Add latest changes from gitlab-org/gitlab@master

14 files changed, 325 insertions, 17 deletions

diff --git a/spec/frontend/content_editor/services/markdown_serializer_spec.js b/spec/frontend/content_editor/services/markdown_serializer_spec.js
index 0f12e0e4aec..6f2c908c289 100644
--- a/spec/frontend/content_editor/services/markdown_serializer_spec.js
+++ b/spec/frontend/content_editor/services/markdown_serializer_spec.js
@@ -3,6 +3,8 @@ import Bold from '~/content_editor/extensions/bold';
 import BulletList from '~/content_editor/extensions/bullet_list';
 import Code from '~/content_editor/extensions/code';
 import CodeBlockHighlight from '~/content_editor/extensions/code_block_highlight';
+import DescriptionItem from '~/content_editor/extensions/description_item';
+import DescriptionList from '~/content_editor/extensions/description_list';
 import Division from '~/content_editor/extensions/division';
 import Emoji from '~/content_editor/extensions/emoji';
 import Figure from '~/content_editor/extensions/figure';
@@ -41,6 +43,8 @@ const tiptapEditor = createTestEditor({
     BulletList,
     Code,
     CodeBlockHighlight,
+    DescriptionItem,
+    DescriptionList,
     Division,
     Emoji,
     Figure,
@@ -75,6 +79,8 @@ const {
     code,
     codeBlock,
     division,
+    descriptionItem,
+    descriptionList,
     emoji,
     figure,
     figureCaption,
@@ -105,6 +111,8 @@ const {
     code: { markType: Code.name },
     codeBlock: { nodeType: CodeBlockHighlight.name },
     division: { nodeType: Division.name },
+    descriptionItem: { nodeType: DescriptionItem.name },
+    descriptionList: { nodeType: DescriptionList.name },
     emoji: { markType: Emoji.name },
     figure: { nodeType: Figure.name },
     figureCaption: { nodeType: FigureCaption.name },
@@ -545,6 +553,41 @@ this is not really json but just trying out whether this case works or not
     );
   });
 
+  it('correctly renders a description list', () => {
+    expect(
+      serialize(
+        descriptionList(
+          descriptionItem(paragraph('Beast of Bodmin')),
+          descriptionItem({ isTerm: false }, paragraph('A large feline inhabiting Bodmin Moor.')),
+
+          descriptionItem(paragraph('Morgawr')),
+          descriptionItem({ isTerm: false }, paragraph('A sea serpent.')),
+
+          descriptionItem(paragraph('Owlman')),
+          descriptionItem(
+            { isTerm: false },
+            paragraph('A giant ', italic('owl-like'), ' creature.'),
+          ),
+        ),
+      ),
+    ).toBe(
+      `
+<dl>
+<dt>Beast of Bodmin</dt>
+<dd>A large feline inhabiting Bodmin Moor.</dd>
+<dt>Morgawr</dt>
+<dd>A sea serpent.</dd>
+<dt>Owlman</dt>
+<dd>
+
+A giant _owl-like_ creature.
+
+</dd>
+</dl>
+      `.trim(),
+    );
+  });
+
   it('correctly renders div', () => {
     expect(
       serialize(
diff --git a/spec/frontend/deploy_freeze/helpers.js b/spec/frontend/deploy_freeze/helpers.js
index bfb84142662..598f14d45f6 100644
--- a/spec/frontend/deploy_freeze/helpers.js
+++ b/spec/frontend/deploy_freeze/helpers.js
@@ -1,7 +1,7 @@
 import { secondsToHours } from '~/lib/utils/datetime_utility';
 
 export const freezePeriodsFixture = getJSONFixture('/api/freeze-periods/freeze_periods.json');
-export const timezoneDataFixture = getJSONFixture('/api/freeze-periods/timezone_data.json');
+export const timezoneDataFixture = getJSONFixture('/timezones/short.json');
 
 export const findTzByName = (identifier = '') =>
   timezoneDataFixture.find(({ name }) => name.toLowerCase() === identifier.toLowerCase());
diff --git a/spec/frontend/diffs/create_diffs_store.js b/spec/frontend/diffs/create_diffs_store.js
index e6a8b7a72ae..307ebdaa4ac 100644
--- a/spec/frontend/diffs/create_diffs_store.js
+++ b/spec/frontend/diffs/create_diffs_store.js
@@ -9,6 +9,12 @@ Vue.use(Vuex);
 export default function createDiffsStore() {
   return new Vuex.Store({
     modules: {
+      page: {
+        namespaced: true,
+        state: {
+          activeTab: 'notes',
+        },
+      },
       diffs: diffsModule(),
       notes: notesModule(),
       batchComments: batchCommentsModule(),
diff --git a/spec/frontend/fixtures/api_markdown.yml b/spec/frontend/fixtures/api_markdown.yml
index feede5458c7..1edb8cb3f41 100644
--- a/spec/frontend/fixtures/api_markdown.yml
+++ b/spec/frontend/fixtures/api_markdown.yml
@@ -59,6 +59,24 @@
 
