Add latest changes from gitlab-org/gitlab@master

19 files changed, 179 insertions, 69 deletions

diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 94afe741057..53896c7f5c7 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -186,7 +186,7 @@ describe ApplicationController do
       expect(response).to have_gitlab_http_status(404)
     end
 
-    it 'redirects to login page via authenticate_user! if not authenticated' do
+    it 'redirects to login page if not authenticated' do
       get :index
 
       expect(response).to redirect_to new_user_session_path
@@ -827,7 +827,7 @@ describe ApplicationController do
     end
   end
 
-  describe '#require_role' do
+  describe '#required_signup_info' do
     controller(described_class) do
       def index; end
     end
@@ -849,7 +849,7 @@ describe ApplicationController do
       it { is_expected.to redirect_to users_sign_up_welcome_path }
     end
 
-    context 'experiment enabled and user without a role' do
+    context 'experiment enabled and user without a required role' do
       before do
         sign_in(user)
         get :index
@@ -858,7 +858,7 @@ describe ApplicationController do
       it { is_expected.not_to redirect_to users_sign_up_welcome_path }
     end
 
-    context 'experiment disabled and user with required role' do
+    context 'experiment disabled' do
       let(:experiment_enabled) { false }
 
       before do
diff --git a/spec/controllers/projects/commits_controller_spec.rb b/spec/controllers/projects/commits_controller_spec.rb
index 9c4d6fdcb2a..1977e92e42b 100644
--- a/spec/controllers/projects/commits_controller_spec.rb
+++ b/spec/controllers/projects/commits_controller_spec.rb
@@ -142,7 +142,7 @@ describe Projects::CommitsController do
 
   context 'token authentication' do
     context 'public project' do
-      it_behaves_like 'authenticates sessionless user', :show, :atom, public: true do
+      it_behaves_like 'authenticates sessionless user', :show, :atom, { public: true, ignore_incrementing: true } do
         before do
           public_project = create(:project, :repository, :public)
 
@@ -152,7 +152,7 @@ describe Projects::CommitsController do
     end
 
     context 'private project' do
-      it_behaves_like 'authenticates sessionless user', :show, :atom, public: false do
+      it_behaves_like 'authenticates sessionless user', :show, :atom, { public: false, ignore_incrementing: true } do
         before do
           private_project = create(:project, :repository, :private)
           private_project.add_maintainer(user)
diff --git a/spec/controllers/projects/error_tracking_controller_spec.rb b/spec/controllers/projects/error_tracking_controller_spec.rb
index 4c224e960a6..31868f5f717 100644
--- a/spec/controllers/projects/error_tracking_controller_spec.rb
+++ b/spec/controllers/projects/error_tracking_controller_spec.rb
@@ -146,7 +146,7 @@ describe Projects::ErrorTrackingController do
       it 'redirects to sign-in page' do
         post :list_projects, params: list_projects_params
 
-        expect(response).to have_gitlab_http_status(:unauthorized)
+        expect(response).to have_gitlab_http_status(:redirect)
       end
     end
 
diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb
index 4c2b58551bf..8770a5ee303 100644
--- a/spec/controllers/projects/issues_controller_spec.rb
+++ b/spec/controllers/projects/issues_controller_spec.rb
@@ -1441,7 +1441,7 @@ describe Projects::IssuesController do
   context 'private project with token authentication' do
     let(:private_project) { create(:project, :private) }
 
-    it_behaves_like 'authenticates sessionless user', :index, :atom do
+    it_behaves_like 'authenticates sessionless user', :index, :atom, ignore_incrementing: true do
       before do
         default_params.merge!(project_id: private_project, namespace_id: private_project.namespace)
 
@@ -1449,7 +1449,7 @@ describe Projects::IssuesController do
       end
     end
 
-    it_behaves_like 'authenticates sessionless user', :calendar, :ics do
+    it_behaves_like 'authenticates sessionless user', :calendar, :ics, ignore_incrementing: true do
       before do
         default_params.merge!(project_id: private_project, namespace_id: private_project.namespace)
 
diff --git a/spec/controllers/projects/releases_controller_spec.rb b/spec/controllers/projects/releases_controller_spec.rb
index 28ca20d7dab..562119d967f 100644
--- a/spec/controllers/projects/releases_controller_spec.rb
+++ b/spec/controllers/projects/releases_controller_spec.rb
@@ -111,8 +111,8 @@ describe Projects::ReleasesController do
       context 'when the project is private and the user is not logged in' do
         let(:project) { private_project }
 
