summaryrefslogtreecommitdiff
path: root/spec
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-08-05 18:10:10 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-08-05 18:10:10 +0000
commitea4766228b5536c83f1917d6058be913472ffa2d (patch)
tree5ebf5ea0f996be6c6908e6b631b72c33bc13e997 /spec
parent4b64dc27ae5bac20dec888431c236fef2bfdc449 (diff)
downloadgitlab-ce-ea4766228b5536c83f1917d6058be913472ffa2d.tar.gz
Add latest changes from gitlab-org/gitlab@13-2-stable-ee
Diffstat (limited to 'spec')
-rw-r--r--spec/controllers/oauth/applications_controller_spec.rb27
-rw-r--r--spec/controllers/oauth/authorizations_controller_spec.rb84
-rw-r--r--spec/controllers/oauth/authorized_applications_controller_spec.rb20
-rw-r--r--spec/controllers/oauth/token_info_controller_spec.rb4
-rw-r--r--spec/controllers/oauth/tokens_controller_spec.rb9
-rw-r--r--spec/features/projects/jobs_spec.rb18
-rw-r--r--spec/frontend/jobs/components/environments_block_spec.js70
-rw-r--r--spec/helpers/issuables_helper_spec.rb8
-rw-r--r--spec/lib/banzai/filter/issue_reference_filter_spec.rb6
-rw-r--r--spec/lib/gitlab/checks/branch_check_spec.rb23
-rw-r--r--spec/mailers/notify_spec.rb18
-rw-r--r--spec/services/authorized_project_update/project_group_link_create_service_spec.rb23
-rw-r--r--spec/services/groups/transfer_service_spec.rb117
-rw-r--r--spec/services/projects/group_links/create_service_spec.rb7
14 files changed, 337 insertions, 97 deletions
diff --git a/spec/controllers/oauth/applications_controller_spec.rb b/spec/controllers/oauth/applications_controller_spec.rb
index 38f46ee7b15..0a7975b8c1b 100644
--- a/spec/controllers/oauth/applications_controller_spec.rb
+++ b/spec/controllers/oauth/applications_controller_spec.rb
@@ -19,12 +19,29 @@ RSpec.describe Oauth::ApplicationsController do
it { is_expected.to redirect_to(new_user_session_path) }
end
+ shared_examples 'redirects to 2fa setup page when the user requires it' do
+ context 'when 2fa is set up on application level' do
+ before do
+ stub_application_setting(require_two_factor_authentication: true)
+ end
+
+ it { is_expected.to redirect_to(profile_two_factor_auth_path) }
+ end
+
+ context 'when 2fa is set up on group level' do
+ let(:user) { create(:user, require_two_factor_authentication_from_group: true) }
+
+ it { is_expected.to redirect_to(profile_two_factor_auth_path) }
+ end
+ end
+
describe 'GET #new' do
subject { get :new }
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
describe 'DELETE #destroy' do
@@ -33,6 +50,7 @@ RSpec.describe Oauth::ApplicationsController do
it { is_expected.to redirect_to(oauth_applications_url) }
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
describe 'GET #edit' do
@@ -41,6 +59,7 @@ RSpec.describe Oauth::ApplicationsController do
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
describe 'PUT #update' do
@@ -49,6 +68,7 @@ RSpec.describe Oauth::ApplicationsController do
it { is_expected.to redirect_to(oauth_application_url(application)) }
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
describe 'GET #show' do
@@ -57,6 +77,7 @@ RSpec.describe Oauth::ApplicationsController do
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
describe 'GET #index' do
@@ -73,6 +94,7 @@ RSpec.describe Oauth::ApplicationsController do
end
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
describe 'POST #create' do
@@ -112,6 +134,7 @@ RSpec.describe Oauth::ApplicationsController do
end
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
end
@@ -119,6 +142,10 @@ RSpec.describe Oauth::ApplicationsController do
it 'current_user_mode available' do
expect(subject.current_user_mode).not_to be_nil
end
+
+ it 'includes Two-factor enforcement concern' do
+ expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true)
+ end
end
describe 'locale' do
diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb
index 89b74675d28..23d472f6853 100644
--- a/spec/controllers/oauth/authorizations_controller_spec.rb
+++ b/spec/controllers/oauth/authorizations_controller_spec.rb
@@ -3,6 +3,8 @@
require 'spec_helper'
RSpec.describe Oauth::AuthorizationsController do
+ let(:user) { create(:user, confirmed_at: confirmed_at) }
+ let(:confirmed_at) { 1.hour.ago }
let!(:application) { create(:oauth_application, scopes: 'api read_user', redirect_uri: 'http://example.com') }
