Add latest changes from gitlab-org/gitlab@master

14 files changed, 173 insertions, 73 deletions

diff --git a/spec/controllers/projects/raw_controller_spec.rb b/spec/controllers/projects/raw_controller_spec.rb
index 8b43d1264b2..ae9932174e8 100644
--- a/spec/controllers/projects/raw_controller_spec.rb
+++ b/spec/controllers/projects/raw_controller_spec.rb
@@ -65,7 +65,7 @@ describe Projects::RawController do
 
       it 'logs the event on auth.log' do
         attributes = {
-          message: 'Action_Rate_Limiter_Request',
+          message: 'Application_Rate_Limiter_Request',
           env: :raw_blob_request_limit,
           remote_ip: '0.0.0.0',
           request_method: 'GET',
diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb
index d16201fff5a..a1f9b98dc2c 100644
--- a/spec/controllers/projects_controller_spec.rb
+++ b/spec/controllers/projects_controller_spec.rb
@@ -1055,45 +1055,34 @@ describe ProjectsController do
     end
   end
 
-  describe '#export' do
+  describe 'project export' do
     before do
       sign_in(user)
 
       project.add_maintainer(user)
     end
 
-    context 'when project export is enabled' do
-      it 'returns 302' do
-        get :export, params: { namespace_id: project.namespace, id: project }
-
-        expect(response).to have_gitlab_http_status(302)
-      end
-    end
-
-    context 'when project export is disabled' do
+    shared_examples 'rate limits project export endpoint' do
       before do
-        stub_application_setting(project_export_enabled?: false)
+        allow(::Gitlab::ApplicationRateLimiter)
+          .to receive(:throttled?)
+          .and_return(true)
       end
 
-      it 'returns 404' do
-        get :export, params: { namespace_id: project.namespace, id: project }
+      it 'prevents requesting project export' do
+        get action, params: { namespace_id: project.namespace, id: project }
 
-        expect(response).to have_gitlab_http_status(404)
+        expect(flash[:alert]).to eq('This endpoint has been requested too many times. Try again later.')
+        expect(response).to have_gitlab_http_status(302)
       end
     end
-  end
 
-  describe '#download_export' do
-    before do
-      sign_in(user)
+    describe '#export' do
+      let(:action) { :export }
 
-      project.add_maintainer(user)
-    end
-
-    context 'object storage enabled' do
       context 'when project export is enabled' do
         it 'returns 302' do
-          get :download_export, params: { namespace_id: project.namespace, id: project }
+          get action, params: { namespace_id: project.namespace, id: project }
 
           expect(response).to have_gitlab_http_status(302)
         end
@@ -1105,66 +1094,96 @@ describe ProjectsController do
         end
 
         it 'returns 404' do
-          get :download_export, params: { namespace_id: project.namespace, id: project }
+          get action, params: { namespace_id: project.namespace, id: project }
 
           expect(response).to have_gitlab_http_status(404)
         end
       end
+
+      context 'when the endpoint receives requests above the limit', :clean_gitlab_redis_cache do
+        include_examples 'rate limits project export endpoint'
+      end
     end
-  end
 
-  describe '#remove_export' do
-    before do
-      sign_in(user)
+    describe '#download_export' do
+      let(:action) { :download_export }
 
-      project.add_maintainer(user)
-    end
+      context 'object storage enabled' do
+        context 'when project export is enabled' do
+          it 'returns 302' do
+            get action, params: { namespace_id: project.namespace, id: project }
 
-    context 'when project export is enabled' do
-      it 'returns 302' do
-        post :remove_export, params: { namespace_id: project.namespace, id: project }
+            expect(response).to have_gitlab_http_status(302)
+          end
+        end
 
-        expect(response).to have_gitlab_http_status(302)
-      end
-    end
+        context 'when project export is disabled' do
+          before do
+            stub_application_setting(project_export_enabled?: false)
+          end
 
