5 files changed, 65 insertions, 2 deletions

diff --git a/spec/controllers/admin/application_settings_controller_spec.rb b/spec/controllers/admin/application_settings_controller_spec.rb
index 2565622f8df..cc1b1e5039e 100644
--- a/spec/controllers/admin/application_settings_controller_spec.rb
+++ b/spec/controllers/admin/application_settings_controller_spec.rb
@@ -51,6 +51,13 @@ describe Admin::ApplicationSettingsController do
       sign_in(admin)
     end
 
+    it 'updates the password_authentication_enabled_for_git setting' do
+      put :update, application_setting: { password_authentication_enabled_for_git: "0" }
+
+      expect(response).to redirect_to(admin_application_settings_path)
+      expect(ApplicationSetting.current.password_authentication_enabled_for_git).to eq(false)
+    end
+
     it 'updates the default_project_visibility for string value' do
       put :update, application_setting: { default_project_visibility: "20" }
 
diff --git a/spec/controllers/dashboard/groups_controller_spec.rb b/spec/controllers/dashboard/groups_controller_spec.rb
index fb9d3efbac0..7f2eaf95165 100644
--- a/spec/controllers/dashboard/groups_controller_spec.rb
+++ b/spec/controllers/dashboard/groups_controller_spec.rb
@@ -20,4 +20,24 @@ describe Dashboard::GroupsController do
 
     expect(assigns(:groups)).to contain_exactly(member_of_group)
   end
+
+  context 'when rendering an expanded hierarchy with public groups you are not a member of', :nested_groups do
+    let!(:top_level_result) { create(:group, name: 'chef-top') }
+    let!(:top_level_a) { create(:group, name: 'top-a') }
+    let!(:sub_level_result_a) { create(:group, name: 'chef-sub-a', parent: top_level_a) }
+    let!(:other_group) { create(:group, name: 'other') }
+
+    before do
+      top_level_result.add_master(user)
+      top_level_a.add_master(user)
+    end
+
+    it 'renders only groups the user is a member of when searching hierarchy correctly' do
+      get :index, filter: 'chef', format: :json
+
+      expect(response).to have_gitlab_http_status(200)
+      all_groups = [top_level_result, top_level_a, sub_level_result_a]
+      expect(assigns(:groups)).to contain_exactly(*all_groups)
+    end
+  end
 end
diff --git a/spec/controllers/groups/children_controller_spec.rb b/spec/controllers/groups/children_controller_spec.rb
index cb1b460fc0e..22d3076c269 100644
--- a/spec/controllers/groups/children_controller_spec.rb
+++ b/spec/controllers/groups/children_controller_spec.rb
@@ -160,6 +160,30 @@ describe Groups::ChildrenController do
           expect(json_response).to eq([])
         end
 
+        it 'succeeds if multiple pages contain matching subgroups' do
+          create(:group, parent: group, name: 'subgroup-filter-1')
+          create(:group, parent: group, name: 'subgroup-filter-2')
+
+          # Creating the group-to-nest first so it would be loaded into the
+          # relation first before it's parents, this is what would cause the
+          # crash in: https://gitlab.com/gitlab-org/gitlab-ce/issues/40785.
+          #
+          # If we create the parent groups first, those would be loaded into the
+          # collection first, and the pagination would cut off the actual search
+          # result. In this case the hierarchy can be rendered without crashing,
+          # it's just incomplete.
+          group_to_nest = create(:group, parent: group, name: 'subsubgroup-filter-3')
+          subgroup = create(:group, parent: group)
+          3.times do |i|
+            subgroup = create(:group, parent: subgroup)
+          end
+          group_to_nest.update!(parent: subgroup)
+
+          get :index, group_id: group.to_param, filter: 'filter', per_page: 3, format: :json
+
+          expect(response).to have_gitlab_http_status(200)
+        end
+
         it 'includes pagination headers' do
           2.times { |i| create(:group, :public, parent: public_subgroup, name: "filterme#{i}") }
 
diff --git a/spec/controllers/projects/avatars_controller_spec.rb b/spec/controllers/projects/avatars_controller_spec.rb
index 3bbe168f6d5..6a41c4d23ea 100644
--- a/spec/controllers/projects/avatars_controller_spec.rb
+++ b/spec/controllers/projects/avatars_controller_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Projects::AvatarsController do
-  let(:project) { create(:project, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
+  let(:project) { create(:project, :repository, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
   let(:user)    { create(:user) }
 
   before do
@@ -10,6 +10,12 @@ describe Projects::AvatarsController do
     controller.instance_variable_set(:@project, project)
   end
 
+  it 'GET #show' do
+    get :show, namespace_id: project.namespace.id, project_id: project.id
+
+    expect(response).to have_gitlab_http_status(404)
+  end
+
   it 'removes avatar from DB by calling destroy' do
     delete :destroy, namespace_id: project.namespace.id, project_id: project.id
     expect(project.avatar.present?).to be_falsey
diff --git a/spec/controllers/projects/commits_controller_spec.rb b/spec/controllers/projects/commits_controller_spec.rb
index 73fb90d73ec..55ed276f96b 100644
--- a/spec/controllers/projects/commits_controller_spec.rb
+++ b/spec/controllers/projects/commits_controller_spec.rb
@@ -41,15 +41,21 @@ describe Projects::CommitsController do
 
     context "when the ref name ends in .atom" do
       context "when the ref does not exist with the suffix" do
-        it "renders as atom" do
+        before do
           get(:show,
               namespace_id: project.namespace,
               project_id: project,
               id: "master.atom")
+        end
 
+        it "renders as atom" do
           expect(response).to be_success
           expect(response.content_type).to eq('application/atom+xml')
         end
+
+        it 'renders summary with type=html' do
+          expect(response.body).to include('<summary type="html">')
+        end
       end
 
       context "when the ref exists with the suffix" do