Add latest changes from gitlab-org/gitlab@15-1-stable-eev15.1.0-rc42

3 files changed, 151 insertions, 2 deletions

diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb
index acfe476a864..93e4e72f78f 100644
--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
@@ -51,6 +51,64 @@ RSpec.describe API::Internal::Base do
     end
   end
 
+  describe 'GET /internal/error_tracking_allowed' do
+    let_it_be(:project) { create(:project) }
+
+    let(:params) { { project_id: project.id, public_key: 'key' } }
+
+    context 'when the secret header is missing' do
+      it 'responds with unauthorized entity' do
+        post api("/internal/error_tracking_allowed"), params: params
+
+        expect(response).to have_gitlab_http_status(:unauthorized)
+      end
+    end
+
+    context 'when some params are missing' do
+      it 'responds with unprocessable entity' do
+        post api("/internal/error_tracking_allowed"), params: params.except(:public_key),
+          headers: { API::Helpers::GITLAB_SHARED_SECRET_HEADER => Base64.encode64(secret_token) }
+
+        expect(response).to have_gitlab_http_status(:unprocessable_entity)
+      end
+    end
+
+    context 'when the error tracking is disabled' do
+      it 'returns enabled: false' do
+        create(:error_tracking_client_key, project: project, active: false)
+
+        post api("/internal/error_tracking_allowed"), params: params,
+          headers: { API::Helpers::GITLAB_SHARED_SECRET_HEADER => Base64.encode64(secret_token) }
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(json_response).to eq({ 'enabled' => false })
+      end
+
+      context 'when the error tracking record does not exist' do
+        it 'returns enabled: false' do
+          post api("/internal/error_tracking_allowed"), params: params,
+            headers: { API::Helpers::GITLAB_SHARED_SECRET_HEADER => Base64.encode64(secret_token) }
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response).to eq({ 'enabled' => false })
+        end
+      end
+    end
+
+    context 'when the error tracking is enabled' do
+      it 'returns enabled: true' do
+        client_key = create(:error_tracking_client_key, project: project, active: true)
+        params[:public_key] = client_key.public_key
+
+        post api("/internal/error_tracking_allowed"), params: params,
+          headers: { API::Helpers::GITLAB_SHARED_SECRET_HEADER => Base64.encode64(secret_token) }
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(json_response).to eq({ 'enabled' => true })
+      end
+    end
+  end
+
   describe 'GET /internal/two_factor_recovery_codes' do
     let(:key_id) { key.id }
 
diff --git a/spec/requests/api/internal/mail_room_spec.rb b/spec/requests/api/internal/mail_room_spec.rb
index 67ea617f90d..a0a9c1f9cb3 100644
--- a/spec/requests/api/internal/mail_room_spec.rb
+++ b/spec/requests/api/internal/mail_room_spec.rb
@@ -33,7 +33,7 @@ RSpec.describe API::Internal::MailRoom do
   let(:incoming_email_secret) { 'incoming_email_secret' }
   let(:service_desk_email_secret) { 'service_desk_email_secret' }
 
-  let(:email_content) { fixture_file("emails/commands_in_reply.eml") }
+  let(:email_content) { fixture_file("emails/service_desk_reply.eml") }
 
   before do
     allow(Gitlab::MailRoom::Authenticator).to receive(:secret).with(:incoming_email).and_return(incoming_email_secret)
@@ -117,7 +117,7 @@ RSpec.describe API::Internal::MailRoom do
 
         email = ActionMailer::Base.deliveries.last
         expect(email).not_to be_nil
-        expect(email.to).to match_array(["jake@adventuretime.ooo"])
+        expect(email.to).to match_array(["alan@adventuretime.ooo"])
         expect(email.subject).to include("Rejected")
         expect(email.body.parts.last.to_s).to include("We couldn't process your email")
       end
@@ -190,5 +190,54 @@ RSpec.describe API::Internal::MailRoom do
         expect(response).to have_gitlab_http_status(:unauthorized)
       end
     end
+
+    context 'handle invalid utf-8 email content' do
+      let(:email_content) do
+        File.open(expand_fixture_path("emails/service_desk_reply_illegal_utf8.eml"), "r:SHIFT_JIS") { |f| f.read }
+      end
+
+      let(:encoded_email_content) { Gitlab::EncodingHelper.encode_utf8(email_content) }
+      let(:auth_headers) do
+        jwt_token = JWT.encode(auth_payload, incoming_email_secret, 'HS256')
+        { Gitlab::MailRoom::INTERNAL_API_REQUEST_HEADER => jwt_token }
+      end
+
+      it 'schedules a EmailReceiverWorker job with email content encoded to utf-8 forcefully' do
+        Sidekiq::Testing.fake! do
+          expect do
+            post api("/internal/mail_room/incoming_email"), headers: auth_headers, params: email_content
+          end.to change { EmailReceiverWorker.jobs.size }.by(1)
+        end
+
+        expect(response).to have_gitlab_http_status(:ok)
+
+        job = EmailReceiverWorker.jobs.last
+        expect(job).to match a_hash_including('args' => [encoded_email_content])
+      end
+    end
+
+    context 'handle text/plain request content type' do
+      let(:auth_headers) do
+        jwt_token = JWT.encode(auth_payload, incoming_email_secret, 'HS256')
+        {
+          Gitlab::MailRoom::INTERNAL_API_REQUEST_HEADER => jwt_token,
+          'Content-Type' => 'text/plain'
+        }
+      end
+
+      it 'schedules a EmailReceiverWorker job with email content encoded to utf-8 forcefully' do
+        Sidekiq::Testing.fake! do
+          expect do
+            post api("/internal/mail_room/incoming_email"), headers: auth_headers, params: email_content
+          end.to change { EmailReceiverWorker.jobs.size }.by(1)
+        end
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response.content_type).to eql('application/json')
+
+        job = EmailReceiverWorker.jobs.last
+        expect(job).to match a_hash_including('args' => [email_content])
+      end
+    end
   end
 end
diff --git a/spec/requests/api/internal/workhorse_spec.rb b/spec/requests/api/internal/workhorse_spec.rb
new file mode 100644
index 00000000000..d40c14cc0fd
--- /dev/null
+++ b/spec/requests/api/internal/workhorse_spec.rb
@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe API::Internal::Workhorse, :allow_forgery_protection do
+  include WorkhorseHelpers
+
+  context '/authorize_upload' do
+    let_it_be(:user) { create(:user) }
+
+    let(:headers) { {} }
+
+    subject { post(api('/internal/workhorse/authorize_upload'), headers: headers) }
+
+    def expect_status(status)
+      subject
+      expect(response).to have_gitlab_http_status(status)
+    end
+
+    context 'without workhorse internal header' do
+      it { expect_status(:forbidden) }
+    end
+
+    context 'with workhorse internal header' do
+      let(:headers) { workhorse_internal_api_request_header }
+
+      it { expect_status(:unauthorized) }
+
+      context 'as a logged in user' do
+        before do
+          login_as(user)
+        end
+
+        it { expect_status(:success) }
+        it 'returns the temp upload path' do
+          subject
+          expect(json_response['TempPath']).to eq(Rails.root.join('tmp/tests/public/uploads/tmp').to_s)
+        end
+      end
+    end
+  end
+end