5 files changed, 96 insertions, 48 deletions

diff --git a/spec/requests/api/graphql/achievements/user_achievements_query_spec.rb b/spec/requests/api/graphql/achievements/user_achievements_query_spec.rb
index dc19f3bdc91..080f375245d 100644
--- a/spec/requests/api/graphql/achievements/user_achievements_query_spec.rb
+++ b/spec/requests/api/graphql/achievements/user_achievements_query_spec.rb
@@ -8,8 +8,8 @@ RSpec.describe 'UserAchievements', feature_category: :user_profile do
   let_it_be(:user) { create(:user) }
   let_it_be(:group) { create(:group, :public) }
   let_it_be(:achievement) { create(:achievement, namespace: group) }
-  let_it_be(:user_achievement1) { create(:user_achievement, achievement: achievement, user: user) }
-  let_it_be(:user_achievement2) { create(:user_achievement, :revoked, achievement: achievement, user: user) }
+  let_it_be(:non_revoked_achievement1) { create(:user_achievement, achievement: achievement, user: user) }
+  let_it_be(:non_revoked_achievement2) { create(:user_achievement, :revoked, achievement: achievement, user: user) }
   let_it_be(:fields) do
     <<~HEREDOC
       id
@@ -51,11 +51,10 @@ RSpec.describe 'UserAchievements', feature_category: :user_profile do
 
   it_behaves_like 'a working graphql query'
 
-  it 'returns all user_achievements' do
+  it 'returns all non_revoked user_achievements' do
     expect(graphql_data_at(:namespace, :achievements, :nodes, :userAchievements, :nodes))
       .to contain_exactly(
-        a_graphql_entity_for(user_achievement1),
-        a_graphql_entity_for(user_achievement2)
+        a_graphql_entity_for(non_revoked_achievement1)
       )
   end
 
@@ -65,9 +64,7 @@ RSpec.describe 'UserAchievements', feature_category: :user_profile do
     end.count
 
     user2 = create(:user)
-    create_list(:achievement, 3, namespace: group) do |a|
-      create(:user_achievement, achievement: a, user: user2)
-    end
+    create(:user_achievement, achievement: achievement, user: user2)
 
     expect { post_graphql(query, current_user: user) }.not_to exceed_all_query_limit(control_count)
   end
diff --git a/spec/requests/api/graphql/user/user_achievements_query_spec.rb b/spec/requests/api/graphql/user/user_achievements_query_spec.rb
index be67009784b..27d32d07372 100644
--- a/spec/requests/api/graphql/user/user_achievements_query_spec.rb
+++ b/spec/requests/api/graphql/user/user_achievements_query_spec.rb
@@ -8,7 +8,8 @@ RSpec.describe 'UserAchievements', feature_category: :user_profile do
   let_it_be(:user) { create(:user) }
   let_it_be(:group) { create(:group, :private) }
   let_it_be(:achievement) { create(:achievement, namespace: group) }
-  let_it_be(:user_achievements) { create_list(:user_achievement, 2, achievement: achievement, user: user) }
+  let_it_be(:non_revoked_achievement) { create(:user_achievement, achievement: achievement, user: user) }
+  let_it_be(:revoked_achievement) { create(:user_achievement, :revoked, achievement: achievement, user: user) }
   let_it_be(:fields) do
     <<~HEREDOC
     userAchievements {
@@ -47,10 +48,9 @@ RSpec.describe 'UserAchievements', feature_category: :user_profile do
 
   it_behaves_like 'a working graphql query'
 
-  it 'returns all user_achievements' do
+  it 'returns all non_revoked user_achievements' do
     expect(graphql_data_at(:user, :userAchievements, :nodes)).to contain_exactly(
-      a_graphql_entity_for(user_achievements[0]),
-      a_graphql_entity_for(user_achievements[1])
+      a_graphql_entity_for(non_revoked_achievement)
     )
   end
 
@@ -88,8 +88,7 @@ RSpec.describe 'UserAchievements', feature_category: :user_profile do
 
     it 'returns all achievements' do
       expect(graphql_data_at(:user, :userAchievements, :nodes)).to contain_exactly(
-        a_graphql_entity_for(user_achievements[0]),
-        a_graphql_entity_for(user_achievements[1])
+        a_graphql_entity_for(non_revoked_achievement)
       )
     end
   end
diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb
index dff41c4c477..6414b1efe6a 100644
--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
@@ -10,6 +10,9 @@ RSpec.describe API::Internal::Base, feature_category: :system_access do
   let_it_be(:project, reload: true) { create(:project, :repository, :wiki_repo) }
   let_it_be(:personal_snippet) { create(:personal_snippet, :repository, author: user) }
   let_it_be(:project_snippet) { create(:project_snippet, :repository, author: user, project: project) }
+  let_it_be(:max_pat_access_token_lifetime) do
+    PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now.to_date.freeze
+  end
 
   let(:key) { create(:key, user: user) }
   let(:secret_token) { Gitlab::Shell.secret_token }
@@ -194,39 +197,68 @@ RSpec.describe API::Internal::Base, feature_category: :system_access do
       expect(json_response['message']).to match(/\AInvalid scope: 'badscope'. Valid scopes are: /)
     end
 
-    it 'returns a token without expiry when the expires_at parameter is missing' do
-      token_size = (PersonalAccessToken.token_prefix || '').size + 20
+    it 'returns a token with expiry when it receives a valid expires_at parameter' do
+      freeze_time do
+        token_size = (PersonalAccessToken.token_prefix || '').size + 20
+
+        post api('/internal/personal_access_token'),
+          params: {
+            key_id: key.id,
+            name: 'newtoken',
+            scopes: %w(read_api read_repository),
+            expires_at: max_pat_access_token_lifetime
+          },
+          headers: gitlab_shell_internal_api_request_header
 