-        it 'returns a 401' do
-          expect(response).to have_gitlab_http_status(:unauthorized)
+        it 'returns a redirect' do
+          expect(response).to have_gitlab_http_status(:redirect)
         end
       end
     end
diff --git a/spec/controllers/projects/tags_controller_spec.rb b/spec/controllers/projects/tags_controller_spec.rb
index b99b5d611fc..f077b4c99fc 100644
--- a/spec/controllers/projects/tags_controller_spec.rb
+++ b/spec/controllers/projects/tags_controller_spec.rb
@@ -41,7 +41,7 @@ describe Projects::TagsController do
   context 'private project with token authentication' do
     let(:private_project) { create(:project, :repository, :private) }
 
-    it_behaves_like 'authenticates sessionless user', :index, :atom do
+    it_behaves_like 'authenticates sessionless user', :index, :atom, ignore_incrementing: true do
       before do
         default_params.merge!(project_id: private_project, namespace_id: private_project.namespace)
 
diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb
index 321f5ecdbc9..22538565698 100644
--- a/spec/controllers/projects_controller_spec.rb
+++ b/spec/controllers/projects_controller_spec.rb
@@ -1149,7 +1149,7 @@ describe ProjectsController do
   context 'private project with token authentication' do
     let(:private_project) { create(:project, :private) }
 
-    it_behaves_like 'authenticates sessionless user', :show, :atom do
+    it_behaves_like 'authenticates sessionless user', :show, :atom, ignore_incrementing: true do
       before do
         default_params.merge!(id: private_project, namespace_id: private_project.namespace)
 
diff --git a/spec/controllers/registrations_controller_spec.rb b/spec/controllers/registrations_controller_spec.rb
index 8f260aa8b43..c5cfdd32619 100644
--- a/spec/controllers/registrations_controller_spec.rb
+++ b/spec/controllers/registrations_controller_spec.rb
@@ -381,7 +381,7 @@ describe RegistrationsController do
     end
   end
 
-  describe '#update_role' do
+  describe '#update_registration' do
     before do
       stub_experiment(signup_flow: true)
       stub_experiment_for_user(signup_flow: true)
@@ -395,7 +395,7 @@ describe RegistrationsController do
         label: anything,
         property: 'experimental_group'
       )
-      patch :update_role, params: { user: { name: 'New name', role: 'software_developer' } }
+      patch :update_registration, params: { user: { name: 'New name', role: 'software_developer', setup_for_company: 'false' } }
     end
   end
 end
diff --git a/spec/features/projects/pipelines/pipelines_spec.rb b/spec/features/projects/pipelines/pipelines_spec.rb
index a9a127da56f..f6eeb8d7065 100644
--- a/spec/features/projects/pipelines/pipelines_spec.rb
+++ b/spec/features/projects/pipelines/pipelines_spec.rb
@@ -819,7 +819,10 @@ describe 'Pipelines', :js do
     context 'when project is private' do
       let(:project) { create(:project, :private, :repository) }
 
-      it { expect(page).to have_content 'You need to sign in' }
+      it 'redirects the user to sign_in and displays the flash alert' do
+        expect(page).to have_content 'You need to sign in'
+        expect(page.current_path).to eq("/users/sign_in")
+      end
     end
   end
 
diff --git a/spec/features/projects/tags/user_views_tags_spec.rb b/spec/features/projects/tags/user_views_tags_spec.rb
index f344b682715..bc570f502bf 100644
--- a/spec/features/projects/tags/user_views_tags_spec.rb
+++ b/spec/features/projects/tags/user_views_tags_spec.rb
@@ -15,7 +15,7 @@ describe 'User views tags', :feature do
       it do
         visit project_tags_path(project, format: :atom)
 