     </figcaption>
     </figure>
+- name: description_list
+  markdown: |-
+    <dl>
+    <dt>Frog</dt>
+    <dd>Wet green thing</dd>
+    <dt>Rabbit</dt>
+    <dd>Warm fluffy thing</dd>
+    <dt>Punt</dt>
+    <dd>Kick a ball</dd>
+    <dd>Take a bet</dd>
+    <dt>Color</dt>
+    <dt>Colour</dt>
+    <dd>
+
+    Any hue except _white_ or **black**
+
+    </dd>
+    </dl>
 - name: link
   markdown: '[GitLab](https://gitlab.com)'
 - name: attachment_link
diff --git a/spec/frontend/fixtures/freeze_period.rb b/spec/frontend/fixtures/freeze_period.rb
index 09e4f969e1d..42762fa56f9 100644
--- a/spec/frontend/fixtures/freeze_period.rb
+++ b/spec/frontend/fixtures/freeze_period.rb
@@ -39,13 +39,4 @@ RSpec.describe 'Freeze Periods (JavaScript fixtures)' do
       expect(response).to be_successful
     end
   end
-
-  describe TimeZoneHelper, '(JavaScript fixtures)' do
-    let(:response) { timezone_data.to_json }
-
-    it 'api/freeze-periods/timezone_data.json' do
-      # Looks empty but does things
-      # More info: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38525/diffs#note_391048415
-    end
-  end
 end
diff --git a/spec/frontend/fixtures/timezones.rb b/spec/frontend/fixtures/timezones.rb
new file mode 100644
index 00000000000..261dcf5e116
--- /dev/null
+++ b/spec/frontend/fixtures/timezones.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe TimeZoneHelper, '(JavaScript fixtures)' do
+  include JavaScriptFixturesHelpers
+  include TimeZoneHelper
+
+  let(:response) { @timezones.sort_by! { |tz| tz[:name] }.to_json }
+
+  before(:all) do
+    clean_frontend_fixtures('timezones/')
+  end
+
+  it 'timezones/short.json' do
+    @timezones = timezone_data(format: :short)
+  end
+
+  it 'timezones/full.json' do
+    @timezones = timezone_data(format: :full)
+  end
+end
diff --git a/spec/frontend/vue_shared/components/__snapshots__/code_block_spec.js.snap b/spec/frontend/vue_shared/components/__snapshots__/code_block_spec.js.snap
index db174346729..7f655d67ae8 100644
--- a/spec/frontend/vue_shared/components/__snapshots__/code_block_spec.js.snap
+++ b/spec/frontend/vue_shared/components/__snapshots__/code_block_spec.js.snap
@@ -2,7 +2,7 @@
 
 exports[`Code Block with default props renders correctly 1`] = `
 <pre
-  class="code-block rounded"
+  class="code-block rounded code"
 >
   <code
     class="d-block"
@@ -14,7 +14,7 @@ exports[`Code Block with default props renders correctly 1`] = `
 