let(:params) do
{
@@ -17,9 +19,45 @@ RSpec.describe Oauth::AuthorizationsController do
sign_in(user)
end
+ shared_examples 'OAuth Authorizations require confirmed user' do
+ context 'when the user is confirmed' do
+ context 'when there is already an access token for the application with a matching scope' do
+ before do
+ scopes = Doorkeeper::OAuth::Scopes.from_string('api')
+
+ allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes)
+
+ create(:oauth_access_token, application: application, resource_owner_id: user.id, scopes: scopes)
+ end
+
+ it 'authorizes the request and redirects' do
+ subject
+
+ expect(request.session['user_return_to']).to be_nil
+ expect(response).to have_gitlab_http_status(:found)
+ end
+ end
+ end
+
+ context 'when the user is unconfirmed' do
+ let(:confirmed_at) { nil }
+
+ it 'returns 200 and renders error view' do
+ subject
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(response).to render_template('doorkeeper/authorizations/error')
+ end
+ end
+ end
+
describe 'GET #new' do
+ subject { get :new, params: params }
+
+ include_examples 'OAuth Authorizations require confirmed user'
+
context 'when the user is confirmed' do
- let(:user) { create(:user) }
+ let(:confirmed_at) { 1.hour.ago }
context 'without valid params' do
it 'returns 200 code and renders error view' do
@@ -34,7 +72,7 @@ RSpec.describe Oauth::AuthorizationsController do
render_views
it 'returns 200 code and renders view' do
- get :new, params: params
+ subject
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template('doorkeeper/authorizations/new')
@@ -44,42 +82,28 @@ RSpec.describe Oauth::AuthorizationsController do
application.update(trusted: true)
request.session['user_return_to'] = 'http://example.com'
- get :new, params: params
+ subject
expect(request.session['user_return_to']).to be_nil
expect(response).to have_gitlab_http_status(:found)
end
-
- context 'when there is already an access token for the application' do
- context 'when the request scope matches any of the created token scopes' do
- before do
- scopes = Doorkeeper::OAuth::Scopes.from_string('api')
-
- allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes)
-
- create :oauth_access_token, application: application, resource_owner_id: user.id, scopes: scopes
- end
-
- it 'authorizes the request and redirects' do
- get :new, params: params
-
- expect(request.session['user_return_to']).to be_nil
- expect(response).to have_gitlab_http_status(:found)
- end
- end
- end
end
end
+ end
- context 'when the user is unconfirmed' do
- let(:user) { create(:user, confirmed_at: nil) }
+ describe 'POST #create' do
+ subject { post :create, params: params }
- it 'returns 200 and renders error view' do
- get :new, params: params
+ include_examples 'OAuth Authorizations require confirmed user'
+ end
- expect(response).to have_gitlab_http_status(:ok)
- expect(response).to render_template('doorkeeper/authorizations/error')
- end
- end
+ describe 'DELETE #destroy' do
+ subject { delete :destroy, params: params }
+
+ include_examples 'OAuth Authorizations require confirmed user'
+ end
+
+ it 'includes Two-factor enforcement concern' do
+ expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true)
end
end
diff --git a/spec/controllers/oauth/authorized_applications_controller_spec.rb b/spec/controllers/oauth/authorized_applications_controller_spec.rb
index 15b2969a859..cb047e55752 100644
--- a/spec/controllers/oauth/authorized_applications_controller_spec.rb
+++ b/spec/controllers/oauth/authorized_applications_controller_spec.rb
@@ -18,4 +18,24 @@ RSpec.describe Oauth::AuthorizedApplicationsController do
expect(response).to have_gitlab_http_status(:not_found)
end
end
+
+ describe 'DELETE #destroy' do
+ let(:application) { create(:oauth_application) }
+ let!(:grant) { create(:oauth_access_grant, resource_owner_id: user.id, application: application) }
+ let!(:access_token) { create(:oauth_access_token, resource_owner: user, application: application) }
+
+ it 'revokes both access grants and tokens' do
+ expect(grant).not_to be_revoked
+ expect(access_token).not_to be_revoked
+
+ delete :destroy, params: { id: application.id }
+
+ expect(grant.reload).to be_revoked
