Add latest changes from gitlab-org/security/gitlab@15-0-stable-ee

9 files changed, 131 insertions, 1 deletions

diff --git a/spec/models/error_tracking/project_error_tracking_setting_spec.rb b/spec/models/error_tracking/project_error_tracking_setting_spec.rb
index 15b6b45eaba..0685144dea6 100644
--- a/spec/models/error_tracking/project_error_tracking_setting_spec.rb
+++ b/spec/models/error_tracking/project_error_tracking_setting_spec.rb
@@ -121,6 +121,38 @@ RSpec.describe ErrorTracking::ProjectErrorTrackingSetting do
         end
       end
     end
+
+    describe 'before_validation :reset_token' do
+      context 'when a token was previously set' do
+        subject { create(:project_error_tracking_setting, project: project) }
+
+        it 'resets token if url changed' do
+          subject.api_url = 'http://sentry.com/api/0/projects/org-slug/proj-slug/'
+
+          expect(subject).not_to be_valid
+          expect(subject.token).to be_nil
+        end
+
+        it "does not reset token if new url is set together with the same token" do
+          subject.api_url = 'http://sentrytest.com/api/0/projects/org-slug/proj-slug/'
+          current_token = subject.token
+          subject.token = current_token
+
+          expect(subject).to be_valid
+          expect(subject.token).to eq(current_token)
+          expect(subject.api_url).to eq('http://sentrytest.com/api/0/projects/org-slug/proj-slug/')
+        end
+
+        it 'does not reset token if new url is set together with a new token' do
+          subject.api_url = 'http://sentrytest.com/api/0/projects/org-slug/proj-slug/'
+          subject.token = 'token'
+
+          expect(subject).to be_valid
+          expect(subject.token).to eq('token')
+          expect(subject.api_url).to eq('http://sentrytest.com/api/0/projects/org-slug/proj-slug/')
+        end
+      end
+    end
   end
 
   describe '.extract_sentry_external_url' do
diff --git a/spec/models/grafana_integration_spec.rb b/spec/models/grafana_integration_spec.rb
index bb822187e0c..73ec2856c05 100644
--- a/spec/models/grafana_integration_spec.rb
+++ b/spec/models/grafana_integration_spec.rb
@@ -86,4 +86,38 @@ RSpec.describe GrafanaIntegration do
       end
     end
   end
+
+  describe 'Callbacks' do
+    describe 'before_validation :reset_token' do
+      context 'when a token was previously set' do
+        subject(:grafana_integration) { create(:grafana_integration) }
+
+        it 'resets token if url changed' do
+          grafana_integration.grafana_url = 'http://gitlab1.com'
+
+          expect(grafana_integration).not_to be_valid
+          expect(grafana_integration.send(:token)).to be_nil
+        end
+
+        it "does not reset token if new url is set together with the same token" do
+          grafana_integration.grafana_url = 'http://gitlab_edited.com'
+          current_token = grafana_integration.send(:token)
+          grafana_integration.token = current_token
+
+          expect(grafana_integration).to be_valid
+          expect(grafana_integration.send(:token)).to eq(current_token)
+          expect(grafana_integration.grafana_url).to eq('http://gitlab_edited.com')
+        end
+
+        it 'does not reset token if new url is set together with a new token' do
+          grafana_integration.grafana_url = 'http://gitlab_edited.com'
+          grafana_integration.token = 'token'
+
+          expect(grafana_integration).to be_valid
+          expect(grafana_integration.send(:token)).to eq('token')
+          expect(grafana_integration.grafana_url).to eq('http://gitlab_edited.com')
+        end
+      end
+    end
+  end
 end
diff --git a/spec/models/integrations/campfire_spec.rb b/spec/models/integrations/campfire_spec.rb
index 0044e6fae21..d249c8470ca 100644
--- a/spec/models/integrations/campfire_spec.rb
+++ b/spec/models/integrations/campfire_spec.rb
@@ -5,7 +5,17 @@ require 'spec_helper'
 RSpec.describe Integrations::Campfire do
   include StubRequests
 
+  it_behaves_like Integrations::ResetSecretFields do
+    let(:integration) { described_class.new }
+  end
+
   describe 'Validations' do
+    it { is_expected.to validate_numericality_of(:room).is_greater_than(0).only_integer }
+    it { is_expected.to validate_length_of(:subdomain).is_at_most(63) }
+    it { is_expected.to allow_value("foo").for(:subdomain) }
+    it { is_expected.not_to allow_value("foo.bar").for(:subdomain) }
+    it { is_expected.not_to allow_value("foo.bar/#").for(:subdomain) }
+
     context 'when integration is active' do
       before do
         subject.active = true
diff --git a/spec/models/integrations/drone_ci_spec.rb b/spec/models/integrations/drone_ci_spec.rb
index 78d55c49e7b..5ae4af1a665 100644
--- a/spec/models/integrations/drone_ci_spec.rb
+++ b/spec/models/integrations/drone_ci_spec.rb
@@ -7,6 +7,10 @@ RSpec.describe Integrations::DroneCi, :use_clean_rails_memory_store_caching do
 
   subject(:integration) { described_class.new }
 
+  it_behaves_like Integrations::ResetSecretFields do
+    let(:integration) { subject }
+  end
+
   describe 'validations' do
     context 'active' do
       before do
diff --git a/spec/models/integrations/packagist_spec.rb b/spec/models/integrations/packagist_spec.rb
index dce96890522..d1976e73e2e 100644
--- a/spec/models/integrations/packagist_spec.rb
+++ b/spec/models/integrations/packagist_spec.rb
@@ -29,6 +29,10 @@ RSpec.describe Integrations::Packagist do
     let(:hook_url) { "#{packagist_server}/api/update-package?username=#{packagist_username}&apiToken=#{packagist_token}" }
   end
 