 exports[`Code Block with maxHeight set to "200px" renders correctly 1`] = `
 <pre
-  class="code-block rounded"
+  class="code-block rounded code"
   style="max-height: 200px; overflow-y: auto;"
 >
   <code
diff --git a/spec/lib/gitlab/database/migration_spec.rb b/spec/lib/gitlab/database/migration_spec.rb
new file mode 100644
index 00000000000..e062bf3e5ef
--- /dev/null
+++ b/spec/lib/gitlab/database/migration_spec.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::Database::Migration do
+  describe '.[]' do
+    context 'version: 1.0' do
+      subject { described_class[1.0] }
+
+      it 'inherits from ActiveRecord::Migration[6.1]' do
+        expect(subject.superclass).to eq(ActiveRecord::Migration[6.1])
+      end
+
+      it 'includes migration helpers version 2' do
+        expect(subject.included_modules).to include(Gitlab::Database::MigrationHelpers::V2)
+      end
+    end
+
+    context 'unknown version' do
+      it 'raises an error' do
+        expect { described_class[0] }.to raise_error(ArgumentError, /Unknown migration version/)
+      end
+    end
+  end
+
+  describe '.current_version' do
+    it 'includes current ActiveRecord migration class' do
+      # This breaks upon Rails upgrade. In that case, we'll add a new version in Gitlab::Database::Migration::MIGRATION_CLASSES,
+      # bump .current_version and leave existing migrations and already defined versions of Gitlab::Database::Migration
+      # untouched.
+      expect(described_class[described_class.current_version].superclass).to eq(ActiveRecord::Migration::Current)
+    end
+  end
+end
diff --git a/spec/lib/gitlab/path_regex_spec.rb b/spec/lib/gitlab/path_regex_spec.rb
index d343634fb92..aa13660deb4 100644
--- a/spec/lib/gitlab/path_regex_spec.rb
+++ b/spec/lib/gitlab/path_regex_spec.rb
@@ -468,6 +468,7 @@ RSpec.describe Gitlab::PathRegex do
     end
 
     let_it_be(:git_paths) { container_paths.map { |path| path + '.git' } }
+    let_it_be(:git_lfs_paths) { git_paths.flat_map { |path| [path + '/info/lfs/', path + '/gitlab-lfs/'] } }
     let_it_be(:snippet_paths) { container_paths.grep(%r{snippets/\d}) }
     let_it_be(:wiki_git_paths) { (container_paths - snippet_paths).map { |path| path + '.wiki.git' } }
     let_it_be(:invalid_git_paths) { invalid_paths.map { |path| path + '.git' } }
@@ -498,6 +499,15 @@ RSpec.describe Gitlab::PathRegex do
       end
     end
 
+    describe '.repository_git_lfs_route_regex' do
+      subject { %r{\A#{described_class.repository_git_lfs_route_regex}\z} }
+
+      it 'matches the expected paths' do
+        expect_route_match(git_lfs_paths)
+        expect_no_route_match(container_paths + invalid_paths + git_paths + invalid_git_paths)
+      end
+    end
+
     describe '.repository_wiki_git_route_regex' do
       subject { %r{\A#{described_class.repository_wiki_git_route_regex}\z} }
 
diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb
index 71a609d8a26..851e46c7980 100644
--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -939,6 +939,8 @@ RSpec.describe ApplicationSetting do
           throttle_unauthenticated_files_api_period_in_seconds
           throttle_authenticated_files_api_requests_per_period
           throttle_authenticated_files_api_period_in_seconds
+          throttle_authenticated_git_lfs_requests_per_period
+          throttle_authenticated_git_lfs_period_in_seconds
         ]
       end
 
diff --git a/spec/requests/rack_attack_global_spec.rb b/spec/requests/rack_attack_global_spec.rb
index a0f9d4c11ed..32fa1381869 100644
--- a/spec/requests/rack_attack_global_spec.rb
+++ b/spec/requests/rack_attack_global_spec.rb
@@ -22,7 +22,9 @@ RSpec.describe 'Rack Attack global throttles', :use_clean_rails_memory_store_cac
       throttle_unauthenticated_packages_api_requests_per_period: 100,
       throttle_unauthenticated_packages_api_period_in_seconds: 1,
       throttle_authenticated_packages_api_requests_per_period: 100,
-      throttle_authenticated_packages_api_period_in_seconds: 1
+      throttle_authenticated_packages_api_period_in_seconds: 1,
+      throttle_authenticated_git_lfs_requests_per_period: 100,
+      throttle_authenticated_git_lfs_period_in_seconds: 1
     }
   end
 
@@ -620,6 +622,95 @@ RSpec.describe 'Rack Attack global throttles', :use_clean_rails_memory_store_cac
     end
   end
 
