Add latest changes from gitlab-org/gitlab@master

12 files changed, 247 insertions, 18 deletions

diff --git a/spec/controllers/projects/merge_requests/diffs_controller_spec.rb b/spec/controllers/projects/merge_requests/diffs_controller_spec.rb
index 4de724fd6d6..05c07c9f00d 100644
--- a/spec/controllers/projects/merge_requests/diffs_controller_spec.rb
+++ b/spec/controllers/projects/merge_requests/diffs_controller_spec.rb
@@ -610,5 +610,39 @@ RSpec.describe Projects::MergeRequests::DiffsController do
         go
       end
     end
+
+    context 'when ck param is present' do
+      let(:cache_key) { merge_request.merge_head_diff.id }
+
+      before do
+        create(:merge_request_diff, :merge_head, merge_request: merge_request)
+      end
+
+      it 'sets Cache-Control with max-age' do
+        go(ck: cache_key, diff_head: true)
+
+        expect(response.headers['Cache-Control']).to eq('max-age=86400, private')
+      end
+
+      context 'when diffs_batch_cache_with_max_age feature flag is disabled' do
+        before do
+          stub_feature_flags(diffs_batch_cache_with_max_age: false)
+        end
+
+        it 'does not set Cache-Control with max-age' do
+          go(ck: cache_key, diff_head: true)
+
+          expect(response.headers['Cache-Control']).not_to eq('max-age=86400, private')
+        end
+      end
+
+      context 'when not rendering merge head diff' do
+        it 'does not set Cache-Control with max-age' do
+          go(ck: cache_key, diff_head: false)
+
+          expect(response.headers['Cache-Control']).not_to eq('max-age=86400, private')
+        end
+      end
+    end
   end
 end
diff --git a/spec/controllers/projects/merge_requests_controller_spec.rb b/spec/controllers/projects/merge_requests_controller_spec.rb
index 05c477fff68..a7b2a436c97 100644
--- a/spec/controllers/projects/merge_requests_controller_spec.rb
+++ b/spec/controllers/projects/merge_requests_controller_spec.rb
@@ -82,6 +82,61 @@ RSpec.describe Projects::MergeRequestsController, feature_category: :code_review
             w: '0'))
       end
 
+      context 'when merge_head diff is present' do
+        before do
+          create(:merge_request_diff, :merge_head, merge_request: merge_request)
+        end
+
+        it 'sets the endpoint_diff_batch_url with ck' do
+          go
+
+          expect(assigns["endpoint_diff_batch_url"]).to eq(
+            diffs_batch_project_json_merge_request_path(
+              project,
+              merge_request,
+              'json',
+              diff_head: true,
+              view: 'inline',
+              w: '0',
+              page: '0',
+              per_page: '5',
+              ck: merge_request.merge_head_diff.id))
+        end
+
+        it 'sets diffs_batch_cache_key' do
+          go
+
+          expect(assigns['diffs_batch_cache_key']).to eq(merge_request.merge_head_diff.id)
+        end
+
+        context 'when diffs_batch_cache_with_max_age feature flag is disabled' do
+          before do
+            stub_feature_flags(diffs_batch_cache_with_max_age: false)
+          end
+
+          it 'sets the endpoint_diff_batch_url without ck param' do
+            go
+
+            expect(assigns['endpoint_diff_batch_url']).to eq(
+              diffs_batch_project_json_merge_request_path(
+                project,
+                merge_request,
+                'json',
+                diff_head: true,
+                view: 'inline',
+                w: '0',
+                page: '0',
+                per_page: '5'))
+          end
+
+          it 'does not set diffs_batch_cache_key' do
+            go
+
+            expect(assigns['diffs_batch_cache_key']).to be_nil
+          end
+        end
+      end
+
       context 'when diff files were cleaned' do
         render_views
 
diff --git a/spec/db/schema_spec.rb b/spec/db/schema_spec.rb
index 7f3cab55d5a..4c2383292c7 100644
--- a/spec/db/schema_spec.rb
+++ b/spec/db/schema_spec.rb
@@ -89,6 +89,7 @@ RSpec.describe 'Database schema', feature_category: :database do
     oauth_applications: %w[owner_id],
     product_analytics_events_experimental: %w[event_id txn_id user_id],
     project_build_artifacts_size_refreshes: %w[last_job_artifact_id],
+    project_data_transfers: %w[project_id namespace_id],
     project_error_tracking_settings: %w[sentry_project_id],
     project_group_links: %w[group_id],
     project_statistics: %w[namespace_id],
diff --git a/spec/factories/projects/data_transfers.rb b/spec/factories/projects/data_transfers.rb
new file mode 100644
index 00000000000..4184f475663
--- /dev/null
+++ b/spec/factories/projects/data_transfers.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :project_data_transfer, class: 'Projects::DataTransfer' do
+    project factory: :project
+    namespace { project.root_namespace }
+    date { Time.current.utc.beginning_of_month }
+  end
+end
diff --git a/spec/lib/gitlab/auth/auth_finders_spec.rb b/spec/lib/gitlab/auth/auth_finders_spec.rb
index 484b4702497..d4d82f659f1 100644
--- a/spec/lib/gitlab/auth/auth_finders_spec.rb
+++ b/spec/lib/gitlab/auth/auth_finders_spec.rb
@@ -470,7 +470,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do
       expect { find_user_from_access_token }.to raise_error(Gitlab::Auth::UnauthorizedError)
     end
 