+ expect(access_token.reload).to be_revoked
+ end
+ end
+
+ it 'includes Two-factor enforcement concern' do
+ expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true)
+ end
end
diff --git a/spec/controllers/oauth/token_info_controller_spec.rb b/spec/controllers/oauth/token_info_controller_spec.rb
index 4658c2702ca..91a986db251 100644
--- a/spec/controllers/oauth/token_info_controller_spec.rb
+++ b/spec/controllers/oauth/token_info_controller_spec.rb
@@ -68,4 +68,8 @@ RSpec.describe Oauth::TokenInfoController do
end
end
end
+
+ it 'includes Two-factor enforcement concern' do
+ expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true)
+ end
end
diff --git a/spec/controllers/oauth/tokens_controller_spec.rb b/spec/controllers/oauth/tokens_controller_spec.rb
new file mode 100644
index 00000000000..389153d138e
--- /dev/null
+++ b/spec/controllers/oauth/tokens_controller_spec.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Oauth::TokensController do
+ it 'includes Two-factor enforcement concern' do
+ expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true)
+ end
+end
diff --git a/spec/features/projects/jobs_spec.rb b/spec/features/projects/jobs_spec.rb
index 62e8997f6cb..fc005dd4718 100644
--- a/spec/features/projects/jobs_spec.rb
+++ b/spec/features/projects/jobs_spec.rb
@@ -551,7 +551,7 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do
it 'shows deployment message' do
expect(page).to have_content 'This job is deployed to production'
- expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}")
+ expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}")
end
context 'when there is a cluster used for the deployment' do
@@ -583,7 +583,7 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do
it 'shows a link for the job' do
expect(page).to have_link environment.name
- expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}")
+ expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}")
end
end
@@ -593,7 +593,7 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do
it 'shows a link to latest deployment' do
expect(page).to have_link environment.name
expect(page).to have_content 'This job is creating a deployment'
- expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}")
+ expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}")
end
end
end
@@ -645,15 +645,15 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do
end
it 'renders a link to the most recent deployment' do
- expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}")
- expect(find('.js-job-deployment-link')['href']).to include(second_deployment.deployable.project.path, second_deployment.deployable_id.to_s)
+ expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}")
+ expect(find('[data-testid="job-deployment-link"]')['href']).to include(second_deployment.deployable.project.path, second_deployment.deployable_id.to_s)
end
context 'when deployment does not have a deployable' do
let!(:second_deployment) { create(:deployment, :success, environment: environment, deployable: nil) }
it 'has an empty href' do
- expect(find('.js-job-deployment-link')['href']).to be_empty
+ expect(find('[data-testid="job-deployment-link"]')['href']).to be_empty
end
end
end
@@ -679,7 +679,7 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do
expected_text = 'This job is creating a deployment to staging'
expect(page).to have_css('.environment-information', text: expected_text)
- expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}")
+ expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}")
end
context 'when it has deployment' do
@@ -690,7 +690,7 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do
expect(page).to have_css('.environment-information', text: expected_text)
expect(page).to have_css('.environment-information', text: 'latest deployment')
- expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}")
+ expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}")
end
end
end
@@ -705,7 +705,7 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do
'.environment-information', text: expected_text)
expect(page).not_to have_css(
'.environment-information', text: 'latest deployment')
- expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}")
+ expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}")
