From ae6b4f857f51765dac310e8075c2c3f88e51dcab Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 31 Mar 2022 00:09:06 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@14-9-stable-ee

---
 spec/features/users/login_spec.rb | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'spec/features')

diff --git a/spec/features/users/login_spec.rb b/spec/features/users/login_spec.rb
index 13d7078322e..8610cae58a4 100644
--- a/spec/features/users/login_spec.rb
+++ b/spec/features/users/login_spec.rb
@@ -150,6 +150,27 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
     end
   end
 
+  describe 'with a disallowed password' do
+    let(:user) { create(:user, :disallowed_password) }
+
+    before do
+      expect(authentication_metrics)
+        .to increment(:user_unauthenticated_counter)
+        .and increment(:user_password_invalid_counter)
+    end
+
+    it 'disallows login' do
+      gitlab_sign_in(user, password: user.password)
+
+      expect(page).to have_content('Invalid login or password.')
+    end
+
+    it 'does not update Devise trackable attributes' do
+      expect { gitlab_sign_in(user, password: user.password) }
+        .not_to change { User.ghost.reload.sign_in_count }
+    end
+  end
+
   describe 'with the ghost user' do
     it 'disallows login' do
       expect(authentication_metrics)
-- 
cgit v1.2.1