diff options
Diffstat (limited to 'spec/controllers')
27 files changed, 620 insertions, 268 deletions
diff --git a/spec/controllers/admin/application_settings/appearances_controller_spec.rb b/spec/controllers/admin/application_settings/appearances_controller_spec.rb index 5978381a926..78dce4558c3 100644 --- a/spec/controllers/admin/application_settings/appearances_controller_spec.rb +++ b/spec/controllers/admin/application_settings/appearances_controller_spec.rb @@ -11,7 +11,7 @@ RSpec.describe Admin::ApplicationSettings::AppearancesController do let(:create_params) do { title: 'Foo', - short_title: 'F', + pwa_short_name: 'F', description: 'Bar', header_message: header_message, footer_message: footer_message diff --git a/spec/controllers/admin/application_settings_controller_spec.rb b/spec/controllers/admin/application_settings_controller_spec.rb index 49c40ecee8b..32ac0f8dc07 100644 --- a/spec/controllers/admin/application_settings_controller_spec.rb +++ b/spec/controllers/admin/application_settings_controller_spec.rb @@ -15,7 +15,7 @@ RSpec.describe Admin::ApplicationSettingsController, :do_not_mock_admin_mode_set stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false') end - describe 'GET #integrations' do + describe 'GET #integrations', feature_category: :integrations do before do sign_in(admin) end @@ -46,7 +46,7 @@ RSpec.describe Admin::ApplicationSettingsController, :do_not_mock_admin_mode_set end end - describe 'GET #usage_data with no access' do + describe 'GET #usage_data with no access', feature_category: :service_ping do before do stub_usage_data_connections sign_in(user) @@ -59,7 +59,7 @@ RSpec.describe Admin::ApplicationSettingsController, :do_not_mock_admin_mode_set end end - describe 'GET #usage_data' do + describe 'GET #usage_data', feature_category: :service_ping do before do stub_usage_data_connections stub_database_flavor_check @@ -120,13 +120,6 @@ RSpec.describe Admin::ApplicationSettingsController, :do_not_mock_admin_mode_set sign_in(admin) end - it 'updates the require_admin_approval_after_user_signup setting' do - put :update, params: { application_setting: { require_admin_approval_after_user_signup: true } } - - expect(response).to redirect_to(general_admin_application_settings_path) - expect(ApplicationSetting.current.require_admin_approval_after_user_signup).to eq(true) - end - it 'updates the password_authentication_enabled_for_git setting' do put :update, params: { application_setting: { password_authentication_enabled_for_git: "0" } } @@ -204,13 +197,6 @@ RSpec.describe Admin::ApplicationSettingsController, :do_not_mock_admin_mode_set expect(ApplicationSetting.current.default_branch_name).to eq("example_branch_name") end - it "updates admin_mode setting" do - put :update, params: { application_setting: { admin_mode: true } } - - expect(response).to redirect_to(general_admin_application_settings_path) - expect(ApplicationSetting.current.admin_mode).to be(true) - end - it 'updates valid_runner_registrars setting' do put :update, params: { application_setting: { valid_runner_registrars: ['project', ''] } } @@ -218,11 +204,23 @@ RSpec.describe Admin::ApplicationSettingsController, :do_not_mock_admin_mode_set expect(ApplicationSetting.current.valid_runner_registrars).to eq(['project']) end - it 'updates can_create_group setting' do - put :update, params: { application_setting: { can_create_group: false } } + context 'boolean attributes' do + shared_examples_for 'updates booolean attribute' do |attribute| + specify do + existing_value = ApplicationSetting.current.public_send(attribute) + new_value = !existing_value - expect(response).to redirect_to(general_admin_application_settings_path) - expect(ApplicationSetting.current.can_create_group).to eq(false) + put :update, params: { application_setting: { attribute => new_value } } + + expect(response).to redirect_to(general_admin_application_settings_path) + expect(ApplicationSetting.current.public_send(attribute)).to eq(new_value) + end + end + + it_behaves_like 'updates booolean attribute', :user_defaults_to_private_profile + it_behaves_like 'updates booolean attribute', :can_create_group + it_behaves_like 'updates booolean attribute', :admin_mode + it_behaves_like 'updates booolean attribute', :require_admin_approval_after_user_signup end context "personal access token prefix settings" do @@ -402,7 +400,7 @@ RSpec.describe Admin::ApplicationSettingsController, :do_not_mock_admin_mode_set end end - describe 'PUT #reset_registration_token' do + describe 'PUT #reset_registration_token', feature_category: :credential_management do before do sign_in(admin) end @@ -420,7 +418,7 @@ RSpec.describe Admin::ApplicationSettingsController, :do_not_mock_admin_mode_set end end - describe 'PUT #reset_error_tracking_access_token' do + describe 'PUT #reset_error_tracking_access_token', feature_category: :error_tracking do before do sign_in(admin) end @@ -456,7 +454,7 @@ RSpec.describe Admin::ApplicationSettingsController, :do_not_mock_admin_mode_set end end - describe 'GET #service_usage_data' do + describe 'GET #service_usage_data', feature_category: :service_ping do before do stub_usage_data_connections stub_database_flavor_check diff --git a/spec/controllers/admin/clusters_controller_spec.rb b/spec/controllers/admin/clusters_controller_spec.rb index c432adb6ae3..86a4ac61194 100644 --- a/spec/controllers/admin/clusters_controller_spec.rb +++ b/spec/controllers/admin/clusters_controller_spec.rb @@ -159,8 +159,6 @@ RSpec.describe Admin::ClustersController do describe 'functionality' do context 'when creates a cluster' do it 'creates a new cluster' do - expect(ClusterProvisionWorker).to receive(:perform_async) - expect { post_create_user }.to change { Clusters::Cluster.count } .and change { Clusters::Platforms::Kubernetes.count } @@ -187,8 +185,6 @@ RSpec.describe Admin::ClustersController do end it 'creates a new cluster' do - expect(ClusterProvisionWorker).to receive(:perform_async) - expect { post_create_user }.to change { Clusters::Cluster.count } .and change { Clusters::Platforms::Kubernetes.count } diff --git a/spec/controllers/concerns/check_rate_limit_spec.rb b/spec/controllers/concerns/check_rate_limit_spec.rb index 75776acd520..25574aa295b 100644 --- a/spec/controllers/concerns/check_rate_limit_spec.rb +++ b/spec/controllers/concerns/check_rate_limit_spec.rb @@ -33,8 +33,8 @@ RSpec.describe CheckRateLimit do end describe '#check_rate_limit!' do - it 'calls ApplicationRateLimiter#throttled? with the right arguments' do - expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).with(key, scope: scope).and_return(false) + it 'calls ApplicationRateLimiter#throttled_request? with the right arguments' do + expect(::Gitlab::ApplicationRateLimiter).to receive(:throttled_request?).with(request, user, key, scope: scope).and_return(false) expect(subject).not_to receive(:render) subject.check_rate_limit!