Add latest changes from gitlab-org/gitlab@master

2 files changed, 128 insertions, 64 deletions

diff --git a/spec/requests/api/internal/base_spec.rb b/spec/requests/api/internal/base_spec.rb
index b2e676f79a3..10a239e3f7e 100644
--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
@@ -50,43 +50,63 @@ RSpec.describe API::Internal::Base do
     end
   end
 
-  describe 'GET /internal/two_factor_recovery_codes' do
-    it 'returns an error message when the key does not exist' do
-      post api('/internal/two_factor_recovery_codes'),
-           params: {
-             secret_token: secret_token,
-             key_id: non_existing_record_id
-           }
+  shared_examples 'actor key validations' do
+    context 'key id is not provided' do
+      let(:key_id) { nil }
 
-      expect(json_response['success']).to be_falsey
-      expect(json_response['message']).to eq('Could not find the given key')
+      it 'returns an error message' do
+        subject
+
+        expect(json_response['success']).to be_falsey
+        expect(json_response['message']).to eq('Could not find a user without a key')
+      end
     end
 
-    it 'returns an error message when the key is a deploy key' do
-      deploy_key = create(:deploy_key)
+    context 'key does not exist' do
+      let(:key_id) { non_existing_record_id }
 
-      post api('/internal/two_factor_recovery_codes'),
-           params: {
-             secret_token: secret_token,
-             key_id: deploy_key.id
-           }
+      it 'returns an error message' do
+        subject
 
-      expect(json_response['success']).to be_falsey
-      expect(json_response['message']).to eq('Deploy keys cannot be used to retrieve recovery codes')
+        expect(json_response['success']).to be_falsey
+        expect(json_response['message']).to eq('Could not find the given key')
+      end
     end
 
-    it 'returns an error message when the user does not exist' do
-      key_without_user = create(:key, user: nil)
+    context 'key without user' do
+      let(:key_id) { create(:key, user: nil).id }
+
+      it 'returns an error message' do
+        subject
+
+        expect(json_response['success']).to be_falsey
+        expect(json_response['message']).to eq('Could not find a user for the given key')
+      end
+    end
+  end
 
+  describe 'GET /internal/two_factor_recovery_codes' do
+    let(:key_id) { key.id }
+
+    subject do
       post api('/internal/two_factor_recovery_codes'),
            params: {
              secret_token: secret_token,
-             key_id: key_without_user.id
+             key_id: key_id
            }
+    end
 
-      expect(json_response['success']).to be_falsey
-      expect(json_response['message']).to eq('Could not find a user for the given key')
-      expect(json_response['recovery_codes']).to be_nil
+    it_behaves_like 'actor key validations'
+
+    context 'key is a deploy key' do
+      let(:key_id) { create(:deploy_key).id }
+
+      it 'returns an error message' do
+        subject
+
+        expect(json_response['success']).to be_falsey
+        expect(json_response['message']).to eq('Deploy keys cannot be used to retrieve recovery codes')
+      end
     end
 
     context 'when two-factor is enabled' do
@@ -95,11 +115,7 @@ RSpec.describe API::Internal::Base do
         allow_any_instance_of(User)
           .to receive(:generate_otp_backup_codes!).and_return(%w(119135e5a3ebce8e 34bd7b74adbc8861))
 
-        post api('/internal/two_factor_recovery_codes'),
-             params: {
-               secret_token: secret_token,
-               key_id: key.id
-             }
+        subject
 
         expect(json_response['success']).to be_truthy
         expect(json_response['recovery_codes']).to match_array(%w(119135e5a3ebce8e 34bd7b74adbc8861))
@@ -110,11 +126,7 @@ RSpec.describe API::Internal::Base do
       it 'returns an error message' do
         allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(false)
 
-        post api('/internal/two_factor_recovery_codes'),
-             params: {
-               secret_token: secret_token,
-               key_id: key.id
-             }
+        subject
 
         expect(json_response['success']).to be_falsey
         expect(json_response['recovery_codes']).to be_nil
@@ -123,42 +135,27 @@ RSpec.describe API::Internal::Base do
   end
 
   describe 'POST /internal/personal_access_token' do
-    it 'returns an error message when the key does not exist' do
-      post api('/internal/personal_access_token'),
-           params: {
-             secret_token: secret_token,
-             key_id: non_existing_record_id
-           }
-
-      expect(json_response['success']).to be_falsey
-      expect(json_response['message']).to eq('Could not find the given key')
-    end
-
-    it 'returns an error message when the key is a deploy key' do
-      deploy_key = create(:deploy_key)
+    let(:key_id) { key.id }
 
