diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-05 18:17:15 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-05 18:17:15 +0000 |
commit | c50e74805286654a64db1602b0808c651e69a30f (patch) | |
tree | 85ff22025a8260d2888befa58c5e9c4d882532dc /spec | |
parent | 7a2ee1f687fab888657ad8a17e33d4e9356008de (diff) | |
download | gitlab-ce-c50e74805286654a64db1602b0808c651e69a30f.tar.gz |
Add latest changes from gitlab-org/gitlab@13-1-stable-ee
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/oauth/applications_controller_spec.rb | 27 | ||||
-rw-r--r-- | spec/controllers/oauth/authorizations_controller_spec.rb | 84 | ||||
-rw-r--r-- | spec/controllers/oauth/authorized_applications_controller_spec.rb | 20 | ||||
-rw-r--r-- | spec/controllers/oauth/token_info_controller_spec.rb | 4 | ||||
-rw-r--r-- | spec/controllers/oauth/tokens_controller_spec.rb | 9 | ||||
-rw-r--r-- | spec/features/projects/jobs_spec.rb | 18 | ||||
-rw-r--r-- | spec/frontend/jobs/components/environments_block_spec.js | 70 | ||||
-rw-r--r-- | spec/helpers/issuables_helper_spec.rb | 8 | ||||
-rw-r--r-- | spec/lib/banzai/filter/issue_reference_filter_spec.rb | 6 | ||||
-rw-r--r-- | spec/lib/gitlab/checks/branch_check_spec.rb | 23 | ||||
-rw-r--r-- | spec/lib/gitlab/import_export/decompressed_archive_size_validator_spec.rb | 58 | ||||
-rw-r--r-- | spec/lib/gitlab/import_export/file_importer_spec.rb | 39 | ||||
-rw-r--r-- | spec/mailers/notify_spec.rb | 18 | ||||
-rw-r--r-- | spec/services/groups/transfer_service_spec.rb | 117 |
14 files changed, 407 insertions, 94 deletions
diff --git a/spec/controllers/oauth/applications_controller_spec.rb b/spec/controllers/oauth/applications_controller_spec.rb index f20204b6718..33349037260 100644 --- a/spec/controllers/oauth/applications_controller_spec.rb +++ b/spec/controllers/oauth/applications_controller_spec.rb @@ -19,12 +19,29 @@ RSpec.describe Oauth::ApplicationsController do it { is_expected.to redirect_to(new_user_session_path) } end + shared_examples 'redirects to 2fa setup page when the user requires it' do + context 'when 2fa is set up on application level' do + before do + stub_application_setting(require_two_factor_authentication: true) + end + + it { is_expected.to redirect_to(profile_two_factor_auth_path) } + end + + context 'when 2fa is set up on group level' do + let(:user) { create(:user, require_two_factor_authentication_from_group: true) } + + it { is_expected.to redirect_to(profile_two_factor_auth_path) } + end + end + describe 'GET #new' do subject { get :new } it { is_expected.to have_gitlab_http_status(:ok) } it_behaves_like 'redirects to login page when the user is not signed in' + it_behaves_like 'redirects to 2fa setup page when the user requires it' end describe 'DELETE #destroy' do @@ -33,6 +50,7 @@ RSpec.describe Oauth::ApplicationsController do it { is_expected.to redirect_to(oauth_applications_url) } it_behaves_like 'redirects to login page when the user is not signed in' + it_behaves_like 'redirects to 2fa setup page when the user requires it' end describe 'GET #edit' do @@ -41,6 +59,7 @@ RSpec.describe Oauth::ApplicationsController do it { is_expected.to have_gitlab_http_status(:ok) } it_behaves_like 'redirects to login page when the user is not signed in' + it_behaves_like 'redirects to 2fa setup page when the user requires it' end describe 'PUT #update' do @@ -49,6 +68,7 @@ RSpec.describe Oauth::ApplicationsController do it { is_expected.to redirect_to(oauth_application_url(application)) } it_behaves_like 'redirects to login page when the user is not signed in' + it_behaves_like 'redirects to 2fa setup page when the user requires it' end describe 'GET #show' do @@ -57,6 +77,7 @@ RSpec.describe Oauth::ApplicationsController do it { is_expected.to have_gitlab_http_status(:ok) } it_behaves_like 'redirects to login page when the user is not signed in' + it_behaves_like 'redirects to 2fa setup page when the user requires it' end describe 'GET #index' do @@ -73,6 +94,7 @@ RSpec.describe Oauth::ApplicationsController do end it_behaves_like 'redirects to login page when the user is not signed in' + it_behaves_like 'redirects to 2fa setup page when the user