Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42

5 files changed, 209 insertions, 114 deletions

diff --git a/spec/controllers/concerns/redis_tracking_spec.rb b/spec/controllers/concerns/redis_tracking_spec.rb
index 4077f4f5cce..178684ae2d0 100644
--- a/spec/controllers/concerns/redis_tracking_spec.rb
+++ b/spec/controllers/concerns/redis_tracking_spec.rb
@@ -3,6 +3,8 @@
 require "spec_helper"
 
 RSpec.describe RedisTracking do
+  include TrackingHelpers
+
   let(:user) { create(:user) }
 
   controller(ApplicationController) do
@@ -60,7 +62,7 @@ RSpec.describe RedisTracking do
     end
 
     it 'tracks the event if DNT is not enabled' do
-      request.headers['DNT'] = '0'
+      stub_do_not_track('0')
 
       expect_tracking
 
@@ -68,7 +70,7 @@ RSpec.describe RedisTracking do
     end
 
     it 'does not track the event if DNT is enabled' do
-      request.headers['DNT'] = '1'
+      stub_do_not_track('1')
 
       expect_no_tracking
 
diff --git a/spec/controllers/concerns/spammable_actions/akismet_mark_as_spam_action_spec.rb b/spec/controllers/concerns/spammable_actions/akismet_mark_as_spam_action_spec.rb
new file mode 100644
index 00000000000..7c10dccdcb9
--- /dev/null
+++ b/spec/controllers/concerns/spammable_actions/akismet_mark_as_spam_action_spec.rb
@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe SpammableActions::AkismetMarkAsSpamAction do
+  include AfterNextHelpers
+
+  controller(ActionController::Base) do
+    include SpammableActions::AkismetMarkAsSpamAction
+
+    private
+
+    def spammable_path
+      '/fake_spammable_path'
+    end
+  end
+
+  let(:spammable_type) { 'SpammableType' }
+  let(:spammable) { double(:spammable, spammable_entity_type: double(:spammable_entity_type, titlecase: spammable_type)) }
+  let(:current_user) { create(:admin) }
+
+  before do
+    allow(Gitlab::Recaptcha).to receive(:load_configurations!) { true }
+    routes.draw { get 'mark_as_spam' => 'anonymous#mark_as_spam' }
+    allow(controller).to receive(:spammable) { spammable }
+    allow(controller).to receive(:current_user) { double(:current_user, admin?: admin) }
+    allow(controller).to receive(:current_user).and_return(current_user)
+  end
+
+  describe '#mark_as_spam' do
+    subject { post :mark_as_spam }
+
+    before do
+      expect_next(Spam::AkismetMarkAsSpamService, target: spammable)
+        .to receive(:execute).and_return(execute_result)
+    end
+
+    context 'when user is admin', :enable_admin_mode do
+      let(:admin) { true }
+
+      context 'when service returns truthy' do
+        let(:execute_result) { true }
+
+        it 'redirects with notice' do
+          expect(subject).to redirect_to('/fake_spammable_path')
+          expect(subject.request.flash[:notice]).to match(/#{spammable_type}.*submitted.*successfully/)
+        end
+      end
+
+      context 'when service returns falsey' do
+        let(:execute_result) { false }
+
+        it 'redirects with notice' do
+          expect(subject).to redirect_to('/fake_spammable_path')
+          expect(subject.request.flash[:alert]).to match(/Error/)
+        end
+      end
+    end
+
+    context 'when user is not admin' do
+      let(:admin) { false }
+      let(:execute_result) { true }
+
+      it 'calls #access_denied!' do
+        expect(controller).to receive(:access_denied!) { false }
+
+        subject
+      end
+    end
+  end
+end
diff --git a/spec/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support_spec.rb b/spec/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support_spec.rb
new file mode 100644
index 00000000000..53a78326397
--- /dev/null
+++ b/spec/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support_spec.rb
@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe SpammableActions::CaptchaCheck::HtmlFormatActionsSupport do
