Add latest changes from gitlab-org/security/gitlab@14-9-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-03-31 03:09:06 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-03-31 03:09:06 +0300
commit: ae6b4f857f51765dac310e8075c2c3f88e51dcab (patch)
tree: 7e350d6d94d6b9cae89b3cf4c79e9a8b09880842 /spec/features
parent: ae92150461ad4cffcf85a4dc6313bc403e596391 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/spec/features/users/login_spec.rb b/spec/features/users/login_spec.rb
index 13d7078322e..8610cae58a4 100644
--- a/spec/features/users/login_spec.rb
+++ b/spec/features/users/login_spec.rb
@@ -150,6 +150,27 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
     end
   end
 
+  describe 'with a disallowed password' do
+    let(:user) { create(:user, :disallowed_password) }
+
+    before do
+      expect(authentication_metrics)
+        .to increment(:user_unauthenticated_counter)
+        .and increment(:user_password_invalid_counter)
+    end
+
+    it 'disallows login' do
+      gitlab_sign_in(user, password: user.password)
+
+      expect(page).to have_content('Invalid login or password.')
+    end
+
+    it 'does not update Devise trackable attributes' do
+      expect { gitlab_sign_in(user, password: user.password) }
+        .not_to change { User.ghost.reload.sign_in_count }
+    end
+  end
+
   describe 'with the ghost user' do
     it 'disallows login' do
       expect(authentication_metrics)
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-03-31 03:09:06 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-03-31 03:09:06 +0300
commit	ae6b4f857f51765dac310e8075c2c3f88e51dcab (patch)
tree	7e350d6d94d6b9cae89b3cf4c79e9a8b09880842 /spec/features
parent	ae92150461ad4cffcf85a4dc6313bc403e596391 (diff)