end
end
end
diff --git a/spec/frontend/jobs/components/environments_block_spec.js b/spec/frontend/jobs/components/environments_block_spec.js
index 4f2359e83b6..d90c9137a8f 100644
--- a/spec/frontend/jobs/components/environments_block_spec.js
+++ b/spec/frontend/jobs/components/environments_block_spec.js
@@ -1,14 +1,13 @@
-import Vue from 'vue';
-import component from '~/jobs/components/environments_block.vue';
-import mountComponent from '../../helpers/vue_mount_component_helper';
+import { mount } from '@vue/test-utils';
+import EnvironmentsBlock from '~/jobs/components/environments_block.vue';
const TEST_CLUSTER_NAME = 'test_cluster';
const TEST_CLUSTER_PATH = 'path/to/test_cluster';
const TEST_KUBERNETES_NAMESPACE = 'this-is-a-kubernetes-namespace';
describe('Environments block', () => {
- const Component = Vue.extend(component);
- let vm;
+ let wrapper;
+
const status = {
group: 'success',
icon: 'status_success',
@@ -38,20 +37,23 @@ describe('Environments block', () => {
});
const createComponent = (deploymentStatus = {}, deploymentCluster = {}) => {
- vm = mountComponent(Component, {
- deploymentStatus,
- deploymentCluster,
- iconStatus: status,
+ wrapper = mount(EnvironmentsBlock, {
+ propsData: {
+ deploymentStatus,
+ deploymentCluster,
+ iconStatus: status,
+ },
});
};
- const findText = () => vm.$el.textContent.trim();
- const findJobDeploymentLink = () => vm.$el.querySelector('.js-job-deployment-link');
- const findEnvironmentLink = () => vm.$el.querySelector('.js-environment-link');
- const findClusterLink = () => vm.$el.querySelector('.js-job-cluster-link');
+ const findText = () => wrapper.find(EnvironmentsBlock).text();
+ const findJobDeploymentLink = () => wrapper.find('[data-testid="job-deployment-link"]');
+ const findEnvironmentLink = () => wrapper.find('[data-testid="job-environment-link"]');
+ const findClusterLink = () => wrapper.find('[data-testid="job-cluster-link"]');
afterEach(() => {
- vm.$destroy();
+ wrapper.destroy();
+ wrapper = null;
});
describe('with last deployment', () => {
@@ -61,7 +63,7 @@ describe('Environments block', () => {
environment,
});
- expect(findText()).toEqual('This job is deployed to environment.');
+ expect(findText()).toBe('This job is deployed to environment.');
});
describe('when there is a cluster', () => {
@@ -74,7 +76,7 @@ describe('Environments block', () => {
createDeploymentWithCluster(),
);
- expect(findText()).toEqual(
+ expect(findText()).toBe(
`This job is deployed to environment using cluster ${TEST_CLUSTER_NAME}.`,
);
});
@@ -89,7 +91,7 @@ describe('Environments block', () => {
createDeploymentWithClusterAndKubernetesNamespace(),
);
- expect(findText()).toEqual(
+ expect(findText()).toBe(
`This job is deployed to environment using cluster ${TEST_CLUSTER_NAME} and namespace ${TEST_KUBERNETES_NAMESPACE}.`,
);
});
@@ -105,11 +107,11 @@ describe('Environments block', () => {
environment: createEnvironmentWithLastDeployment(),
});
- expect(findText()).toEqual(
+ expect(findText()).toBe(
'This job is an out-of-date deployment to environment. View the most recent deployment.',
);
- expect(findJobDeploymentLink().getAttribute('href')).toEqual('bar');
+ expect(findJobDeploymentLink().attributes('href')).toBe('bar');
});
describe('when there is a cluster', () => {
@@ -122,7 +124,7 @@ describe('Environments block', () => {
createDeploymentWithCluster(),
);
- expect(findText()).toEqual(
+ expect(findText()).toBe(
`This job is an out-of-date deployment to environment using cluster ${TEST_CLUSTER_NAME}. View the most recent deployment.`,
);
});
@@ -137,7 +139,7 @@ describe('Environments block', () => {
createDeploymentWithClusterAndKubernetesNamespace(),
);
- expect(findText()).toEqual(
+ expect(findText()).toBe(
`This job is an out-of-date deployment to environment using cluster ${TEST_CLUSTER_NAME} and namespace ${TEST_KUBERNETES_NAMESPACE}. View the most recent deployment.`,
);
});
@@ -152,7 +154,7 @@ describe('Environments block', () => {
environment,
});
- expect(findText()).toEqual('This job is an out-of-date deployment to environment.');
+ expect(findText()).toBe('This job is an out-of-date deployment to environment.');
});
});
});
@@ -164,7 +166,7 @@ describe('Environments block', () => {