(key, scope: scope) diff --git a/spec/controllers/concerns/content_security_policy_patch_spec.rb b/spec/controllers/concerns/content_security_policy_patch_spec.rb new file mode 100644 index 00000000000..6322950977c --- /dev/null +++ b/spec/controllers/concerns/content_security_policy_patch_spec.rb @@ -0,0 +1,116 @@ +# frozen_string_literal: true + +require "spec_helper" + +# Based on https://github.com/rails/rails/pull/45115/files#diff-35ef6d1bd8b8d3b037ec819a704cd78db55db916a57abfc2859882826fc679b6 +RSpec.describe ContentSecurityPolicyPatch, feature_category: :not_owned do + include Rack::Test::Methods + + let(:routes) do + ActionDispatch::Routing::RouteSet.new.tap do |routes| + routes.draw do + # Using Testing module defined below + scope module: "testing" do + get "/", to: "policy#index" + end + end + end + end + + let(:csp) do + ActionDispatch::ContentSecurityPolicy.new do |p| + p.default_src -> { :self } + p.script_src -> { :https } + end + end + + let(:policy_middleware) do + Module.new do + def self.new(app, policy) + ->(env) do + env["action_dispatch.content_security_policy"] = policy + + app.call(env) + end + end + end + end + + subject(:app) do + build_app(routes) do |middleware| + middleware.use policy_middleware, csp + middleware.use ActionDispatch::ContentSecurityPolicy::Middleware + end + end + + def setup_controller + application_controller = Class.new(ActionController::Base) do # rubocop:disable Rails/ApplicationController + helper_method :sky_is_blue? + def sky_is_blue? + true + end + end + + policy_controller = Class.new(application_controller) do + extend ContentSecurityPolicyPatch + + content_security_policy_with_context do |p| + p.default_src "https://example.com" + p.script_src "https://example.com" if helpers.sky_is_blue? + end + + def index + head :ok + end + end + + stub_const("Testing::ApplicationController", application_controller) + stub_const("Testing::PolicyController", policy_controller) + end + + def build_app(routes) + stack = ActionDispatch::MiddlewareStack.new do |middleware| + middleware.use ActionDispatch::DebugExceptions + middleware.use ActionDispatch::ActionableExceptions + middleware.use ActionDispatch::Callbacks + middleware.use ActionDispatch::Cookies + middleware.use ActionDispatch::Flash + middleware.use Rack::MethodOverride + middleware.use Rack::Head + + yield(middleware) if block_given? + end + + app = stack.build(routes) + + ->(env) { app.call(env) } + end + + it "calls helper method" do + setup_controller + + response = get "/" + + csp_header = response.headers["Content-Security-Policy"] + + expect(csp_header).to include "default-src https://example.com" + expect(csp_header).to include "script-src https://example.com" + end + + it "does not emit any warnings" do + expect { setup_controller }.not_to output.to_stderr + end + + context "with Rails version 7.2" do + before do + version = Gem::Version.new("7.2.0") + allow(Rails).to receive(:gem_version).and_return(version) + end + + it "emits a deprecation warning" do + expect { setup_controller } + .to output(/Use content_security_policy instead/) + .to_stderr + end + end +end diff --git a/spec/controllers/groups/clusters_controller_spec.rb b/spec/controllers/groups/clusters_controller_spec.rb index eb3fe4bc330..46f507c34ba 100644 --- a/spec/controllers/groups/clusters_controller_spec.rb +++ b/spec/controllers/groups/clusters_controller_spec.rb @@ -180,8 +180,6 @@ RSpec.describe Groups::ClustersController do describe 'functionality' do context 'when creates a cluster' do it 'creates a new cluster' do - expect(ClusterProvisionWorker).to receive(:perform_async) - expect { go }.to change { Clusters::Cluster.count } .and change { Clusters::Platforms::Kubernetes.count } @@ -210,8 +208,6 @@ RSpec.describe Groups::ClustersController do end it 'creates a new cluster' do - expect(ClusterProvisionWorker).to receive(:perform_async) - expect { go }.to change { Clusters::Cluster.count } .and change { Clusters::Platforms::Kubernetes.count } diff --git a/spec/controllers/groups/imports_controller_spec.rb b/spec/controllers/groups/imports_controller_spec.rb index 7372c2e9575..24dc33b2cf1 100644 --- a/spec/controllers/groups/imports_controller_spec.rb +++ b/spec/controllers/groups/imports_controller_spec.rb @@ -45,7 +45,7 @@ RSpec.describe Groups::ImportsController do it 'sets a flash error' do get :show, params: { group_id: group } - expect(flash[:alert]).to eq 'Failed to import group.' + expect(flash[:alert]).to eq 'Failed to import group: ' end end diff --git a/spec/controllers/import/available_namespaces_controller_spec.rb b/spec/controllers/import/available_namespaces_controller_spec.rb deleted file mode 100644 index 26ea1d92189..00000000000 --- a/spec/controllers/import/available_namespaces_controller_spec.rb +++ /dev/null @@ -1,109 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe Import::AvailableNamespacesController do - let_it_be(:user) { create(:user) } - - before do - sign_in(user) - end - - describe "GET index" do - context "when having group with role never allowed to create projects" do - using RSpec::Parameterized::TableSyntax - - where( - role: [:guest, :reporter], - default_project_creation_access: [::Gitlab::Access::MAINTAINER_PROJECT_ACCESS, ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS], - group_project_creation_level: [nil, ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS, ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS]) - - with_them do - before do - stub_application_setting(default_project_creation: default_project_creation_access) - end - - it "does not include group with access level #{params[:role]} in list" do - group = create(:group, project_creation_level: group_project_creation_level) - group.add_member(user, role) - get :index - - expect(response).to have_gitlab_http_status(:ok) - expect(json_response).not_to include({ - 'id' => group.id, - 'full_path' => group.full_path - }) - end - end - end - - context "when having group with role always allowed to create projects" do - using RSpec::Parameterized::TableSyntax - - where( - role: [:maintainer, :owner], - default_project_creation_access: [::Gitlab::Access::MAINTAINER_PROJECT_ACCESS, ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS], - group_project_creation_level: [nil, ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS, ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS]) - - with_them do - before do - stub_application_setting(default_project_creation: default_project_creation_access) - end - - it "does not include group with access level #{params[:role]} in list" do - group = create(:group, project_creation_level: group_project_creation_level) - group.add_member(user, role) - get :index - - expect(response).to have_gitlab_http_status(:ok) - expect(json_response).to include({ - 'id' => group.id, - 'full_path' => group.full_path - }) - end - end - end - - context "when having developer role" do - using RSpec::Parameterized::TableSyntax - - where(:default_project_creation_access, :project_creation_level, :is_visible) do - ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS | nil | false - ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS | ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS | true - ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS | nil | true - ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS | ::Gitlab::Access::MAINTAINER_PROJECT_ACCESS | false - end - - with_them do - before do - stub_application_setting(default_project_creation: default_project_creation_access) - end - - it "#{params[:is_visible] ? 'includes' : 'does not include'} group with access level #{params[:role]} in list" do - group = create(:group, project_creation_level: project_creation_level) - group.add_member(user, :developer) - - get :index - - expect(response).to have_gitlab_http_status(:ok) - expect(json_response).send(is_visible ? 'to' : 'not_to', include({ - 'id' => group.id, - 'full_path' => group.full_path - })) - end - end - end - - context "with an anonymous user" do - before do - sign_out(user) - end - - it "redirects to sign-in page" do - get :index - - expect(response).to redirect_to(new_user_session_path) - end - end - end -end diff --git a/spec/controllers/import/bulk_imports_controller_spec.rb b/spec/controllers/import/bulk_imports_controller_spec.rb index a0bb39f3e98..a0d5b576e74 100644 --- a/spec/controllers/import/bulk_imports_controller_spec.rb +++ b/spec/controllers/import/bulk_imports_controller_spec.rb @@ -2,10 +2,12 @@ require 'spec_helper' -RSpec.describe Import::BulkImportsController do +RSpec.describe Import::BulkImportsController, feature_category: :importers do let_it_be(:user) { create(:user) } before do + stub_application_setting(bulk_import_enabled: true) + sign_in(user) end @@ -16,6 +18,13 @@ RSpec.describe Import::BulkImportsController do end describe 'POST configure' do + before do + allow_next_instance_of(BulkImports::Clients::HTTP) do |instance| + allow(instance).to receive(:validate_instance_version!).and_return(true) + allow(instance).to receive(:validate_import_scopes!).and_return(true) + end + end + context 'when no params are passed in' do it 'clears out existing session' do post :configure @@ -28,8 +37,57 @@ RSpec.describe Import::BulkImportsController do end end + context 'when URL is invalid' do + it 'redirects to initial import page' do + token = 'token' + url = 'http://192.168.0.1' + + post :configure, params: { bulk_import_gitlab_access_token: token, bulk_import_gitlab_url: url } + + expect(response).to redirect_to new_group_path(anchor: 'import-group-pane') + expect(flash[:alert]).to include('Specified URL cannot be used') + end + end + + context 'when token scope is invalid' do + before do + allow_next_instance_of(BulkImports::Clients::HTTP) do |instance| + allow(instance).to receive(:validate_instance_version!).and_return(true) + allow(instance).to receive(:validate_import_scopes!).and_raise(BulkImports::Error.new('Error!')) + end + end + + it 'redirects to initial import page' do + token = 'token' + url = 'https://gitlab.example' + + post :configure, params: { bulk_import_gitlab_access_token: token, bulk_import_gitlab_url: url } + + expect(response).to redirect_to new_group_path(anchor: 'import-group-pane') + expect(flash[:alert]).to include('Error!') + end + end + + context 'when instance version is incompatible' do + before do + allow_next_instance_of(BulkImports::Clients::HTTP) do |instance| + allow(instance).to receive(:validate_instance_version!).and_raise(BulkImports::Error.new('Error!')) + end + end + + it 'redirects to initial import page' do + token = 'token' + url = 'https://gitlab.example' + + post :configure, params: { bulk_import_gitlab_access_token: token, bulk_import_gitlab_url: url } + + expect(response).to redirect_to new_group_path(anchor: 'import-group-pane') + expect(flash[:alert]).to include('Error!') + end + end + it 'sets the session variables' do - token = 'token' + token = 'invalid token' url = 'https://gitlab.example' post :configure, params: { bulk_import_gitlab_access_token: token, bulk_import_gitlab_url: url } @@ -100,6 +158,18 @@ RSpec.describe Import::BulkImportsController do ) end + let(:source_version) do + Gitlab::VersionInfo.new(::BulkImport::MIN_MAJOR_VERSION, + ::BulkImport::MIN_MINOR_VERSION_FOR_PROJECT) + end + + before do + allow_next_instance_of(BulkImports::Clients::HTTP) do |instance| + allow(instance).to receive(:instance_version).and_return(source_version) + allow(instance).to receive(:instance_enterprise).and_return(false) + end + end + it 'returns serialized group data' do get_status @@ -201,8 +271,15 @@ RSpec.describe Import::BulkImportsController do end context 'when connection error occurs' do + let(:source_version) do + Gitlab::VersionInfo.new(::BulkImport::MIN_MAJOR_VERSION, + ::BulkImport::MIN_MINOR_VERSION_FOR_PROJECT) + end + before do allow_next_instance_of(BulkImports::Clients::HTTP) do |instance| + allow(instance).to receive(:instance_version).and_return(source_version) + allow(instance).to receive(:instance_enterprise).and_return(false) allow(instance).to receive(:get).and_raise(BulkImports::Error) end end @@ -326,9 +403,9 @@ RSpec.describe Import::BulkImportsController do end end - context 'when bulk_import feature flag is disabled' do + context 'when feature is disabled' do before do - stub_feature_flags(bulk_import: false) + stub_application_setting(bulk_import_enabled: false) end context 'POST configure' do diff --git a/spec/controllers/import/github_controller_spec.rb b/spec/controllers/import/github_controller_spec.rb index a85af89b262..c1a61a78d80 