From 08086ff522742c28a6b10e9b2ed71f0af6633e5b Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Mon, 7 Jun 2021 14:47:00 +0000 Subject: Add latest changes from gitlab-org/gitlab@13-12-stable-ee --- .gitlab/ci/rails.gitlab-ci.yml | 2 +- app/services/spam/akismet_service.rb | 8 +++- app/views/devise/sessions/_new_base.html.haml | 2 +- app/views/devise/shared/_signup_box.html.haml | 4 +- app/views/groups/_new_group_fields.html.haml | 2 +- app/views/notify/ssh_key_expired_email.html.haml | 2 +- app/views/notify/ssh_key_expired_email.text.erb | 2 +- app/views/notify/ssh_key_expiring_soon.text.erb | 2 +- .../notify/ssh_key_expiring_soon_email.html.haml | 2 +- app/views/shared/_recaptcha_form.html.haml | 2 +- .../remove_description_html_in_release_api.yml | 8 ---- ...ve_description_html_in_release_api_override.yml | 8 ---- doc/api/releases/index.md | 5 ++- .../merge_requests/test_coverage_visualization.md | 14 +++---- lib/api/entities/release.rb | 7 +--- lib/api/releases.rb | 9 ++++- .../content_security_policy/config_loader.rb | 12 ++++-- locale/gitlab.pot | 4 +- spec/lib/api/entities/release_spec.rb | 22 ++--------- .../content_security_policy/config_loader_spec.rb | 18 +++++++-- spec/mailers/emails/profile_spec.rb | 2 +- spec/requests/api/releases_spec.rb | 29 ++++++++++++++ spec/services/spam/akismet_service_spec.rb | 46 ++++++++++++++++++---- spec/spec_helper.rb | 3 -- 24 files changed, 129 insertions(+), 86 deletions(-) delete mode 100644 config/feature_flags/development/remove_description_html_in_release_api.yml delete mode 100644 config/feature_flags/development/remove_description_html_in_release_api_override.yml diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml index 5cd64baf4d3..68804b0f4c1 100644 --- a/.gitlab/ci/rails.gitlab-ci.yml +++ b/.gitlab/ci/rails.gitlab-ci.yml @@ -344,7 +344,7 @@ db:migrate-from-previous-major-version: - sed -i -e "s/gem 'grpc', '~> 1.24.0'/gem 'grpc', '~> 1.30.2'/" Gemfile # Update gRPC for Ruby 2.7 - sed -i -e "s/gem 'google-protobuf', '~> 3.8.0'/gem 'google-protobuf', '~> 3.12'/" Gemfile - sed -i -e "s/gem 'nokogiri', '~> 1.10.5'/gem 'nokogiri', '~> 1.11.0'/" Gemfile - - sed -i -e "s/gem 'mimemagic', '~> 0.3.2'/gem 'ruby-magic', '~> 0.3.2'/" Gemfile + - sed -i -e "s/gem 'mimemagic', '~> 0.3.2'/gem 'ruby-magic', '~> 0.4.0'/" Gemfile - run_timed_command "gem install bundler:1.17.3" - run_timed_command "bundle update google-protobuf nokogiri grpc mimemagic bootsnap" - run_timed_command "bundle install ${BUNDLE_INSTALL_FLAGS}" diff --git a/app/services/spam/akismet_service.rb b/app/services/spam/akismet_service.rb index 4e56972ccd5..e9843497dd7 100644 --- a/app/services/spam/akismet_service.rb +++ b/app/services/spam/akismet_service.rb @@ -20,14 +20,18 @@ module Spam created_at: DateTime.current, author: owner_name, author_email: owner_email, - referer: options[:referer] + referrer: options[:referer] } begin is_spam, is_blatant = akismet_client.check(options[:ip_address], options[:user_agent], params) is_spam || is_blatant + rescue ArgumentError => e + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e) + false rescue StandardError => e - Gitlab::AppLogger.error("Unable to connect to Akismet: #{e}, skipping check") + Gitlab::ErrorTracking.track_exception(e) + Gitlab::AppLogger.error("Error during Akismet spam check, flagging as not spam: #{e}") false end end diff --git a/app/views/devise/sessions/_new_base.html.haml b/app/views/devise/sessions/_new_base.html.haml index 98af69d43b7..82c0df354d4 100644 --- a/app/views/devise/sessions/_new_base.html.haml +++ b/app/views/devise/sessions/_new_base.html.haml @@ -17,7 +17,7 @@ = link_to _('Forgot your password?'), new_password_path(:user) %div - if captcha_enabled? || captcha_on_login_required? - = recaptcha_tags + = recaptcha_tags nonce: content_security_policy_nonce .submit-container.move-submit-down = f.submit _('Sign in'), class: 'gl-button btn btn-confirm', data: { qa_selector: 'sign_in_button' } diff --git a/app/views/devise/shared/_signup_box.html.haml b/app/views/devise/shared/_signup_box.html.haml index 