-        expect(page).to have_gitlab_http_status(401)
+        expect(page.current_path).to eq("/users/sign_in")
       end
     end
 
diff --git a/spec/features/users/signup_spec.rb b/spec/features/users/signup_spec.rb
index 5d4c30b6e8e..29ff0c67dbd 100644
--- a/spec/features/users/signup_spec.rb
+++ b/spec/features/users/signup_spec.rb
@@ -441,11 +441,13 @@ describe 'With experimental flow' do
 
       fill_in 'user_name', with: 'New name'
       select 'Software Developer', from: 'user_role'
+      choose 'user_setup_for_company_true'
       click_button 'Get started!'
       new_user = User.find_by_username(new_user.username)
 
       expect(new_user.name).to eq 'New name'
       expect(new_user.software_developer_role?).to be_truthy
+      expect(new_user.setup_for_company).to be_truthy
       expect(page).to have_current_path(new_project_path)
     end
   end
diff --git a/spec/lib/constraints/project_url_constrainer_spec.rb b/spec/lib/constraints/project_url_constrainer_spec.rb
index 27d70d562c1..ac3221ecab7 100644
--- a/spec/lib/constraints/project_url_constrainer_spec.rb
+++ b/spec/lib/constraints/project_url_constrainer_spec.rb
@@ -14,15 +14,42 @@ describe Constraints::ProjectUrlConstrainer do
     end
 
     context 'invalid request' do
+      context "non-existing project" do
+        let(:request) { build_request('foo', 'bar') }
+
+        it { expect(subject.matches?(request)).to be_falsey }
+
+        context 'existence_check is false' do
+          it { expect(subject.matches?(request, existence_check: false)).to be_truthy }
+        end
+      end
+
       context "project id ending with .git" do
         let(:request) { build_request(namespace.full_path, project.path + '.git') }
 
         it { expect(subject.matches?(request)).to be_falsey }
       end
     end
+
+    context 'when the request matches a redirect route' do
+      let(:old_project_path) { 'old_project_path' }
+      let!(:redirect_route) { project.redirect_routes.create!(path: "#{namespace.full_path}/#{old_project_path}") }
+
+      context 'and is a GET request' do
+        let(:request) { build_request(namespace.full_path, old_project_path) }
+        it { expect(subject.matches?(request)).to be_truthy }
+      end
+
+      context 'and is NOT a GET request' do
+        let(:request) { build_request(namespace.full_path, old_project_path, 'POST') }
+        it { expect(subject.matches?(request)).to be_falsey }
+      end
+    end
   end
 
-  def build_request(namespace, project)
-    double(:request, params: { namespace_id: namespace, id: project })
+  def build_request(namespace, project, method = 'GET')
+    double(:request,
+      'get?': (method == 'GET'),
+      params: { namespace_id: namespace, id: project })
   end
 end
diff --git a/spec/models/lfs_object_spec.rb b/spec/models/lfs_object_spec.rb
index 47cae5cf197..44445429d3e 100644
--- a/spec/models/lfs_object_spec.rb
+++ b/spec/models/lfs_object_spec.rb
@@ -3,6 +3,18 @@
 require 'spec_helper'
 
