Add latest changes from gitlab-org/gitlab@master

10 files changed, 207 insertions, 34 deletions

diff --git a/spec/controllers/groups/settings/ci_cd_controller_spec.rb b/spec/controllers/groups/settings/ci_cd_controller_spec.rb
index 70b3a5fb496..897ba491036 100644
--- a/spec/controllers/groups/settings/ci_cd_controller_spec.rb
+++ b/spec/controllers/groups/settings/ci_cd_controller_spec.rb
@@ -156,4 +156,58 @@ describe Groups::Settings::CiCdController do
       end
     end
   end
+
+  describe 'PATCH #update' do
+    subject do
+      patch :update, params: {
+        group_id: group,
+        group: { max_artifacts_size: 10 }
+      }
+    end
+
+    context 'when user is not an admin' do
+      before do
+        group.add_owner(user)
+      end
+
+      it { is_expected.to have_gitlab_http_status(404) }
+    end
+
+    context 'when user is an admin' do
+      let(:user) { create(:admin) }
+
+      before do
+        group.add_owner(user)
+      end
+
+      it { is_expected.to redirect_to(group_settings_ci_cd_path) }
+
+      context 'when service execution went wrong' do
+        let(:update_service) { double }
+
+        before do
+          allow(Groups::UpdateService).to receive(:new).and_return(update_service)
+          allow(update_service).to receive(:execute).and_return(false)
+          allow_any_instance_of(Group).to receive_message_chain(:errors, :full_messages)
+            .and_return(['Error 1'])
+
+          subject
+        end
+
+        it 'returns a flash alert' do
+          expect(response).to set_flash[:alert]
+            .to eq("There was a problem updating the pipeline settings: [\"Error 1\"].")
+        end
+      end
+
+      context 'when service execution was successful' do
+        it 'returns a flash notice' do
+          subject
+
+          expect(response).to set_flash[:notice]
+            .to eq('Pipeline settings was updated for the group')
+        end
+      end
+    end
+  end
 end
diff --git a/spec/controllers/projects/settings/ci_cd_controller_spec.rb b/spec/controllers/projects/settings/ci_cd_controller_spec.rb
index f4dbfbe15e8..93507b58910 100644
--- a/spec/controllers/projects/settings/ci_cd_controller_spec.rb
+++ b/spec/controllers/projects/settings/ci_cd_controller_spec.rb
@@ -215,6 +215,30 @@ describe Projects::Settings::CiCdController do
           expect(project.ci_default_git_depth).to eq(10)
         end
       end
+
+      context 'when max_artifacts_size is specified' do
+        let(:params) { { max_artifacts_size: 10 } }
+
+        context 'and user is not an admin' do
+          it 'does not set max_artifacts_size' do
+            subject
+
+            project.reload
+            expect(project.max_artifacts_size).to be_nil
+          end
+        end
+
+        context 'and user is an admin' do
+          let(:user) { create(:admin)  }
+
+          it 'sets max_artifacts_size' do
+            subject
+
+            project.reload
+            expect(project.max_artifacts_size).to eq(10)
+          end
+        end
+      end
     end
   end
 end
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index 5f4a6bf8ee7..dd7ab4f9d47 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -1,16 +1,15 @@
 # frozen_string_literal: true
 
 require 'spec_helper'
-shared_examples 'content not cached without revalidation' do
+shared_examples 'content 5 min private cached with revalidation' do
   it 'ensures content will not be cached without revalidation' do
-    expect(subject['Cache-Control']).to eq('max-age=0, private, must-revalidate')
+    expect(subject['Cache-Control']).to eq('max-age=300, private, must-revalidate')
   end
 end
 
-shared_examples 'content not cached without revalidation and no-store' do
+shared_examples 'content long term private cached with revalidation' do
   it 'ensures content will not be cached without revalidation' do
-    # Fixed in newer versions of ActivePack, it will only output a single `private`.
-    expect(subject['Cache-Control']).to eq('max-age=0, private, must-revalidate, no-store')
+    expect(subject['Cache-Control']).to eq('max-age=15778476, private, must-revalidate')
   end
 end
 