56f74916d8f..1b410f0b671 100644 --- a/app/views/devise/shared/_signup_box.html.haml +++ b/app/views/devise/shared/_signup_box.html.haml @@ -11,7 +11,7 @@ .devise-errors = render 'devise/shared/error_messages', resource: resource - if Gitlab::CurrentSettings.invisible_captcha_enabled - = invisible_captcha + = invisible_captcha nonce: true .name.form-row .col.form-group = f.label :first_name, _('First name'), for: 'new_user_first_name', class: 'label-bold' @@ -34,7 +34,7 @@ %p.gl-field-hint.text-secondary= s_('SignUp|Minimum length is %{minimum_password_length} characters.') % { minimum_password_length: @minimum_password_length } %div - if show_recaptcha_sign_up? - = recaptcha_tags + = recaptcha_tags nonce: content_security_policy_nonce .submit-container = f.submit button_text, class: 'btn gl-button btn-confirm', data: { qa_selector: 'new_user_register_button' } = render 'devise/shared/terms_of_service_notice', button_text: button_text diff --git a/app/views/groups/_new_group_fields.html.haml b/app/views/groups/_new_group_fields.html.haml index fd0a7af30ed..fbf9438718e 100644 --- a/app/views/groups/_new_group_fields.html.haml +++ b/app/views/groups/_new_group_fields.html.haml @@ -20,7 +20,7 @@ - if captcha_required? .row.recaptcha .col-sm-4 - = recaptcha_tags + = recaptcha_tags nonce: content_security_policy_nonce .row .form-actions.col-sm-12 = f.submit _('Create group'), class: "btn gl-button btn-confirm" diff --git a/app/views/notify/ssh_key_expired_email.html.haml b/app/views/notify/ssh_key_expired_email.html.haml index 21138bb0113..651bdac7acb 100644 --- a/app/views/notify/ssh_key_expired_email.html.haml +++ b/app/views/notify/ssh_key_expired_email.html.haml @@ -1,7 +1,7 @@ %p = _('Hi %{username}!') % { username: sanitize_name(@user.name) } %p - = _('Your SSH keys with the following fingerprints has expired:') + = _('Your SSH keys with the following fingerprints have expired. Expired SSH keys will not be usable in future versions of GitLab:') %table %tbody - @fingerprints.each do |fingerprint| diff --git a/app/views/notify/ssh_key_expired_email.text.erb b/app/views/notify/ssh_key_expired_email.text.erb index 77b76084606..aa6e79d59b8 100644 --- a/app/views/notify/ssh_key_expired_email.text.erb +++ b/app/views/notify/ssh_key_expired_email.text.erb @@ -1,6 +1,6 @@ <%= _('Hi %{username}!') % { username: sanitize_name(@user.name) } %> -<%= _('Your SSH keys with the following fingerprints has expired:') %> +<%= _('Your SSH keys with the following fingerprints have expired. Expired SSH keys will not be usable in future versions of GitLab:') %> <% @fingerprints.each do |fingerprint| %> - <%= fingerprint %> diff --git a/app/views/notify/ssh_key_expiring_soon.text.erb b/app/views/notify/ssh_key_expiring_soon.text.erb index 2a7c0cafe83..ff6feb87662 100644 --- a/app/views/notify/ssh_key_expiring_soon.text.erb +++ b/app/views/notify/ssh_key_expiring_soon.text.erb @@ -1,6 +1,6 @@ <%= _('Hi %{username}!') % { username: sanitize_name(@user.name) } %> -<%= _('Your SSH keys with the following fingerprints are scheduled to expire soon:') %> +<%= _('Your SSH keys with the following fingerprints are scheduled to expire soon. Expired SSH keys will not be usable in future versions of GitLab:') %> <% @fingerprints.each do |fingerprint| %> - <%= fingerprint %> diff --git a/app/views/notify/ssh_key_expiring_soon_email.html.haml b/app/views/notify/ssh_key_expiring_soon_email.html.haml index f4aee9c5fde..924165ecf3d 100644 --- a/app/views/notify/ssh_key_expiring_soon_email.html.haml +++ b/app/views/notify/ssh_key_expiring_soon_email.html.haml @@ -1,7 +1,7 @@ %p = _('Hi %{username}!') % { username: sanitize_name(@user.name) } %p - = _('Your SSH keys with the following fingerprints are scheduled to expire soon:') + = _('Your SSH keys with the following fingerprints are scheduled to expire soon. Expired SSH keys will not be usable in future versions of GitLab:') %table %tbody - @fingerprints.each do |fingerprint| diff --git a/app/views/shared/_recaptcha_form.html.haml b/app/views/shared/_recaptcha_form.html.haml index 5c5fc714aea..ae0a22fd255 