diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-27 13:14:00 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-10-27 13:14:28 +0300 |
commit | 689970fc7731f4dd919733433c236ad549ea5c5e (patch) | |
tree | 261ef53fd5e3368c00b75d8056139ebbc2b5194a | |
parent | 0f74d03f0d6e1a2e208b228d637da85304ff5965 (diff) |
Add latest changes from gitlab-org/security/gitlab@14-2-stable-ee
-rw-r--r-- | app/models/user.rb | 2 | ||||
-rw-r--r-- | locale/gitlab.pot | 3 | ||||
-rw-r--r-- | spec/factories/users.rb | 4 | ||||
-rw-r--r-- | spec/lib/gitlab/data_builder/build_spec.rb | 2 | ||||
-rw-r--r-- | spec/lib/gitlab/data_builder/pipeline_spec.rb | 4 | ||||
-rw-r--r-- | spec/models/ci/pipeline_spec.rb | 2 | ||||
-rw-r--r-- | spec/models/user_spec.rb | 25 |
7 files changed, 31 insertions, 11 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 08b25d7a6f3..3eb4035c898 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1459,7 +1459,7 @@ class User < ApplicationRecord name: name, username: username, avatar_url: avatar_url(only_path: false), - email: email + email: public_email.presence || _('[REDACTED]') } end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 6b4fa438f8c..6fe07830d3c 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -38764,6 +38764,9 @@ msgstr "" msgid "[No reason]" msgstr "" +msgid "[REDACTED]" +msgstr "" + msgid "[Redacted]" msgstr "" diff --git a/spec/factories/users.rb b/spec/factories/users.rb index 476c57f2d80..1907d7236eb 100644 --- a/spec/factories/users.rb +++ b/spec/factories/users.rb @@ -19,6 +19,10 @@ FactoryBot.define do admin { true } end + trait :public_email do + public_email { email } + end + trait :blocked do after(:build) { |user, _| user.block! } end diff --git a/spec/lib/gitlab/data_builder/build_spec.rb b/spec/lib/gitlab/data_builder/build_spec.rb index 325fdb90929..9cee0802e87 100644 --- a/spec/lib/gitlab/data_builder/build_spec.rb +++ b/spec/lib/gitlab/data_builder/build_spec.rb @@ -5,7 +5,7 @@ require 'spec_helper' RSpec.describe Gitlab::DataBuilder::Build do let!(:tag_names) { %w(tag-1 tag-2) } let(:runner) { create(:ci_runner, :instance, tag_list: tag_names.map { |n| ActsAsTaggableOn::Tag.create!(name: n)}) } - let(:user) { create(:user) } + let(:user) { create(:user, :public_email) } let(:build) { create(:ci_build, :running, runner: runner, user: user) } describe '.build' do diff --git a/spec/lib/gitlab/data_builder/pipeline_spec.rb b/spec/lib/gitlab/data_builder/pipeline_spec.rb index 0e574c7aa84..8b57da8e60b 100644 --- a/spec/lib/gitlab/data_builder/pipeline_spec.rb +++ b/spec/lib/gitlab/data_builder/pipeline_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' RSpec.describe Gitlab::DataBuilder::Pipeline do - let_it_be(:user) { create(:user) } + let_it_be(:user) { create(:user, :public_email) } let_it_be(:project) { create(:project, :repository) } let_it_be_with_reload(:pipeline) do @@ -46,7 +46,7 @@ RSpec.describe Gitlab::DataBuilder::Pipeline do name: user.name, username: user.username, avatar_url: user.avatar_url(only_path: false), - email: user.email + email: user.public_email }) end diff --git a/spec/models/ci/pipeline_spec.rb b/spec/models/ci/pipeline_spec.rb index da89eccc3b2..3ddf7370fe7 100644 --- a/spec/models/ci/pipeline_spec.rb +++ b/spec/models/ci/pipeline_spec.rb @@ -7,7 +7,7 @@ RSpec.describe Ci::Pipeline, :mailer, factory_default: :keep do include StubRequests include Ci::SourcePipelineHelpers - let_it_be(:user) { create(:user) } + let_it_be(:user) { create(:user, :public_email) } let_it_be(:namespace) { create_default(:namespace).freeze } let_it_be(:project) { create_default(:project, :repository).freeze } diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 714cb24f278..448bcde01dc 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -5511,16 +5511,29 @@ RSpec.describe User do end describe '#hook_attrs' do - it 'includes id, name, username, avatar_url, and email' do - user = create(:user) - user_attributes = { + let(:user) { create(:user) } + let(:user_attributes) do + { id: user.id, name: user.name, username: user.username, - avatar_url: user.avatar_url(only_path: false), - email: user.email + avatar_url: user.avatar_url(only_path: false) } - expect(user.hook_attrs).to eq(user_attributes) + end + + context 'with a public email' do + it 'includes id, name, username, avatar_url, and email' do + user.public_email = "hello@hello.com" + user_attributes[:email] = user.public_email + expect(user.hook_attrs).to eq(user_attributes) + end + end + + context 'without a public email' do + it "does not include email if user's email is private" do + user_attributes[:email] = "[REDACTED]" + expect(user.hook_attrs).to eq(user_attributes) + end end end |