100644 --- a/spec/controllers/import/github_controller_spec.rb +++ b/spec/controllers/import/github_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Import::GithubController do +RSpec.describe Import::GithubController, feature_category: :import do include ImportSpecHelper let(:provider) { :github } @@ -138,7 +138,7 @@ RSpec.describe Import::GithubController do it 'calls repos list from provider with expected args' do expect_next_instance_of(Gitlab::GithubImport::Clients::Proxy) do |client| expect(client).to receive(:repos) - .with(expected_filter, expected_pagination_options) + .with(expected_filter, expected_options) .and_return({ repos: [], page_info: {} }) end @@ -155,11 +155,16 @@ RSpec.describe Import::GithubController do let(:provider_token) { 'asdasd12345' } let(:client_auth_success) { true } let(:client_stub) { instance_double(Gitlab::GithubImport::Client, user: { login: 'user' }) } - let(:expected_pagination_options) { pagination_params.merge(first: 25, page: 1, per_page: 25) } - let(:expected_filter) { nil } let(:params) { nil } let(:pagination_params) { { before: nil, after: nil } } + let(:relation_params) { { relation_type: nil, organization_login: '' } } let(:provider_repos) { [] } + let(:expected_filter) { '' } + let(:expected_options) do + pagination_params.merge(relation_params).merge( + first: 25, page: 1, per_page: 25 + ) + end before do allow_next_instance_of(Gitlab::GithubImport::Clients::Proxy) do |proxy| @@ -277,8 +282,34 @@ RSpec.describe Import::GithubController do context 'when page is specified' do let(:pagination_params) { { before: nil, after: nil, page: 2 } } - let(:expected_pagination_options) { pagination_params.merge(first: 25, page: 2, per_page: 25) } let(:params) { pagination_params } + let(:expected_options) do + pagination_params.merge(relation_params).merge(first: 25, page: 2, per_page: 25) + end + + it_behaves_like 'calls repos through Clients::Proxy with expected args' + end + end + + context 'when relation type params present' do + let(:organization_login) { 'test-login' } + let(:params) { pagination_params.merge(relation_type: 'organization', organization_login: organization_login) } + let(:pagination_defaults) { { first: 25, page: 1, per_page: 25 } } + let(:expected_options) do + pagination_defaults.merge(pagination_params).merge( + relation_type: 'organization', organization_login: organization_login + ) + end + + it_behaves_like 'calls repos through Clients::Proxy with expected args' + + context 'when organization_login is too long and with ":"' do + let(:organization_login) { ":#{Array.new(270) { ('a'..'z').to_a.sample }.join}" } + let(:expected_options) do + pagination_defaults.merge(pagination_params).merge( + relation_type: 'organization', organization_login: organization_login.slice(1, 254) + ) + end it_behaves_like 'calls repos through Clients::Proxy with expected args' end diff --git a/spec/controllers/import/phabricator_controller_spec.rb b/spec/controllers/import/phabricator_controller_spec.rb index 9827a6d077c..9be85a40d82 100644 --- a/spec/controllers/import/phabricator_controller_spec.rb +++ b/spec/controllers/import/phabricator_controller_spec.rb @@ -14,25 +14,14 @@ RSpec.describe Import::PhabricatorController do context 'when the import source is not available' do before do - stub_feature_flags(phabricator_import: true) stub_application_setting(import_sources: []) end it { is_expected.to have_gitlab_http_status(:not_found) } end - context 'when the feature is disabled' do + context 'when the import source is available' do before do - stub_feature_flags(phabricator_import: false) - stub_application_setting(import_sources: ['phabricator']) - end - - it { is_expected.to have_gitlab_http_status(:not_found) } - end - - context 'when the import is available' do - before do - stub_feature_flags(phabricator_import: true) stub_application_setting(import_sources: ['phabricator']) end diff --git a/spec/controllers/projects/artifacts_controller_spec.rb b/spec/controllers/projects/artifacts_controller_spec.rb index 00efd7d7b56..3d12926c07a 100644 --- a/spec/controllers/projects/artifacts_controller_spec.rb +++ b/spec/controllers/projects/artifacts_controller_spec.rb @@ -26,14 +26,34 @@ RSpec.describe Projects::ArtifactsController do subject { get :index, params: { namespace_id: project.namespace, project_id: project } } context 'when feature flag is on' do + render_views + before do stub_feature_flags(artifacts_management_page: true) end - it 'renders the page' do + it 'renders the page with data for the artifacts app' do subject expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('projects/artifacts/index') + + app = Nokogiri::HTML.parse(response.body).at_css('div#js-artifact-management') + + expect(app.attributes['data-project-path'].value).to eq(project.full_path) + expect(app.attributes['data-can-destroy-artifacts'].value).to eq('true') + end + + describe 'when user does not have permission to delete artifacts' do + let(:user) { create(:user) } + + it 'passes false to the artifacts app' do + subject + + app = Nokogiri::HTML.parse(response.body).at_css('div#js-artifact-management') + + expect(app.attributes['data-can-destroy-artifacts'].value).to eq('false') + end end end @@ -423,6 +443,16 @@ RSpec.describe Projects::ArtifactsController do end end + context 'when artifacts archive is missing' do + let!(:job) { create(:ci_build, :success, pipeline: pipeline) } + + it 'returns 404' do + subject + + expect(response).to have_gitlab_http_status(:not_found) + end + end + context 'fetching an artifact of different type' do before do job.job_artifacts.each(&:destroy) diff --git a/spec/controllers/projects/clusters_controller_spec.rb b/spec/controllers/projects/clusters_controller_spec.rb index 12202518e1e..894f0f8354d 100644 --- a/spec/controllers/projects/clusters_controller_spec.rb +++ b/spec/controllers/projects/clusters_controller_spec.rb @@ -181,8 +181,6 @@ RSpec.describe Projects::ClustersController do describe 'functionality' do context 'when creates a cluster' do it 'creates a new cluster' do - expect(ClusterProvisionWorker).to receive(:perform_async) - expect { go }.to change { Clusters::Cluster.count } .and change { Clusters::Platforms::Kubernetes.count } @@ -210,8 +208,6 @@ RSpec.describe Projects::ClustersController do end it 'creates a new cluster' do - expect(ClusterProvisionWorker).to receive(:perform_async) - expect { go }.to change { Clusters::Cluster.count } .and change { Clusters::Platforms::Kubernetes.count } diff --git a/spec/controllers/projects/deploy_keys_controller_spec.rb b/spec/controllers/projects/deploy_keys_controller_spec.rb index fd844808d81..ec63bad22b5 100644 --- a/spec/controllers/projects/deploy_keys_controller_spec.rb +++ b/spec/controllers/projects/deploy_keys_controller_spec.rb @@ -102,7 +102,7 @@ RSpec.describe Projects::DeployKeysController do it 'shows an alert with the validations errors' do post :create, params: create_params(nil) - expect(flash[:alert]).to eq("Title can't be blank, Deploy keys projects deploy key title can't be blank") + expect(flash[:alert]).to eq("Title can't be blank") end end @@ -126,8 +126,7 @@ RSpec.describe Projects::DeployKeysController do it 'shows an alert with the validations errors' do post :create, params: create_params - expect(flash[:alert]).to eq("Fingerprint sha256 has already been taken, " \ - "Deploy keys projects deploy key fingerprint sha256 has already been taken") + expect(flash[:alert]).to eq("Fingerprint sha256 has already been taken") end end end diff --git a/spec/controllers/projects/design_management/designs/resized_image_controller_spec.rb b/spec/controllers/projects/design_management/designs/resized_image_controller_spec.rb index cc0f4a426f4..5cc6e1b1bb4 100644 --- a/spec/controllers/projects/design_management/designs/resized_image_controller_spec.rb +++ b/spec/controllers/projects/design_management/designs/resized_image_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Projects::DesignManagement::Designs::ResizedImageController do +RSpec.describe Projects::DesignManagement::Designs::ResizedImageController, feature_category: :design_management do include DesignManagementTestHelpers let_it_be(:project) { create(:project, :private) } @@ -19,7 +19,7 @@ RSpec.describe Projects::DesignManagement::Designs::ResizedImageController do end describe 'GET #show' do - subject do + subject(:response) do get(:show, params: { namespace_id: project.namespace, @@ -27,12 +27,12 @@ RSpec.describe Projects::DesignManagement::Designs::ResizedImageController do design_id: design_id, sha: sha, id: size - }) + } + ) end before do sign_in(viewer) - subject end context 'when the user does not have permission' do @@ -68,8 +68,6 @@ RSpec.describe Projects::DesignManagement::Designs::ResizedImageController do let(:design_id) { 'foo' } specify do - subject - expect(response).to have_gitlab_http_status(:not_found) end end @@ -136,6 +134,24 @@ RSpec.describe Projects::DesignManagement::Designs::ResizedImageController do expect(response).to have_gitlab_http_status(:not_found) end end + + context 'when multiple design versions have the same sha hash' do + let(:sha) { newest_version.sha } + + before do + create(:design, :with_smaller_image_versions, + issue: create(:issue, project: project), + versions_count: 1, + versions_sha: sha) + end + + it 'serves the newest image' do + action = newest_version.actions.first + + expect(response.header['ETag']).to eq(etag(action)) + expect(response).to have_gitlab_http_status(:ok) + end + end end context 'when design does not have a smaller image size available' do diff --git a/spec/controllers/projects/environments_controller_spec.rb b/spec/controllers/projects/environments_controller_spec.rb index 2334521b8a8..dddefbac163 100644 --- a/spec/controllers/projects/environments_controller_spec.rb +++ b/spec/controllers/projects/environments_controller_spec.rb @@ -998,6 +998,94 @@ RSpec.describe Projects::EnvironmentsController do end end + describe '#append_info_to_payload' do + let(:search_param) { 'my search param' } + + context 'when search_environment_logging feature is disabled' do + before do + stub_feature_flags(environments_search_logging: false) + end + + it 'does not log search params in meta.environment.search' do + expect(controller).to receive(:append_info_to_payload).and_wrap_original do |method, payload| + method.call(payload) + + expect(payload[:metadata]).not_to have_key('meta.environment.search') + expect(payload[:action]).to eq("search") + expect(payload[:controller]).to eq("Projects::EnvironmentsController") + end + + get :search, params: environment_params(format: :json, search: search_param) + end + + it 'logs params correctly when search params are missing' do + expect(controller).to receive(:append_info_to_payload).and_wrap_original do |method, payload| + method.call(payload) + + expect(payload[:metadata]).not_to have_key('meta.environment.search') + expect(payload[:action]).to eq("search") + expect(payload[:controller]).to eq("Projects::EnvironmentsController") + end + + get :search, params: environment_params(format: :json) + end + + it 'logs params correctly when search params is empty string' do + expect(controller).to receive(:append_info_to_payload).and_wrap_original do |method, payload| + method.call(payload) + + expect(payload[:metadata]).not_to have_key('meta.environment.search') + expect(payload[:action]).to eq("search") + expect(payload[:controller]).to eq("Projects::EnvironmentsController") + end + + get :search, params: environment_params(format: :json, search: "") + end + end + + context 'when search_environment_logging feature is enabled' do + before do + stub_feature_flags(environments_search_logging: true) + end + + it 'logs search params in meta.environment.search' do + expect(controller).to receive(:append_info_to_payload).and_wrap_original do |method, payload| + method.call(payload) + + expect(payload[:metadata]['meta.environment.search']).to eq(search_param) + expect(payload[:action]).to eq("search") + expect(payload[:controller]).to eq("Projects::EnvironmentsController") + end + + get :search, params: environment_params(format: :json, search: search_param) + end + + it 'logs params correctly when search params are missing' do + expect(controller).to receive(:append_info_to_payload).and_wrap_original do |method, payload| + method.call(payload) + + expect(payload[:metadata]).not_to have_key('meta.environment.search') + expect(payload[:action]).to eq("search") + expect(payload[:controller]).to eq("Projects::EnvironmentsController") + end + + get :search, params: environment_params(format: :json) + end + + it 'logs params correctly when search params is empty string' do + expect(controller).to receive(:append_info_to_payload).and_wrap_original do |method, payload| + method.call(payload) + + expect(payload[:metadata]).not_to have_key('meta.environment.search') + expect(payload[:action]).to eq("search") + expect(payload[:controller]).to