+  describe 'authenticated git lfs requests', :api do
+    let_it_be(:project) { create(:project, :internal) }
+    let_it_be(:user) { create(:user) }
+    let_it_be(:token) { create(:personal_access_token, user: user) }
+    let_it_be(:other_user) { create(:user) }
+    let_it_be(:other_user_token) { create(:personal_access_token, user: other_user) }
+
+    let(:request_method) { 'GET' }
+    let(:throttle_setting_prefix) { 'throttle_authenticated_git_lfs' }
+    let(:git_lfs_url) { "/#{project.full_path}.git/info/lfs/locks" }
+
+    before do
+      allow(Gitlab.config.lfs).to receive(:enabled).and_return(true)
+      stub_application_setting(settings_to_set)
+    end
+
+    context 'with regular login' do
+      let(:url_that_requires_authentication) { git_lfs_url }
+
+      it_behaves_like 'rate-limited web authenticated requests'
+    end
+
+    context 'with the token in the headers' do
+      let(:request_args) { [git_lfs_url, { headers: basic_auth_headers(user, token) }] }
+      let(:other_user_request_args) { [git_lfs_url, { headers: basic_auth_headers(other_user, other_user_token) }] }
+
+      it_behaves_like 'rate-limited token-authenticated requests'
+    end
+
+    context 'precedence over authenticated web throttle' do
+      before do
+        settings_to_set[:throttle_authenticated_git_lfs_requests_per_period] = requests_per_period
+        settings_to_set[:throttle_authenticated_git_lfs_period_in_seconds] = period_in_seconds
+      end
+
+      def do_request
+        get git_lfs_url, headers: basic_auth_headers(user, token)
+      end
+
+      context 'when authenticated git lfs throttle is enabled' do
+        before do
+          settings_to_set[:throttle_authenticated_git_lfs_enabled] = true
+        end
+
+        context 'when authenticated web throttle is lower' do
+          before do
+            settings_to_set[:throttle_authenticated_web_requests_per_period] = 0
+            settings_to_set[:throttle_authenticated_web_period_in_seconds] = period_in_seconds
+            settings_to_set[:throttle_authenticated_web_enabled] = true
+            stub_application_setting(settings_to_set)
+          end
+
+          it 'ignores authenticated web throttle' do
+            requests_per_period.times do
+              do_request
+              expect(response).to have_gitlab_http_status(:ok)
+            end
+
+            expect_rejection { do_request }
+          end
+        end
+      end
+
+      context 'when authenticated git lfs throttle is disabled' do
+        before do
+          settings_to_set[:throttle_authenticated_git_lfs_enabled] = false
+        end
+
+        context 'when authenticated web throttle is enabled' do
+          before do
+            settings_to_set[:throttle_authenticated_web_requests_per_period] = requests_per_period
+            settings_to_set[:throttle_authenticated_web_period_in_seconds] = period_in_seconds
+            settings_to_set[:throttle_authenticated_web_enabled] = true
+            stub_application_setting(settings_to_set)
+          end
+
+          it 'rejects requests over the authenticated web rate limit' do
+            requests_per_period.times do
+              do_request
+              expect(response).to have_gitlab_http_status(:ok)
+            end
+
+            expect_rejection { do_request }
+          end
+        end
+      end
+    end
+  end
+
   describe 'throttle bypass header' do
     let(:headers) { {} }
     let(:bypass_header) { 'gitlab-bypass-rate-limiting' }
diff --git a/spec/rubocop/cop/migration/versioned_migration_class_spec.rb b/spec/rubocop/cop/migration/versioned_migration_class_spec.rb
new file mode 100644
index 00000000000..af50e5598ce
--- /dev/null
+++ b/spec/rubocop/cop/migration/versioned_migration_class_spec.rb
@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require 'fast_spec_helper'
+require_relative '../../../../rubocop/cop/migration/versioned_migration_class'
+
+RSpec.describe RuboCop::Cop::Migration::VersionedMigrationClass do
+  subject(:cop) { described_class.new }
+
+  let(:migration) do
+    <<~SOURCE
+      class TestMigration < Gitlab::Database::Migration[1.0]
+        def up
+          execute 'select 1'
+        end
+
+        def down
+          execute 'select 1'
+        end
+      end
+    SOURCE
+  end
+
+  shared_examples 'a disabled cop' do
+    it 'does not register any offenses' do
+      expect_no_offenses(migration)
+    end
+  end
+
+  context 'outside of a migration' do
+    it_behaves_like 'a disabled cop'
+  end
+
+  context 'in migration' do
+    before do
+      allow(cop).to receive(:in_migration?).and_return(true)
+    end
+
+    context 'in an old migration' do
+      before do
+        allow(cop).to receive(:version).and_return(described_class::ENFORCED_SINCE - 5)
+      end
+
+      it_behaves_like 'a disabled cop'
+    end
+
+    context 'that is recent' do
+      before do
+        allow(cop).to receive(:version).and_return(described_class::ENFORCED_SINCE + 5)
+      end
+
+      it 'adds an offence if inheriting from ActiveRecord::Migration' do
+        expect_offense(<<~RUBY)
+          class MyMigration < ActiveRecord::Migration[6.1]
+          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Don't inherit from ActiveRecord::Migration but use Gitlab::Database::Migration[1.0] instead. See https://docs.gitlab.com/ee/development/migration_style_guide.html#migration-helpers-and-versioning.
+          end
+        RUBY
+      end
+
+      it 'adds an offence if including Gitlab::Database::MigrationHelpers directly' do
+        expect_offense(<<~RUBY)
+          class MyMigration < Gitlab::Database::Migration[1.0]
+            include Gitlab::Database::MigrationHelpers
+            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Don't include migration helper modules directly. Inherit from Gitlab::Database::Migration[1.0] instead. See https://docs.gitlab.com/ee/development/migration_style_guide.html#migration-helpers-and-versioning.
+          end
+        RUBY
+      end
+    end
+  end
+end
diff --git a/spec/services/application_settings/update_service_spec.rb b/spec/services/application_settings/update_service_spec.rb
index 30f606a1cd3..dabff37bea7 100644
--- a/spec/services/application_settings/update_service_spec.rb
+++ b/spec/services/application_settings/update_service_spec.rb
@@ -388,6 +388,26 @@ RSpec.describe ApplicationSettings::UpdateService do
     end
   end
 
