Add latest changes from gitlab-org/security/gitlab@13-12-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-05-31 14:41:25 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-05-31 14:41:25 +0300
commit: 6e4e4023b46c786a99e1cfe8832fa5eff2728e0d (patch)
tree: 9ba106ae15fffc24fc4b5ad71c4d4d70ad1e5c0c /spec/lib
parent: 63a19a71aedcafe0148912c536a36768ed126533 (diff)
2 files changed, 141 insertions, 13 deletions
diff --git a/spec/lib/banzai/filter/truncate_source_filter_spec.rb b/spec/lib/banzai/filter/truncate_source_filter_spec.rb
index d5eb8b738b1..8970aa1d382 100644
--- a/spec/lib/banzai/filter/truncate_source_filter_spec.rb
+++ b/spec/lib/banzai/filter/truncate_source_filter_spec.rb
@@ -8,24 +8,68 @@ RSpec.describe Banzai::Filter::TruncateSourceFilter do
   let(:short_text) { 'foo' * 10 }
   let(:long_text) { ([short_text] * 10).join(' ') }
 
-  it 'does nothing when limit is unspecified' do
-    output = filter(long_text)
-
-    expect(output).to eq(long_text)
+  before do
+    stub_const("#{described_class}::CHARACTER_COUNT_LIMIT", 50)
+    stub_const("#{described_class}::USER_MSG_LIMIT", 20)
   end
 
-  it 'does nothing to a short-enough text' do
-    output = filter(short_text, limit: short_text.bytesize)
+  context 'when markdown belongs to a blob' do
+    it 'does nothing when limit is unspecified' do
+      output = filter(long_text, text_source: :blob)
+
+      expect(output).to eq(long_text)
+    end
+
+    it 'truncates normally when limit specified' do
+      truncated = 'foofoof...'
+
+      output = filter(long_text, text_source: :blob, limit: 10)
 
-    expect(output).to eq(short_text)
+      expect(output).to eq(truncated)
+    end
   end
 
-  it 'truncates UTF-8 text by bytes, on a character boundary' do
-    utf8_text = '日本語の文字が大きい'
-    truncated = '日...'
+  context 'when markdown belongs to a field (non-blob)' do
+    it 'does nothing when limit is greater' do
+      output = filter(long_text, limit: 1.megabyte)
+
+      expect(output).to eq(long_text)
+    end
+
+    it 'truncates to the default when limit is unspecified' do
+      stub_const("#{described_class}::USER_MSG_LIMIT", 200)
+      truncated = 'foofoofoofoofoofoofoofoofoofoo foofoofoofoofoof...'
+
+      output = filter(long_text)
+
+      expect(output).to eq(truncated)
+    end
+
+    it 'prepends the user message' do
+      truncated = <<~TEXT
+        _The text is longer than 50 characters and has been visually truncated._
+
+        foofoofoofoofoofoofoofoofoofoo foofoofoofoofoof...
+      TEXT
+
+      output = filter(long_text)
+
+      expect(output).to eq(truncated.strip)
+    end
+
+    it 'does nothing to a short-enough text' do
+      output = filter(short_text, limit: short_text.bytesize)
+
+      expect(output).to eq(short_text)
+    end
+
+    it 'truncates UTF-8 text by bytes, on a character boundary' do
+      utf8_text = '日本語の文字が大きい'
+      truncated = '日...'
 
