name_field, with: 'n' * 129
 
       expect(find('.name')).to have_css '.gl-field-error-outline'
     end
 
     it 'shows an error message if the user\'s fullname is longer than 128 characters' do
-      fill_in 'new_user_name', with: 'n' * 129
+      fill_in @user_name_field, with: 'n' * 129
 
       expect(page).to have_content("Name is too long (maximum is 128 characters).")
     end
 
     it 'shows an error message if the username contains emojis' do
-      simulate_input('#new_user_name', 'Ehsan 🦋')
+      simulate_input("##{@user_name_field}", 'Ehsan 🦋')
 
       expect(page).to have_content("Invalid input, please avoid emojis")
     end
@@ -177,11 +181,11 @@ shared_examples 'Signup' do
         it 'creates the user account and sends a confirmation email' do
           visit new_user_registration_path
 
-          fill_in 'new_user_name', with: new_user.name
           fill_in 'new_user_username', with: new_user.username
           fill_in 'new_user_email', with: new_user.email
 
-          unless Feature.enabled?(:experimental_separate_sign_up_flow)
+          unless Gitlab::Experimentation.enabled?(:signup_flow)
+            fill_in 'new_user_name', with: new_user.name
             fill_in 'new_user_email_confirmation', with: new_user.email
           end
 
@@ -202,11 +206,11 @@ shared_examples 'Signup' do
         it 'creates the user account and sends a confirmation email' do
           visit new_user_registration_path
 
-          fill_in 'new_user_name', with: new_user.name
           fill_in 'new_user_username', with: new_user.username
           fill_in 'new_user_email', with: new_user.email
 
-          unless Feature.enabled?(:experimental_separate_sign_up_flow)
+          unless Gitlab::Experimentation.enabled?(:signup_flow)
+            fill_in 'new_user_name', with: new_user.name
             fill_in 'new_user_email_confirmation', with: new_user.email
           end
 
@@ -214,8 +218,12 @@ shared_examples 'Signup' do
 
           expect { click_button 'Register' }.to change { User.count }.by(1)
 
-          expect(current_path).to eq dashboard_projects_path
-          expect(page).to have_content("Please check your email (#{new_user.email}) to verify that you own this address.")
+          if Gitlab::Experimentation.enabled?(:signup_flow)
+            expect(current_path).to eq users_sign_up_welcome_path
+          else
+            expect(current_path).to eq dashboard_projects_path
+            expect(page).to have_content("Please check your email (#{new_user.email}) to verify that you own this address.")
+          end
         end
       end
     end
@@ -224,19 +232,23 @@ shared_examples 'Signup' do
       it "creates the user successfully" do
         visit new_user_registration_path
 
-        fill_in 'new_user_name', with: new_user.name
         fill_in 'new_user_username', with: new_user.username
         fill_in 'new_user_email', with: new_user.email
 
-        unless Feature.enabled?(:experimental_separate_sign_up_flow)
+        unless Gitlab::Experimentation.enabled?(:signup_flow)
+          fill_in 'new_user_name', with: new_user.name
           fill_in 'new_user_email_confirmation', with: new_user.email.capitalize
         end
 
         fill_in 'new_user_password', with: new_user.password
         click_button "Register"
 
-        expect(current_path).to eq dashboard_projects_path
-        expect(page).to have_content("Welcome! You have signed up successfully.")
+        if Gitlab::Experimentation.enabled?(:signup_flow)
+          expect(current_path).to eq users_sign_up_welcome_path
+        else
+          expect(current_path).to eq dashboard_projects_path
+          expect(page).to have_content("Welcome! You have signed up successfully.")
+        end
       end
     end
 
@@ -248,19 +260,23 @@ shared_examples 'Signup' do
       it 'creates the user account and goes to dashboard' do
         visit new_user_registration_path
 
-        fill_in 'new_user_name', with: new_user.name
         fill_in 'new_user_username', with: new_user.username
         fill_in 'new_user_email', with: new_user.email
 
-        unless Feature.enabled?(:experimental_separate_sign_up_flow)
+        unless Gitlab::Experimentation.enabled?(:signup_flow)
+          fill_in 'new_user_name', with: new_user.name
           fill_in 'new_user_email_confirmation', with: new_user.email
         end
 
         fill_in 'new_user_password', with: new_user.password
         click_button "Register"
 
-        expect(current_path).to eq dashboard_projects_path
-        expect(page).to have_content("Welcome! You have signed up successfully.")
+        if Gitlab::Experimentation.enabled?(:signup_flow)
+          expect(current_path).to eq users_sign_up_welcome_path
+        else
+          expect(current_path).to eq dashboard_projects_path
+          expect(page).to have_content("Welcome! You have signed up successfully.")
+        end
       end
     end
   end
@@ -271,7 +287,10 @@ shared_examples 'Signup' do
 
       visit new_user_registration_path
 
-      fill_in 'new_user_name', with: new_user.name
+      unless Gitlab::Experimentation.enabled?(:signup_flow)
+        fill_in 'new_user_name', with: new_user.name
+      end
+
       fill_in 'new_user_username', with: new_user.username
       fill_in 'new_user_email', with: existing_user.email
       fill_in 'new_user_password', with: new_user.password
@@ -279,14 +298,14 @@ shared_examples 'Signup' do
 