+  context 'when git lfs rate limits are passed' do
+    let(:params) do
+      {
+        throttle_authenticated_git_lfs_enabled: 1,
+        throttle_authenticated_git_lfs_period_in_seconds: 600,
+        throttle_authenticated_git_lfs_requests_per_period: 10
+      }
+    end
+
+    it 'updates git lfs throttle settings' do
+      subject.execute
+
+      application_settings.reload
+
+      expect(application_settings.throttle_authenticated_git_lfs_enabled).to be_truthy
+      expect(application_settings.throttle_authenticated_git_lfs_period_in_seconds).to eq(600)
+      expect(application_settings.throttle_authenticated_git_lfs_requests_per_period).to eq(10)
+    end
+  end
+
   context 'when issues_create_limit is passed' do
     let(:params) do
       {
diff --git a/spec/support/shared_examples/requests/rack_attack_shared_examples.rb b/spec/support/shared_examples/requests/rack_attack_shared_examples.rb
index 95817624658..9d87a231bfa 100644
--- a/spec/support/shared_examples/requests/rack_attack_shared_examples.rb
+++ b/spec/support/shared_examples/requests/rack_attack_shared_examples.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 #
 # Requires let variables:
-# * throttle_setting_prefix: "throttle_authenticated_api", "throttle_authenticated_web", "throttle_protected_paths", "throttle_authenticated_packages_api"
+# * throttle_setting_prefix: "throttle_authenticated_api", "throttle_authenticated_web", "throttle_protected_paths", "throttle_authenticated_packages_api", "throttle_authenticated_git_lfs"
 # * request_method
 # * request_args
 # * other_user_request_args
@@ -14,7 +14,8 @@ RSpec.shared_examples 'rate-limited token-authenticated requests' do
       "throttle_protected_paths" => "throttle_authenticated_protected_paths_api",
       "throttle_authenticated_api" => "throttle_authenticated_api",
       "throttle_authenticated_web" => "throttle_authenticated_web",
-      "throttle_authenticated_packages_api" => "throttle_authenticated_packages_api"
+      "throttle_authenticated_packages_api" => "throttle_authenticated_packages_api",
+      "throttle_authenticated_git_lfs" => "throttle_authenticated_git_lfs"
     }
   end
 
@@ -165,7 +166,7 @@ RSpec.shared_examples 'rate-limited token-authenticated requests' do
 end
 
 # Requires let variables:
-# * throttle_setting_prefix: "throttle_authenticated_web" or "throttle_protected_paths"
+# * throttle_setting_prefix: "throttle_authenticated_web", "throttle_protected_paths", "throttle_authenticated_git_lfs"
 # * user
 # * url_that_requires_authentication
 # * request_method
@@ -176,7 +177,8 @@ RSpec.shared_examples 'rate-limited web authenticated requests' do
   let(:throttle_types) do
     {
       "throttle_protected_paths" => "throttle_authenticated_protected_paths_web",
-      "throttle_authenticated_web" => "throttle_authenticated_web"
+      "throttle_authenticated_web" => "throttle_authenticated_web",
+      "throttle_authenticated_git_lfs" => "throttle_authenticated_git_lfs"
     }
   end