requires it' end describe 'POST #create' do @@ -112,6 +134,7 @@ RSpec.describe Oauth::ApplicationsController do end it_behaves_like 'redirects to login page when the user is not signed in' + it_behaves_like 'redirects to 2fa setup page when the user requires it' end end @@ -119,6 +142,10 @@ RSpec.describe Oauth::ApplicationsController do it 'current_user_mode available' do expect(subject.current_user_mode).not_to be_nil end + + it 'includes Two-factor enforcement concern' do + expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true) + end end def disable_user_oauth diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb index 89b74675d28..23d472f6853 100644 --- a/spec/controllers/oauth/authorizations_controller_spec.rb +++ b/spec/controllers/oauth/authorizations_controller_spec.rb @@ -3,6 +3,8 @@ require 'spec_helper' RSpec.describe Oauth::AuthorizationsController do + let(:user) { create(:user, confirmed_at: confirmed_at) } + let(:confirmed_at) { 1.hour.ago } let!(:application) { create(:oauth_application, scopes: 'api read_user', redirect_uri: 'http://example.com') } let(:params) do { @@ -17,9 +19,45 @@ RSpec.describe Oauth::AuthorizationsController do sign_in(user) end + shared_examples 'OAuth Authorizations require confirmed user' do + context 'when the user is confirmed' do + context 'when there is already an access token for the application with a matching scope' do + before do + scopes = Doorkeeper::OAuth::Scopes.from_string('api') + + allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes) + + create(:oauth_access_token, application: application, resource_owner_id: user.id, scopes: scopes) + end + + it 'authorizes the request and redirects' do + subject + + expect(request.session['user_return_to']).to be_nil + expect(response).to have_gitlab_http_status(:found) + end + end + end + + context 'when the user is unconfirmed' do + let(:confirmed_at) { nil } + + it 'returns 200 and renders error view' do + subject + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('doorkeeper/authorizations/error') + end + end + end + describe 'GET #new' do + subject { get :new, params: params } + + include_examples 'OAuth Authorizations require confirmed user' + context 'when the user is confirmed' do - let(:user) { create(:user) } + let(:confirmed_at) { 1.hour.ago } context 'without valid params' do it 'returns 200 code and renders error view' do @@ -34,7 +72,7 @@ RSpec.describe Oauth::AuthorizationsController do render_views it 'returns 200 code and renders view' do - get :new, params: params + subject expect(response).to have_gitlab_http_status(:ok) expect(response).to render_template('doorkeeper/authorizations/new') @@ -44,42 +82,28 @@ RSpec.describe Oauth::AuthorizationsController do application.update(trusted: true) request.session['user_return_to'] = 'http://example.com' - get :new, params: params + subject expect(request.session['user_return_to']).to be_nil expect(response).to have_gitlab_http_status(:found) end - - context 'when there is already an access token for the application' do - context 'when the request scope matches any of the created token scopes' do - before do - scopes = Doorkeeper::OAuth::Scopes.from_string('api') - - allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes) - - create :oauth_access_token, application: application, resource_owner_id: user.id, scopes: scopes - end - - it 'authorizes the request and redirects' do - get :new, params: params - - expect(request.session['user_return_to']).to be_nil - expect(response).to have_gitlab_http_status(:found) - end - end - end end end + end - context 'when the user is unconfirmed' do - let(:user) { create(:user, confirmed_at: nil) } + describe 'POST #create' do + subject { post :create, params: params } - it 'returns 200 and renders error view' do - get :new, params: params + include_examples 'OAuth Authorizations require confirmed user' + end - expect(response).to have_gitlab_http_status(:ok) - expect(response).to render_template('doorkeeper/authorizations/error') - end - end + describe 'DELETE #destroy' do + subject { delete :destroy, params: params } + + include_examples 'OAuth Authorizations require confirmed user' + end + + it 'includes Two-factor enforcement concern' do + expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true) end end diff --git a/spec/controllers/oauth/authorized_applications_controller_spec.rb b/spec/controllers/oauth/authorized_applications_controller_spec.rb index 15b2969a859..cb047e55752 100644 --- a/spec/controllers/oauth/authorized_applications_controller_spec.rb +++ b/spec/controllers/oauth/authorized_applications_controller_spec.rb @@ -18,4 +18,24 @@ RSpec.describe Oauth::AuthorizedApplicationsController do expect(response).to have_gitlab_http_status(:not_found) end end + + describe 'DELETE #destroy' do + let(:application) { create(:oauth_application) } + let!(:grant) { create(:oauth_access_grant, resource_owner_id: user.id, application: application) } + let!(:access_token) { create(:oauth_access_token, resource_owner: user, application: application) } + + it 'revokes both access grants and tokens' do + expect(grant).not_to be_revoked + expect(access_token).not_to be_revoked + + delete :destroy, params: { id: application.id } + + expect(grant.reload).to be_revoked + expect(access_token.reload).to be_revoked + end + end + + it 'includes Two-factor enforcement concern' do + expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true) + end end diff --git a/spec/controllers/oauth/token_info_controller_spec.rb b/spec/controllers/oauth/token_info_controller_spec.rb index 4658c2702ca..91a986db251 100644 --- a/spec/controllers/oauth/token_info_controller_spec.rb +++ b/spec/controllers/oauth/token_info_controller_spec.rb @@ -68,4 +68,8 @@ RSpec.describe Oauth::TokenInfoController do end end end + + it 'includes Two-factor enforcement concern' do + expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true) + end end diff --git a/spec/controllers/oauth/tokens_controller_spec.rb b/spec/controllers/oauth/tokens_controller_spec.rb new file mode 100644 index 00000000000..389153d138e --- /dev/null +++ b/spec/controllers/oauth/tokens_controller_spec.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Oauth::TokensController do + it 'includes Two-factor enforcement concern' do + expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true) + end +end diff --git a/spec/features/projects/jobs_spec.rb b/spec/features/projects/jobs_spec.rb index e78e8989575..f059e124653 100644 --- a/spec/features/projects/jobs_spec.rb +++ b/spec/features/projects/jobs_spec.rb @@ -551,7 +551,7 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do it 'shows deployment message' do expect(page).to have_content 'This job is deployed to production' - expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}") + expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}") end context 'when there is a cluster used for the deployment' do @@ -583,7 +583,7 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do it 'shows a link for the job' do expect(page).to have_link environment.name - expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}") + expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}") end end @@ -593,7 +593,7 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do it 'shows a link to latest deployment' do expect(page).to have_link environment.name expect(page).to have_content 'This job is creating a deployment' - expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}") + expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}") end end end @@ -645,15 +645,15 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do end it 'renders a link to the most recent deployment' do - expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}") - expect(find('.js-job-deployment-link')['href']).to include(second_deployment.deployable.project.path, second_deployment.deployable_id.to_s) + expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}") + expect(find('[data-testid="job-deployment-link"]')['href']).to include(second_deployment.deployable.project.path, second_deployment.deployable_id.to_s) end context 'when deployment does not have a deployable' do let!