100644 --- a/app/views/shared/_recaptcha_form.html.haml +++ b/app/views/shared/_recaptcha_form.html.haml @@ -10,7 +10,7 @@ = hidden_field(resource_name, field, value: value) = hidden_field_tag(:spam_log_id, spammable.spam_log.id) -# The reCAPTCHA response value will be returned in the 'g-recaptcha-response' field - = recaptcha_tags script: script, callback: 'recaptchaDialogCallback' unless Rails.env.test? + = recaptcha_tags script: script, callback: 'recaptchaDialogCallback', nonce: content_security_policy_nonce unless Rails.env.test? -# Fake the 'g-recaptcha-response' field in the test environment, so that the feature spec -# can get to the (mocked) SpamVerdictService check. = hidden_field_tag('g-recaptcha-response', 'abc123') if Rails.env.test? diff --git a/config/feature_flags/development/remove_description_html_in_release_api.yml b/config/feature_flags/development/remove_description_html_in_release_api.yml deleted file mode 100644 index 0c457dfe2e0..00000000000 --- a/config/feature_flags/development/remove_description_html_in_release_api.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: remove_description_html_in_release_api -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60380 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/329188 -milestone: '13.12' -type: development -group: group::release -default_enabled: true diff --git a/config/feature_flags/development/remove_description_html_in_release_api_override.yml b/config/feature_flags/development/remove_description_html_in_release_api_override.yml deleted file mode 100644 index f924f2ccbd5..00000000000 --- a/config/feature_flags/development/remove_description_html_in_release_api_override.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: remove_description_html_in_release_api_override -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/60380 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/329188 -milestone: '13.12' -type: development -group: group::release -default_enabled: false diff --git a/doc/api/releases/index.md b/doc/api/releases/index.md index b2dc562ad27..bc37f1aa0a9 100644 --- a/doc/api/releases/index.md +++ b/doc/api/releases/index.md @@ -10,7 +10,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w > - Using this API you can manipulate GitLab [Release](../../user/project/releases/index.md) entries. > - For manipulating links as a release asset, see [Release Links API](links.md). > - Release Evidences were [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/26019) in GitLab 12.5. -> - `description_html` field was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/299447) in GitLab 13.12. +> - `description_html` became an opt-in field [with GitLab 13.12 for performance reasons](https://gitlab.com/gitlab-org/gitlab/-/issues/299447). + Please pass the `include_html_description` query string parameter if you need it. ## List Releases @@ -25,6 +26,7 @@ GET /projects/:id/releases | `id` | integer/string | yes | The ID or [URL-encoded path of the project](../README.md#namespaced-path-encoding). | | `order_by` | string | no | The field to use as order. Either `released_at` (default) or `created_at`. | | `sort` | string | no | The direction of the order. Either `desc` (default) for descending order or `asc` for ascending order. | +| `include_html_description` | boolean | no | If `true`, a response includes HTML rendered Markdown of the release description. | Example request: @@ -228,6 +230,7 @@ GET /projects/:id/releases/:tag_name | ------------- | -------------- | -------- | ----------------------------------------------------------------------------------- | | `id` | integer/string | yes | The ID or [URL-encoded path of the project](../README.md#namespaced-path-encoding). | | `tag_name` | string | yes | The Git tag the release is associated with. | +| `include_html_description` | boolean | no | If `true`, a response includes HTML rendered Markdown of the release description. | Example request: diff --git a/doc/user/project/merge_requests/test_coverage_visualization.md b/doc/user/project/merge_requests/test_coverage_visualization.md