@@ -285,7 +284,7 @@ describe UploadsController do
             expect(response).to have_gitlab_http_status(200)
           end
 
-          it_behaves_like 'content not cached without revalidation' do
+          it_behaves_like 'content 5 min private cached with revalidation' do
             subject do
               get :show, params: { model: 'project', mounted_as: 'avatar', id: project.id, filename: 'dk.png' }
 
@@ -305,7 +304,7 @@ describe UploadsController do
             expect(response).to have_gitlab_http_status(200)
           end
 
-          it_behaves_like 'content not cached without revalidation and no-store' do
+          it_behaves_like 'content 5 min private cached with revalidation' do
             subject do
               get :show, params: { model: 'project', mounted_as: 'avatar', id: project.id, filename: 'dk.png' }
 
@@ -358,7 +357,7 @@ describe UploadsController do
                 expect(response).to have_gitlab_http_status(200)
               end
 
-              it_behaves_like 'content not cached without revalidation and no-store' do
+              it_behaves_like 'content 5 min private cached with revalidation' do
                 subject do
                   get :show, params: { model: 'project', mounted_as: 'avatar', id: project.id, filename: 'dk.png' }
 
@@ -390,7 +389,7 @@ describe UploadsController do
             expect(response).to have_gitlab_http_status(200)
           end
 
-          it_behaves_like 'content not cached without revalidation' do
+          it_behaves_like 'content 5 min private cached with revalidation' do
             subject do
               get :show, params: { model: 'group', mounted_as: 'avatar', id: group.id, filename: 'dk.png' }
 
@@ -410,7 +409,7 @@ describe UploadsController do
             expect(response).to have_gitlab_http_status(200)
           end
 
-          it_behaves_like 'content not cached without revalidation and no-store' do
+          it_behaves_like 'content 5 min private cached with revalidation' do
             subject do
               get :show, params: { model: 'group', mounted_as: 'avatar', id: group.id, filename: 'dk.png' }
 
@@ -454,7 +453,7 @@ describe UploadsController do
                 expect(response).to have_gitlab_http_status(200)
               end
 
-              it_behaves_like 'content not cached without revalidation and no-store' do
+              it_behaves_like 'content 5 min private cached with revalidation' do
                 subject do
                   get :show, params: { model: 'group', mounted_as: 'avatar', id: group.id, filename: 'dk.png' }
 
@@ -491,7 +490,7 @@ describe UploadsController do
             expect(response).to have_gitlab_http_status(200)
           end
 
-          it_behaves_like 'content not cached without revalidation' do
+          it_behaves_like 'content long term private cached with revalidation' do
             subject do
               get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'dk.png' }
 
@@ -511,7 +510,7 @@ describe UploadsController do
             expect(response).to have_gitlab_http_status(200)
           end
 
-          it_behaves_like 'content not cached without revalidation and no-store' do
+          it_behaves_like 'content long term private cached with revalidation' do
             subject do
               get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'dk.png' }
 
@@ -564,7 +563,7 @@ describe UploadsController do
                 expect(response).to have_gitlab_http_status(200)
               end
 
-              it_behaves_like 'content not cached without revalidation and no-store' do
+              it_behaves_like 'content long term private cached with revalidation' do
                 subject do
                   get :show, params: { model: 'note', mounted_as: 'attachment', id: note.id, filename: 'dk.png' }
 
diff --git a/spec/features/boards/sidebar_spec.rb b/spec/features/boards/sidebar_spec.rb
index 2b923df40c5..2fc79272c21 100644
--- a/spec/features/boards/sidebar_spec.rb
+++ b/spec/features/boards/sidebar_spec.rb
@@ -14,6 +14,8 @@ describe 'Issue Boards', :js do
   let!(:bug)         { create(:label, project: project, name: 'Bug') }
   let!(:regression)  { create(:label, project: project, name: 'Regression') }
   let!(:stretch)     { create(:label, project: project, name: 'Stretch') }
+  let!(:scoped_label_1)     { create(:label, project: project, name: 'Scoped::Label1') }
+  let!(:scoped_label_2)     { create(:label, project: project, name: 'Scoped::Label2') }
   let!(:issue1)      { create(:labeled_issue, project: project, assignees: [user], milestone: milestone, labels: [development], relative_position: 2) }
   let!(:issue2)      { create(:labeled_issue, project: project, labels: [development, stretch], relative_position: 1) }
   let(:board)        { create(:board, project: project) }
@@ -27,6 +29,8 @@ describe 'Issue Boards', :js do
   end
 
