4 files changed, 220 insertions, 20 deletions

diff --git a/spec/controllers/admin/applications_controller_spec.rb b/spec/controllers/admin/applications_controller_spec.rb
new file mode 100644
index 00000000000..e311b8a63b2
--- /dev/null
+++ b/spec/controllers/admin/applications_controller_spec.rb
@@ -0,0 +1,65 @@
+require 'spec_helper'
+
+describe Admin::ApplicationsController do
+  let(:admin) { create(:admin) }
+  let(:application) { create(:oauth_application, owner_id: nil, owner_type: nil) }
+
+  before do
+    sign_in(admin)
+  end
+
+  describe 'GET #new' do
+    it 'renders the application form' do
+      get :new
+
+      expect(response).to render_template :new
+      expect(assigns[:scopes]).to be_kind_of(Doorkeeper::OAuth::Scopes)
+    end
+  end
+
+  describe 'GET #edit' do
+    it 'renders the application form' do
+      get :edit, id: application.id
+
+      expect(response).to render_template :edit
+      expect(assigns[:scopes]).to be_kind_of(Doorkeeper::OAuth::Scopes)
+    end
+  end
+
+  describe 'POST #create' do
+    it 'creates the application' do
+      expect do
+        post :create, doorkeeper_application: attributes_for(:application)
+      end.to change { Doorkeeper::Application.count }.by(1)
+
+      application = Doorkeeper::Application.last
+
+      expect(response).to redirect_to(admin_application_path(application))
+    end
+
+    it 'renders the application form on errors' do
+      expect do
+        post :create, doorkeeper_application: attributes_for(:application).merge(redirect_uri: nil)
+      end.not_to change { Doorkeeper::Application.count }
+
+      expect(response).to render_template :new
+      expect(assigns[:scopes]).to be_kind_of(Doorkeeper::OAuth::Scopes)
+    end
+  end
+
+  describe 'PATCH #update' do
+    it 'updates the application' do
+      patch :update, id: application.id, doorkeeper_application: { redirect_uri: 'http://example.com/' }
+
+      expect(response).to redirect_to(admin_application_path(application))
+      expect(application.reload.redirect_uri).to eq 'http://example.com/'
+    end
+
+    it 'renders the application form on errors' do
+      patch :update, id: application.id, doorkeeper_application: { redirect_uri: nil }
+
+      expect(response).to render_template :edit
+      expect(assigns[:scopes]).to be_kind_of(Doorkeeper::OAuth::Scopes)
+    end
+  end
+end
diff --git a/spec/controllers/profiles/personal_access_tokens_spec.rb b/spec/controllers/profiles/personal_access_tokens_spec.rb
index 9d5f4c99f6d..e1353406b32 100644
--- a/spec/controllers/profiles/personal_access_tokens_spec.rb
+++ b/spec/controllers/profiles/personal_access_tokens_spec.rb
@@ -2,48 +2,55 @@ require 'spec_helper'
 
 describe Profiles::PersonalAccessTokensController do
   let(:user) { create(:user) }
+  let(:token_attributes) { attributes_for(:personal_access_token) }
+
+  before { sign_in(user) }
 
   describe '#create' do
     def created_token
       PersonalAccessToken.order(:created_at).last
     end
 
-    before { sign_in(user) }
-
-    it "allows creation of a token" do
+    it "allows creation of a token with scopes" do
       name = FFaker::Product.brand
+      scopes = %w[api read_user]
 
-      post :create, personal_access_token: { name: name }
+      post :create, personal_access_token: token_attributes.merge(scopes: scopes)
 
       expect(created_token).not_to be_nil
-      expect(created_token.name).to eq(name)
-      expect(created_token.expires_at).to be_nil
+      expect(created_token.name).to eq(token_attributes[:name])
+      expect(created_token.scopes).to eq(scopes)
       expect(PersonalAccessToken.active).to include(created_token)
     end
 
     it "allows creation of a token with an expiry date" do
-      expires_at = 5.days.from_now
+      expires_at = 5.days.from_now.to_date
 
-      post :create, personal_access_token: { name: FFaker::Product.brand, expires_at: expires_at }
+      post :create, personal_access_token: token_attributes.merge(expires_at: expires_at)
 
       expect(created_token).not_to be_nil
-      expect(created_token.expires_at.to_i).to eq(expires_at.to_i)
+      expect(created_token.expires_at).to eq(expires_at)
     end
+  end
 
-    context "scopes" do
-      it "allows creation of a token with scopes" do
-        post :create, personal_access_token: { name: FFaker::Product.brand, scopes: %w(api read_user) }
+  describe '#index' do
+    let!(:active_personal_access_token) { create(:personal_access_token, user: user) }
+    let!(:inactive_personal_access_token) { create(:personal_access_token, :revoked, user: user) }
+    let!(:impersonation_personal_access_token) { create(:personal_access_token, :impersonation, user: user) }
 
-        expect(created_token).not_to be_nil
-        expect(created_token.scopes).to eq(%w(api read_user))
-      end
+    before { get :index }
 
-      it "allows creation of a token with no scopes" do
-        post :create, personal_access_token: { name: FFaker::Product.brand, scopes: [] }
+    it "retrieves active personal access tokens" do
+      expect(assigns(:active_personal_access_tokens)).to include(active_personal_access_token)
+    end
+
+    it "retrieves inactive personal access tokens" do
+      expect(assigns(:inactive_personal_access_tokens)).to include(inactive_personal_access_token)
+    end
 