+  controller(ActionController::Base) do
+    include SpammableActions::CaptchaCheck::HtmlFormatActionsSupport
+
+    def create
+      with_captcha_check_html_format { render :some_rendered_view }
+    end
+  end
+
+  let(:spammable) { double(:spammable) }
+
+  before do
+    allow(Gitlab::Recaptcha).to receive(:load_configurations!) { true }
+    routes.draw { get 'create' => 'anonymous#create' }
+    allow(controller).to receive(:spammable) { spammable }
+    expect(spammable).to receive(:render_recaptcha?).at_least(:once) { render_recaptcha }
+  end
+
+  describe '#convert_html_spam_params_to_headers' do
+    let(:render_recaptcha) { false }
+    let(:g_recaptcha_response) { 'abc123' }
+    let(:spam_log_id) { 42 }
+
+    let(:params) do
+      {
+        'g-recaptcha-response' => g_recaptcha_response,
+        spam_log_id: spam_log_id
+      }
+    end
+
+    # NOTE: `:update` has an identical `before_action` behavior to ``:create``, but `before_action` is
+    # declarative via the ``:only`` attribute, so there's little value in re-testing the behavior.
+    subject { post :create, params: params }
+
+    before do
+      allow(controller).to receive(:render).with(:some_rendered_view)
+    end
+
+    it 'converts params to headers' do
+      subject
+
+      expect(controller.request.headers['X-GitLab-Captcha-Response']).to eq(g_recaptcha_response)
+      expect(controller.request.headers['X-GitLab-Spam-Log-Id']).to eq(spam_log_id.to_s)
+    end
+  end
+
+  describe '#with_captcha_check_html_format' do
+    subject { post :create }
+
+    context 'when spammable.render_recaptcha? is true' do
+      let(:render_recaptcha) { true }
+
+      it 'renders :captcha_check' do
+        expect(controller).to receive(:render).with(:captcha_check)
+
+        subject
+      end
+    end
+
+    context 'when spammable.render_recaptcha? is false' do
+      let(:render_recaptcha) { false }
+
+      it 'yields to block' do
+        expect(controller).to receive(:render).with(:some_rendered_view)
+
+        subject
+      end
+    end
+  end
+end
diff --git a/spec/controllers/concerns/spammable_actions/captcha_check/json_format_actions_support_spec.rb b/spec/controllers/concerns/spammable_actions/captcha_check/json_format_actions_support_spec.rb
new file mode 100644
index 00000000000..d7a44351ad8
--- /dev/null
+++ b/spec/controllers/concerns/spammable_actions/captcha_check/json_format_actions_support_spec.rb
@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe SpammableActions::CaptchaCheck::JsonFormatActionsSupport do
+  controller(ActionController::Base) do
+    include SpammableActions::CaptchaCheck::JsonFormatActionsSupport
+
+    def some_action
+      with_captcha_check_json_format { render :some_rendered_view }
+    end
+  end
+
+  before do
+    allow(Gitlab::Recaptcha).to receive(:load_configurations!) { true }
+  end
+
+  describe '#with_captcha_check_json_format' do
+    subject { post :some_action }
+
+    let(:spammable) { double(:spammable) }
+
+    before do
+      routes.draw { get 'some_action' => 'anonymous#some_action' }
+      allow(controller).to receive(:spammable) { spammable }
+      expect(spammable).to receive(:render_recaptcha?).at_least(:once) { render_recaptcha }
+    end
+
+    context 'when spammable.render_recaptcha? is true' do
+      let(:render_recaptcha) { true }
+      let(:spam_log) { double(:spam_log, id: 1) }
+      let(:spammable) { double(:spammable, spam?: true, render_recaptcha?: render_recaptcha, spam_log: spam_log) }
+      let(:recaptcha_site_key) { 'abc123' }
+      let(:spam_action_response_fields) do
+        {
+          spam: true,
+          needs_captcha_response: render_recaptcha,
+          spam_log_id: 1,
+          captcha_site_key: recaptcha_site_key
+        }
+      end
+
+      it 'renders json containing spam_action_response_fields' do