index c25ee1a8a94..4960e9d9889 100644 --- a/doc/user/project/merge_requests/test_coverage_visualization.md +++ b/doc/user/project/merge_requests/test_coverage_visualization.md @@ -149,7 +149,7 @@ test-jdk11: stage: test image: maven:3.6.3-jdk-11 script: - - 'mvn $MAVEN_CLI_OPTS clean org.jacoco:jacoco-maven-plugin:prepare-agent test jacoco:report' + - mvn $MAVEN_CLI_OPTS clean org.jacoco:jacoco-maven-plugin:prepare-agent test jacoco:report artifacts: paths: - target/site/jacoco/jacoco.xml @@ -161,10 +161,8 @@ coverage-jdk11: stage: visualize image: registry.gitlab.com/haynes/jacoco2cobertura:1.0.7 script: - # convert report from jacoco to cobertura, use relative project path - - 'python /opt/cover2cover.py target/site/jacoco/jacoco.xml src/main/java > target/site/cobertura.xml' - # read the tag and prepend the path to every filename attribute - - 'python /opt/source2filename.py target/site/cobertura.xml' + # convert report from jacoco to cobertura, using relative project path + - python /opt/cover2cover.py target/site/jacoco/jacoco.xml $CI_PROJECT_DIR/src/main/java/ > target/site/cobertura.xml needs: ["test-jdk11"] dependencies: - test-jdk11 @@ -201,10 +199,8 @@ coverage-jdk11: stage: visualize image: registry.gitlab.com/haynes/jacoco2cobertura:1.0.7 script: - # convert report from jacoco to cobertura, use relative project path - - 'python /opt/cover2cover.py build/jacoco/jacoco.xml src/main/java > build/cobertura.xml' - # read the tag and prepend the path to every filename attribute - - 'python /opt/source2filename.py build/cobertura.xml' + # convert report from jacoco to cobertura, using relative project path + - python /opt/cover2cover.py build/jacoco/jacoco.xml $CI_PROJECT_DIR/src/main/java/ > build/cobertura.xml needs: ["test-jdk11"] dependencies: - test-jdk11 diff --git a/lib/api/entities/release.rb b/lib/api/entities/release.rb index 94124352298..056b54674f1 100644 --- a/lib/api/entities/release.rb +++ b/lib/api/entities/release.rb @@ -8,7 +8,7 @@ module API expose :name expose :tag, as: :tag_name, if: ->(_, _) { can_download_code? } expose :description - expose :description_html, unless: ->(_, _) { remove_description_html? } do |entity| + expose :description_html, if: -> (_, options) { options[:include_html_description] } do |entity| MarkupHelper.markdown_field(entity, :description, current_user: options[:current_user]) end expose :created_at @@ -45,11 +45,6 @@ module API def can_read_milestone? Ability.allowed?(options[:current_user], :read_milestone, object.project) end - - def remove_description_html? - ::Feature.enabled?(:remove_description_html_in_release_api, object.project, default_enabled: :yaml) && - ::Feature.disabled?(:remove_description_html_in_release_api_override, object.project) - end end end end diff --git a/lib/api/releases.rb b/lib/api/releases.rb index c65a23e334f..7cd8b442706 100644 --- a/lib/api/releases.rb +++ b/lib/api/releases.rb @@ -29,6 +29,8 @@ module API desc: 'Return releases ordered by `released_at` or `created_at`.' optional :sort, type: String, values: %w[asc desc], default: 'desc', desc: 'Return releases sorted in `asc` or `desc` order.' + optional :include_html_description, type: Boolean, + desc: 'If `true`, a response includes HTML rendered markdown of the release description.' end get ':id/releases' do releases = ::ReleasesFinder.new(user_project, current_user, declared_params.slice(:order_by, :sort)).execute @@ -43,7 +45,8 @@ module API # context is unnecessary here. cache_context: -> (_) { "user:{#{current_user&.id}}" }, expires_in: 5.minutes, - current_user: current_user + current_user: current_user, + include_html_description: params[:include_html_description] end desc 'Get a single project release' do @@ -53,11 +56,13 @@ module API end params do requires :tag_name, type: String, desc: 'The name of the tag', as: :tag + optional :include_html_description, type: Boolean, + desc: 'If `true`, a response includes HTML rendered markdown of the release description.' end get ':id/releases/:tag_name', requirements: RELEASE_ENDPOINT_REQUIREMENTS