-    context 'no feed, API or archive requests' do
+    context 'no feed, API, archive or download requests' do
       it 'returns nil if the request is not RSS' do
         expect(find_user_from_web_access_token(:rss)).to be_nil
       end
@@ -486,6 +486,10 @@ RSpec.describe Gitlab::Auth::AuthFinders do
       it 'returns nil if the request is not ARCHIVE' do
         expect(find_user_from_web_access_token(:archive)).to be_nil
       end
+
+      it 'returns nil if the request is not DOWNLOAD' do
+        expect(find_user_from_web_access_token(:download)).to be_nil
+      end
     end
 
     it 'returns the user for RSS requests' do
@@ -506,6 +510,12 @@ RSpec.describe Gitlab::Auth::AuthFinders do
       expect(find_user_from_web_access_token(:archive)).to eq(user)
     end
 
+    it 'returns the user for DOWNLOAD requests' do
+      set_header('SCRIPT_NAME', '/-/1.0.0/downloads/main.zip')
+
+      expect(find_user_from_web_access_token(:download)).to eq(user)
+    end
+
     context 'for API requests' do
       it 'returns the user' do
         set_header('SCRIPT_NAME', '/api/endpoint')
diff --git a/spec/lib/gitlab/web_hooks/rate_limiter_spec.rb b/spec/lib/gitlab/web_hooks/rate_limiter_spec.rb
index 42151c494f1..b25ce4ea9da 100644
--- a/spec/lib/gitlab/web_hooks/rate_limiter_spec.rb
+++ b/spec/lib/gitlab/web_hooks/rate_limiter_spec.rb
@@ -32,7 +32,7 @@ RSpec.describe Gitlab::WebHooks::RateLimiter, :clean_gitlab_redis_rate_limiting
 
     context 'when there is a plan limit' do
       before_all do
-        create(:plan_limits, plan: plan, web_hook_calls_high: limit)
+        create(:plan_limits, plan: plan, web_hook_calls: limit)
       end
 
       where(:hook, :limitless_hook_type) do
@@ -65,7 +65,7 @@ RSpec.describe Gitlab::WebHooks::RateLimiter, :clean_gitlab_redis_rate_limiting
 
     describe 'rate limit scope' do
       it 'rate limits all hooks from the same namespace', :freeze_time do
-        create(:plan_limits, plan: plan, web_hook_calls_high: limit)
+        create(:plan_limits, plan: plan, web_hook_calls: limit)
         project_hook_in_different_namespace = create(:project_hook)
         project_hook_in_same_namespace = create(:project_hook,
           project: create(:project, namespace: project_hook.project.namespace)
@@ -92,7 +92,7 @@ RSpec.describe Gitlab::WebHooks::RateLimiter, :clean_gitlab_redis_rate_limiting
 
     context 'when there is a plan limit' do
       before_all do
-        create(:plan_limits, plan: plan, web_hook_calls_high: limit)
+        create(:plan_limits, plan: plan, web_hook_calls: limit)
       end
 
       context 'when hook is not rate-limited' do
diff --git a/spec/mailers/notify_spec.rb b/spec/mailers/notify_spec.rb
index 684fe9bb9cf..f196db709b7 100644
--- a/spec/mailers/notify_spec.rb
+++ b/spec/mailers/notify_spec.rb
@@ -1409,6 +1409,8 @@ RSpec.describe Notify do
         subject { described_class.service_desk_thank_you_email(issue.id) }
 
         it_behaves_like 'an unsubscribeable thread'
+        it_behaves_like 'appearance header and footer enabled'
+        it_behaves_like 'appearance header and footer not enabled'
 
         it 'has the correct recipient' do
           is_expected.to deliver_to('service.desk@example.com')
@@ -1450,6 +1452,8 @@ RSpec.describe Notify do
         subject { described_class.service_desk_new_note_email(issue.id, first_note.id, 'service.desk@example.com') }
 