 describe LfsObject do
+  context 'scopes' do
+    describe '.not_existing_in_project' do
+      it 'contains only lfs objects not linked to the project' do
+        project = create(:project)
+        create(:lfs_objects_project, project: project)
+        other_lfs_object = create(:lfs_object)
+
+        expect(described_class.not_linked_to_project(project)).to contain_exactly(other_lfs_object)
+      end
+    end
+  end
+
   it 'has a distinct has_many :projects relation through lfs_objects_projects' do
     lfs_object = create(:lfs_object)
     project = create(:project)
diff --git a/spec/requests/projects/blob_controller_spec.rb b/spec/requests/projects/blob_controller_spec.rb
deleted file mode 100644
index b3321375ccc..00000000000
--- a/spec/requests/projects/blob_controller_spec.rb
+++ /dev/null
@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-describe Projects::BlobController do
-  let(:project) { create(:project, :private, :repository) }
-  let(:namespace) { project.namespace }
-
-  context 'anonymous user views blob in inaccessible project' do
-    context 'with default HTML format' do
-      before do
-        get namespace_project_blob_path(namespace_id: namespace, project_id: project, id: 'master/README.md')
-      end
-
-      context 'when project is private' do
-        it { expect(response).to have_gitlab_http_status(:redirect) }
-      end
-
-      context 'when project does not exist' do
-        let(:namespace) { 'non_existent_namespace' }
-        let(:project)   { 'non_existent_project' }
-
-        it { expect(response).to have_gitlab_http_status(:redirect) }
-      end
-    end
-
-    context 'with JSON format' do
-      before do
-        get namespace_project_blob_path(namespace_id: namespace, project_id: project, id: 'master/README.md', format: :json)
-      end
-
-      context 'when project is private' do
-        it { expect(response).to have_gitlab_http_status(:unauthorized) }
-      end
-
-      context 'when project does not exist' do
-        let(:namespace) { 'non_existent_namespace' }
-        let(:project)   { 'non_existent_project' }
-
-        it { expect(response).to have_gitlab_http_status(:unauthorized) }
-      end
-    end
-  end
-end
diff --git a/spec/routing/project_routing_spec.rb b/spec/routing/project_routing_spec.rb
index 61110790a43..561c2b572ec 100644
--- a/spec/routing/project_routing_spec.rb
+++ b/spec/routing/project_routing_spec.rb
@@ -776,6 +776,10 @@ describe 'project routing' do
       it 'routes when :template_type is `issue`' do
         expect(get(show_with_template_type('issue'))).to route_to('projects/templates#show', namespace_id: 'gitlab', project_id: 'gitlabhq', template_type: 'issue', key: 'template_name', format: 'json')
       end
+
+      it 'routes to application#route_not_found when :template_type is unknown' do
+        expect(get(show_with_template_type('invalid'))).to route_to('application#route_not_found', unmatched_route: 'gitlab/gitlabhq/templates/invalid/template_name')
+      end
     end
   end
 
diff --git a/spec/services/projects/lfs_pointers/lfs_link_service_spec.rb b/spec/services/projects/lfs_pointers/lfs_link_service_spec.rb
index 66233787d3a..aca59079b3c 100644
--- a/spec/services/projects/lfs_pointers/lfs_link_service_spec.rb
+++ b/spec/services/projects/lfs_pointers/lfs_link_service_spec.rb
@@ -16,6 +16,13 @@ describe Projects::LfsPointers::LfsLinkService do
   end
 
   describe '#execute' do
+    it 'raises an error when trying to link too many objects at once' do
+      oids = Array.new(described_class::MAX_OIDS) { |i| "oid-#{i}" }
+      oids << 'the straw'
+
+      expect { subject.execute(oids) }.to raise_error(described_class::TooManyOidsError)
+    end
+
     it 'links existing lfs objects to the project' do
       expect(project.all_lfs_objects.count).to eq 2
 
@@ -28,7 +35,7 @@ describe Projects::LfsPointers::LfsLinkService do
     it 'returns linked oids' do
       linked = lfs_objects_project.map(&:lfs_object).map(&:oid) << new_lfs_object.oid
 
-      expect(subject.execute(new_oid_list.keys)).to eq linked
+      expect(subject.execute(new_oid_list.keys)).to contain_exactly(*linked)
     end
 
