Add latest changes from gitlab-org/security/gitlab@14-2-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-27 13:14:00 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-10-27 13:14:28 +0300
commit: 689970fc7731f4dd919733433c236ad549ea5c5e (patch)
tree: 261ef53fd5e3368c00b75d8056139ebbc2b5194a
parent: 0f74d03f0d6e1a2e208b228d637da85304ff5965 (diff)
7 files changed, 31 insertions, 11 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index 08b25d7a6f3..3eb4035c898 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1459,7 +1459,7 @@ class User < ApplicationRecord
       name: name,
       username: username,
       avatar_url: avatar_url(only_path: false),
-      email: email
+      email: public_email.presence || _('[REDACTED]')
     }
   end
 
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 6b4fa438f8c..6fe07830d3c 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -38764,6 +38764,9 @@ msgstr ""
 msgid "[No reason]"
 msgstr ""
 
+msgid "[REDACTED]"
+msgstr ""
+
 msgid "[Redacted]"
 msgstr ""
 
diff --git a/spec/factories/users.rb b/spec/factories/users.rb
index 476c57f2d80..1907d7236eb 100644
--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
@@ -19,6 +19,10 @@ FactoryBot.define do
       admin { true }
     end
 
+    trait :public_email do
+      public_email { email }
+    end
+
     trait :blocked do
       after(:build) { |user, _| user.block! }
     end
diff --git a/spec/lib/gitlab/data_builder/build_spec.rb b/spec/lib/gitlab/data_builder/build_spec.rb
index 325fdb90929..9cee0802e87 100644
--- a/spec/lib/gitlab/data_builder/build_spec.rb
+++ b/spec/lib/gitlab/data_builder/build_spec.rb
@@ -5,7 +5,7 @@ require 'spec_helper'
 RSpec.describe Gitlab::DataBuilder::Build do
   let!(:tag_names) { %w(tag-1 tag-2) }
   let(:runner) { create(:ci_runner, :instance, tag_list: tag_names.map { |n| ActsAsTaggableOn::Tag.create!(name: n)}) }
-  let(:user) { create(:user) }
+  let(:user) { create(:user, :public_email) }
   let(:build) { create(:ci_build, :running, runner: runner, user: user) }
 
   describe '.build' do
diff --git a/spec/lib/gitlab/data_builder/pipeline_spec.rb b/spec/lib/gitlab/data_builder/pipeline_spec.rb
index 0e574c7aa84..8b57da8e60b 100644
--- a/spec/lib/gitlab/data_builder/pipeline_spec.rb
+++ b/spec/lib/gitlab/data_builder/pipeline_spec.rb
@@ -3,7 +3,7 @@
 require 'spec_helper'
 
 RSpec.describe Gitlab::DataBuilder::Pipeline do
-  let_it_be(:user) { create(:user) }
+  let_it_be(:user) { create(:user, :public_email) }
   let_it_be(:project) { create(:project, :repository) }
 
   let_it_be_with_reload(:pipeline) do
@@ -46,7 +46,7 @@ RSpec.describe Gitlab::DataBuilder::Pipeline do
         name: user.name,
         username: user.username,
         avatar_url: user.avatar_url(only_path: false),
-        email: user.email
+        email: user.public_email
         })
     end
 
diff --git a/spec/models/ci/pipeline_spec.rb b/spec/models/ci/pipeline_spec.rb
index da89eccc3b2..3ddf7370fe7 100644
--- a/spec/models/ci/pipeline_spec.rb
+++ b/spec/models/ci/pipeline_spec.rb
@@ -7,7 +7,7 @@ RSpec.describe Ci::Pipeline, :mailer, factory_default: :keep do
   include StubRequests
   include Ci::SourcePipelineHelpers
 
-  let_it_be(:user) { create(:user) }
+  let_it_be(:user) { create(:user, :public_email) }
   let_it_be(:namespace) { create_default(:namespace).freeze }
   let_it_be(:project) { create_default(:project, :repository).freeze }
 
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 714cb24f278..448bcde01dc 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -5511,16 +5511,29 @@ RSpec.describe User do
   end
 
   describe '#hook_attrs' do
-    it 'includes id, name, username, avatar_url, and email' do
-      user = create(:user)
-      user_attributes = {
+    let(:user) { create(:user) }
+    let(:user_attributes) do
+      {
         id: user.id,
         name: user.name,
         username: user.username,
-        avatar_url: user.avatar_url(only_path: false),
-        email: user.email
+        avatar_url: user.avatar_url(only_path: false)
       }
-      expect(user.hook_attrs).to eq(user_attributes)
+    end
+
+    context 'with a public email' do
+      it 'includes id, name, username, avatar_url, and email' do
+        user.public_email = "hello@hello.com"
+        user_attributes[:email] = user.public_email
+        expect(user.hook_attrs).to eq(user_attributes)
+      end
+    end
+
+    context 'without a public email' do
+      it "does not include email if user's email is private" do
+        user_attributes[:email] = "[REDACTED]"
+        expect(user.hook_attrs).to eq(user_attributes)
+      end
     end
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-27 13:14:00 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-10-27 13:14:28 +0300
commit	689970fc7731f4dd919733433c236ad549ea5c5e (patch)
tree	261ef53fd5e3368c00b75d8056139ebbc2b5194a
parent	0f74d03f0d6e1a2e208b228d637da85304ff5965 (diff)