   before do
+    stub_licensed_features(scoped_labels: true)
+
     project.add_maintainer(user)
 
     sign_in(user)
@@ -309,6 +313,33 @@ describe 'Issue Boards', :js do
       expect(card).to have_content(bug.title)
     end
 
+    it 'removes existing scoped label' do
+      click_card(card)
+
+      page.within('.labels') do
+        click_link 'Edit'
+
+        wait_for_requests
+
+        click_link scoped_label_1.title
+        click_link scoped_label_2.title
+
+        wait_for_requests
+
+        find('.dropdown-menu-close-icon').click
+
+        page.within('.value') do
+          expect(page).to have_selector('.badge', count: 3)
+          expect(page).not_to have_content(scoped_label_1.title)
+          expect(page).to have_content(scoped_label_2.title)
+        end
+      end
+
+      expect(card).to have_selector('.badge', count: 3)
+      expect(card).not_to have_content(scoped_label_1.title)
+      expect(card).to have_content(scoped_label_2.title)
+    end
+
     it 'adds a multiple labels' do
       click_card(card)
 
diff --git a/spec/features/snippets/private_snippets_spec.rb b/spec/features/snippets/private_snippets_spec.rb
new file mode 100644
index 00000000000..9df4cd01103
--- /dev/null
+++ b/spec/features/snippets/private_snippets_spec.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Private Snippets', :js do
+  let(:user) { create(:user) }
+
+  before do
+    sign_in(user)
+  end
+
+  it 'Private Snippet renders for creator' do
+    private_snippet = create(:personal_snippet, :private, author: user)
+
+    visit snippet_path(private_snippet)
+    wait_for_requests
+
+    expect(page).to have_content(private_snippet.content)
+    expect(page).not_to have_css('.js-embed-btn')
+    expect(page).not_to have_css('.js-share-btn')
+  end
+end
diff --git a/spec/features/snippets/public_snippets_spec.rb b/spec/features/snippets/public_snippets_spec.rb
index a0db00cfc67..82edda509c2 100644
--- a/spec/features/snippets/public_snippets_spec.rb
+++ b/spec/features/snippets/public_snippets_spec.rb
@@ -10,6 +10,8 @@ describe 'Public Snippets', :js do
     wait_for_requests
 
     expect(page).to have_content(public_snippet.content)
+    expect(page).to have_css('.js-embed-btn', visible: false)
+    expect(page).to have_css('.js-share-btn', visible: false)
   end
 
   it 'Unauthenticated user should see raw public snippets' do
diff --git a/spec/features/snippets/user_creates_snippet_spec.rb b/spec/features/snippets/user_creates_snippet_spec.rb
index 52ec5eddd5c..9a141dd463a 100644
--- a/spec/features/snippets/user_creates_snippet_spec.rb
+++ b/spec/features/snippets/user_creates_snippet_spec.rb
@@ -45,7 +45,9 @@ describe 'User creates snippet', :js do
       link = find('a.no-attachment-icon img[alt="banana_sample"]')['src']
       expect(link).to match(%r{/uploads/-/system/user/#{user.id}/\h{32}/banana_sample\.gif\z})
 
-      reqs = inspect_requests { visit(link) }
+      # Adds a cache buster for checking if the image exists as Selenium is now handling the cached regquests
+      # not anymore as requests when they come straight from memory cache.
+      reqs = inspect_requests { visit("#{link}?ran=#{SecureRandom.base64(20)}") }
       expect(reqs.first.status_code).to eq(200)
     end
   end
@@ -63,7 +65,7 @@ describe 'User creates snippet', :js do
     link = find('a.no-attachment-icon img[alt="banana_sample"]')['src']
     expect(link).to match(%r{/uploads/-/system/personal_snippet/#{Snippet.last.id}/\h{32}/banana_sample\.gif\z})
 