     it 'links in batches' do
@@ -48,5 +55,26 @@ describe Projects::LfsPointers::LfsLinkService do
       expect(project.all_lfs_objects.count).to eq 9
       expect(linked.size).to eq 7
     end
+
+    it 'only queries for the batch that will be processed', :aggregate_failures do
+      stub_const("#{described_class}::BATCH_SIZE", 1)
+      oids = %w(one two)
+
+      expect(LfsObject).to receive(:where).with(oid: %w(one)).once.and_call_original
+      expect(LfsObject).to receive(:where).with(oid: %w(two)).once.and_call_original
+
+      subject.execute(oids)
+    end
+
+    it 'only queries 3 times' do
+      # make sure that we don't count the queries in the setup
+      new_oid_list
+
+      # These are repeated for each batch of oids: maximum (MAX_OIDS / BATCH_SIZE) times
+      # 1. Load the batch of lfs object ids that we might know already
+      # 2. Load the objects that have not been linked to the project yet
+      # 3. Insert the lfs_objects_projects for that batch
+      expect { subject.execute(new_oid_list.keys) }.not_to exceed_query_limit(3)
+    end
   end
 end
diff --git a/spec/services/users/signup_service_spec.rb b/spec/services/users/signup_service_spec.rb
new file mode 100644
index 00000000000..7d3cd614142
--- /dev/null
+++ b/spec/services/users/signup_service_spec.rb
@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Users::SignupService do
+  let(:user) { create(:user, setup_for_company: true) }
+
+  describe '#execute' do
+    context 'when updating name' do
+      it 'updates the name attribute' do
+        result = update_user(user, name: 'New Name')
+
+        expect(result).to eq(status: :success)
+        expect(user.reload.name).to eq('New Name')
+      end
+
+      it 'returns an error result when name is missing' do
+        result = update_user(user, name: '')
+
+        expect(user.reload.name).not_to be_blank
+        expect(result[:status]).to eq(:error)
+        expect(result[:message]).to include("Name can't be blank")
+      end
+    end
+
+    context 'when updating role' do
+      it 'updates the role attribute' do
+        result = update_user(user, role: 'development_team_lead')
+
+        expect(result).to eq(status: :success)
+        expect(user.reload.role).to eq('development_team_lead')
+      end
+
+      it 'returns an error result when role is missing' do
+        result = update_user(user, role: '')
+
+        expect(user.reload.role).not_to be_blank
+        expect(result[:status]).to eq(:error)
+        expect(result[:message]).to eq("Role can't be blank")
+      end
+    end
+
+    context 'when updating setup_for_company' do
+      it 'updates the setup_for_company attribute' do
+        result = update_user(user, setup_for_company: 'false')
+
+        expect(result).to eq(status: :success)
+        expect(user.reload.setup_for_company).to be(false)
+      end
+
+      it 'returns an error result when setup_for_company is missing' do
+        result = update_user(user, setup_for_company: '')
+
+        expect(user.reload.setup_for_company).not_to be_blank
+        expect(result[:status]).to eq(:error)
+        expect(result[:message]).to eq("Setup for company can't be blank")
+      end
+    end
+
+    def update_user(user, opts)
+      described_class.new(user, opts).execute
+    end
+  end
+end
diff --git a/spec/support/controllers/sessionless_auth_controller_shared_examples.rb b/spec/support/controllers/sessionless_auth_controller_shared_examples.rb
index b5149a0fcb1..bc95fcd6b88 100644
--- a/spec/support/controllers/sessionless_auth_controller_shared_examples.rb
+++ b/spec/support/controllers/sessionless_auth_controller_shared_examples.rb
@@ -34,8 +34,15 @@ shared_examples 'authenticates sessionless user' do |path, format, params|
 
   context 'when the personal access token has no api scope', unless: params[:public] do
     it 'does not log the user in' do
-      expect(authentication_metrics)
-        .to increment(:user_unauthenticated_counter)
+      # Several instances of where these specs are shared route the request
+      #   through ApplicationController#route_not_found which does not involve
+      #   the usual auth code from Devise, so does not increment the
+      #   :user_unauthenticated_counter
+      #
+      unless params[:ignore_incrementing]
+        expect(authentication_metrics)
+          .to increment(:user_unauthenticated_counter)
+      end
 
       personal_access_token.update(scopes: [:read_user])
 
@@ -84,8 +91,15 @@ shared_examples 'authenticates sessionless user' do |path, format, params|
   end
 
   it "doesn't log the user in otherwise", unless: params[:public] do
-    expect(authentication_metrics)
-      .to increment(:user_unauthenticated_counter)
+    # Several instances of where these specs are shared route the request
+    #   through ApplicationController#route_not_found which does not involve
+    #   the usual auth code from Devise, so does not increment the
+    #   :user_unauthenticated_counter
+    #
+    unless params[:ignore_incrementing]
+      expect(authentication_metrics)
+        .to increment(:user_unauthenticated_counter)
+    end
 
     get path, params: default_params.merge(private_token: 'token')
 
diff --git a/spec/support/shared_examples/controllers/todos_shared_examples.rb b/spec/support/shared_examples/controllers/todos_shared_examples.rb
index f3f9abb7da2..914bf506320 100644
--- a/spec/support/shared_examples/controllers/todos_shared_examples.rb
+++ b/spec/support/shared_examples/controllers/todos_shared_examples.rb
@@ -39,7 +39,7 @@ shared_examples 'todos actions' do
         post_create
       end.to change { user.todos.count }.by(0)
 
-      expect(response).to have_gitlab_http_status(parent.is_a?(Group) ? 401 : 302)
+      expect(response).to have_gitlab_http_status(302)
     end
   end
 end