9 files changed, 134 insertions, 16 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 5136756079d..0506854599f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
 v 8.9.0 (unreleased)
   - Bulk assign/unassign labels to issues.
   - Ability to prioritize labels !4009 / !3205 (Thijs Wouters)
+  - Fix endless redirections when accessing user OAuth applications when they are disabled
   - Allow enabling wiki page events from Webhook management UI
   - Bump rouge to 1.11.0
   - Make EmailsOnPushWorker use Sidekiq mailers queue
@@ -38,7 +39,9 @@ v 8.9.0 (unreleased)
   - Make authentication service for Container Registry to be compatible with < Docker 1.11
   - Add Application Setting to configure Container Registry token expire delay (default 5min)
   - Cache assigned issue and merge request counts in sidebar nav
+  - Use Knapsack only in CI environment
   - Cache project build count in sidebar nav
+  - Fix markdown_spec to use before instead of before(:all) to properly cleanup database after testing
   - Reduce number of queries needed to render issue labels in the sidebar
   - Improve error handling importing projects
   - Remove duplicated notification settings
diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb
index c6bdd0602c1..0f54dfa4efc 100644
--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@@ -32,7 +32,7 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
   def verify_user_oauth_applications_enabled
     return if current_application_settings.user_oauth_applications?
 
-    redirect_to applications_profile_url
+    redirect_to profile_path
   end
 
   def set_index_vars
diff --git a/app/views/layouts/nav/_profile.html.haml b/app/views/layouts/nav/_profile.html.haml
index 2efc6c48a48..09d9f0184be 100644
--- a/app/views/layouts/nav/_profile.html.haml
+++ b/app/views/layouts/nav/_profile.html.haml
@@ -10,11 +10,12 @@
       = icon('gear fw')
       %span
         Account
-  = nav_link(controller: 'oauth/applications') do
-    = link_to applications_profile_path, title: 'Applications' do
-      = icon('cloud fw')
-      %span
-        Applications
+  - if current_application_settings.user_oauth_applications?
+    = nav_link(controller: 'oauth/applications') do
+      = link_to applications_profile_path, title: 'Applications' do
+        = icon('cloud fw')
+        %span
+          Applications
   = nav_link(controller: :emails) do
     = link_to profile_emails_path, title: 'Emails' do
       = icon('envelope-o fw')
diff --git a/features/support/env.rb b/features/support/env.rb
index 4552db8ad77..edc08cf0986 100644
--- a/features/support/env.rb
+++ b/features/support/env.rb
@@ -11,13 +11,15 @@ ENV['RAILS_ENV'] = 'test'
 require './config/environment'
 require 'rspec/expectations'
 require 'sidekiq/testing/inline'
-require 'knapsack'
 
 require_relative 'capybara'
 require_relative 'db_cleaner'
 require_relative 'rerun'
 
-Knapsack::Adapters::SpinachAdapter.bind
+if ENV['CI']
+  require 'knapsack'
+  Knapsack::Adapters::RSpecAdapter.bind
+end
 
 %w(select2_helper test_env repo_helpers).each do |f|
   require Rails.root.join('spec', 'support', f)
diff --git a/lib/gitlab/github_import/importer.rb b/lib/gitlab/github_import/importer.rb
index 442b4c389fe..5ef9d66ba68 100644
--- a/lib/gitlab/github_import/importer.rb
+++ b/lib/gitlab/github_import/importer.rb
@@ -146,6 +146,7 @@ module Gitlab
 
       def update_webhooks(hooks, options)
         hooks.each do |hook|
+          sleep rate_limit_sleep_time if rate_limit_exceed?
           client.edit_hook(repo, hook.id, hook.name, hook.config, options)
         end
       end
diff --git a/spec/controllers/oauth/applications_controller_spec.rb b/spec/controllers/oauth/applications_controller_spec.rb
new file mode 100644
index 00000000000..af378304893
--- /dev/null
+++ b/spec/controllers/oauth/applications_controller_spec.rb
@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe Oauth::ApplicationsController do
+  let(:user) { create(:user) }
+
+  context 'project members' do
+    before do
+      sign_in(user)
+    end
+
+    describe 'GET #index' do
+      it 'shows list of applications' do
+        get :index
+
+        expect(response.status).to eq(200)
+      end
+
+      it 'redirects back to profile page if OAuth applications are disabled' do
+        settings = double(user_oauth_applications?: false)
+        allow_any_instance_of(Gitlab::CurrentSettings).to receive(:current_application_settings).and_return(settings)
+
+        get :index
+
+        expect(response.status).to eq(302)
+        expect(response).to redirect_to(profile_path)
+      end
+    end
+  end
+end
diff --git a/spec/features/markdown_spec.rb b/spec/features/markdown_spec.rb
index 1d892fe1a55..7663d193354 100644
--- a/spec/features/markdown_spec.rb
+++ b/spec/features/markdown_spec.rb
@@ -180,7 +180,7 @@ describe 'GitLab Markdown', feature: true do
     end
   end
 