(:second_deployment) { create(:deployment, :success, environment: environment, deployable: nil) } it 'has an empty href' do - expect(find('.js-job-deployment-link')['href']).to be_empty + expect(find('[data-testid="job-deployment-link"]')['href']).to be_empty end end end @@ -679,7 +679,7 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do expected_text = 'This job is creating a deployment to staging' expect(page).to have_css('.environment-information', text: expected_text) - expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}") + expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}") end context 'when it has deployment' do @@ -690,7 +690,7 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do expect(page).to have_css('.environment-information', text: expected_text) expect(page).to have_css('.environment-information', text: 'latest deployment') - expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}") + expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}") end end end @@ -705,7 +705,7 @@ RSpec.describe 'Jobs', :clean_gitlab_redis_shared_state do '.environment-information', text: expected_text) expect(page).not_to have_css( '.environment-information', text: 'latest deployment') - expect(find('.js-environment-link')['href']).to match("environments/#{environment.id}") + expect(find('[data-testid="job-environment-link"]')['href']).to match("environments/#{environment.id}") end end end diff --git a/spec/frontend/jobs/components/environments_block_spec.js b/spec/frontend/jobs/components/environments_block_spec.js index 4f2359e83b6..d90c9137a8f 100644 --- a/spec/frontend/jobs/components/environments_block_spec.js +++ b/spec/frontend/jobs/components/environments_block_spec.js @@ -1,14 +1,13 @@ -import Vue from 'vue'; -import component from '~/jobs/components/environments_block.vue'; -import mountComponent from '../../helpers/vue_mount_component_helper'; +import { mount } from '@vue/test-utils'; +import EnvironmentsBlock from '~/jobs/components/environments_block.vue'; const TEST_CLUSTER_NAME = 'test_cluster'; const TEST_CLUSTER_PATH = 'path/to/test_cluster'; const TEST_KUBERNETES_NAMESPACE = 'this-is-a-kubernetes-namespace'; describe('Environments block', () => { - const Component = Vue.extend(component); - let vm; + let wrapper; + const status = { group: 'success', icon: 'status_success', @@ -38,20 +37,23 @@ describe('Environments block', () => { }); const createComponent = (deploymentStatus = {}, deploymentCluster = {}) => { - vm = mountComponent(Component, { - deploymentStatus, - deploymentCluster, - iconStatus: status, + wrapper = mount(EnvironmentsBlock, { + propsData: { + deploymentStatus, + deploymentCluster, + iconStatus: status, + }, }); }; - const findText = () => vm.$el.textContent.trim(); - const findJobDeploymentLink = () => vm.$el.querySelector('.js-job-deployment-link'); - const findEnvironmentLink = () => vm.$el.querySelector('.js-environment-link'); - const findClusterLink = () => vm.$el.querySelector('.js-job-cluster-link'); + const findText = () => wrapper.find(EnvironmentsBlock).text(); + const findJobDeploymentLink = () => wrapper.find('[data-testid="job-deployment-link"]'); + const findEnvironmentLink = () => wrapper.find('[data-testid="job-environment-link"]'); + const findClusterLink = () => wrapper.find('[data-testid="job-cluster-link"]'); afterEach(() => { - vm.$destroy(); + wrapper.destroy(); + wrapper = null; }); describe('with last deployment', () => { @@ -61,7 +63,7 @@ describe('Environments block', () => { environment, }); - expect(findText()).toEqual('This job is deployed to environment.'); + expect(findText()).toBe('This job is deployed to environment.'); }); describe('when there is a cluster', () => { @@ -74,7 +76,7 @@ describe('Environments block', () => { createDeploymentWithCluster(), ); - expect(findText()).toEqual( + expect(findText()).toBe( `This job is deployed to environment using cluster ${TEST_CLUSTER_NAME}.`, ); }); @@ -89,7 +91,7 @@ describe('Environments block', () => { createDeploymentWithClusterAndKubernetesNamespace(), ); - expect(findText()).toEqual( + expect(findText()).toBe( `This job is deployed to environment using cluster ${TEST_CLUSTER_NAME} and namespace ${TEST_KUBERNETES_NAMESPACE}.