         it_behaves_like 'an unsubscribeable thread'
+        it_behaves_like 'appearance header and footer enabled'
+        it_behaves_like 'appearance header and footer not enabled'
 
         it 'has the correct recipient' do
           is_expected.to deliver_to('service.desk@example.com')
diff --git a/spec/models/merge_request_spec.rb b/spec/models/merge_request_spec.rb
index 2d61bb80c56..f8b7c840249 100644
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@@ -5535,4 +5535,24 @@ RSpec.describe MergeRequest, factory_default: :keep, feature_category: :code_rev
       end
     end
   end
+
+  describe '#diffs_batch_cache_with_max_age?' do
+    let(:merge_request) { build_stubbed(:merge_request) }
+
+    subject(:diffs_batch_cache_with_max_age?) { merge_request.diffs_batch_cache_with_max_age? }
+
+    it 'returns true' do
+      expect(diffs_batch_cache_with_max_age?).to be_truthy
+    end
+
+    context 'when diffs_batch_cache_with_max_age is disabled' do
+      before do
+        stub_feature_flags(diffs_batch_cache_with_max_age: false)
+      end
+
+      it 'returns false' do
+        expect(diffs_batch_cache_with_max_age?).to be_falsey
+      end
+    end
+  end
 end
diff --git a/spec/models/plan_limits_spec.rb b/spec/models/plan_limits_spec.rb
index 093c78198d1..3705cab7ef5 100644
--- a/spec/models/plan_limits_spec.rb
+++ b/spec/models/plan_limits_spec.rb
@@ -213,7 +213,7 @@ RSpec.describe PlanLimits do
         ci_active_jobs
         storage_size_limit
         daily_invites
-        web_hook_calls_high
+        web_hook_calls
         web_hook_calls_mid
         web_hook_calls_low
         ci_daily_pipeline_schedule_triggers
diff --git a/spec/models/projects/data_transfer_spec.rb b/spec/models/projects/data_transfer_spec.rb
new file mode 100644
index 00000000000..6d3ddbdd74e
--- /dev/null
+++ b/spec/models/projects/data_transfer_spec.rb
@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Projects::DataTransfer, feature_category: :source_code_management do
+  let_it_be(:project) { create(:project) }
+
+  it { expect(subject).to be_valid }
+
+  describe 'associations' do
+    it { is_expected.to belong_to(:project) }
+    it { is_expected.to belong_to(:namespace) }
+  end
+
+  describe 'scopes' do
+    describe '.current_month' do
+      subject { described_class.current_month }
+
+      it 'returns data transfer for the current month' do
+        travel_to(Time.utc(2022, 5, 2)) do
+          _past_month = create(:project_data_transfer, project: project, date: '2022-04-01')
+          current_month = create(:project_data_transfer, project: project, date: '2022-05-01')
+
+          is_expected.to match_array([current_month])
+        end
+      end
+    end
+  end
+
+  describe '.beginning_of_month' do
+    subject { described_class.beginning_of_month(time) }
+
+    let(:time) { Time.utc(2022, 5, 2) }
+
+    it { is_expected.to eq(Time.utc(2022, 5, 1)) }
+  end
+
+  describe 'unique index' do
+    before do
+      create(:project_data_transfer, project: project, date: '2022-05-01')
+    end
+
+    it 'raises unique index violation' do
+      expect { create(:project_data_transfer, project: project, namespace: project.root_namespace, date: '2022-05-01') }
+        .to raise_error(ActiveRecord::RecordNotUnique)
+    end
+
+    context 'when project was moved from one namespace to another' do
+      it 'creates a new record' do
+        expect { create(:project_data_transfer, project: project, namespace: create(:namespace), date: '2022-05-01') }
+          .to change { described_class.count }.by(1)
+      end
+    end
+
+    context 'when a different project is created' do
+      it 'creates a new record' do
+        expect { create(:project_data_transfer, project: build(:project), date: '2022-05-01') }
+          .to change { described_class.count }.by(1)
+      end
+    end
+  end
+end
diff --git a/spec/requests/projects/releases_controller_spec.rb b/spec/requests/projects/releases_controller_spec.rb
index d331142583d..5e2d3e28860 100644
--- a/spec/requests/projects/releases_controller_spec.rb
+++ b/spec/requests/projects/releases_controller_spec.rb
@@ -8,17 +8,20 @@ RSpec.describe 'Projects::ReleasesController', feature_category: :release_orches
 