-    expect(filter(utf8_text, limit: truncated.bytesize)).to eq(truncated)
-    expect(filter(utf8_text, limit: utf8_text.bytesize)).to eq(utf8_text)
-    expect(filter(utf8_text, limit: utf8_text.mb_chars.size)).not_to eq(utf8_text)
+      expect(filter(utf8_text, limit: truncated.bytesize)).to eq(truncated)
+      expect(filter(utf8_text, limit: utf8_text.bytesize)).to eq(utf8_text)
+      expect(filter(utf8_text, limit: utf8_text.mb_chars.size)).not_to eq(utf8_text)
+    end
   end
 end
diff --git a/spec/lib/gitlab/background_migration/update_users_where_two_factor_auth_required_from_group_spec.rb b/spec/lib/gitlab/background_migration/update_users_where_two_factor_auth_required_from_group_spec.rb
new file mode 100644
index 00000000000..e14328b6150
--- /dev/null
+++ b/spec/lib/gitlab/background_migration/update_users_where_two_factor_auth_required_from_group_spec.rb
@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::BackgroundMigration::UpdateUsersWhereTwoFactorAuthRequiredFromGroup, :migration, schema: 20210519154058 do
+  include MigrationHelpers::NamespacesHelpers
+
+  let(:group_with_2fa_parent) { create_namespace('parent', Gitlab::VisibilityLevel::PRIVATE, require_two_factor_authentication: true) }
+  let(:group_with_2fa_child) { create_namespace('child', Gitlab::VisibilityLevel::PRIVATE, parent_id: group_with_2fa_parent.id) }
+  let(:members_table) { table(:members) }
+  let(:users_table) { table(:users) }
+
+  subject { described_class.new }
+
+  describe '#perform' do
+    context 'with group members' do
+      let(:user_1) { create_user('user@example.com') }
+      let!(:member) { create_group_member(user_1, group_with_2fa_parent) }
+      let!(:user_without_group) { create_user('user_without@example.com') }
+      let(:user_other) { create_user('user_other@example.com') }
+      let!(:member_other) { create_group_member(user_other, group_with_2fa_parent) }
+
+      it 'updates user when user should be required to establish two factor authentication' do
+        subject.perform(user_1.id, user_without_group.id)
+
+        expect(user_1.reload.require_two_factor_authentication_from_group).to eq(true)
+      end
+
+      it 'does not update user who is not in current batch' do
+        subject.perform(user_1.id, user_without_group.id)
+
+        expect(user_other.reload.require_two_factor_authentication_from_group).to eq(false)
+      end
+
+      it 'updates all users in current batch' do
+        subject.perform(user_1.id, user_other.id)
+
+        expect(user_other.reload.require_two_factor_authentication_from_group).to eq(true)
+      end
+
+      it 'updates user when user is member of group in which parent group requires two factor authentication' do
+        member.destroy!
+
+        subgroup = create_namespace('subgroup', Gitlab::VisibilityLevel::PRIVATE, require_two_factor_authentication: false, parent_id: group_with_2fa_child.id)
+        create_group_member(user_1, subgroup)
+
+        subject.perform(user_1.id, user_other.id)
+
+        expect(user_1.reload.require_two_factor_authentication_from_group).to eq(true)
+      end
+
+      it 'updates user when user is member of a group and the subgroup requires two factor authentication' do
+        member.destroy!
+
+        parent = create_namespace('other_parent', Gitlab::VisibilityLevel::PRIVATE, require_two_factor_authentication: false)
+        create_namespace('other_subgroup', Gitlab::VisibilityLevel::PRIVATE, require_two_factor_authentication: true, parent_id: parent.id)
+        create_group_member(user_1, parent)
+
+        subject.perform(user_1.id, user_other.id)
+
+        expect(user_1.reload.require_two_factor_authentication_from_group).to eq(true)
+      end
+
+      it 'does not update user when not a member of a group that requires two factor authentication' do
+        member_other.destroy!
+
+        other_group = create_namespace('other_group', Gitlab::VisibilityLevel::PRIVATE, require_two_factor_authentication: false)
+        create_group_member(user_other, other_group)
+
+        subject.perform(user_1.id, user_other.id)
+
+        expect(user_other.reload.require_two_factor_authentication_from_group).to eq(false)
+      end
+    end
+  end
+
+  def create_user(email, require_2fa: false)
+    users_table.create!(email: email, projects_limit: 10, require_two_factor_authentication_from_group: require_2fa)
+  end
+
+  def create_group_member(user, group)
+    members_table.create!(user_id: user.id, source_id: group.id, access_level: GroupMember::MAINTAINER, source_type: "Namespace", type: "GroupMember", notification_level: 3)
+  end
+end
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-05-31 14:41:25 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-05-31 14:41:25 +0300
commit	6e4e4023b46c786a99e1cfe8832fa5eff2728e0d (patch)
tree	9ba106ae15fffc24fc4b5ad71c4d4d70ad1e5c0c /spec/lib
parent	63a19a71aedcafe0148912c536a36768ed126533 (diff)