eq("Projects::EnvironmentsController") + end + + get :search, params: environment_params(format: :json, search: "") + end + end + end + def environment_params(opts = {}) opts.reverse_merge(namespace_id: project.namespace, project_id: project, diff --git a/spec/controllers/projects/group_links_controller_spec.rb b/spec/controllers/projects/group_links_controller_spec.rb index 96705d82ac5..a5c00d24e30 100644 --- a/spec/controllers/projects/group_links_controller_spec.rb +++ b/spec/controllers/projects/group_links_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Projects::GroupLinksController do +RSpec.describe Projects::GroupLinksController, feature_category: :authentication_and_authorization do let_it_be(:group) { create(:group, :private) } let_it_be(:group2) { create(:group, :private) } let_it_be(:project) { create(:project, :private, group: group2) } @@ -60,4 +60,79 @@ RSpec.describe Projects::GroupLinksController do end end end + + describe '#destroy' do + let(:group_owner) { create(:user) } + + let(:link) do + create(:project_group_link, project: project, group: group, group_access: Gitlab::Access::DEVELOPER) + end + + subject(:destroy_link) do + post(:destroy, params: { namespace_id: project.namespace.to_param, + project_id: project.to_param, + id: link.id }) + end + + shared_examples 'success response' do + it 'deletes the project group link' do + destroy_link + + expect(response).to redirect_to(project_project_members_path(project)) + expect(response).to have_gitlab_http_status(:found) + end + end + + context 'when user is group owner' do + before do + link.group.add_owner(group_owner) + sign_in(group_owner) + end + + context 'when user is not project maintainer' do + it 'deletes the project group link and redirects to group show page' do + destroy_link + + expect(response).to redirect_to(group_path(group)) + expect(response).to have_gitlab_http_status(:found) + end + end + + context 'when user is a project maintainer' do + before do + project.add_maintainer(group_owner) + end + + it 'deletes the project group link and redirects to group show page' do + destroy_link + + expect(response).to redirect_to(group_path(group)) + expect(response).to have_gitlab_http_status(:found) + end + end + end + + context 'when user is not a group owner' do + context 'when user is a project maintainer' do + before do + sign_in(user) + end + + it_behaves_like 'success response' + end + + context 'when user is not a project maintainer' do + before do + project.add_developer(user) + sign_in(user) + end + + it 'renders 404' do + destroy_link + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + end end diff --git a/spec/controllers/projects/merge_requests/creations_controller_spec.rb b/spec/controllers/projects/merge_requests/creations_controller_spec.rb index ace8c04b819..7db708e0e78 100644 --- a/spec/controllers/projects/merge_requests/creations_controller_spec.rb +++ b/spec/controllers/projects/merge_requests/creations_controller_spec.rb @@ -307,7 +307,7 @@ RSpec.describe Projects::MergeRequests::CreationsController do end end - describe 'GET target_projects', feature_category: :code_review do + describe 'GET target_projects', feature_category: :code_review_workflow do it 'returns target projects JSON' do get :target_projects, params: { namespace_id: project.namespace.to_param, project_id: project } diff --git a/spec/controllers/projects/merge_requests/diffs_controller_spec.rb b/spec/controllers/projects/merge_requests/diffs_controller_spec.rb index 613d82efd06..4de724fd6d6 100644 --- a/spec/controllers/projects/merge_requests/diffs_controller_spec.rb +++ b/spec/controllers/projects/merge_requests/diffs_controller_spec.rb @@ -213,7 +213,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do commit: nil, latest_diff: true, only_context_commits: false, - merge_conflicts_in_diff: true, merge_ref_head_diff: false } end @@ -281,7 +280,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do commit: nil, latest_diff: true, only_context_commits: false, - merge_conflicts_in_diff: true, merge_ref_head_diff: nil } end @@ -303,33 +301,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do commit: merge_request.diff_head_commit, latest_diff: nil, only_context_commits: false, - merge_conflicts_in_diff: true, - merge_ref_head_diff: nil - } - end - end - end - - context 'when display_merge_conflicts_in_diff is disabled' do - subject { go } - - before do - stub_feature_flags(display_merge_conflicts_in_diff: false) - end - - it_behaves_like 'serializes diffs metadata with expected arguments' do - let(:collection) { Gitlab::Diff::FileCollection::MergeRequestDiff } - let(:expected_options) do - { - merge_request: merge_request, - merge_request_diff: merge_request.merge_request_diff, - merge_request_diffs: merge_request.merge_request_diffs, - start_version: nil, - start_sha: nil, - commit: nil, - latest_diff: true, - only_context_commits: false, - merge_conflicts_in_diff: false, merge_ref_head_diff: nil } end @@ -430,6 +401,16 @@ RSpec.describe Projects::MergeRequests::DiffsController do expect(response).to have_gitlab_http_status(:ok) end + it 'measures certain parts of the request' do + allow(Gitlab::Metrics).to receive(:measure).and_call_original + expect(Gitlab::Metrics).to receive(:measure).with(:diffs_unfoldable_positions).and_call_original + expect(Gitlab::Metrics).to receive(:measure).with(:diffs_unfold).and_call_original + expect(Gitlab::Metrics).to receive(:measure).with(:diffs_write_cache).and_call_original + expect(Gitlab::Metrics).to receive(:measure).with(:diffs_render).and_call_original + + subject + end + it 'tracks mr_diffs event' do expect(Gitlab::UsageDataCounters::MergeRequestActivityUniqueCounter) .to receive(:track_mr_diffs_action) @@ -488,7 +469,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do commit: nil, diff_view: :inline, merge_ref_head_diff: nil, - merge_conflicts_in_diff: true, pagination_data: { total_pages: nil }.merge(pagination_data) @@ -607,21 +587,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do it_behaves_like 'successful request' end - context 'when display_merge_conflicts_in_diff is disabled' do - before do - stub_feature_flags(display_merge_conflicts_in_diff: false) - end - - subject { go } - - it_behaves_like 'serializes diffs with expected arguments' do - let(:collection) { Gitlab::Diff::FileCollection::MergeRequestDiffBatch } - let(:expected_options) { collection_arguments(total_pages: 20).merge(merge_conflicts_in_diff: false) } - end - - it_behaves_like 'successful