+        expect(controller).to receive(:render).with(json: spam_action_response_fields, status: :conflict)
+        allow(Gitlab::CurrentSettings).to receive(:recaptcha_site_key) { recaptcha_site_key }
+        subject
+      end
+    end
+
+    context 'when spammable.render_recaptcha? is false' do
+      let(:render_recaptcha) { false }
+
+      it 'yields to block' do
+        expect(controller).to receive(:render).with(:some_rendered_view)
+
+        subject
+      end
+    end
+  end
+end
diff --git a/spec/controllers/concerns/spammable_actions_spec.rb b/spec/controllers/concerns/spammable_actions_spec.rb
deleted file mode 100644
index 7bd5a76e60c..00000000000
--- a/spec/controllers/concerns/spammable_actions_spec.rb
+++ /dev/null
@@ -1,112 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe SpammableActions do
-  controller(ActionController::Base) do
-    include SpammableActions
-
-    # #update is used here to test #recaptcha_check_with_fallback, but it could be invoked
-    # from #create or any other action which mutates a spammable via a controller.
-    def update
-      should_redirect = params[:should_redirect] == 'true'
-
-      recaptcha_check_with_fallback(should_redirect) { render json: :ok }
-    end
-
-    private
-
-    def spammable_path
-      '/fake_spammable_path'
-    end
-  end
-
-  before do
-    allow(Gitlab::Recaptcha).to receive(:load_configurations!) { true }
-  end
-
-  describe '#recaptcha_check_with_fallback' do
-    shared_examples 'yields to block' do
-      it do
-        subject
-
-        expect(json_response).to eq({ json: 'ok' })
-      end
-    end
-
-    let(:format) { :html }
-
-    subject { post :update, format: format, params: params }
-
-    let(:spammable) { double(:spammable) }
-    let(:should_redirect) { nil }
-    let(:params) do
-      {
-        should_redirect: should_redirect
-      }
-    end
-
-    before do
-      routes.draw { get 'update' => 'anonymous#update' }
-      allow(controller).to receive(:spammable) { spammable }
-    end
-
-    context 'when should_redirect is true and spammable is valid' do
-      let(:should_redirect) { true }
-
-      before do
-        allow(spammable).to receive(:valid?) { true }
-      end
-
-      it 'redirects to spammable_path' do
-        expect(subject).to redirect_to('/fake_spammable_path')
-      end
-    end
-
-    context 'when should_redirect is false or spammable is not valid' do
-      before do
-        allow(spammable).to receive(:valid?) { false }
-      end
-
-      context 'when spammable.render_recaptcha? is true' do
-        let(:spam_log) { instance_double(SpamLog, id: 123) }
-        let(:captcha_site_key) { 'abc123' }
-
-        before do
-          expect(spammable).to receive(:render_recaptcha?).at_least(:once) { true }
-        end
-
-        context 'when format is :html' do
-          it 'renders :verify' do
-            expect(controller).to receive(:render).with(:verify)
-
-            subject
-          end
-        end
-
-        context 'when format is :json' do
-          let(:format) { :json }
-
-          before do
-            expect(spammable).to receive(:spam?) { false }
-            expect(spammable).to receive(:spam_log) { spam_log }
-            expect(Gitlab::CurrentSettings).to receive(:recaptcha_site_key) { captcha_site_key }
-          end
-
-          it 'renders json with spam_action_response_fields' do
-            subject
-
-            expected_json_response = HashWithIndifferentAccess.new(
-              {
-                spam: false,
-                needs_captcha_response: true,
-                spam_log_id: spam_log.id,
-                captcha_site_key: captcha_site_key
-              })
-            expect(json_response).to eq(expected_json_response)
-          end
-        end
-      end
-    end
-  end
-end