1 files changed, 37 insertions, 22 deletions

diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index 1bcf3bb106b..ff15e685007 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -196,24 +196,39 @@ describe UploadsController do
 
   describe "GET show" do
     context 'Content-Disposition security measures' do
+      let(:expected_disposition) { 'inline;' }
       let(:project) { create(:project, :public) }
 
-      context 'for PNG files' do
-        it 'returns Content-Disposition: inline' do
-          note = create(:note, :with_attachment, project: project)
-          get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'dk.png' }
+      shared_examples_for 'uploaded file with disposition' do
+        it 'returns correct Content-Disposition' do
+          get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: filename }
 
-          expect(response['Content-Disposition']).to start_with('inline;')
+          expect(response['Content-Disposition']).to start_with(expected_disposition)
         end
       end
 
+      context 'for PNG files' do
+        let(:filename) { 'dk.png' }
+        let(:expected_disposition) { 'inline;' }
+        let(:note) { create(:note, :with_attachment, project: project) }
+
+        it_behaves_like 'uploaded file with disposition'
+      end
+
+      context 'for PDF files' do
+        let(:filename) { 'git-cheat-sheet.pdf' }
+        let(:expected_disposition) { 'inline;' }
+        let(:note) { create(:note, :with_pdf_attachment, project: project) }
+
+        it_behaves_like 'uploaded file with disposition'
+      end
+
       context 'for SVG files' do
-        it 'returns Content-Disposition: attachment' do
-          note = create(:note, :with_svg_attachment, project: project)
-          get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'unsanitized.svg' }
+        let(:filename) { 'unsanitized.svg' }
+        let(:expected_disposition) { 'attachment;' }
+        let(:note) { create(:note, :with_svg_attachment, project: project) }
 
-          expect(response['Content-Disposition']).to start_with('attachment;')
-        end
+        it_behaves_like 'uploaded file with disposition'
       end
     end
 
@@ -228,10 +243,10 @@ describe UploadsController do
             user.block
           end
 
-          it "redirects to the sign in page" do
+          it "responds with status 401" do
             get :show, params: { model: "user", mounted_as: "avatar", id: user.id, filename: "dk.png" }
 
-            expect(response).to redirect_to(new_user_session_path)
+            expect(response).to have_gitlab_http_status(401)
           end
         end
 
@@ -320,10 +335,10 @@ describe UploadsController do
         end
 
         context "when not signed in" do
-          it "redirects to the sign in page" do
+          it "responds with status 401" do
             get :show, params: { model: "project", mounted_as: "avatar", id: project.id, filename: "dk.png" }
 
-            expect(response).to redirect_to(new_user_session_path)
+            expect(response).to have_gitlab_http_status(401)
           end
         end
 
@@ -343,10 +358,10 @@ describe UploadsController do
                 project.add_maintainer(user)
               end
 
-              it "redirects to the sign in page" do
+              it "responds with status 401" do
                 get :show, params: { model: "project", mounted_as: "avatar", id: project.id, filename: "dk.png" }
 
-                expect(response).to redirect_to(new_user_session_path)
+                expect(response).to have_gitlab_http_status(401)
               end
             end
 
@@ -439,10 +454,10 @@ describe UploadsController do
                 user.block
               end
 
-              it "redirects to the sign in page" do
+              it "responds with status 401" do
                 get :show, params: { model: "group", mounted_as: "avatar", id: group.id, filename: "dk.png" }
 
-                expect(response).to redirect_to(new_user_session_path)
+                expect(response).to have_gitlab_http_status(401)
               end
             end
 
@@ -526,10 +541,10 @@ describe UploadsController do
         end
 
         context "when not signed in" do
-          it "redirects to the sign in page" do
+          it "responds with status 401" do
             get :show, params: { model: "note", mounted_as: "attachment", id: note.id, filename: "dk.png" }
 
-            expect(response).to redirect_to(new_user_session_path)
+            expect(response).to have_gitlab_http_status(401)
           end
         end
 
@@ -549,10 +564,10 @@ describe UploadsController do
                 project.add_maintainer(user)
               end
 
-              it "redirects to the sign in page" do
+              it "responds with status 401" do
                 get :show, params: { model: "note", mounted_as: "attachment", id: note.id, filename: "dk.png" }
 
-                expect(response).to redirect_to(new_user_session_path)
+                expect(response).to have_gitlab_http_status(401)
               end
             end