`, ); }); @@ -105,11 +107,11 @@ describe('Environments block', () => { environment: createEnvironmentWithLastDeployment(), }); - expect(findText()).toEqual( + expect(findText()).toBe( 'This job is an out-of-date deployment to environment. View the most recent deployment.', ); - expect(findJobDeploymentLink().getAttribute('href')).toEqual('bar'); + expect(findJobDeploymentLink().attributes('href')).toBe('bar'); }); describe('when there is a cluster', () => { @@ -122,7 +124,7 @@ describe('Environments block', () => { createDeploymentWithCluster(), ); - expect(findText()).toEqual( + expect(findText()).toBe( `This job is an out-of-date deployment to environment using cluster ${TEST_CLUSTER_NAME}. View the most recent deployment.`, ); }); @@ -137,7 +139,7 @@ describe('Environments block', () => { createDeploymentWithClusterAndKubernetesNamespace(), ); - expect(findText()).toEqual( + expect(findText()).toBe( `This job is an out-of-date deployment to environment using cluster ${TEST_CLUSTER_NAME} and namespace ${TEST_KUBERNETES_NAMESPACE}. View the most recent deployment.`, ); }); @@ -152,7 +154,7 @@ describe('Environments block', () => { environment, }); - expect(findText()).toEqual('This job is an out-of-date deployment to environment.'); + expect(findText()).toBe('This job is an out-of-date deployment to environment.'); }); }); }); @@ -164,7 +166,7 @@ describe('Environments block', () => { environment, }); - expect(findText()).toEqual('The deployment of this job to environment did not succeed.'); + expect(findText()).toBe('The deployment of this job to environment did not succeed.'); }); }); @@ -176,13 +178,15 @@ describe('Environments block', () => { environment: createEnvironmentWithLastDeployment(), }); - expect(findText()).toEqual( + expect(findText()).toBe( 'This job is creating a deployment to environment. This will overwrite the latest deployment.', ); - expect(findJobDeploymentLink().getAttribute('href')).toEqual('bar'); - expect(findEnvironmentLink().getAttribute('href')).toEqual(environment.environment_path); - expect(findClusterLink()).toBeNull(); + expect(findEnvironmentLink().attributes('href')).toBe(environment.environment_path); + + expect(findJobDeploymentLink().attributes('href')).toBe('bar'); + + expect(findClusterLink().exists()).toBe(false); }); }); @@ -193,7 +197,7 @@ describe('Environments block', () => { environment, }); - expect(findText()).toEqual('This job is creating a deployment to environment.'); + expect(findText()).toBe('This job is creating a deployment to environment.'); }); describe('when there is a cluster', () => { @@ -206,7 +210,7 @@ describe('Environments block', () => { createDeploymentWithCluster(), ); - expect(findText()).toEqual( + expect(findText()).toBe( `This job is creating a deployment to environment using cluster ${TEST_CLUSTER_NAME}.`, ); }); @@ -220,7 +224,7 @@ describe('Environments block', () => { environment: null, }); - expect(findEnvironmentLink()).toBeNull(); + expect(findEnvironmentLink().exists()).toBe(false); }); }); }); @@ -235,11 +239,11 @@ describe('Environments block', () => { createDeploymentWithCluster(), ); - expect(findText()).toEqual( + expect(findText()).toBe( `This job is deployed to environment using cluster ${TEST_CLUSTER_NAME}.`, ); - expect(findClusterLink().getAttribute('href')).toEqual(TEST_CLUSTER_PATH); + expect(findClusterLink().attributes('href')).toBe(TEST_CLUSTER_PATH); }); describe('when the cluster is missing the path', () => { @@ -254,7 +258,7 @@ describe('Environments block', () => { expect(findText()).toContain('using cluster the-cluster.'); - expect(findClusterLink()).toBeNull(); + expect(findClusterLink().exists()).toBe(false); }); }); }); diff --git a/spec/helpers/issuables_helper_spec.rb b/spec/helpers/issuables_helper_spec.rb index 38ad11846d2..d592caf2505 100644 --- a/spec/helpers/issuables_helper_spec.rb +++ b/spec/helpers/issuables_helper_spec.rb @@ -303,4 +303,12 @@ describe IssuablesHelper do end end end + + describe '#sidebar_milestone_tooltip_label' do + it 'escapes HTML in the milestone title' do + milestone = build(:milestone, title: '<img onerror=alert(1)>') + + expect(helper.sidebar_milestone_tooltip_label(milestone)).to eq('<img onerror=alert(1)><br/>Milestone') + end + end end diff --git a/spec/lib/banzai/filter/issue_reference_filter_spec.rb b/spec/lib/banzai/filter/issue_reference_filter_spec.rb index 603da2b4421..02c7e214b26 100644 --- a/spec/lib/banzai/filter/issue_reference_filter_spec.rb +++ b/spec/lib/banzai/filter/issue_reference_filter_spec.rb @@ -75,6 +75,12 @@ describe Banzai::Filter::IssueReferenceFilter do expect(doc.text).to eq "Issue #{reference}" end + it 'renders non-HTML tooltips' do + doc = reference_filter("Issue #{reference}") + + expect(doc.at_css('a')).not_to have_attribute('data-html') + end + it 'includes default classes' do doc = reference_filter("Issue #{reference}") expect(doc.css('a').first.attr('class')).to eq 'gfm gfm-issue has-tooltip' diff --git a/spec/lib/gitlab/checks/branch_check_spec.rb b/spec/lib/gitlab/checks/branch_check_spec.rb index fd7eaa1603f..6a4318b93f0 100644 --- a/spec/lib/gitlab/checks/branch_check_spec.rb +++ b/spec/lib/gitlab/checks/branch_check_spec.rb @@ -19,6 +19,29 @@ describe Gitlab::Checks::BranchCheck do end end + context "prohibited branches check" do + it "prohibits 40-character hexadecimal branch names" do + allow(subject).to receive(:branch_name).and_return("267208abfe40e546f5e847444276f7d43a39503e") + + expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "You cannot create a branch with a 40-character hexadecimal branch name.") + end + + it "doesn't prohibit a nested hexadecimal in a branch name" do + allow(subject).to receive(:branch_name).and_return("fix-267208abfe40e546f5e847444276f7d43a39503e") + + expect { subject.validate! }.not_to raise_error + end + + context "the feature flag is disabled" do + it "doesn't prohibit a 40-character hexadecimal branch name" do + stub_feature_flags(prohibit_hexadecimal_branch_names: false) + allow(subject).to receive(:branch_name).and_return("267208abfe40e546f5e847444276f7d43a39503e") + + expect { subject.validate! }.not_to raise_error + end + end + end + context 'protected branches check' do before do allow(ProtectedBranch).to receive(:protected?).with(project, 'master').and_return(true) diff --git a/spec/lib/gitlab/import_export/decompressed_archive_size_validator_spec.rb b/spec/lib/gitlab/import_export/decompressed_archive_size_validator_spec.rb new file mode 100644 index 00000000000..302d11896c9 --- /dev/null +++ b/spec/lib/gitlab/import_export/decompressed_archive_size_validator_spec.rb @@ -0,0 +1,58 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Gitlab::ImportExport::DecompressedArchiveSizeValidator do + let_it_be(:filepath) { File.join(Dir.tmpdir, 'decompressed_archive_size_validator_spec.gz') } + + before(:all) do + create_compressed_file + end + + after(:all) do + FileUtils.rm(filepath) + end + + subject { described_class.new(archive_path: filepath, max_bytes: max_bytes) } + + describe '#valid?' do + let(:max_bytes) { 1 } + + context 'when file does not exceed allowed decompressed size' do + let(:max_bytes) { 20 } + + it 'returns true' do + expect(subject.valid?).to eq(true) + end + end + + context 'when file exceeds allowed decompressed size' do + it 'returns false' do + expect(subject.valid?).to eq(false) + end + end + + context 'when something goes wrong during decompression' do + before do + allow(subject.archive_file).to receive(:eof?).and_raise(StandardError) + end + + it 'logs and tracks raised exception' do + expect(Gitlab::ErrorTracking).to receive(:track_exception).with(instance_of(StandardError)) + expect(Gitlab::Import::Logger).to receive(:info).with(hash_including(message: 'Decompressed archive size validation failed.')) + + subject.valid? + end + + it 'returns false' do + expect(subject.valid?).to eq(false) + end + end + end + + def create_compressed_file + Zlib::GzipWriter.open(filepath) do |gz| + gz.write('Hello World!') + end + end +end diff --git a/spec/lib/gitlab/import_export/file_importer_spec.rb b/spec/lib/gitlab/import_export/file_importer_spec.rb index 7c54c5f2da1..870fe8bc7fc 100644 --- a/spec/lib/gitlab/import_export/file_importer_spec.rb +++ b/spec/lib/gitlab/import_export/file_importer_spec.rb @@ -98,6 +98,45 @@ describe Gitlab::ImportExport::FileImporter do end end + context 'when file exceeds acceptable decompressed size' do + let(:project) { create(:project) } + let(:shared) { Gitlab::ImportExport::Shared.new(project) } + let(:filepath) { File.join(Dir.tmpdir, 'file_importer_spec.gz') } + + subject { described_class.new(importable: project, archive_file: filepath, shared: shared) } + + before do + Zlib::GzipWriter.open(filepath) do |gz| + gz.write('Hello World!') + end + end + + context 'when validate_import_decompressed_archive_size feature flag is enabled' do + before do + stub_feature_flags(validate_import_decompressed_archive_size: true) + + allow(Gitlab::ImportExport::DecompressedArchiveSizeValidator).to receive(:max_bytes).and_return(1) + end + + it 'returns false' do + expect(subject.import).to eq(false) + expect(shared.errors.join).to eq('Decompressed archive size validation failed.') + end + end + + context 'when validate_import_decompressed_archive_size feature flag is disabled' do + before do + stub_feature_flags(validate_import_decompressed_archive_size: false) + end + + it 'skips validation' do + expect(subject).to receive(:validate_decompressed_archive_size).never + + subject.import + end + end + end + def setup_files FileUtils.mkdir_p("#{shared.export_path}/subfolder/") FileUtils.touch(valid_file) diff --git a/spec/mailers/notify_spec.rb b/spec/mailers/notify_spec.rb index 8b99cc41a53..826b0b047b1 100644 --- a/spec/mailers/notify_spec.rb +++ b/spec/mailers/notify_spec.rb @@ -45,6 +45,21 @@ describe Notify do end end + shared_examples 'it requires a group' do + context 'when given an deleted group' do + before do + # destroy group and group member + group_member.destroy! + group.destroy! + end + + it 'returns NullMail type message' do + expect(Gitlab::AppLogger).to receive(:info) + expect(subject.message).to be_a(ActionMailer::Base::NullMail) + end + end + end + context 'for a project' do shared_examples 'an assignee email' do let(:recipient) { assignee } @@ -1313,6 +1328,7 @@ describe Notify do it_behaves_like "a user cannot unsubscribe through footer link" it_behaves_like 'appearance header and footer enabled' it_behaves_like 'appearance header and footer not enabled' + it_behaves_like 'it requires a group' it 'contains all the useful information' do is_expected.to have_subject "Access to the #{group.name} group was granted" @@ -1347,6 +1363,7 @@ describe Notify do it_behaves_like "a user cannot unsubscribe through footer link" it_behaves_like 'appearance header and footer enabled' it_behaves_like 'appearance header and footer not enabled' + it_behaves_like 'it requires a group' it 'contains all the useful information' do is_expected.to have_subject "Invitation to join the #{group.name} group" @@ -1373,6 +1390,7 @@ describe Notify do it_behaves_like "a user cannot unsubscribe through footer link" it_behaves_like 'appearance header and footer enabled' it_behaves_like 'appearance header and footer not enabled' + it_behaves_like 'it requires a group' it 'contains all the useful information' do is_expected.to have_subject 'Invitation accepted' diff --git a/spec/services/groups/transfer_service_spec.rb b/spec/services/groups/transfer_service_spec.rb index d7f6bececfe..25bfe2e8c82 100644 --- a/spec/services/groups/transfer_service_spec.rb +++ b/spec/services/groups/transfer_service_spec.rb @@ -346,44 +346,117 @@ describe Groups::TransferService do end context 'when transferring a group with nested groups and projects' do - let!(:group) { create(:group, :public) } + let(:subgroup1) { create(:group, :private, parent: group) } let!(:project1) { create(:project, :repository, :private, namespace: group) } - let!(:subgroup1) { create(:group, :private, parent: group) } let!(:nested_subgroup) { create(:group, :private, parent: subgroup1) } let!