-    reqs = inspect_requests { visit(link) }
+    reqs = inspect_requests { visit("#{link}?ran=#{SecureRandom.base64(20)}") }
     expect(reqs.first.status_code).to eq(200)
   end
 
@@ -88,7 +90,7 @@ describe 'User creates snippet', :js do
     link = find('a.no-attachment-icon img[alt="banana_sample"]')['src']
     expect(link).to match(%r{/uploads/-/system/personal_snippet/#{Snippet.last.id}/\h{32}/banana_sample\.gif\z})
 
-    reqs = inspect_requests { visit(link) }
+    reqs = inspect_requests { visit("#{link}?ran=#{SecureRandom.base64(20)}") }
     expect(reqs.first.status_code).to eq(200)
   end
 
diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb
index 02bcc716bee..603e7e874c9 100644
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -547,4 +547,28 @@ describe GroupPolicy do
              groups: [clusterable])
     end
   end
+
+  describe 'update_max_artifacts_size' do
+    let(:group) { create(:group, :public) }
+
+    context 'when no user' do
+      let(:current_user) { nil }
+
+      it { expect_disallowed(:update_max_artifacts_size) }
+    end
+
+    context 'admin' do
+      let(:current_user) { admin }
+
+      it { expect_allowed(:update_max_artifacts_size) }
+    end
+
+    %w(guest reporter developer maintainer owner).each do |role|
+      context role do
+        let(:current_user) { send(role) }
+
+        it { expect_disallowed(:update_max_artifacts_size) }
+      end
+    end
+  end
 end
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index 71ba73d5661..6093464c949 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -478,4 +478,28 @@ describe ProjectPolicy do
       end
     end
   end
+
+  describe 'update_max_artifacts_size' do
+    subject { described_class.new(current_user, project) }
+
+    context 'when no user' do
+      let(:current_user) { nil }
+
+      it { expect_disallowed(:update_max_artifacts_size) }
+    end
+
+    context 'admin' do
+      let(:current_user) { admin }
+
+      it { expect_allowed(:update_max_artifacts_size) }
+    end
+
+    %w(guest reporter developer maintainer owner).each do |role|
+      context role do
+        let(:current_user) { send(role) }
+
+        it { expect_disallowed(:update_max_artifacts_size) }
+      end
+    end
+  end
 end
diff --git a/spec/requests/openid_connect_spec.rb b/spec/requests/openid_connect_spec.rb
index da2e7b71dbe..dfa17c5ff27 100644
--- a/spec/requests/openid_connect_spec.rb
+++ b/spec/requests/openid_connect_spec.rb
@@ -148,34 +148,25 @@ describe 'OpenID Connect requests' do
       end
     end
 
-    # These 2 calls shouldn't actually throw, they should be handled as an
-    # unauthorized request, so we should be able to check the response.
-    #
-    # This was not possible due to an issue with Warden:
-    # https://github.com/hassox/warden/pull/162
-    #
-    # When the patch gets merged and we update Warden, these specs will need to
-    # updated to check the response instead of a raised exception.
-    # https://gitlab.com/gitlab-org/gitlab-foss/issues/40218
     context 'when user is blocked' do
-      it 'returns authentication error' do
+      it 'redirects to login page' do
         access_grant
         user.block!
 
-        expect do
-          request_access_token!
-        end.to raise_error UncaughtThrowError
+        request_access_token!
+
+        expect(response).to redirect_to('/users/sign_in')
       end
     end
 
     context 'when user is ldap_blocked' do
-      it 'returns authentication error' do
+      it 'redirects to login page' do
         access_grant
         user.ldap_block!
 
-        expect do
-          request_access_token!
-        end.to raise_error UncaughtThrowError
+        request_access_token!
+
+        expect(response).to redirect_to('/users/sign_in')
       end
     end
   end