+  it_behaves_like Integrations::ResetSecretFields do
+    let(:integration) { described_class.new(packagist_params) }
+  end
+
   describe '#execute' do
     let(:user)    { create(:user) }
     let(:project) { create(:project, :repository) }
diff --git a/spec/models/integrations/zentao_spec.rb b/spec/models/integrations/zentao_spec.rb
index 2b0532c7930..4ef977ba3d2 100644
--- a/spec/models/integrations/zentao_spec.rb
+++ b/spec/models/integrations/zentao_spec.rb
@@ -9,6 +9,31 @@ RSpec.describe Integrations::Zentao do
   let(:zentao_product_xid) { '3' }
   let(:zentao_integration) { create(:zentao_integration) }
 
+  it_behaves_like Integrations::ResetSecretFields do
+    let(:integration) { zentao_integration }
+  end
+
+  describe 'set_default_data' do
+    let(:project) { create(:project, :repository) }
+
+    context 'when gitlab.yml was initialized' do
+      it 'is prepopulated with the settings' do
+        settings = {
+          'zentao' => {
+            'url' => 'http://zentao.sample/projects/project_a',
+            'api_url' => 'http://zentao.sample/api'
+          }
+        }
+        allow(Gitlab.config).to receive(:issues_tracker).and_return(settings)
+
+        integration = project.create_zentao_integration(active: true)
+
+        expect(integration.url).to eq('http://zentao.sample/projects/project_a')
+        expect(integration.api_url).to eq('http://zentao.sample/api')
+      end
+    end
+  end
+
   describe '#create' do
     let(:project) { create(:project, :repository) }
     let(:params) do
diff --git a/spec/services/groups/destroy_service_spec.rb b/spec/services/groups/destroy_service_spec.rb
index 628943e40ff..161a0907870 100644
--- a/spec/services/groups/destroy_service_spec.rb
+++ b/spec/services/groups/destroy_service_spec.rb
@@ -35,6 +35,20 @@ RSpec.describe Groups::DestroyService do
       it { expect(NotificationSetting.unscoped.all).not_to include(notification_setting) }
     end
 
+    context 'bot tokens', :sidekiq_might_not_need_inline do
+      it 'removes group bot', :aggregate_failures do
+        bot = create(:user, :project_bot)
+        group.add_developer(bot)
+        token = create(:personal_access_token, user: bot)
+
+        destroy_group(group, user, async)
+
+        expect(PersonalAccessToken.find_by(id: token.id)).to be_nil
+        expect(User.find_by(id: bot.id)).to be_nil
+        expect(User.find_by(id: user.id)).not_to be_nil
+      end
+    end
+
     context 'mattermost team', :sidekiq_might_not_need_inline do
       let!(:chat_team) { create(:chat_team, namespace: group) }
 
diff --git a/spec/services/projects/operations/update_service_spec.rb b/spec/services/projects/operations/update_service_spec.rb
index 3ee867ba6f2..57d0e824a83 100644
--- a/spec/services/projects/operations/update_service_spec.rb
+++ b/spec/services/projects/operations/update_service_spec.rb
@@ -306,6 +306,11 @@ RSpec.describe Projects::Operations::UpdateService do
         let(:params) do
           {
             error_tracking_setting_attributes: {
+              api_host: 'https://sentrytest.gitlab.com/',
+              project: {
+                slug: 'sentry-project',
+                organization_slug: 'sentry-org'
+              },
               enabled: false,
               token: '*' * 8
             }
@@ -313,7 +318,7 @@ RSpec.describe Projects::Operations::UpdateService do
         end
 
         before do
-          create(:project_error_tracking_setting, project: project, token: 'token')
+          create(:project_error_tracking_setting, project: project, token: 'token', api_url: 'https://sentrytest.gitlab.com/api/0/projects/sentry-org/sentry-project/')
         end
 
         it 'does not update token' do
diff --git a/spec/support/shared_contexts/features/integrations/integrations_shared_context.rb b/spec/support/shared_contexts/features/integrations/integrations_shared_context.rb
index 3ea6658c0c1..d0f7853eb58 100644
--- a/spec/support/shared_contexts/features/integrations/integrations_shared_context.rb
+++ b/spec/support/shared_contexts/features/integrations/integrations_shared_context.rb
@@ -36,6 +36,8 @@ Integration.available_integration_names.each do |integration|
           hash.merge!(k => 'foo@bar.com')
         elsif integration == 'slack' || integration == 'mattermost' && k == :labels_to_be_notified_behavior
           hash.merge!(k => "match_any")
+        elsif integration == 'campfire' && k = :room
+          hash.merge!(k => '1234')
         else
           hash.merge!(k => "someword")
         end