(:nested_project) { create(:project, :repository, :private, namespace: subgroup1) } before do TestEnv.clean_test_path create(:group_member, :owner, group: new_parent_group, user: user) - transfer_service.execute(new_parent_group) end - it 'updates subgroups path' do - new_base_path = "#{new_parent_group.path}/#{group.path}" - group.children.each do |children| - expect(children.full_path).to eq("#{new_base_path}/#{children.path}") + context 'updated paths' do + let(:group) { create(:group, :public) } + + before do + transfer_service.execute(new_parent_group) end - new_base_path = "#{new_parent_group.path}/#{group.path}/#{subgroup1.path}" - subgroup1.children.each do |children| - expect(children.full_path).to eq("#{new_base_path}/#{children.path}") + it 'updates subgroups path' do + new_base_path = "#{new_parent_group.path}/#{group.path}" + group.children.each do |children| + expect(children.full_path).to eq("#{new_base_path}/#{children.path}") + end + + new_base_path = "#{new_parent_group.path}/#{group.path}/#{subgroup1.path}" + subgroup1.children.each do |children| + expect(children.full_path).to eq("#{new_base_path}/#{children.path}") + end end - end - it 'updates projects path' do - new_parent_path = "#{new_parent_group.path}/#{group.path}" - subgroup1.projects.each do |project| - project_full_path = "#{new_parent_path}/#{project.namespace.path}/#{project.name}" - expect(project.full_path).to eq(project_full_path) + it 'updates projects path' do + new_parent_path = "#{new_parent_group.path}/#{group.path}" + subgroup1.projects.each do |project| + project_full_path = "#{new_parent_path}/#{project.namespace.path}/#{project.name}" + expect(project.full_path).to eq(project_full_path) + end + end + + it 'creates redirect for the subgroups and projects' do + expect(group.redirect_routes.count).to eq(1) + expect(project1.redirect_routes.count).to eq(1) + expect(subgroup1.redirect_routes.count).to eq(1) + expect(nested_subgroup.redirect_routes.count).to eq(1) + expect(nested_project.redirect_routes.count).to eq(1) end end - it 'creates redirect for the subgroups and projects' do - expect(group.redirect_routes.count).to eq(1) - expect(project1.redirect_routes.count).to eq(1) - expect(subgroup1.redirect_routes.count).to eq(1) - expect(nested_subgroup.redirect_routes.count).to eq(1) - expect(nested_project.redirect_routes.count).to eq(1) + context 'resets project authorizations' do + let(:old_parent_group) { create(:group) } + let(:group) { create(:group, :private, parent: old_parent_group) } + let(:new_group_member) { create(:user) } + let(:old_group_member) { create(:user) } + + before do + new_parent_group.add_maintainer(new_group_member) + old_parent_group.add_maintainer(old_group_member) + group.refresh_members_authorized_projects + end + + it 'removes old project authorizations' do + expect { transfer_service.execute(new_parent_group) }.to change { + ProjectAuthorization.where(project_id: project1.id, user_id: old_group_member.id).size + }.from(1).to(0) + end + + it 'adds new project authorizations' do + expect { transfer_service.execute(new_parent_group) }.to change { + ProjectAuthorization.where(project_id: project1.id, user_id: new_group_member.id).size + }.from(0).to(1) + end + + it 'performs authorizations job immediately' do + expect(AuthorizedProjectsWorker).to receive(:bulk_perform_inline) + + transfer_service.execute(new_parent_group) + end + + context 'for nested projects' do + it 'removes old project authorizations' do + expect { transfer_service.execute(new_parent_group) }.to change { + ProjectAuthorization.where(project_id: nested_project.id, user_id: old_group_member.id).size + }.from(1).to(0) + end + + it 'adds new project authorizations' do + expect { transfer_service.execute(new_parent_group) }.to change { + ProjectAuthorization.where(project_id: nested_project.id, user_id: new_group_member.id).size + }.from(0).to(1) + end + end + + context 'for groups with many members' do + before do + 11.times do + new_parent_group.add_maintainer(create(:user)) + end + end + + it 'adds new project authorizations for the user which makes a transfer' do + transfer_service.execute(new_parent_group) + + expect(ProjectAuthorization.where(project_id: project1.id, user_id: user.id).size).to eq(1) + expect(ProjectAuthorization.where(project_id: nested_project.id, user_id: user.id).size).to eq(1) + end + + it 'schedules authorizations job' do + expect(AuthorizedProjectsWorker).to receive(:bulk_perform_async) + .with(array_including(new_parent_group.members_with_parents.pluck(:user_id).map {|id| [id, anything] })) + + transfer_service.execute(new_parent_group) + end + end end end |