-    context 'when project export is disabled' do
-      before do
-        stub_application_setting(project_export_enabled?: false)
-      end
+          it 'returns 404' do
+            get action, params: { namespace_id: project.namespace, id: project }
 
-      it 'returns 404' do
-        post :remove_export, params: { namespace_id: project.namespace, id: project }
+            expect(response).to have_gitlab_http_status(404)
+          end
+        end
 
-        expect(response).to have_gitlab_http_status(404)
+        context 'when the endpoint receives requests above the limit', :clean_gitlab_redis_cache do
+          include_examples 'rate limits project export endpoint'
+        end
       end
     end
-  end
 
-  describe '#generate_new_export' do
-    before do
-      sign_in(user)
+    describe '#remove_export' do
+      let(:action) { :remove_export }
 
-      project.add_maintainer(user)
-    end
+      context 'when project export is enabled' do
+        it 'returns 302' do
+          post action, params: { namespace_id: project.namespace, id: project }
 
-    context 'when project export is enabled' do
-      it 'returns 302' do
-        post :generate_new_export, params: { namespace_id: project.namespace, id: project }
+          expect(response).to have_gitlab_http_status(302)
+        end
+      end
 
-        expect(response).to have_gitlab_http_status(302)
+      context 'when project export is disabled' do
+        before do
+          stub_application_setting(project_export_enabled?: false)
+        end
+
+        it 'returns 404' do
+          post action, params: { namespace_id: project.namespace, id: project }
+
+          expect(response).to have_gitlab_http_status(404)
+        end
       end
     end
 
-    context 'when project export is disabled' do
-      before do
-        stub_application_setting(project_export_enabled?: false)
+    describe '#generate_new_export' do
+      let(:action) { :generate_new_export }
+
+      context 'when project export is enabled' do
+        it 'returns 302' do
+          post action, params: { namespace_id: project.namespace, id: project }
+
+          expect(response).to have_gitlab_http_status(302)
+        end
       end
 
-      it 'returns 404' do
-        post :generate_new_export, params: { namespace_id: project.namespace, id: project }
+      context 'when project export is disabled' do
+        before do
+          stub_application_setting(project_export_enabled?: false)
+        end
 
-        expect(response).to have_gitlab_http_status(404)
+        it 'returns 404' do
+          post action, params: { namespace_id: project.namespace, id: project }
+
+          expect(response).to have_gitlab_http_status(404)
+        end
+      end
+
+      context 'when the endpoint receives requests above the limit', :clean_gitlab_redis_cache do
+        include_examples 'rate limits project export endpoint'
       end
     end
   end
diff --git a/spec/features/snippets/internal_snippet_spec.rb b/spec/features/snippets/internal_snippet_spec.rb
index 4ef3b0e5e7a..fd7ef71db15 100644
--- a/spec/features/snippets/internal_snippet_spec.rb
+++ b/spec/features/snippets/internal_snippet_spec.rb
@@ -5,6 +5,10 @@ require 'spec_helper'
 describe 'Internal Snippets', :js do
   let(:internal_snippet) { create(:personal_snippet, :internal) }
 
+  before do
+    stub_feature_flags(snippets_vue: false)
+  end
+
   describe 'normal user' do
     before do
       sign_in(create(:user))
diff --git a/spec/features/snippets/notes_on_personal_snippets_spec.rb b/spec/features/snippets/notes_on_personal_snippets_spec.rb
index 2bd01be25e9..57264f97ddc 100644
--- a/spec/features/snippets/notes_on_personal_snippets_spec.rb
+++ b/spec/features/snippets/notes_on_personal_snippets_spec.rb
@@ -16,6 +16,7 @@ describe 'Comments on personal snippets', :js do
   let!(:other_note) { create(:note_on_personal_snippet) }
 
   before do
+    stub_feature_flags(snippets_vue: false)
     sign_in user
     visit snippet_path(snippet)
 