   before do
     project.add_developer(user)
-    login_as(user)
   end
 
   # Added as a request spec because of https://gitlab.com/gitlab-org/gitlab/-/issues/232386
   describe 'GET #downloads' do
-    context 'filepath redirection' do
-      let_it_be(:release) { create(:release, project: project, tag: 'v11.9.0-rc2' ) }
-      let!(:link) { create(:release_link, release: release, name: 'linux-amd64 binaries', filepath: filepath, url: 'https://aws.example.com/s3/project/bin/hello-darwin-amd64') }
-      let_it_be(:url) { "#{project_releases_path(project)}/#{release.tag}/downloads/bin/darwin-amd64" }
+    let_it_be(:release) { create(:release, project: project, tag: 'v11.9.0-rc2' ) }
+    let!(:link) { create(:release_link, release: release, name: 'linux-amd64 binaries', filepath: filepath, url: 'https://aws.example.com/s3/project/bin/hello-darwin-amd64') }
+    let_it_be(:url) { "#{project_releases_path(project)}/#{release.tag}/downloads/bin/darwin-amd64" }
 
-      let(:subject) { get url }
+    let(:subject) { get url }
+
+    context 'filepath redirection' do
+      before do
+        login_as(user)
+      end
 
       context 'valid filepath' do
         let(:filepath) { '/bin/darwin-amd64' }
@@ -47,14 +50,45 @@ RSpec.describe 'Projects::ReleasesController', feature_category: :release_orches
       end
     end
 
-    context 'invalid filepath' do
-      let(:invalid_filepath) { 'bin/darwin-amd64' }
+    context 'sessionless download authentication' do
+      let(:personal_access_token) { create(:personal_access_token, user: user) }
+      let(:filepath) { '/bin/darwin-amd64' }
+
+      subject { get url, params: { private_token: personal_access_token.token } }
+
+      context 'when allow_release_as_web_access_format FF is disabled' do
+        before do
+          stub_feature_flags(allow_release_as_web_access_format: false)
+        end
+
+        it 'will not allow sessionless authentication' do
+          expect_next_instance_of(::Projects::ReleasesController) do |controller|
+            expect(controller).not_to receive(:authenticate_sessionless_user!)
+          end
+
+          subject
+        end
+      end
 
-      let(:subject) { create(:release_link, name: 'linux-amd64 binaries', filepath: invalid_filepath, url: 'https://aws.example.com/s3/project/bin/hello-darwin-amd64') }
+      context 'when allow_release_as_web_access_format FF is enabled' do
+        it 'will allow sessionless users to download the file' do
+          subject
 
-      it 'cannot create an invalid filepath' do
-        expect { subject }.to raise_error(ActiveRecord::RecordInvalid)
+          expect(controller.current_user).to eq(user)
+          expect(response).to have_gitlab_http_status(:redirect)
+          expect(response).to redirect_to(link.url)
+        end
       end
     end
   end
+
+  context 'invalid filepath' do
+    let(:invalid_filepath) { 'bin/darwin-amd64' }
+
+    let(:subject) { create(:release_link, name: 'linux-amd64 binaries', filepath: invalid_filepath, url: 'https://aws.example.com/s3/project/bin/hello-darwin-amd64') }
+
+    it 'cannot create an invalid filepath' do
+      expect { subject }.to raise_error(ActiveRecord::RecordInvalid)
+    end
+  end
 end
diff --git a/spec/services/web_hook_service_spec.rb b/spec/services/web_hook_service_spec.rb
index a756e75214b..4b925a058e7 100644
--- a/spec/services/web_hook_service_spec.rb
+++ b/spec/services/web_hook_service_spec.rb
@@ -606,7 +606,7 @@ RSpec.describe WebHookService, :request_store, :clean_gitlab_redis_shared_state
 
     def expect_to_rate_limit(hook, threshold:, throttled: false)
       expect(Gitlab::ApplicationRateLimiter).to receive(:throttled?)
-        .with(:web_hook_calls_high, scope: [hook.parent.root_namespace], threshold: threshold)
+        .with(:web_hook_calls, scope: [hook.parent.root_namespace], threshold: threshold)
         .and_return(throttled)
     end
 
@@ -621,7 +621,7 @@ RSpec.describe WebHookService, :request_store, :clean_gitlab_redis_shared_state
 
     context 'when rate limiting is configured' do
       let_it_be(:threshold) { 3 }
-      let_it_be(:plan_limits) { create(:plan_limits, :default_plan, web_hook_calls_high: threshold) }
+      let_it_be(:plan_limits) { create(:plan_limits, :default_plan, web_hook_calls: threshold) }
 
       it 'queues a worker and tracks the call' do
         expect_to_rate_limit(project_hook, threshold: threshold)