-  before(:all) do
+  before do
     @feat = MarkdownFeature.new
 
     # `markdown` helper expects a `@project` variable
@@ -188,7 +188,7 @@ describe 'GitLab Markdown', feature: true do
   end
 
   context 'default pipeline' do
-    before(:all) do
+    before do
       @html = markdown(@feat.raw_markdown)
     end
 
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 6ea8bf9bbe1..73bee535fe3 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -68,7 +68,10 @@ describe User, models: true do
 
     describe 'email' do
       context 'when no signup domains listed' do
-        before { allow_any_instance_of(ApplicationSetting).to receive(:restricted_signup_domains).and_return([]) }
+        before do
+          allow_any_instance_of(ApplicationSetting).to receive(:restricted_signup_domains).and_return([])
+        end
+
         it 'accepts any email' do
           user = build(:user, email: "info@example.com")
           expect(user).to be_valid
@@ -76,7 +79,10 @@ describe User, models: true do
       end
 
       context 'when a signup domain is listed and subdomains are allowed' do
-        before { allow_any_instance_of(ApplicationSetting).to receive(:restricted_signup_domains).and_return(['example.com', '*.example.com']) }
+        before do
+          allow_any_instance_of(ApplicationSetting).to receive(:restricted_signup_domains).and_return(['example.com', '*.example.com'])
+        end
+
         it 'accepts info@example.com' do
           user = build(:user, email: "info@example.com")
           expect(user).to be_valid
@@ -94,7 +100,9 @@ describe User, models: true do
       end
 
       context 'when a signup domain is listed and subdomains are not allowed' do
-        before { allow_any_instance_of(ApplicationSetting).to receive(:restricted_signup_domains).and_return(['example.com']) }
+        before do
+          allow_any_instance_of(ApplicationSetting).to receive(:restricted_signup_domains).and_return(['example.com'])
+        end
 
         it 'accepts info@example.com' do
           user = build(:user, email: "info@example.com")
@@ -202,7 +210,10 @@ describe User, models: true do
   end
 
   describe '#confirm' do
-    before { allow_any_instance_of(ApplicationSetting).to receive(:send_user_confirmation_email).and_return(true) }
+    before do
+      allow_any_instance_of(ApplicationSetting).to receive(:send_user_confirmation_email).and_return(true)
+    end
+
     let(:user) { create(:user, confirmed_at: nil, unconfirmed_email: 'test@gitlab.com') }
 
     it 'returns unconfirmed' do
@@ -845,6 +856,75 @@ describe User, models: true do
     it { is_expected.to eq([private_project]) }
   end
 
+  describe '#ci_authorized_runners' do
+    let(:user) { create(:user) }
+    let(:runner) { create(:ci_runner) }
+
+    before do
+      project.runners << runner
+    end
+
+    context 'without any projects' do
+      let(:project) { create(:project) }
+
+      it 'does not load' do
+        expect(user.ci_authorized_runners).to be_empty
+      end
+    end
+
+    context 'with personal projects runners' do
+      let(:namespace) { create(:namespace, owner: user) }
+      let(:project) { create(:project, namespace: namespace) }
+
+      it 'loads' do
+        expect(user.ci_authorized_runners).to contain_exactly(runner)
+      end
+    end
+
+    shared_examples :member do
+      context 'when the user is a master' do
+        before do
+          add_user(Gitlab::Access::MASTER)
+        end
+
+        it 'loads' do
+          expect(user.ci_authorized_runners).to contain_exactly(runner)
+        end
+      end
+
+      context 'when the user is a developer' do
+        before do
+          add_user(Gitlab::Access::DEVELOPER)
+        end
+
+        it 'does not load' do
+          expect(user.ci_authorized_runners).to be_empty
+        end
+      end
+    end
+
+    context 'with groups projects runners' do
+      let(:group) { create(:group) }
+      let(:project) { create(:project, group: group) }
+
+      def add_user(access)
+        group.add_user(user, access)
+      end
+
+      it_behaves_like :member
+    end
+
+    context 'with other projects runners' do
+      let(:project) { create(:project) }
+
+      def add_user(access)
+        project.team << [user, access]
+      end
+
+      it_behaves_like :member
+    end
+  end
+
   describe '#viewable_starred_projects' do
     let(:user) { create(:user) }
     let(:public_project) { create(:empty_project, :public) }
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index a20f4c05971..b43f38ef202 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -15,9 +15,11 @@ require 'rspec/rails'
 require 'shoulda/matchers'
 require 'sidekiq/testing/inline'
 require 'rspec/retry'
-require 'knapsack'
 
-Knapsack::Adapters::RSpecAdapter.bind
+if ENV['CI']
+  require 'knapsack'
+  Knapsack::Adapters::RSpecAdapter.bind
+end
 
 # Requires supporting ruby files with custom matchers and macros, etc,
 # in spec/support/ and its subdirectories.