Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-10-18 12:11:01 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-10-18 12:11:01 +0300
commit: 7bbc9509dc0567d2a2d8314e99179aaad33ba361 (patch)
tree: baa7501af6efe7a0f2f6e20f683e9da39fa96607 /spec/models
parent: f6d22c8ba7c3f900a3843b1336e2ade1d8d90c1f (diff)
3 files changed, 180 insertions, 0 deletions
diff --git a/spec/models/hooks/web_hook_spec.rb b/spec/models/hooks/web_hook_spec.rb
index 6419a9fc9d9..da8c10b67a6 100644
--- a/spec/models/hooks/web_hook_spec.rb
+++ b/spec/models/hooks/web_hook_spec.rb
@@ -139,6 +139,16 @@ RSpec.describe WebHook do
     it { is_expected.to contain_exactly(:token, :url, :url_variables) }
   end
 
+  describe '.web_hooks_disable_failed?' do
+    it 'returns true when feature is enabled for parent' do
+      second_hook = build(:project_hook, project: create(:project))
+      stub_feature_flags(web_hooks_disable_failed: [false, second_hook.project])
+
+      expect(described_class.web_hooks_disable_failed?(hook)).to eq(false)
+      expect(described_class.web_hooks_disable_failed?(second_hook)).to eq(true)
+    end
+  end
+
   describe 'execute' do
     let(:data) { { key: 'value' } }
     let(:hook_name) { 'project hook' }
diff --git a/spec/models/user_detail_spec.rb b/spec/models/user_detail_spec.rb
index 9189b9a1469..04964d36dcd 100644
--- a/spec/models/user_detail_spec.rb
+++ b/spec/models/user_detail_spec.rb
@@ -25,5 +25,140 @@ RSpec.describe UserDetail do
     describe '#bio' do
       it { is_expected.to validate_length_of(:bio).is_at_most(255) }
     end
+
+    describe '#linkedin' do
+      it { is_expected.to validate_length_of(:linkedin).is_at_most(500) }
+    end
+
+    describe '#twitter' do
+      it { is_expected.to validate_length_of(:twitter).is_at_most(500) }
+    end
+
+    describe '#skype' do
+      it { is_expected.to validate_length_of(:skype).is_at_most(500) }
+    end
+
+    describe '#location' do
+      it { is_expected.to validate_length_of(:location).is_at_most(500) }
+    end
+
+    describe '#organization' do
+      it { is_expected.to validate_length_of(:organization).is_at_most(500) }
+    end
+
+    describe '#website_url' do
+      it { is_expected.to validate_length_of(:website_url).is_at_most(500) }
+    end
+  end
+
+  describe '.user_fields_changed?' do
+    let(:user) { create(:user) }
+
+    context 'when user detail fields unchanged' do
+      it 'returns false' do
+        expect(described_class.user_fields_changed?(user)).to be false
+      end
+
+      %i[linkedin location organization skype twitter website_url].each do |attr|
+        context "when #{attr} is changed" do
+          before do
+            user[attr] = 'new value'
+          end
+
+          it 'returns true' do
+            expect(described_class.user_fields_changed?(user)).to be true
+          end
+        end
+      end
+    end
+  end
+
+  describe '#sanitize_attrs' do
+    shared_examples 'sanitizes html' do |attr|
+      it 'sanitizes html tags' do
+        details = build_stubbed(:user_detail, attr => '<a href="//evil.com">https://example.com<a>')
+        expect { details.sanitize_attrs }.to change { details[attr] }.to('https://example.com')
+      end
+
+      it 'sanitizes iframe scripts' do
+        details = build_stubbed(:user_detail, attr => '<iframe src=javascript:alert()><iframe>')
+        expect { details.sanitize_attrs }.to change { details[attr] }.to('')
+      end
+
+      it 'sanitizes js scripts' do
+        details = build_stubbed(:user_detail, attr => '<script>alert("Test")</script>')
+        expect { details.sanitize_attrs }.to change { details[attr] }.to('')
+      end
+    end
+
+    %i[linkedin skype twitter website_url].each do |attr|
+      it_behaves_like 'sanitizes html', attr
+
+      it 'encodes HTML entities' do
+        details = build_stubbed(:user_detail, attr => 'test&attr')
+        expect { details.sanitize_attrs }.to change { details[attr] }.to('test&amp;attr')
+      end
+    end
+
+    %i[location organization].each do |attr|
+      it_behaves_like 'sanitizes html', attr
+
+      it 'does not encode HTML entities' do
+        details = build_stubbed(:user_detail, attr => 'test&attr')
+        expect { details.sanitize_attrs }.not_to change { details[attr] }
+      end
+    end
+
+    it 'sanitizes on validation' do
+      details = build(:user_detail)
+
+      expect(details)
+        .to receive(:sanitize_attrs)
+        .at_least(:once)
+        .and_call_original
+
+      details.save!