       expect(current_path).to eq user_registration_path
 
-      if Feature.enabled?(:experimental_separate_sign_up_flow)
+      if Gitlab::Experimentation.enabled?(:signup_flow)
         expect(page).to have_content("error prohibited this user from being saved")
-        expect(page).to have_content("Email has already been taken")
       else
         expect(page).to have_content("errors prohibited this user from being saved")
-        expect(page).to have_content("Email has already been taken")
         expect(page).to have_content("Email confirmation doesn't match")
       end
+
+      expect(page).to have_content("Email has already been taken")
     end
 
     it 'does not redisplay the password' do
@@ -294,7 +313,10 @@ shared_examples 'Signup' do
 
       visit new_user_registration_path
 
-      fill_in 'new_user_name', with: new_user.name
+      unless Gitlab::Experimentation.enabled?(:signup_flow)
+        fill_in 'new_user_name', with: new_user.name
+      end
+
       fill_in 'new_user_username', with: new_user.username
       fill_in 'new_user_email', with: existing_user.email
       fill_in 'new_user_password', with: new_user.password
@@ -313,11 +335,11 @@ shared_examples 'Signup' do
     it 'requires the user to check the checkbox' do
       visit new_user_registration_path
 
-      fill_in 'new_user_name', with: new_user.name
       fill_in 'new_user_username', with: new_user.username
       fill_in 'new_user_email', with: new_user.email
 
-      unless Feature.enabled?(:experimental_separate_sign_up_flow)
+      unless Gitlab::Experimentation.enabled?(:signup_flow)
+        fill_in 'new_user_name', with: new_user.name
         fill_in 'new_user_email_confirmation', with: new_user.email
       end
 
@@ -332,11 +354,11 @@ shared_examples 'Signup' do
     it 'asks the user to accept terms before going to the dashboard' do
       visit new_user_registration_path
 
-      fill_in 'new_user_name', with: new_user.name
       fill_in 'new_user_username', with: new_user.username
       fill_in 'new_user_email', with: new_user.email
 
-      unless Feature.enabled?(:experimental_separate_sign_up_flow)
+      unless Gitlab::Experimentation.enabled?(:signup_flow)
+        fill_in 'new_user_name', with: new_user.name
         fill_in 'new_user_email_confirmation', with: new_user.email
       end
 
@@ -345,24 +367,84 @@ shared_examples 'Signup' do
 
       click_button "Register"
 
-      expect(current_path).to eq dashboard_projects_path
+      if Gitlab::Experimentation.enabled?(:signup_flow)
+        expect(current_path).to eq users_sign_up_welcome_path
+      else
+        expect(current_path).to eq dashboard_projects_path
+      end
     end
   end
-end
 
-describe 'With original flow' do
-  it_behaves_like 'Signup' do
+  context 'when reCAPTCHA and invisible captcha are enabled' do
     before do
-      stub_feature_flags(experimental_separate_sign_up_flow: false)
+      InvisibleCaptcha.timestamp_enabled = true
+      stub_application_setting(recaptcha_enabled: true)
+      allow_any_instance_of(RegistrationsController).to receive(:verify_recaptcha).and_return(false)
+    end
+
+    after do
+      InvisibleCaptcha.timestamp_enabled = false
+    end
+
+    it 'prevents from signing up' do
+      visit new_user_registration_path
+
+      fill_in 'new_user_username', with: new_user.username
+      fill_in 'new_user_email', with: new_user.email
+
+      unless Gitlab::Experimentation.enabled?(:signup_flow)
+        fill_in 'new_user_name', with: new_user.name
+        fill_in 'new_user_email_confirmation', with: new_user.email
+      end
+
+      fill_in 'new_user_password', with: new_user.password
+
+      expect { click_button 'Register' }.not_to change { User.count }
+
+      if Gitlab::Experimentation.enabled?(:signup_flow)
+        expect(page).to have_content('That was a bit too quick! Please resubmit.')
+      else
+        expect(page).to have_content('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
+      end
     end
   end
 end
 
-describe 'With experimental flow on GitLab.com' do
-  it_behaves_like 'Signup' do
-    before do
-      expect(Gitlab).to receive(:com?).and_return(true).at_least(:once)
-      stub_feature_flags(experimental_separate_sign_up_flow: true)
+describe 'With original flow' do
+  before do
+    stub_experiment(signup_flow: false)
+  end
+
+  it_behaves_like 'Signup'
+end
+
+describe 'With experimental flow' do
+  before do
+    stub_experiment(signup_flow: true)
+  end
+
+  it_behaves_like 'Signup'
+
+  describe 'when role is required' do
+    it 'after registering, it redirects to step 2 of the signup process, sets the name and role and then redirects to the original requested url' do
+      new_user = build_stubbed(:user)
+      visit new_user_registration_path
+      fill_in 'new_user_username', with: new_user.username
+      fill_in 'new_user_email', with: new_user.email
+      fill_in 'new_user_password', with: new_user.password
+      click_button 'Register'
+      visit new_project_path
+
+      expect(page).to have_current_path(users_sign_up_welcome_path)
+
+      fill_in 'user_name', with: 'New name'
+      select 'Software Developer', from: 'user_role'
+      click_button 'Get started!'
+      new_user = User.find_by_username(new_user.username)
+
+      expect(new_user.name).to eq 'New name'
+      expect(new_user.software_developer_role?).to be_truthy
+      expect(page).to have_current_path(new_project_path)
     end
   end
 end
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 0d190ae069e..ee4e783e9ac 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -634,40 +634,21 @@ describe API::Users do
   end
 
