From 19e2b7faf7439992f9d91f4b053d25d956f3e83a Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 6 Jan 2021 19:15:29 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@13-7-stable-ee

---
 spec/controllers/projects/raw_controller_spec.rb          | 12 ++++++++++++
 spec/controllers/projects/repositories_controller_spec.rb | 12 ++++++++++++
 2 files changed, 24 insertions(+)

(limited to 'spec/controllers/projects')

diff --git a/spec/controllers/projects/raw_controller_spec.rb b/spec/controllers/projects/raw_controller_spec.rb
index dfe7ba34e6d..b1c3c1c0276 100644
--- a/spec/controllers/projects/raw_controller_spec.rb
+++ b/spec/controllers/projects/raw_controller_spec.rb
@@ -250,6 +250,18 @@ RSpec.describe Projects::RawController do
         expect(response.cache_control[:no_store]).to be_nil
       end
 
+      context 'when a public project has private repo' do
+        let(:project) { create(:project, :public, :repository, :repository_private) }
+        let(:user) { create(:user, maintainer_projects: [project]) }
+
+        it 'does not set public caching header' do
+          sign_in user
+          request_file
+
+          expect(response.header['Cache-Control']).to include('max-age=60, private')
+        end
+      end
+
       context 'when If-None-Match header is set' do
         it 'returns a 304 status' do
           request_file
diff --git a/spec/controllers/projects/repositories_controller_spec.rb b/spec/controllers/projects/repositories_controller_spec.rb
index e7f4a8a1422..e6327a72a68 100644
--- a/spec/controllers/projects/repositories_controller_spec.rb
+++ b/spec/controllers/projects/repositories_controller_spec.rb
@@ -137,6 +137,18 @@ RSpec.describe Projects::RepositoriesController do
             expect(response.header['ETag']).to be_present
             expect(response.header['Cache-Control']).to include('max-age=60, public')
           end
+
+          context 'and repo is private' do
+            let(:project) { create(:project, :repository, :public, :repository_private) }
+
+            it 'sets appropriate caching headers' do
+              get_archive
+
+              expect(response).to have_gitlab_http_status(:ok)
+              expect(response.header['ETag']).to be_present
+              expect(response.header['Cache-Control']).to include('max-age=60, private')
+            end
+          end
         end
 
         context 'when ref is a commit SHA' do
-- 
cgit v1.2.1