environment,
});
- expect(findText()).toEqual('The deployment of this job to environment did not succeed.');
+ expect(findText()).toBe('The deployment of this job to environment did not succeed.');
});
});
@@ -176,13 +178,15 @@ describe('Environments block', () => {
environment: createEnvironmentWithLastDeployment(),
});
- expect(findText()).toEqual(
+ expect(findText()).toBe(
'This job is creating a deployment to environment. This will overwrite the latest deployment.',
);
- expect(findJobDeploymentLink().getAttribute('href')).toEqual('bar');
- expect(findEnvironmentLink().getAttribute('href')).toEqual(environment.environment_path);
- expect(findClusterLink()).toBeNull();
+ expect(findEnvironmentLink().attributes('href')).toBe(environment.environment_path);
+
+ expect(findJobDeploymentLink().attributes('href')).toBe('bar');
+
+ expect(findClusterLink().exists()).toBe(false);
});
});
@@ -193,7 +197,7 @@ describe('Environments block', () => {
environment,
});
- expect(findText()).toEqual('This job is creating a deployment to environment.');
+ expect(findText()).toBe('This job is creating a deployment to environment.');
});
describe('when there is a cluster', () => {
@@ -206,7 +210,7 @@ describe('Environments block', () => {
createDeploymentWithCluster(),
);
- expect(findText()).toEqual(
+ expect(findText()).toBe(
`This job is creating a deployment to environment using cluster ${TEST_CLUSTER_NAME}.`,
);
});
@@ -220,7 +224,7 @@ describe('Environments block', () => {
environment: null,
});
- expect(findEnvironmentLink()).toBeNull();
+ expect(findEnvironmentLink().exists()).toBe(false);
});
});
});
@@ -235,11 +239,11 @@ describe('Environments block', () => {
createDeploymentWithCluster(),
);
- expect(findText()).toEqual(
+ expect(findText()).toBe(
`This job is deployed to environment using cluster ${TEST_CLUSTER_NAME}.`,
);
- expect(findClusterLink().getAttribute('href')).toEqual(TEST_CLUSTER_PATH);
+ expect(findClusterLink().attributes('href')).toBe(TEST_CLUSTER_PATH);
});
describe('when the cluster is missing the path', () => {
@@ -254,7 +258,7 @@ describe('Environments block', () => {
expect(findText()).toContain('using cluster the-cluster.');
- expect(findClusterLink()).toBeNull();
+ expect(findClusterLink().exists()).toBe(false);
});
});
});
diff --git a/spec/helpers/issuables_helper_spec.rb b/spec/helpers/issuables_helper_spec.rb
index 4c93a8387a9..a3945b5bd8a 100644
--- a/spec/helpers/issuables_helper_spec.rb
+++ b/spec/helpers/issuables_helper_spec.rb
@@ -327,4 +327,12 @@ RSpec.describe IssuablesHelper do
end
end
end
+
+ describe '#sidebar_milestone_tooltip_label' do
+ it 'escapes HTML in the milestone title' do
+ milestone = build(:milestone, title: '&lt;img onerror=alert(1)&gt;')
+
+ expect(helper.sidebar_milestone_tooltip_label(milestone)).to eq('&lt;img onerror=alert(1)&gt;<br/>Milestone')
+ end
+ end
end
diff --git a/spec/lib/banzai/filter/issue_reference_filter_spec.rb b/spec/lib/banzai/filter/issue_reference_filter_spec.rb
index 98955d5cde9..0ad058675fe 100644
--- a/spec/lib/banzai/filter/issue_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/issue_reference_filter_spec.rb
@@ -75,6 +75,12 @@ RSpec.describe Banzai::Filter::IssueReferenceFilter do
expect(doc.text).to eq "Issue #{reference}"
end
+ it 'renders non-HTML tooltips' do
+ doc = reference_filter("Issue #{reference}")
+
+ expect(doc.at_css('a')).not_to have_attribute('data-html')
+ end
+
it 'includes default classes' do
doc = reference_filter("Issue #{reference}")
expect(doc.css('a').first.attr('class')).to eq 'gfm gfm-issue has-tooltip'
diff --git a/spec/lib/gitlab/checks/branch_check_spec.rb b/spec/lib/gitlab/checks/branch_check_spec.rb
index 92452727017..822bdc8389d 100644
--- a/spec/lib/gitlab/checks/branch_check_spec.rb
+++ b/spec/lib/gitlab/checks/branch_check_spec.rb
@@ -19,6 +19,29 @@ RSpec.describe Gitlab::Checks::BranchCheck do
end
end
+ context "prohibited branches check" do
+ it "prohibits 40-character hexadecimal branch names" do
+ allow(subject).to receive(:branch_name).and_return("267208abfe40e546f5e847444276f7d43a39503e")
+
+ expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "You cannot create a branch with a 40-character hexadecimal branch name.")