   describe "GET /users/sign_up" do
-    context 'when experimental_separate_sign_up_flow is active' do
+    context 'when experimental signup_flow is active' do
       before do
-        stub_feature_flags(experimental_separate_sign_up_flow: true)
+        stub_experiment(signup_flow: true)
       end
 
-      context 'on gitlab.com' do
-        before do
-          allow(::Gitlab).to receive(:com?).and_return(true)
-        end
-
-        it "shows sign up page" do
-          get "/users/sign_up"
-          expect(response).to have_gitlab_http_status(200)
-          expect(response).to render_template(:new)
-        end
-      end
-
-      context 'not on gitlab.com' do
-        before do
-          allow(::Gitlab).to receive(:com?).and_return(false)
-        end
-
-        it "redirects to sign in page" do
-          get "/users/sign_up"
-          expect(response).to have_gitlab_http_status(302)
-          expect(response).to redirect_to(new_user_session_path(anchor: 'register-pane'))
-        end
+      it "shows sign up page" do
+        get "/users/sign_up"
+        expect(response).to have_gitlab_http_status(200)
+        expect(response).to render_template(:new)
       end
     end
 
-    context 'when experimental_separate_sign_up_flow is not active' do
+    context 'when experimental signup_flow is not active' do
       before do
-        allow(::Gitlab).to receive(:com?).and_return(true)
-        stub_feature_flags(experimental_separate_sign_up_flow: false)
+        stub_experiment(signup_flow: false)
       end
 
       it "redirects to sign in page" do
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 61e50fe5723..7a5e570558e 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -88,6 +88,7 @@ RSpec.configure do |config|
   config.include FixtureHelpers
   config.include GitlabRoutingHelper
   config.include StubFeatureFlags
+  config.include StubExperiments
   config.include StubGitlabCalls
   config.include StubGitlabData
   config.include NextInstanceOf
@@ -378,3 +379,6 @@ end
 
 # Prevent Rugged from picking up local developer gitconfig.
 Rugged::Settings['search_path_global'] = Rails.root.join('tmp/tests').to_s
+
+# Disable timestamp checks for invisible_captcha
+InvisibleCaptcha.timestamp_enabled = false
diff --git a/spec/support/helpers/stub_experiments.rb b/spec/support/helpers/stub_experiments.rb
new file mode 100644
index 00000000000..ed868e22c6e
--- /dev/null
+++ b/spec/support/helpers/stub_experiments.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module StubExperiments
+  # Stub Experiment with `key: true/false`
+  #
+  # @param [Hash] experiment where key is feature name and value is boolean whether enabled or not.
+  #
+  # Examples
+  # - `stub_experiment(signup_flow: false)` ... Disable `signup_flow` experiment globally.
+  def stub_experiment(experiments)
+    experiments.each do |experiment_key, enabled|
+      allow(Gitlab::Experimentation).to receive(:enabled?).with(experiment_key, any_args) { enabled }
+    end
+  end
+end
diff --git a/spec/views/devise/shared/_signin_box.html.haml_spec.rb b/spec/views/devise/shared/_signin_box.html.haml_spec.rb
index 6d640686337..f8867477603 100644
--- a/spec/views/devise/shared/_signin_box.html.haml_spec.rb
+++ b/spec/views/devise/shared/_signin_box.html.haml_spec.rb
@@ -10,6 +10,7 @@ describe 'devise/shared/_signin_box' do
       allow(view).to receive(:current_application_settings).and_return(Gitlab::CurrentSettings.current_application_settings)
       allow(view).to receive(:captcha_enabled?).and_return(false)
       allow(view).to receive(:captcha_on_login_required?).and_return(false)
+      allow(view).to receive(:experiment_enabled?).and_return(false)
     end
 
     it 'is shown when Crowd is enabled' do
diff --git a/spec/views/layouts/_head.html.haml_spec.rb b/spec/views/layouts/_head.html.haml_spec.rb
index bea0b0edf4d..e9b3334fffc 100644
--- a/spec/views/layouts/_head.html.haml_spec.rb
+++ b/spec/views/layouts/_head.html.haml_spec.rb
@@ -7,6 +7,7 @@ describe 'layouts/_head' do
 
   before do
     allow(view).to receive(:current_application_settings).and_return(Gitlab::CurrentSettings.current_application_settings)
+    allow(view).to receive(:experiment_enabled?).and_return(false)
   end
 
   it 'escapes HTML-safe strings in page_title' do