do authorize_download_code! - present release, with: Entities::Release, current_user: current_user + present release, with: Entities::Release, current_user: current_user, include_html_description: params[:include_html_description] end desc 'Create a new release' do diff --git a/lib/gitlab/content_security_policy/config_loader.rb b/lib/gitlab/content_security_policy/config_loader.rb index 6f6147f0f32..e42b174e085 100644 --- a/lib/gitlab/content_security_policy/config_loader.rb +++ b/lib/gitlab/content_security_policy/config_loader.rb @@ -9,21 +9,20 @@ module Gitlab def self.default_settings_hash settings_hash = { - 'enabled' => true, + 'enabled' => Rails.env.development? || Rails.env.test?, 'report_only' => false, 'directives' => { 'default_src' => "'self'", 'base_uri' => "'self'", - 'child_src' => "'none'", 'connect_src' => "'self'", 'font_src' => "'self'", 'form_action' => "'self' https: http:", 'frame_ancestors' => "'self'", - 'frame_src' => "'self' https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com", + 'frame_src' => "'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com", 'img_src' => "'self' data: blob: http: https:", 'manifest_src' => "'self'", 'media_src' => "'self'", - 'script_src' => "'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.recaptcha.net https://apis.google.com", + 'script_src' => "'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.recaptcha.net https://apis.google.com", 'style_src' => "'self' 'unsafe-inline'", 'worker_src' => "'self'", 'object_src' => "'none'", @@ -31,6 +30,11 @@ module Gitlab } } + # frame-src was deprecated in CSP level 2 in favor of child-src + # CSP level 3 "undeprecated" frame-src and browsers fall back on child-src if it's missing + # However Safari seems to read child-src first so we'll just keep both equal + settings_hash['directives']['child_src'] = settings_hash['directives']['frame_src'] + allow_webpack_dev_server(settings_hash) if Rails.env.development? allow_cdn(settings_hash) if ENV['GITLAB_CDN_HOST'].present? diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 49a36e7d5e7..a64a2cdb714 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -37597,10 +37597,10 @@ msgstr "" msgid "Your SSH keys (%{count})" msgstr "" -msgid "Your SSH keys with the following fingerprints are scheduled to expire soon:" +msgid "Your SSH keys with the following fingerprints are scheduled to expire soon. Expired SSH keys will not be usable in future versions of GitLab:" msgstr "" -msgid "Your SSH keys with the following fingerprints has expired:" +msgid "Your SSH keys with the following fingerprints have expired. Expired SSH keys will not be usable in future versions of GitLab:" msgstr "" msgid "Your To-Do List" diff --git a/spec/lib/api/entities/release_spec.rb b/spec/lib/api/entities/release_spec.rb index 4f40830a15c..aa2c5126bb9 100644 --- a/spec/lib/api/entities/release_spec.rb +++ b/spec/lib/api/entities/release_spec.rb @@ -8,7 +8,8 @@ RSpec.describe API::Entities::Release do let(:release) { create(:release, project: project) } let(:evidence) { release.evidences.first } let(:user) { create(:user) } - let(:entity) { described_class.new(release, current_user: user).as_json } + let(:entity) { described_class.new(release, current_user: user, include_html_description: include_html_description).as_json } + let(:include_html_description) { false } before do ::Releases::CreateEvidenceService.new(release).execute @@ -58,10 +59,8 @@ RSpec.describe API::Entities::Release do expect(description_html).to be_nil end - context 'when remove_description_html_in_release_api feature flag is disabled' do - before do - stub_feature_flags(remove_description_html_in_release_api: false) - end + context 'when include_html_description option is true' do + let(:include_html_description) { true } it 'renders special references if current user has access' do project.add_reporter(user) @@ -77,18 +76,5 @@ RSpec.describe API::Entities::Release do expect(description_html).not_to include(issue_title) end end - - context 'when remove_description_html_in_release_api_override