+ end
+
+ it "doesn't prohibit a nested hexadecimal in a branch name" do
+ allow(subject).to receive(:branch_name).and_return("fix-267208abfe40e546f5e847444276f7d43a39503e")
+
+ expect { subject.validate! }.not_to raise_error
+ end
+
+ context "the feature flag is disabled" do
+ it "doesn't prohibit a 40-character hexadecimal branch name" do
+ stub_feature_flags(prohibit_hexadecimal_branch_names: false)
+ allow(subject).to receive(:branch_name).and_return("267208abfe40e546f5e847444276f7d43a39503e")
+
+ expect { subject.validate! }.not_to raise_error
+ end
+ end
+ end
+
context 'protected branches check' do
before do
allow(ProtectedBranch).to receive(:protected?).with(project, 'master').and_return(true)
diff --git a/spec/mailers/notify_spec.rb b/spec/mailers/notify_spec.rb
index e56cd488a52..9dde80f58d5 100644
--- a/spec/mailers/notify_spec.rb
+++ b/spec/mailers/notify_spec.rb
@@ -45,6 +45,21 @@ RSpec.describe Notify do
end
end
+ shared_examples 'it requires a group' do
+ context 'when given an deleted group' do
+ before do
+ # destroy group and group member
+ group_member.destroy!
+ group.destroy!
+ end
+
+ it 'returns NullMail type message' do
+ expect(Gitlab::AppLogger).to receive(:info)
+ expect(subject.message).to be_a(ActionMailer::Base::NullMail)
+ end
+ end
+ end
+
context 'for a project' do
shared_examples 'an assignee email' do
let(:recipient) { assignee }
@@ -1388,6 +1403,7 @@ RSpec.describe Notify do
it_behaves_like "a user cannot unsubscribe through footer link"
it_behaves_like 'appearance header and footer enabled'
it_behaves_like 'appearance header and footer not enabled'
+ it_behaves_like 'it requires a group'
it 'contains all the useful information' do
is_expected.to have_subject "Access to the #{group.name} group was granted"
@@ -1422,6 +1438,7 @@ RSpec.describe Notify do
it_behaves_like "a user cannot unsubscribe through footer link"
it_behaves_like 'appearance header and footer enabled'
it_behaves_like 'appearance header and footer not enabled'
+ it_behaves_like 'it requires a group'
it 'contains all the useful information' do
is_expected.to have_subject "Invitation to join the #{group.name} group"
@@ -1448,6 +1465,7 @@ RSpec.describe Notify do
it_behaves_like "a user cannot unsubscribe through footer link"
it_behaves_like 'appearance header and footer enabled'
it_behaves_like 'appearance header and footer not enabled'
+ it_behaves_like 'it requires a group'
it 'contains all the useful information' do
is_expected.to have_subject 'Invitation accepted'
diff --git a/spec/services/authorized_project_update/project_group_link_create_service_spec.rb b/spec/services/authorized_project_update/project_group_link_create_service_spec.rb
index d30d9f1e766..961322a1a21 100644
--- a/spec/services/authorized_project_update/project_group_link_create_service_spec.rb
+++ b/spec/services/authorized_project_update/project_group_link_create_service_spec.rb
@@ -13,8 +13,9 @@ RSpec.describe AuthorizedProjectUpdate::ProjectGroupLinkCreateService do
let_it_be(:project) { create(:project, :private, group: create(:group, :private)) }
let(:access_level) { Gitlab::Access::MAINTAINER }
+ let(:group_access) { nil }
- subject(:service) { described_class.new(project, group) }
+ subject(:service) { described_class.new(project, group, group_access) }
describe '#perform' do
context 'direct group members' do
@@ -54,6 +55,26 @@ RSpec.describe AuthorizedProjectUpdate::ProjectGroupLinkCreateService do
end
end
+ context 'with group_access' do
+ let(:group_access) { Gitlab::Access::REPORTER }