diff --git a/spec/features/snippets/private_snippets_spec.rb b/spec/features/snippets/private_snippets_spec.rb
index 9df4cd01103..37f45f22a27 100644
--- a/spec/features/snippets/private_snippets_spec.rb
+++ b/spec/features/snippets/private_snippets_spec.rb
@@ -6,6 +6,7 @@ describe 'Private Snippets', :js do
   let(:user) { create(:user) }
 
   before do
+    stub_feature_flags(snippets_vue: false)
     sign_in(user)
   end
 
diff --git a/spec/features/snippets/public_snippets_spec.rb b/spec/features/snippets/public_snippets_spec.rb
index 82edda509c2..045afcf1c12 100644
--- a/spec/features/snippets/public_snippets_spec.rb
+++ b/spec/features/snippets/public_snippets_spec.rb
@@ -3,6 +3,10 @@
 require 'spec_helper'
 
 describe 'Public Snippets', :js do
+  before do
+    stub_feature_flags(snippets_vue: false)
+  end
+
   it 'Unauthenticated user should see public snippets' do
     public_snippet = create(:personal_snippet, :public)
 
diff --git a/spec/features/snippets/show_spec.rb b/spec/features/snippets/show_spec.rb
index 450e520e293..9c686be012b 100644
--- a/spec/features/snippets/show_spec.rb
+++ b/spec/features/snippets/show_spec.rb
@@ -6,6 +6,10 @@ describe 'Snippet', :js do
   let(:project) { create(:project, :repository) }
   let(:snippet) { create(:personal_snippet, :public, file_name: file_name, content: content) }
 
+  before do
+    stub_feature_flags(snippets_vue: false)
+  end
+
   context 'Ruby file' do
     let(:file_name) { 'popen.rb' }
     let(:content) { project.repository.blob_at('master', 'files/ruby/popen.rb').data }
diff --git a/spec/features/snippets/spam_snippets_spec.rb b/spec/features/snippets/spam_snippets_spec.rb
index 3e71a4e7879..0c3ca6f17c8 100644
--- a/spec/features/snippets/spam_snippets_spec.rb
+++ b/spec/features/snippets/spam_snippets_spec.rb
@@ -7,6 +7,7 @@ describe 'User creates snippet', :js do
 
   before do
     stub_feature_flags(allow_possible_spam: false)
+    stub_feature_flags(snippets_vue: false)
     stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
 
     Gitlab::CurrentSettings.update!(
diff --git a/spec/features/snippets/user_creates_snippet_spec.rb b/spec/features/snippets/user_creates_snippet_spec.rb
index 9a141dd463a..b373264bbe4 100644
--- a/spec/features/snippets/user_creates_snippet_spec.rb
+++ b/spec/features/snippets/user_creates_snippet_spec.rb
@@ -8,6 +8,7 @@ describe 'User creates snippet', :js do
   let(:user) { create(:user) }
 
   before do
+    stub_feature_flags(snippets_vue: false)
     sign_in(user)
     visit new_snippet_path
   end
diff --git a/spec/features/snippets/user_deletes_snippet_spec.rb b/spec/features/snippets/user_deletes_snippet_spec.rb
index 217419a220a..35619b92561 100644
--- a/spec/features/snippets/user_deletes_snippet_spec.rb
+++ b/spec/features/snippets/user_deletes_snippet_spec.rb
@@ -10,6 +10,8 @@ describe 'User deletes snippet' do
   before do
     sign_in(user)
 