feature flag is enabled' do - before do - stub_feature_flags(remove_description_html_in_release_api_override: project) - end - - it 'renders special references if current user has access' do - project.add_reporter(user) - - expect(description_html).to include(issue_path) - expect(description_html).to include(issue_title) - end - end end end diff --git a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb index 41a6c06f9c9..19e52d2cf4a 100644 --- a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb +++ b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb @@ -20,9 +20,9 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do end describe '.default_settings_hash' do - it 'returns defaults for all keys' do - settings = described_class.default_settings_hash + let(:settings) { described_class.default_settings_hash } + it 'returns defaults for all keys' do expect(settings['enabled']).to be_truthy expect(settings['report_only']).to be_falsey @@ -35,6 +35,17 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do expect(directives.has_key?('report_uri')).to be_truthy expect(directives['report_uri']).to be_nil + expect(directives['child_src']).to eq(directives['frame_src']) + end + + context 'when in production' do + before do + allow(Rails).to receive(:env).and_return(ActiveSupport::StringInquirer.new('production')) + end + + it 'is disabled' do + expect(settings['enabled']).to be_falsey + end end context 'when GITLAB_CDN_HOST is set' do @@ -43,10 +54,9 @@ RSpec.describe Gitlab::ContentSecurityPolicy::ConfigLoader do end it 'adds GITLAB_CDN_HOST to CSP' do - settings = described_class.default_settings_hash directives = settings['directives'] - expect(directives['script_src']).to eq("'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.recaptcha.net https://apis.google.com https://example.com") + expect(directives['script_src']).to eq("'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.recaptcha.net https://apis.google.com https://example.com") expect(directives['style_src']).to eq("'self' 'unsafe-inline' https://example.com") end end diff --git a/spec/mailers/emails/profile_spec.rb b/spec/mailers/emails/profile_spec.rb index 8ac1f15d67e..0ca202aa7be 100644 --- a/spec/mailers/emails/profile_spec.rb +++ b/spec/mailers/emails/profile_spec.rb @@ -264,7 +264,7 @@ RSpec.describe Emails::Profile do include_examples 'valid use case' it_behaves_like 'has the correct subject', /Your SSH key has expired/ - it_behaves_like 'has the correct body text', /Your SSH keys with the following fingerprints has expired/ + it_behaves_like 'has the correct body text', /Your SSH keys with the following fingerprints have expired/ end context 'when invalid' do diff --git a/spec/requests/api/releases_spec.rb b/spec/requests/api/releases_spec.rb index 81ddcd7cf84..dad3e34404b 100644 --- a/spec/requests/api/releases_spec.rb +++ b/spec/requests/api/releases_spec.rb @@ -50,6 +50,12 @@ RSpec.describe API::Releases do expect(json_response.second['tag_name']).to eq(release_1.tag) end + it 'does not include description_html' do + get api("/projects/#{project.id}/releases", maintainer) + + expect(json_response.map { |h| h['description_html'] }).to contain_exactly(nil, nil) + end + RSpec.shared_examples 'release sorting' do |order_by| subject { get api(url, access_level), params: { sort: sort, order_by: order_by } } @@ -107,6 +113,15 @@ RSpec.describe API::Releases do expect(json_response.second['commit_path']).to eq("/#{release_1.project.full_path}/-/commit/#{release_1.commit.id}") expect(json_response.second['tag_path']).to eq("/#{release_1.project.full_path}/-/tags/#{release_1.tag}") end + + context 'when include_html_description option is true' do + it 'includes description_html field' do + get api("/projects/#{project.id}/releases", maintainer), params: { include_html_description: true } + + expect(json_response.map { |h| h['description_html'] }) + .to contain_exactly(instance_of(String), instance_of(String)) + end + end end it 'returns an upcoming_release status for a future release' do @@ -328,6 +343,12 @@ RSpec.describe API::Releases do .to match_array(release.sources.map(&:url)) end + it 'does not include description_html' do + get api("/projects/#{project.id}/releases/v0.1", maintainer) + + expect(json_response['description_html']).to eq(nil) + end + context 'with evidence' do let!