+
+ before do
+ create(:group_member, access_level: access_level, group: group_parent, user: parent_group_user)
+ ProjectAuthorization.delete_all
+ end
+
+ it 'creates project authorization' do
+ expect { service.execute }.to(
+ change { ProjectAuthorization.count }.from(0).to(1))
+
+ project_authorization = ProjectAuthorization.where(
+ project_id: project.id,
+ user_id: parent_group_user.id,
+ access_level: group_access)
+ expect(project_authorization).to exist
+ end
+ end
+
context 'membership overrides' do
before do
create(:group_member, access_level: Gitlab::Access::REPORTER, group: group_parent, user: group_user)
diff --git a/spec/services/groups/transfer_service_spec.rb b/spec/services/groups/transfer_service_spec.rb
index fa254bba6a9..c87fc7d941e 100644
--- a/spec/services/groups/transfer_service_spec.rb
+++ b/spec/services/groups/transfer_service_spec.rb
@@ -346,44 +346,117 @@ RSpec.describe Groups::TransferService do
end
context 'when transferring a group with nested groups and projects' do
- let!(:group) { create(:group, :public) }
+ let(:subgroup1) { create(:group, :private, parent: group) }
let!(:project1) { create(:project, :repository, :private, namespace: group) }
- let!(:subgroup1) { create(:group, :private, parent: group) }
let!(:nested_subgroup) { create(:group, :private, parent: subgroup1) }
let!(:nested_project) { create(:project, :repository, :private, namespace: subgroup1) }
before do
TestEnv.clean_test_path
create(:group_member, :owner, group: new_parent_group, user: user)
- transfer_service.execute(new_parent_group)
end
- it 'updates subgroups path' do
- new_base_path = "#{new_parent_group.path}/#{group.path}"
- group.children.each do |children|
- expect(children.full_path).to eq("#{new_base_path}/#{children.path}")
+ context 'updated paths' do
+ let(:group) { create(:group, :public) }
+
+ before do
+ transfer_service.execute(new_parent_group)
end
- new_base_path = "#{new_parent_group.path}/#{group.path}/#{subgroup1.path}"
- subgroup1.children.each do |children|
- expect(children.full_path).to eq("#{new_base_path}/#{children.path}")
+ it 'updates subgroups path' do
+ new_base_path = "#{new_parent_group.path}/#{group.path}"
+ group.children.each do |children|
+ expect(children.full_path).to eq("#{new_base_path}/#{children.path}")
+ end
+
+ new_base_path = "#{new_parent_group.path}/#{group.path}/#{subgroup1.path}"
+ subgroup1.children.each do |children|
+ expect(children.full_path).to eq("#{new_base_path}/#{children.path}")
+ end
end
- end
- it 'updates projects path' do
- new_parent_path = "#{new_parent_group.path}/#{group.path}"
- subgroup1.projects.each do |project|
- project_full_path = "#{new_parent_path}/#{project.namespace.path}/#{project.name}"
- expect(project.full_path).to eq(project_full_path)
+ it 'updates projects path' do
+ new_parent_path = "#{new_parent_group.path}/#{group.path}"
+ subgroup1.projects.each do |project|
+ project_full_path = "#{new_parent_path}/#{project.namespace.path}/#{project.name}"
+ expect(project.full_path).to eq(project_full_path)
+ end
+ end
+
+ it 'creates redirect for the subgroups and projects' do
+ expect(group.redirect_routes.count).to eq(1)
+ expect(project1.redirect_routes.count).to eq(1)
+ expect(subgroup1.redirect_routes.count).to eq(1)
+ expect(nested_subgroup.redirect_routes.count).to eq(1)
+ expect(nested_project.redirect_routes.count).to eq(1)
end
end
- it 'creates redirect for the subgroups and projects' do
- expect(group.redirect_routes.count).to eq(1)
- expect(project1.redirect_routes.count).to eq(1)