+    stub_feature_flags(snippets_vue: false)
+
     visit snippet_path(snippet)
   end
 
diff --git a/spec/features/snippets/user_edits_snippet_spec.rb b/spec/features/snippets/user_edits_snippet_spec.rb
index 51d9baf44bc..1d26660a4f6 100644
--- a/spec/features/snippets/user_edits_snippet_spec.rb
+++ b/spec/features/snippets/user_edits_snippet_spec.rb
@@ -12,6 +12,7 @@ describe 'User edits snippet', :js do
   let(:snippet) { create(:personal_snippet, :public, file_name: file_name, content: content, author: user) }
 
   before do
+    stub_feature_flags(snippets_vue: false)
     sign_in(user)
 
     visit edit_snippet_path(snippet)
diff --git a/spec/features/snippets_spec.rb b/spec/features/snippets_spec.rb
index 9df6fe7d16b..bc7fa161e87 100644
--- a/spec/features/snippets_spec.rb
+++ b/spec/features/snippets_spec.rb
@@ -6,11 +6,38 @@ describe 'Snippets' do
   context 'when the project has snippets' do
     let(:project) { create(:project, :public) }
     let!(:snippets) { create_list(:project_snippet, 2, :public, author: project.owner, project: project) }
+
     before do
       allow(Snippet).to receive(:default_per_page).and_return(1)
-      visit snippets_path(username: project.owner.username)
+
+      visit project_snippets_path(project)
     end
 
     it_behaves_like 'paginated snippets'
   end
+
+  describe 'rendering engine' do
+    let_it_be(:snippet) { create(:personal_snippet, :public) }
+    let(:snippets_vue_feature_flag_enabled) { true }
+
+    before do
+      stub_feature_flags(snippets_vue: snippets_vue_feature_flag_enabled)
+
+      visit snippet_path(snippet)
+    end
+
+    it 'renders Vue application' do
+      expect(page).to have_selector('#js-snippet-view')
+      expect(page).not_to have_selector('.personal-snippets')
+    end
+
+    context 'when feature flag is disabled' do
+      let(:snippets_vue_feature_flag_enabled) { false }
+
+      it 'renders HAML application and not Vue' do
+        expect(page).not_to have_selector('#js-snippet-view')
+        expect(page).to have_selector('.personal-snippets')
+      end
+    end
+  end
 end
diff --git a/spec/lib/gitlab/action_rate_limiter_spec.rb b/spec/lib/gitlab/application_rate_limiter_spec.rb
index 8b510a475d2..f1a0163d91c 100644
--- a/spec/lib/gitlab/action_rate_limiter_spec.rb
+++ b/spec/lib/gitlab/application_rate_limiter_spec.rb
@@ -2,30 +2,40 @@
 
 require 'spec_helper'
 
-describe Gitlab::ActionRateLimiter, :clean_gitlab_redis_cache do
+describe Gitlab::ApplicationRateLimiter, :clean_gitlab_redis_cache do
   let(:redis) { double('redis') }
   let(:user) { create(:user) }
   let(:project) { create(:project) }
+  let(:rate_limits) do
+    {
+      test_action: {
+        threshold: 1,
+        interval: 2.minutes
+      }
+    }
+  end
+  let(:key) { rate_limits.keys[0] }
 
-  subject { described_class.new(action: :test_action, expiry_time: 100) }
+  subject { described_class }
 
   before do
     allow(Gitlab::Redis::Cache).to receive(:with).and_yield(redis)
+    allow(described_class).to receive(:rate_limits).and_return(rate_limits)
   end
 
   shared_examples 'action rate limiter' do
     it 'increases the throttle count and sets the expiration time' do
       expect(redis).to receive(:incr).with(cache_key).and_return(1)
-      expect(redis).to receive(:expire).with(cache_key, 100)
+      expect(redis).to receive(:expire).with(cache_key, 120)
 
-      expect(subject.throttled?(key, 1)).to be_falsy
+      expect(subject.throttled?(key, scope: scope)).to be_falsy
     end
 
     it 'returns true if the key is throttled' do
       expect(redis).to receive(:incr).with(cache_key).and_return(2)
       expect(redis).not_to receive(:expire)
 