-        expect(created_token).not_to be_nil
-        expect(created_token.scopes).to eq([])
-      end
+    it "does not retrieve impersonation personal access tokens" do
+      expect(assigns(:active_personal_access_tokens)).not_to include(impersonation_personal_access_token)
+      expect(assigns(:inactive_personal_access_tokens)).not_to include(impersonation_personal_access_token)
     end
   end
 end
diff --git a/spec/controllers/projects/environments_controller_spec.rb b/spec/controllers/projects/environments_controller_spec.rb
index 84d119f1867..83d80b376fb 100644
--- a/spec/controllers/projects/environments_controller_spec.rb
+++ b/spec/controllers/projects/environments_controller_spec.rb
@@ -187,6 +187,52 @@ describe Projects::EnvironmentsController do
     end
   end
 
+  describe 'GET #metrics' do
+    before do
+      allow(controller).to receive(:environment).and_return(environment)
+    end
+
+    context 'when environment has no metrics' do
+      before do
+        expect(environment).to receive(:metrics).and_return(nil)
+      end
+
+      it 'returns a metrics page' do
+        get :metrics, environment_params
+
+        expect(response).to be_ok
+      end
+
+      context 'when requesting metrics as JSON' do
+        it 'returns a metrics JSON document' do
+          get :metrics, environment_params(format: :json)
+
+          expect(response).to have_http_status(204)
+          expect(json_response).to eq({})
+        end
+      end
+    end
+
+    context 'when environment has some metrics' do
+      before do
+        expect(environment).to receive(:metrics).and_return({
+          success: true,
+          metrics: {},
+          last_update: 42
+        })
+      end
+
+      it 'returns a metrics JSON document' do
+        get :metrics, environment_params(format: :json)
+
+        expect(response).to be_ok
+        expect(json_response['success']).to be(true)
+        expect(json_response['metrics']).to eq({})
+        expect(json_response['last_update']).to eq(42)
+      end
+    end
+  end
+
   def environment_params(opts = {})
     opts.reverse_merge(namespace_id: project.namespace,
                        project_id: project,
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index c9584ddf18c..f67d26da0ac 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -1,4 +1,9 @@
 require 'spec_helper'
+shared_examples 'content not cached without revalidation' do
+  it 'ensures content will not be cached without revalidation' do
+    expect(subject['Cache-Control']).to eq('max-age=0, private, must-revalidate')
+  end
+end
 
 describe UploadsController do
   let!(:user) { create(:user, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
@@ -50,6 +55,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'user', mounted_as: 'avatar', id: user.id, filename: 'image.png'
+              response
+            end
+          end
         end
       end
 
@@ -59,6 +71,13 @@ describe UploadsController do
 
           expect(response).to have_http_status(200)
         end
+
+        it_behaves_like 'content not cached without revalidation' do
+          subject do
+            get :show, model: 'user', mounted_as: 'avatar', id: user.id, filename: 'image.png'
+            response
+          end
+        end
       end
     end
 
@@ -76,6 +95,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'project', mounted_as: 'avatar', id: project.id, filename: 'image.png'
+              response
+            end
+          end
         end
 
         context "when signed in" do
@@ -88,6 +114,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'project', mounted_as: 'avatar', id: project.id, filename: 'image.png'
+              response
+            end
+          end
         end
       end
 
@@ -133,6 +166,13 @@ describe UploadsController do
 
                 expect(response).to have_http_status(200)
               end
+
+              it_behaves_like 'content not cached without revalidation' do
+                subject do
+                  get :show, model: 'project', mounted_as: 'avatar', id: project.id, filename: 'image.png'
+                  response
+                end
+              end
             end
           end
 
@@ -157,6 +197,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'group', mounted_as: 'avatar', id: group.id, filename: 'image.png'
+              response
+            end
+          end
         end
 
         context "when signed in" do
@@ -169,6 +216,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'group', mounted_as: 'avatar', id: group.id, filename: 'image.png'
+              response
+            end
+          end
         end
       end
 
@@ -205,6 +259,13 @@ describe UploadsController do
 
                 expect(response).to have_http_status(200)
               end
+
+              it_behaves_like 'content not cached without revalidation' do
+                subject do
+                  get :show, model: 'group', mounted_as: 'avatar', id: group.id, filename: 'image.png'
+                  response
+                end
+              end
             end
           end
 
@@ -234,6 +295,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'note', mounted_as: 'attachment', id: note.id, filename: 'image.png'
+              response
+            end
+          end
         end
 
         context "when signed in" do
@@ -246,6 +314,13 @@ describe UploadsController do
 
             expect(response).to have_http_status(200)
           end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'note', mounted_as: 'attachment', id: note.id, filename: 'image.png'
+              response
+            end
+          end
         end
       end
 
@@ -291,6 +366,13 @@ describe UploadsController do
 
                 expect(response).to have_http_status(200)
               end
+
+              it_behaves_like 'content not cached without revalidation' do
+                subject do
+                  get :show, model: 'note', mounted_as: 'attachment', id: note.id, filename: 'image.png'
+                  response
+                end
+              end
             end
           end