5 files changed, 103 insertions, 5 deletions

diff --git a/spec/services/users/approve_service_spec.rb b/spec/services/users/approve_service_spec.rb
index 55b2c83f4a8..9999e674c7d 100644
--- a/spec/services/users/approve_service_spec.rb
+++ b/spec/services/users/approve_service_spec.rb
@@ -33,7 +33,7 @@ RSpec.describe Users::ApproveService do
           it 'returns error result' do
             expect(subject[:status]).to eq(:error)
             expect(subject[:message])
-              .to match(/The user you are trying to approve is not pending an approval/)
+              .to match(/The user you are trying to approve is not pending approval/)
           end
         end
 
@@ -61,6 +61,14 @@ RSpec.describe Users::ApproveService do
           expect(user.reload).to be_active
         end
 
+        it 'logs approval in application logs' do
+          allow(Gitlab::AppLogger).to receive(:info)
+
+          subject
+
+          expect(Gitlab::AppLogger).to have_received(:info).with(message: "User instance access request approved", user: "#{user.username}", email: "#{user.email}", approved_by: "#{current_user.username}", ip_address: "#{current_user.current_sign_in_ip}")
+        end
+
         it 'emails the user on approval' do
           expect(DeviseMailer).to receive(:user_admin_approval).with(user).and_call_original
           expect { subject }.to have_enqueued_mail(DeviseMailer, :user_admin_approval)
@@ -82,6 +90,20 @@ RSpec.describe Users::ApproveService do
                 .not_to have_enqueued_mail(DeviseMailer, :confirmation_instructions)
             end
           end
+
+          context 'audit events' do
+            context 'when not licensed' do
+              before do
+                stub_licensed_features(
+                  admin_audit_log: false
+                )
+              end
+
+              it 'does not log any audit event' do
+                expect { subject }.not_to change(AuditEvent, :count)
+              end
+            end
+          end
         end
 
         context 'pending invitations' do
diff --git a/spec/services/users/batch_status_cleaner_service_spec.rb b/spec/services/users/batch_status_cleaner_service_spec.rb
new file mode 100644
index 00000000000..46a004542d8
--- /dev/null
+++ b/spec/services/users/batch_status_cleaner_service_spec.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Users::BatchStatusCleanerService do
+  let_it_be(:user_status_1) { create(:user_status, emoji: 'coffee', message: 'msg1', clear_status_at: 1.year.ago) }
+  let_it_be(:user_status_2) { create(:user_status, emoji: 'coffee', message: 'msg1', clear_status_at: 1.year.from_now) }
+  let_it_be(:user_status_3) { create(:user_status, emoji: 'coffee', message: 'msg1', clear_status_at: 2.years.ago) }
+  let_it_be(:user_status_4) { create(:user_status, emoji: 'coffee', message: 'msg1') }
+
+  subject(:result) { described_class.execute }
+
+  it 'cleans up scheduled user statuses' do
+    expect(result[:deleted_rows]).to eq(2)
+
+    deleted_statuses = UserStatus.where(user_id: [user_status_1.user_id, user_status_3.user_id])
+    expect(deleted_statuses).to be_empty
+  end
+
+  it 'does not affect rows with future clear_status_at' do
+    expect { result }.not_to change { user_status_2.reload }
+  end
+
+  it 'does not affect rows without clear_status_at' do
+    expect { result }.not_to change { user_status_4.reload }
+  end
+
+  describe 'batch_size' do
+    it 'clears status in batches' do
+      result = described_class.execute(batch_size: 1)
+
+      expect(result[:deleted_rows]).to eq(1)
+
+      result = described_class.execute(batch_size: 1)
+
+      expect(result[:deleted_rows]).to eq(1)
+
+      result = described_class.execute(batch_size: 1)
+
+      expect(result[:deleted_rows]).to eq(0)
+    end
+  end
+end
diff --git a/spec/services/users/build_service_spec.rb b/spec/services/users/build_service_spec.rb
index 446741221b3..b2a7d349ce6 100644
--- a/spec/services/users/build_service_spec.rb
+++ b/spec/services/users/build_service_spec.rb
@@ -3,6 +3,8 @@
 require 'spec_helper'
 
 RSpec.describe Users::BuildService do
+  using RSpec::Parameterized::TableSyntax
+
   describe '#execute' do
     let(:params) { build_stubbed(:user).slice(:first_name, :last_name, :username, :email, :password) }
 
@@ -72,8 +74,6 @@ RSpec.describe Users::BuildService do
       end
 
       context 'with "user_default_external" application setting' do
-        using RSpec::Parameterized::TableSyntax
-
         where(:user_default_external, :external, :email, :user_default_internal_regex, :result) do
           true  | nil   | 'fl@example.com'        | nil                     | true
           true  | true  | 'fl@example.com'        | nil                     | true
@@ -192,8 +192,6 @@ RSpec.describe Users::BuildService do
       end
 
       context 'with "user_default_external" application setting' do
-        using RSpec::Parameterized::TableSyntax
-
         where(:user_default_external, :external, :email, :user_default_internal_regex, :result) do
           true  | nil   | 'fl@example.com'        | nil                     | true
           true  | true  | 'fl@example.com'        | nil                     | true
diff --git a/spec/services/users/refresh_authorized_projects_service_spec.rb b/spec/services/users/refresh_authorized_projects_service_spec.rb
index 9404668e3c5..cc01b22f9d2 100644
--- a/spec/services/users/refresh_authorized_projects_service_spec.rb
+++ b/spec/services/users/refresh_authorized_projects_service_spec.rb
@@ -143,6 +143,21 @@ RSpec.describe Users::RefreshAuthorizedProjectsService do
       expect(authorizations[0].project_id).to eq(project.id)
       expect(authorizations[0].access_level).to eq(Gitlab::Access::MAINTAINER)
     end
+
+    it 'logs the details of the refresh' do
+      source = :foo
+      service = described_class.new(user, source: source)
+      user.project_authorizations.delete_all
+
+      expect(Gitlab::AppJsonLogger).to(
+        receive(:info)
+          .with(event: 'authorized_projects_refresh',
+                'authorized_projects_refresh.source': source,
+                'authorized_projects_refresh.rows_deleted': 0,
+                'authorized_projects_refresh.rows_added': 1))
+
+      service.update_authorizations([], [[user.id, project.id, Gitlab::Access::MAINTAINER]])
+    end
   end
 
   describe '#fresh_access_levels_per_project' do
diff --git a/spec/services/users/reject_service_spec.rb b/spec/services/users/reject_service_spec.rb
index 07863d1a290..b9aaff5cde5 100644
--- a/spec/services/users/reject_service_spec.rb
+++ b/spec/services/users/reject_service_spec.rb
@@ -48,6 +48,26 @@ RSpec.describe Users::RejectService do
 
           subject
         end
+
+        it 'logs rejection in application logs' do
+          allow(Gitlab::AppLogger).to receive(:info)
+
+          subject
+
+          expect(Gitlab::AppLogger).to have_received(:info).with(message: "User instance access request rejected", user: "#{user.username}", email: "#{user.email}", rejected_by: "#{current_user.username}", ip_address: "#{current_user.current_sign_in_ip}")
+        end
+      end
+    end
+
+    context 'audit events' do
+      context 'when not licensed' do
+        before do
+          stub_licensed_features(admin_audit_log: false)
+        end
+
+        it 'does not log any audit event' do
+          expect { subject }.not_to change(AuditEvent, :count)
+        end
       end
     end
   end