(:evidence) { create(:evidence, release: release) } @@ -403,6 +424,14 @@ RSpec.describe API::Releases do end end + context 'when include_html_description option is true' do + it 'includes description_html field' do + get api("/projects/#{project.id}/releases/v0.1", maintainer), params: { include_html_description: true } + + expect(json_response['description_html']).to be_instance_of(String) + end + end + context 'when user is a guest' do it 'responds 403 Forbidden' do get api("/projects/#{project.id}/releases/v0.1", guest) diff --git a/spec/services/spam/akismet_service_spec.rb b/spec/services/spam/akismet_service_spec.rb index f75b0216b78..1cd049da592 100644 --- a/spec/services/spam/akismet_service_spec.rb +++ b/spec/services/spam/akismet_service_spec.rb @@ -4,12 +4,15 @@ require 'spec_helper' RSpec.describe Spam::AkismetService do let(:fake_akismet_client) { double(:akismet_client) } + let(:ip) { '1.2.3.4' } + let(:user_agent) { 'some user_agent' } + let(:referer) { 'some referer' } let_it_be(:text) { "Would you like to buy some tinned meat product?" } let_it_be(:spam_owner) { create(:user) } subject do - options = { ip_address: '1.2.3.4', user_agent: 'some user_agent', referrer: 'some referrer' } + options = { ip_address: ip, user_agent: user_agent, referer: referer } described_class.new(spam_owner.name, spam_owner.email, text, options) end @@ -56,6 +59,21 @@ RSpec.describe Spam::AkismetService do it_behaves_like 'no activity if Akismet is not enabled', :spam?, :check context 'if Akismet is enabled' do + it 'correctly transforms options for the akismet client' do + expected_check_params = { + type: 'comment', + text: text, + created_at: anything, + author: spam_owner.name, + author_email: spam_owner.email, + # NOTE: The akismet_client needs the option to be named `:referrer`, not `:referer` + referrer: referer + } + + expect(fake_akismet_client).to receive(:check).with(ip, user_agent, expected_check_params) + subject.spam? + end + context 'the text is spam' do before do allow(fake_akismet_client).to receive(:check).and_return([true, false]) @@ -86,19 +104,31 @@ RSpec.describe Spam::AkismetService do end end - context 'if Akismet is not available' do + describe 'error handling' do before do - allow(fake_akismet_client).to receive(:check).and_raise(StandardError.new("oh noes!")) + allow(fake_akismet_client).to receive(:check).and_raise(error) end - specify do - expect(subject.spam?).to be_falsey + context 'StandardError other than ArgumentError is raised' do + let(:error) { Akismet::Error.new("Lovely spam! Wonderful spam!") } + + specify do + expect(subject.spam?).to be_falsey + end + + it 'logs an error' do + expect(Gitlab::AppLogger).to receive(:error).with(/Error during Akismet.*flagging as not spam.*Lovely spam/) + + subject.spam? + end end - it 'logs an error' do - expect(Gitlab::AppLogger).to receive(:error).with(/skipping check/) + context 'ArgumentError is raised in dev' do + let(:error) { ArgumentError } - subject.spam? + it 'raises original error' do + expect { subject.spam? }.to raise_error(error) + end end end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index c59daa6c919..bd9ba53c04c 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -286,9 +286,6 @@ RSpec.configure do |config| # As we're ready to change `master` usages to `main`, let's enable it stub_feature_flags(main_branch_over_master: false) - # Selectively disable by actor https://docs.gitlab.com/ee/development/feature_flags/#selectively-disable-by-actor - stub_feature_flags(remove_description_html_in_release_api_override: false) - # Disable issue respositioning to avoid heavy load on database when importing big projects. # This is only turned on when app is handling heavy project imports. # Can be removed when we find a better way to deal with the problem. -- cgit v1.2.3