- expect(subgroup1.redirect_routes.count).to eq(1)
- expect(nested_subgroup.redirect_routes.count).to eq(1)
- expect(nested_project.redirect_routes.count).to eq(1)
+ context 'resets project authorizations' do
+ let(:old_parent_group) { create(:group) }
+ let(:group) { create(:group, :private, parent: old_parent_group) }
+ let(:new_group_member) { create(:user) }
+ let(:old_group_member) { create(:user) }
+
+ before do
+ new_parent_group.add_maintainer(new_group_member)
+ old_parent_group.add_maintainer(old_group_member)
+ group.refresh_members_authorized_projects
+ end
+
+ it 'removes old project authorizations' do
+ expect { transfer_service.execute(new_parent_group) }.to change {
+ ProjectAuthorization.where(project_id: project1.id, user_id: old_group_member.id).size
+ }.from(1).to(0)
+ end
+
+ it 'adds new project authorizations' do
+ expect { transfer_service.execute(new_parent_group) }.to change {
+ ProjectAuthorization.where(project_id: project1.id, user_id: new_group_member.id).size
+ }.from(0).to(1)
+ end
+
+ it 'performs authorizations job immediately' do
+ expect(AuthorizedProjectsWorker).to receive(:bulk_perform_inline)
+
+ transfer_service.execute(new_parent_group)
+ end
+
+ context 'for nested projects' do
+ it 'removes old project authorizations' do
+ expect { transfer_service.execute(new_parent_group) }.to change {
+ ProjectAuthorization.where(project_id: nested_project.id, user_id: old_group_member.id).size
+ }.from(1).to(0)
+ end
+
+ it 'adds new project authorizations' do
+ expect { transfer_service.execute(new_parent_group) }.to change {
+ ProjectAuthorization.where(project_id: nested_project.id, user_id: new_group_member.id).size
+ }.from(0).to(1)
+ end
+ end
+
+ context 'for groups with many members' do
+ before do
+ 11.times do
+ new_parent_group.add_maintainer(create(:user))
+ end
+ end
+
+ it 'adds new project authorizations for the user which makes a transfer' do
+ transfer_service.execute(new_parent_group)
+
+ expect(ProjectAuthorization.where(project_id: project1.id, user_id: user.id).size).to eq(1)
+ expect(ProjectAuthorization.where(project_id: nested_project.id, user_id: user.id).size).to eq(1)
+ end
+
+ it 'schedules authorizations job' do
+ expect(AuthorizedProjectsWorker).to receive(:bulk_perform_async)
+ .with(array_including(new_parent_group.members_with_parents.pluck(:user_id).map {|id| [id, anything] }))
+
+ transfer_service.execute(new_parent_group)
+ end
+ end
end
end
diff --git a/spec/services/projects/group_links/create_service_spec.rb b/spec/services/projects/group_links/create_service_spec.rb
index 6468e3007c2..c249a51fc56 100644
--- a/spec/services/projects/group_links/create_service_spec.rb
+++ b/spec/services/projects/group_links/create_service_spec.rb
@@ -6,9 +6,10 @@ RSpec.describe Projects::GroupLinks::CreateService, '#execute' do
let_it_be(:user) { create :user }
let_it_be(:group) { create :group }
let_it_be(:project) { create :project }
+ let(:group_access) { Gitlab::Access::DEVELOPER }
let(:opts) do
{
- link_group_access: '30',
+ link_group_access: group_access,
expires_at: nil
}
end
@@ -49,7 +50,9 @@ RSpec.describe Projects::GroupLinks::CreateService, '#execute' do
receive(:bulk_perform_async)
)
expect(AuthorizedProjectUpdate::ProjectGroupLinkCreateWorker).to(
- receive(:perform_async).and_call_original
+ receive(:perform_async)
+ .with(project.id, group.id, group_access)
+ .and_call_original
)
expect(AuthorizedProjectUpdate::UserRefreshWithLowUrgencyWorker).to(
receive(:bulk_perform_in)