-      expect(subject.throttled?(key, 1)).to be_truthy
+      expect(subject.throttled?(key, scope: scope)).to be_truthy
     end
 
     context 'when throttling is disabled' do
@@ -33,16 +43,16 @@ describe Gitlab::ActionRateLimiter, :clean_gitlab_redis_cache do
         expect(redis).not_to receive(:incr)
         expect(redis).not_to receive(:expire)
 
-        expect(subject.throttled?(key, 0)).to be_falsy
+        expect(subject.throttled?(key, scope: scope, threshold: 0)).to be_falsy
       end
     end
   end
 
   context 'when the key is an array of only ActiveRecord models' do
-    let(:key) { [user, project] }
+    let(:scope) { [user, project] }
 
     let(:cache_key) do
-      "action_rate_limiter:test_action:user:#{user.id}:project:#{project.id}"
+      "application_rate_limiter:test_action:user:#{user.id}:project:#{project.id}"
     end
 
     it_behaves_like 'action rate limiter'
@@ -52,10 +62,10 @@ describe Gitlab::ActionRateLimiter, :clean_gitlab_redis_cache do
     let(:project) { create(:project, :public, :repository) }
     let(:commit) { project.repository.commit }
     let(:path) { 'app/controllers/groups_controller.rb' }
-    let(:key) { [project, commit, path] }
+    let(:scope) { [project, commit, path] }
 
     let(:cache_key) do
-      "action_rate_limiter:test_action:project:#{project.id}:commit:#{commit.sha}:#{path}"
+      "application_rate_limiter:test_action:project:#{project.id}:commit:#{commit.sha}:#{path}"
     end
 
     it_behaves_like 'action rate limiter'
@@ -72,7 +82,7 @@ describe Gitlab::ActionRateLimiter, :clean_gitlab_redis_cache do
 
     let(:base_attributes) do
       {
-        message: 'Action_Rate_Limiter_Request',
+        message: 'Application_Rate_Limiter_Request',
         env: type,
         remote_ip: '127.0.0.1',
         request_method: 'GET',
diff --git a/spec/requests/api/project_export_spec.rb b/spec/requests/api/project_export_spec.rb
index 605ff888234..37f2cc85a50 100644
--- a/spec/requests/api/project_export_spec.rb
+++ b/spec/requests/api/project_export_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-describe API::ProjectExport do
+describe API::ProjectExport, :clean_gitlab_redis_cache do
   set(:project) { create(:project) }
   set(:project_none) { create(:project) }
   set(:project_started) { create(:project) }
@@ -47,6 +47,19 @@ describe API::ProjectExport do
     it_behaves_like '404 response'
   end
 
+  shared_examples_for 'when rate limit is exceeded' do
+    before do
+      allow(::Gitlab::ApplicationRateLimiter).to receive(:throttled?).and_return(true)
+    end
+
+    it 'prevents requesting project export' do
+      request
+
+      expect(response).to have_gitlab_http_status(429)
+      expect(json_response['message']['error']).to eq('This endpoint has been requested too many times. Try again later.')
+    end
+  end
+
   describe 'GET /projects/:project_id/export' do
     shared_examples_for 'get project export status not found' do
       it_behaves_like '404 response' do
@@ -219,6 +232,12 @@ describe API::ProjectExport do
         let(:user) { admin }
 
         it_behaves_like 'get project download by strategy'
+
+        context 'when rate limit is exceeded' do
+          let(:request) { get api(download_path, admin) }
+
+          include_examples 'when rate limit is exceeded'
+        end
       end
 
       context 'when user is a maintainer' do
@@ -329,6 +348,12 @@ describe API::ProjectExport do
         let(:user) { admin }
 
         it_behaves_like 'post project export start'
+
+        context 'when rate limit is exceeded' do
+          let(:request) { post api(path, admin) }
+
+          include_examples 'when rate limit is exceeded'
+        end
       end
 
       context 'when user is a maintainer' do