-      post api('/internal/personal_access_token'),
-           params: {
-             key_id: key.id,
-             name: 'newtoken',
-             scopes: %w(read_api read_repository)
-           },
-           headers: gitlab_shell_internal_api_request_header
+        expect(json_response['success']).to be_truthy
+        expect(json_response['token']).to match(/\A\S{#{token_size}}\z/)
+        expect(json_response['scopes']).to match_array(%w(read_api read_repository))
+        expect(json_response['expires_at']).to eq(max_pat_access_token_lifetime.iso8601)
+      end
+    end
+
+    context 'when default_pat_expiration feature flag is true' do
+      it 'returns token with expiry as PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS' do
+        freeze_time do
+          token_size = (PersonalAccessToken.token_prefix || '').size + 20
 
-      expect(json_response['success']).to be_truthy
-      expect(json_response['token']).to match(/\A\S{#{token_size}}\z/)
-      expect(json_response['scopes']).to match_array(%w(read_api read_repository))
-      expect(json_response['expires_at']).to be_nil
+          post api('/internal/personal_access_token'),
+            params: {
+              key_id: key.id,
+              name: 'newtoken',
+              scopes: %w(read_api read_repository)
+            },
+            headers: gitlab_shell_internal_api_request_header
+
+          expect(json_response['success']).to be_truthy
+          expect(json_response['token']).to match(/\A\S{#{token_size}}\z/)
+          expect(json_response['scopes']).to match_array(%w(read_api read_repository))
+          expect(json_response['expires_at']).to eq(max_pat_access_token_lifetime.iso8601)
+        end
+      end
     end
 
-    it 'returns a token with expiry when it receives a valid expires_at parameter' do
-      token_size = (PersonalAccessToken.token_prefix || '').size + 20
+    context 'when default_pat_expiration feature flag is false' do
+      before do
+        stub_feature_flags(default_pat_expiration: false)
+      end
 
-      post api('/internal/personal_access_token'),
-           params: {
-             key_id: key.id,
-             name: 'newtoken',
-             scopes: %w(read_api read_repository),
-             expires_at: '9001-11-17'
-           },
-           headers: gitlab_shell_internal_api_request_header
+      it 'uses nil expiration value' do
+        token_size = (PersonalAccessToken.token_prefix || '').size + 20
+
+        post api('/internal/personal_access_token'),
+            params: {
+              key_id: key.id,
+              name: 'newtoken',
+              scopes: %w(read_api read_repository)
+            },
+            headers: gitlab_shell_internal_api_request_header
 
-      expect(json_response['success']).to be_truthy
-      expect(json_response['token']).to match(/\A\S{#{token_size}}\z/)
-      expect(json_response['scopes']).to match_array(%w(read_api read_repository))
-      expect(json_response['expires_at']).to eq('9001-11-17')
+        expect(json_response['success']).to be_truthy
+        expect(json_response['token']).to match(/\A\S{#{token_size}}\z/)
+        expect(json_response['scopes']).to match_array(%w(read_api read_repository))
+        expect(json_response['expires_at']).to be_nil
+      end
     end
   end
 
diff --git a/spec/requests/api/issues/issues_spec.rb b/spec/requests/api/issues/issues_spec.rb
index 15a89527677..af289352778 100644
--- a/spec/requests/api/issues/issues_spec.rb
+++ b/spec/requests/api/issues/issues_spec.rb
@@ -1210,7 +1210,7 @@ RSpec.describe API::Issues, feature_category: :team_planning do
       it 'allows issue type to be converted' do
         put api("/projects/#{project.id}/issues/#{issue.iid}", user), params: { issue_type: 'incident' }
 
-        expect(issue.reload.incident?).to be(true)
+        expect(issue.reload.work_item_type.incident?).to be(true)
       end
     end
   end
diff --git a/spec/requests/api/resource_access_tokens_spec.rb b/spec/requests/api/resource_access_tokens_spec.rb
index a13aa48a497..ce05fa2b383 100644
--- a/spec/requests/api/resource_access_tokens_spec.rb
+++ b/spec/requests/api/resource_access_tokens_spec.rb
@@ -336,13 +336,33 @@ RSpec.describe API::ResourceAccessTokens, feature_category: :system_access do
           context "when 'expires_at' is not set" do
             let(:expires_at) { nil }
 
-            it "creates a #{source_type} access token with the params", :aggregate_failures do
-              create_token
+            context 'when default_pat_expiration feature flag is true' do
+              it "creates a #{source_type} access token with the default expires_at value", :aggregate_failures do
+                freeze_time do
+                  create_token
+                  expires_at = PersonalAccessToken::MAX_PERSONAL_ACCESS_TOKEN_LIFETIME_IN_DAYS.days.from_now
+
+                  expect(response).to have_gitlab_http_status(:created)
+                  expect(json_response["name"]).to eq("test")
+                  expect(json_response["scopes"]).to eq(["api"])
+                  expect(json_response["expires_at"]).to eq(expires_at.to_date.iso8601)
+                end
+              end
+            end
 
-              expect(response).to have_gitlab_http_status(:created)
-              expect(json_response["name"]).to eq("test")
-              expect(json_response["scopes"]).to eq(["api"])
-              expect(json_response["expires_at"]).to eq(nil)
+            context 'when default_pat_expiration feature flag is false' do
+              before do
+                stub_feature_flags(default_pat_expiration: false)
+              end
+
+              it "creates a #{source_type} access token with the params", :aggregate_failures do
+                create_token
+
+                expect(response).to have_gitlab_http_status(:created)
+                expect(json_response["name"]).to eq("test")
+                expect(json_response["scopes"]).to eq(["api"])
+                expect(json_response["expires_at"]).to eq(nil)
+              end
             end
           end