+    end
+  end
+
+  describe '#assign_changed_fields_from_user' do
+    let(:user_detail) { build(:user_detail) }
+
+    shared_examples 'syncs field with `user_details`' do |field|
+      it 'does not sync the field to `user_details` if unchanged' do
+        expect { user_detail.assign_changed_fields_from_user }
+          .to not_change { user_detail.public_send(field) }
+      end
+
+      it 'syncs the field to `user_details` if changed' do
+        user_detail.user[field] = "new_value"
+        expect { user_detail.assign_changed_fields_from_user }
+          .to change { user_detail.public_send(field) }
+          .to("new_value")
+      end
+
+      it 'truncates the field if too long' do
+        user_detail.user[field] = 'a' * (UserDetail::DEFAULT_FIELD_LENGTH + 1)
+        expect { user_detail.assign_changed_fields_from_user }
+          .to change { user_detail.public_send(field) }
+          .to('a' * UserDetail::DEFAULT_FIELD_LENGTH)
+      end
+
+      it 'properly syncs nil field to `user_details' do
+        user_detail.user[field] = 'Test'
+        user_detail.user.save!(validate: false)
+        user_detail.user[field] = nil
+        expect { user_detail.assign_changed_fields_from_user }
+          .to change { user_detail.public_send(field) }
+          .to('')
+      end
+    end
+
+    it_behaves_like 'syncs field with `user_details`', :linkedin
+    it_behaves_like 'syncs field with `user_details`', :location
+    it_behaves_like 'syncs field with `user_details`', :organization
+    it_behaves_like 'syncs field with `user_details`', :skype
+    it_behaves_like 'syncs field with `user_details`', :twitter
+    it_behaves_like 'syncs field with `user_details`', :website_url
   end
 end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index e6d4e9cc2f6..73ac4e7d3f2 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -5421,6 +5421,41 @@ RSpec.describe User do
     end
   end
 
+  describe '#ensure_user_detail_assigned' do
+    let(:user) { build(:user) }
+
+    context 'when no user detail field has been changed' do
+      before do
+        allow(UserDetail)
+          .to receive(:user_fields_changed?)
+          .and_return(false)
+      end
+
+      it 'does not assign user details before save' do
+        expect(user.user_detail)
+          .not_to receive(:assign_changed_fields_from_user)
+
+        user.save!
+      end
+    end
+
+    context 'when a user detail field has been changed' do
+      before do
+        allow(UserDetail)
+          .to receive(:user_fields_changed?)
+          .and_return(true)
+      end
+
+      it 'assigns user details before save' do
+        expect(user.user_detail)
+          .to receive(:assign_changed_fields_from_user)
+          .and_call_original
+
+        user.save!
+      end
+    end
+  end
+
   describe '#username_changed_hook' do
     context 'for a new user' do
       let(:user) { build(:user) }
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-10-18 12:11:01 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-10-18 12:11:01 +0300
commit	7bbc9509dc0567d2a2d8314e99179aaad33ba361 (patch)
tree	baa7501af6efe7a0f2f6e20f683e9da39fa96607 /spec/models
parent	f6d22c8ba7c3f900a3843b1336e2ade1d8d90c1f (diff)