From f44215bf40c974c5b20c06c4260eb48c8a6cc7c2 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 21 Jul 2022 12:10:03 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 spec/controllers/admin/users_controller_spec.rb    |  4 +--
 .../import/bulk_imports_controller_spec.rb         | 38 ++++++++++++++++++++--
 spec/controllers/profiles_controller_spec.rb       |  6 ++--
 .../projects/environments_controller_spec.rb       |  2 +-
 spec/controllers/registrations_controller_spec.rb  |  8 ++---
 5 files changed, 45 insertions(+), 13 deletions(-)

(limited to 'spec/controllers')

diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb
index c46a12680a2..e9f0f0c2879 100644
--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -612,8 +612,8 @@ RSpec.describe Admin::UsersController do
       end
 
       context 'when the new password does not match the password confirmation' do
-        let(:password) { 'some_password' }
-        let(:password_confirmation) { 'not_same_as_password' }
+        let(:password) { User.random_password }
+        let(:password_confirmation) { User.random_password }
 
         it 'shows the edit page again' do
           update_password(user, password, password_confirmation)
diff --git a/spec/controllers/import/bulk_imports_controller_spec.rb b/spec/controllers/import/bulk_imports_controller_spec.rb
index 7177c8c10a6..3be12717664 100644
--- a/spec/controllers/import/bulk_imports_controller_spec.rb
+++ b/spec/controllers/import/bulk_imports_controller_spec.rb
@@ -245,11 +245,11 @@ RSpec.describe Import::BulkImportsController do
         let(:bulk_import_params) do
           [{ "source_type" => "group_entity",
              "source_full_path" => "full_path",
-             "destination_name" => "destination_name",
+             "destination_slug" => "destination_name",
              "destination_namespace" => "root" },
            { "source_type" => "group_entity2",
              "source_full_path" => "full_path2",
-             "destination_name" => "destination_name2",
+             "destination_slug" => "destination_name2",
              "destination_namespace" => "root" }]
         end
 
@@ -258,7 +258,7 @@ RSpec.describe Import::BulkImportsController do
           session[:bulk_import_gitlab_url] = instance_url
         end
 
-        it 'executes BulkImpors::CreateService' do
+        it 'executes BulkImports::CreateService' do
           error_response = ServiceResponse.error(message: 'Record invalid', http_status: :unprocessable_entity)
 
           expect_next_instance_of(
@@ -276,6 +276,38 @@ RSpec.describe Import::BulkImportsController do
           expect(json_response).to eq([{ "success" => true, "id" => bulk_import.id, "message" => nil },
                                        { "success" => false, "id" => nil, "message" => "Record invalid" }])
         end
+
+        context 'when entity destination_name is specified' do
+          let(:bulk_import_params) do
+            [
+              {
+                "source_type" => "group_entity",
+                "source_full_path" => "full_path",
+                "destination_name" => "destination_name",
+                "destination_namespace" => "root"
+              }
+            ]
+          end
+
+          it 'replaces destination_name with destination_slug and executes BulkImports::CreateService' do
+            entity = {
+              "source_type" => "group_entity",
+              "source_full_path" => "full_path",
+              "destination_slug" => "destination_name",
+              "destination_namespace" => "root"
+            }
+
+            expect_next_instance_of(
+              ::BulkImports::CreateService, user, entity, { url: instance_url, access_token: pat }) do |service|
+              allow(service).to receive(:execute).and_return(ServiceResponse.success(payload: bulk_import))
+            end
+
+            post :create, params: { bulk_import: bulk_import_params }
+
+            expect(response).to have_gitlab_http_status(:ok)
+            expect(json_response).to match_array([{ "success" => true, "id" => bulk_import.id, "message" => nil }])
+          end
+        end
       end
     end
 
diff --git a/spec/controllers/profiles_controller_spec.rb b/spec/controllers/profiles_controller_spec.rb
index 6e7cc058fbc..89185a8f856 100644
--- a/spec/controllers/profiles_controller_spec.rb
+++ b/spec/controllers/profiles_controller_spec.rb
@@ -3,16 +3,16 @@
 require('spec_helper')
 
 RSpec.describe ProfilesController, :request_store do
-  let(:password) { 'longsecret987!' }
+  let(:password) { User.random_password }
   let(:user) { create(:user, password: password) }
 
   describe 'POST update' do
     it 'does not update password' do
       sign_in(user)
-
+      new_password = User.random_password
       expect do
         post :update,
-             params: { user: { password: 'hello12345', password_confirmation: 'hello12345' } }
+             params: { user: { password: new_password, password_confirmation: new_password } }
       end.not_to change { user.reload.encrypted_password }
 
       expect(response).to have_gitlab_http_status(:found)
diff --git a/spec/controllers/projects/environments_controller_spec.rb b/spec/controllers/projects/environments_controller_spec.rb
index f4cad5790a3..1a6edab795d 100644
--- a/spec/controllers/projects/environments_controller_spec.rb
+++ b/spec/controllers/projects/environments_controller_spec.rb
@@ -233,7 +233,7 @@ RSpec.describe Projects::EnvironmentsController do
     end
 
     context "when environment params are invalid" do
-      let(:params) { environment_params.merge(environment: { name: '/foo/', external_url: '/git.gitlab.com' }) }
+      let(:params) { environment_params.merge(environment: { external_url: 'javascript:alert("hello")' }) }
 
       it 'returns bad request' do
         subject
diff --git a/spec/controllers/registrations_controller_spec.rb b/spec/controllers/registrations_controller_spec.rb
index c5a97812d1f..70d4559edc1 100644
--- a/spec/controllers/registrations_controller_spec.rb
+++ b/spec/controllers/registrations_controller_spec.rb
@@ -25,7 +25,7 @@ RSpec.describe RegistrationsController do
     end
 
     let_it_be(:base_user_params) do
-      { first_name: 'first', last_name: 'last', username: 'new_username', email: 'new@user.com', password: 'Any_password' }
+      { first_name: 'first', last_name: 'last', username: 'new_username', email: 'new@user.com', password: User.random_password }
     end
 
     let_it_be(:user_params) { { user: base_user_params } }
@@ -222,7 +222,7 @@ RSpec.describe RegistrationsController do
         context 'when the registration fails' do
           let_it_be(:member) { create(:project_member, :invited) }
           let_it_be(:missing_user_params) do
-            { username: '', email: member.invite_email, password: 'Any_password' }
+            { username: '', email: member.invite_email, password: User.random_password }
           end
 
           let_it_be(:user_params) { { user: missing_user_params } }
@@ -535,7 +535,7 @@ RSpec.describe RegistrationsController do
       end
 
       it 'succeeds if password is confirmed' do
-        post :destroy, params: { password: '12345678' }
+        post :destroy, params: { password: user.password }
 
         expect_success
       end
@@ -576,7 +576,7 @@ RSpec.describe RegistrationsController do
           end
 
           it 'fails' do
-            delete :destroy, params: { password: '12345678' }
+            delete :destroy, params: { password: user.password }
 
             expect_failure(s_('Profiles|You must transfer ownership or delete groups you are an owner of before you can delete your account'))
           end
-- 
cgit v1.2.3