request' - end - it_behaves_like 'forked project with submodules' it_behaves_like 'cached diff collection' diff --git a/spec/controllers/projects/merge_requests_controller_spec.rb b/spec/controllers/projects/merge_requests_controller_spec.rb index a93dc806283..095775b0ddd 100644 --- a/spec/controllers/projects/merge_requests_controller_spec.rb +++ b/spec/controllers/projects/merge_requests_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Projects::MergeRequestsController, feature_category: :code_review do +RSpec.describe Projects::MergeRequestsController, feature_category: :code_review_workflow do include ProjectForksHelper include Gitlab::Routing using RSpec::Parameterized::TableSyntax @@ -229,6 +229,16 @@ RSpec.describe Projects::MergeRequestsController, feature_category: :code_review expect(response.headers[Gitlab::Workhorse::SEND_DATA_HEADER]).to start_with("git-diff:") end + + context 'when there is no diff' do + it 'renders 404' do + merge_request.merge_request_diff.destroy! + + go(format: :diff) + + expect(response).to have_gitlab_http_status(:not_found) + end + end end describe "as patch" do @@ -237,6 +247,16 @@ RSpec.describe Projects::MergeRequestsController, feature_category: :code_review expect(response.headers[Gitlab::Workhorse::SEND_DATA_HEADER]).to start_with("git-format-patch:") end + + context 'when there is no diff' do + it 'renders 404' do + merge_request.merge_request_diff.destroy! + + go(format: :patch) + + expect(response).to have_gitlab_http_status(:not_found) + end + end end end @@ -2132,12 +2152,13 @@ RSpec.describe Projects::MergeRequestsController, feature_category: :code_review create(:protected_branch, project: project, name: merge_request.source_branch, allow_force_push: false) end - it 'returns 404' do + it 'returns 403' do expect_rebase_worker_for(user).never post_rebase - expect(response).to have_gitlab_http_status(:not_found) + expect(response).to have_gitlab_http_status(:forbidden) + expect(json_response['merge_error']).to eq('Source branch is protected from force push') end end @@ -2153,12 +2174,13 @@ RSpec.describe Projects::MergeRequestsController, feature_category: :code_review forked_project.add_reporter(user) end - it 'returns 404' do + it 'returns 403' do expect_rebase_worker_for(user).never post_rebase - expect(response).to have_gitlab_http_status(:not_found) + expect(response).to have_gitlab_http_status(:forbidden) + expect(json_response['merge_error']).to eq('Cannot push to source branch') end end diff --git a/spec/controllers/projects/pages_domains_controller_spec.rb b/spec/controllers/projects/pages_domains_controller_spec.rb index b29bbef0c40..9cc740fcbef 100644 --- a/spec/controllers/projects/pages_domains_controller_spec.rb +++ b/spec/controllers/projects/pages_domains_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Projects::PagesDomainsController do +RSpec.describe Projects::PagesDomainsController, feature_category: :pages do let(:user) { create(:user) } let(:project) { create(:project) } let!(:pages_domain) { create(:pages_domain, project: project) } @@ -70,6 +70,7 @@ RSpec.describe Projects::PagesDomainsController do project_id: project.id, namespace_id: project.namespace.id, root_namespace_id: project.root_namespace.id, + domain_id: kind_of(Numeric), domain: pages_domain_params[:domain] ) @@ -119,6 +120,7 @@ RSpec.describe Projects::PagesDomainsController do project_id: project.id, namespace_id: project.namespace.id, root_namespace_id: project.root_namespace.id, + domain_id: pages_domain.id, domain: pages_domain.domain ) end @@ -226,6 +228,7 @@ RSpec.describe Projects::PagesDomainsController do project_id: project.id, namespace_id: project.namespace.id, root_namespace_id: project.root_namespace.id, + domain_id: pages_domain.id, domain: pages_domain.domain ) @@ -251,6 +254,7 @@ RSpec.describe Projects::PagesDomainsController do project_id: project.id, namespace_id: project.namespace.id, root_namespace_id: project.root_namespace.id, + domain_id: pages_domain.id, domain: pages_domain.domain ) end diff --git a/spec/controllers/projects/pipelines_controller_spec.rb b/spec/controllers/projects/pipelines_controller_spec.rb index f66e4b133ca..3d1d28945f7 100644 --- a/spec/controllers/projects/pipelines_controller_spec.rb +++ b/spec/controllers/projects/pipelines_controller_spec.rb @@ -84,6 +84,13 @@ RSpec.describe Projects::PipelinesController do end context 'when performing gitaly calls', :request_store do + before do + # To prevent double writes / fallback read due to MultiStore which is failing the `Gitlab::GitalyClient + # .get_request_count` expectation. + stub_feature_flags(use_primary_store_as_default_for_repository_cache: false) + stub_feature_flags(use_primary_and_secondary_stores_for_repository_cache: false) + end + it 'limits the Gitaly requests' do # Isolate from test preparation (Repository#exists? is also cached in RequestStore) RequestStore.end! diff --git a/spec/controllers/projects/protected_branches_controller_spec.rb b/spec/controllers/projects/protected_branches_controller_spec.rb index 14728618633..6778d4100b8 100644 --- a/spec/controllers/projects/protected_branches_controller_spec.rb +++ b/spec/controllers/projects/protected_branches_controller_spec.rb @@ -33,21 +33,26 @@ RSpec.describe Projects::ProtectedBranchesController do let(:create_params) { attributes_for(:protected_branch).merge(access_level_params) } - it 'creates the protected branch rule' do - expect do - post(:create, params: project_params.merge(protected_branch: create_params)) - end.to change(ProtectedBranch, :count).by(1) - end + describe "created successfully" do + using RSpec::Parameterized::TableSyntax - context 'when repository is empty' do - let(:project) { empty_project } + let(:protected_branch) { create(:protected_branch, project: ref_project) } + let(:project_params) { { namespace_id: ref_project.namespace.to_param, project_id: ref_project } } + + subject { post(:create, params: project_params.merge(protected_branch: create_params), format: format) } - it 'creates the protected branch rule' do - expect do - post(:create, params: project_params.merge(protected_branch: create_params)) - end.to change(ProtectedBranch, :count).by(1) + where(:format, :ref_project, :response_status) do + :html | ref(:project) | :found + :html | ref(:empty_project) | :found + :json | ref(:project) | :ok + :json | ref(:empty_project) | :ok + end - expect(response).to have_gitlab_http_status(:found) + with_them do + it 'creates a protected branch' do + expect { subject }.to change(ProtectedBranch, :count).by(1) + expect(response).to have_gitlab_http_status(response_status) + end end end diff --git a/spec/controllers/projects/releases/evidences_controller_spec.rb b/spec/controllers/projects/releases/evidences_controller_spec.rb index 68433969d69..879cbc543e9 100644 --- a/spec/controllers/projects/releases/evidences_controller_spec.rb +++ b/spec/controllers/projects/releases/evidences_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Projects::Releases::EvidencesController do +RSpec.describe Projects::Releases::EvidencesController, :with_license do let!