+    subject do
       post api('/internal/personal_access_token'),
            params: {
              secret_token: secret_token,
-             key_id: deploy_key.id
+             key_id: key_id
            }
-
-      expect(json_response['success']).to be_falsey
-      expect(json_response['message']).to eq('Deploy keys cannot be used to create personal access tokens')
     end
 
-    it 'returns an error message when the user does not exist' do
-      key_without_user = create(:key, user: nil)
+    it_behaves_like 'actor key validations'
 
-      post api('/internal/personal_access_token'),
-           params: {
-             secret_token: secret_token,
-             key_id: key_without_user.id
-           }
+    context 'key is a deploy key' do
+      let(:key_id) { create(:deploy_key).id }
 
-      expect(json_response['success']).to be_falsey
-      expect(json_response['message']).to eq('Could not find a user for the given key')
-      expect(json_response['token']).to be_nil
+      it 'returns an error message' do
+        subject
+
+        expect(json_response['success']).to be_falsey
+        expect(json_response['message']).to eq('Deploy keys cannot be used to create personal access tokens')
+      end
     end
 
     it 'returns an error message when given an non existent user' do
@@ -1209,6 +1206,73 @@ RSpec.describe API::Internal::Base do
     end
   end
 
+  describe 'POST /internal/two_factor_config' do
+    let(:key_id) { key.id }
+
+    before do
+      stub_feature_flags(two_factor_for_cli: true)
+    end
+
+    subject do
+      post api('/internal/two_factor_config'),
+           params: {
+             secret_token: secret_token,
+             key_id: key_id
+           }
+    end
+
+    it_behaves_like 'actor key validations'
+
+    context 'when the key is a deploy key' do
+      let(:key) { create(:deploy_key) }
+
+      it 'does not required two factor' do
+        subject
+
+        expect(json_response['success']).to be_truthy
+        expect(json_response['two_factor_required']).to be_falsey
+      end
+    end
+
+    context 'when two-factor is enabled' do
+      it 'returns user two factor config' do
+        allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(true)
+
+        subject
+
+        expect(json_response['success']).to be_truthy
+        expect(json_response['two_factor_required']).to be_truthy
+      end
+    end
+
+    context 'when two-factor is not enabled' do
+      it 'returns an error message' do
+        allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(false)
+
+        subject
+
+        expect(json_response['success']).to be_truthy
+        expect(json_response['two_factor_required']).to be_falsey
+      end
+    end
+
+    context 'two_factor_for_cli feature is disabled' do
+      before do
+        stub_feature_flags(two_factor_for_cli: false)
+      end
+
+      context 'when two-factor is enabled for the user' do
+        it 'returns user two factor config' do
+          allow_any_instance_of(User).to receive(:two_factor_enabled?).and_return(true)
+
+          subject
+
+          expect(json_response['success']).to be_falsey
+        end
+      end
+    end
+  end
+
   def lfs_auth_project(project)
     post(
       api("/internal/lfs_authenticate"),
diff --git a/spec/support/shared_examples/features/wiki/user_views_wiki_page_shared_examples.rb b/spec/support/shared_examples/features/wiki/user_views_wiki_page_shared_examples.rb
index 5e9c6735339..85eedbf4cc5 100644
--- a/spec/support/shared_examples/features/wiki/user_views_wiki_page_shared_examples.rb
+++ b/spec/support/shared_examples/features/wiki/user_views_wiki_page_shared_examples.rb
@@ -121,7 +121,7 @@ RSpec.shared_examples 'User views a wiki page' do
     it 'shows the page history' do
       visit(wiki_page_path(wiki, wiki_page))
 
-      expect(page).to have_selector('a.btn', text: 'Edit')
+      expect(page).to have_selector('[data-testid="wiki_edit_button"]')
 
       click_on('Page history')
 
@@ -133,7 +133,7 @@ RSpec.shared_examples 'User views a wiki page' do
     it 'does not show the "Edit" button' do
       visit(wiki_page_path(wiki, wiki_page, version_id: wiki_page.versions.last.id))
 
-      expect(page).not_to have_selector('a.btn', text: 'Edit')
+      expect(page).not_to have_selector('[data-testid="wiki_edit_button"]')
     end
 
     context 'show the diff' do
@@ -250,7 +250,7 @@ RSpec.shared_examples 'User views a wiki page' do
     end
 
     it 'does not show "Edit" button' do
-      expect(page).not_to have_selector('a.btn', text: 'Edit')
+      expect(page).not_to have_selector('[data-testid="wiki_edit_button"]')
     end
 
     it 'shows error' do