(:project) { create(:project, :repository, :public) } let_it_be(:private_project) { create(:project, :repository, :private) } let_it_be(:developer) { create(:user) } diff --git a/spec/controllers/registrations/welcome_controller_spec.rb b/spec/controllers/registrations/welcome_controller_spec.rb index a3b246fbedd..b5416d226e1 100644 --- a/spec/controllers/registrations/welcome_controller_spec.rb +++ b/spec/controllers/registrations/welcome_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Registrations::WelcomeController do +RSpec.describe Registrations::WelcomeController, feature_category: :authentication_and_authorization do let(:user) { create(:user) } describe '#welcome' do @@ -47,7 +47,7 @@ RSpec.describe Registrations::WelcomeController do it { is_expected.to render_template(:show) } end - context '2FA is required from group' do + context 'when 2FA is required from group' do before do user = create(:user, require_two_factor_authentication_from_group: true) sign_in(user) @@ -99,7 +99,7 @@ RSpec.describe Registrations::WelcomeController do end context 'when tasks to be done are assigned' do - let!(:member1) { create(:group_member, user: user, tasks_to_be_done: %w(ci code)) } + let!(:member1) { create(:group_member, user: user, tasks_to_be_done: %w[ci code]) } it { is_expected.to redirect_to(issues_dashboard_path(assignee_username: user.username)) } end diff --git a/spec/controllers/registrations_controller_spec.rb b/spec/controllers/registrations_controller_spec.rb index 699052fe37a..d0439a18158 100644 --- a/spec/controllers/registrations_controller_spec.rb +++ b/spec/controllers/registrations_controller_spec.rb @@ -137,6 +137,21 @@ RSpec.describe RegistrationsController do end end + context 'private profile' do + context 'when the `user_defaults_to_private_profile` setting is turned on' do + before do + stub_application_setting(user_defaults_to_private_profile: true) + end + + it 'creates new user with profile set to private' do + subject + user = User.find_by(email: base_user_params[:email], private_profile: true) + + expect(user).to be_present + end + end + end + context 'email confirmation' do before do stub_feature_flags(identity_verification: false) diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb index 3e9c56d3274..8015136d1e0 100644 --- a/spec/controllers/uploads_controller_spec.rb +++ b/spec/controllers/uploads_controller_spec.rb @@ -658,19 +658,17 @@ RSpec.describe UploadsController do end context 'Appearance' do - context 'when viewing a custom header logo' do - let!(:appearance) { create :appearance, header_logo: fixture_file_upload('spec/fixtures/dk.png', 'image/png') } - + shared_examples 'view custom logo' do |mounted_as| context 'when not signed in' do it 'responds with status 200' do - get :show, params: { model: 'appearance', mounted_as: 'header_logo', id: appearance.id, filename: 'dk.png' } + get :show, params: { model: 'appearance', mounted_as: mounted_as, id: appearance.id, filename: 'dk.png' } expect(response).to have_gitlab_http_status(:ok) end it_behaves_like 'content publicly cached' do subject do - get :show, params: { model: 'appearance', mounted_as: 'header_logo', id: appearance.id, filename: 'dk.png' } + get :show, params: { model: 'appearance', mounted_as: mounted_as, id: appearance.id, filename: 'dk.png' } response end @@ -678,24 +676,22 @@ RSpec.describe UploadsController do end end - context 'when viewing a custom logo' do - let!(:appearance) { create :appearance, logo: fixture_file_upload('spec/fixtures/dk.png', 'image/png') } + context 'when viewing a custom pwa icon' do + let!(:appearance) { create :appearance, pwa_icon: fixture_file_upload('spec/fixtures/dk.png', 'image/png') } - context 'when not signed in' do - it 'responds with status 200' do - get :show, params: { model: 'appearance', mounted_as: 'logo', id: appearance.id, filename: 'dk.png' } + it_behaves_like 'view custom logo', 'pwa_icon' + end - expect(response).to have_gitlab_http_status(:ok) - end + context 'when viewing a custom header logo' do + let!(:appearance) { create :appearance, header_logo: fixture_file_upload('spec/fixtures/dk.png', 'image/png') } - it_behaves_like 'content publicly cached' do - subject do - get :show, params: { model: 'appearance', mounted_as: 'logo', id: appearance.id, filename: 'dk.png' } + it_behaves_like 'view custom logo', 'header_logo' + end - response - end - end - end + context 'when viewing a custom logo' do + let!(:appearance) { create :appearance, logo: fixture_file_upload('spec/fixtures/dk.png', 'image/png') } + + it_behaves_like 'view custom logo', 'logo' end end @@ -740,6 +736,46 @@ RSpec.describe UploadsController do expect(response).to have_gitlab_http_status(:ok) end end + + context "when viewing an achievement" do + let!(:achievement) { create(:achievement, avatar: fixture_file_upload("spec/fixtures/dk.png", "image/png")) } + + context "when signed in" do + before do + sign_in(user) + end + + it "responds with status 200" do + get :show, params: { model: "achievements/achievement", mounted_as: "avatar", id: achievement.id, filename: "dk.png" } + + expect(response).to have_gitlab_http_status(:ok) + end + + it_behaves_like 'content publicly cached' do + subject do + get :show, params: { model: "achievements/achievement", mounted_as: "avatar", id: achievement.id, filename: "dk.png" } + + response + end + end + end + + context "when not signed in" do + it "responds with status 200" do + get :show, params: { model: "achievements/achievement", mounted_as: "avatar", id: achievement.id, filename: "dk.png" } + + expect(response).to have_gitlab_http_status(:ok) + end + + it_behaves_like 'content publicly cached' do + subject do + get :show, params: { model: "achievements/achievement", mounted_as: "avatar", id: achievement.id, filename: "dk.png" } + + response + end + end + end + end end def post_authorize(verified: true) |