From 8c7f4e9d5f36cff46365a7f8c4b9c21578c1e781 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Thu, 18 Jun 2020 11:18:50 +0000 Subject: Add latest changes from gitlab-org/gitlab@13-1-stable-ee --- .../actionpack_generate_old_csrf_token_spec.rb | 47 ++++++++++++++++++++++ spec/initializers/database_config_spec.rb | 15 +++++++ spec/initializers/google_api_client_spec.rb | 17 -------- spec/initializers/lograge_spec.rb | 2 +- 4 files changed, 63 insertions(+), 18 deletions(-) create mode 100644 spec/initializers/actionpack_generate_old_csrf_token_spec.rb delete mode 100644 spec/initializers/google_api_client_spec.rb (limited to 'spec/initializers') diff --git a/spec/initializers/actionpack_generate_old_csrf_token_spec.rb b/spec/initializers/actionpack_generate_old_csrf_token_spec.rb new file mode 100644 index 00000000000..036f52398bb --- /dev/null +++ b/spec/initializers/actionpack_generate_old_csrf_token_spec.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe ActionController::Base, 'CSRF token generation patch', type: :controller do # rubocop:disable RSpec/FilePath + let(:fixed_seed) { SecureRandom.random_bytes(described_class::AUTHENTICITY_TOKEN_LENGTH) } + + context 'global_csrf_token feature flag is enabled' do + it 'generates 6.0.3.1 style CSRF token', :aggregate_failures do + generated_token = controller.send(:form_authenticity_token) + + expect(valid_authenticity_token?(generated_token)).to be_truthy + expect(compare_with_real_token(generated_token)).to be_falsey + expect(compare_with_global_token(generated_token)).to be_truthy + end + end + + context 'global_csrf_token feature flag is disabled' do + before do + stub_feature_flags(global_csrf_token: false) + end + + it 'generates 6.0.3 style CSRF token', :aggregate_failures do + generated_token = controller.send(:form_authenticity_token) + + expect(valid_authenticity_token?(generated_token)).to be_truthy + expect(compare_with_real_token(generated_token)).to be_truthy + expect(compare_with_global_token(generated_token)).to be_falsey + end + end + + def compare_with_global_token(token) + unmasked_token = controller.send :unmask_token, Base64.strict_decode64(token) + + controller.send(:compare_with_global_token, unmasked_token, session) + end + + def compare_with_real_token(token) + unmasked_token = controller.send :unmask_token, Base64.strict_decode64(token) + + controller.send(:compare_with_real_token, unmasked_token, session) + end + + def valid_authenticity_token?(token) + controller.send(:valid_authenticity_token?, session, token) + end +end diff --git a/spec/initializers/database_config_spec.rb b/spec/initializers/database_config_spec.rb index 85577ce007a..7c0b280fdaf 100644 --- a/spec/initializers/database_config_spec.rb +++ b/spec/initializers/database_config_spec.rb @@ -48,6 +48,21 @@ describe 'Database config initializer' do expect { subject }.not_to change { Gitlab::Database.config['pool'] } end end + + context "when specifying headroom through an ENV variable" do + let(:headroom) { 10 } + + before do + stub_database_config(pool_size: 1) + stub_env("DB_POOL_HEADROOM", headroom) + end + + it "adds headroom on top of the calculated size" do + expect { subject }.to change { Gitlab::Database.config['pool'] } + .from(1) + .to(max_threads + headroom) + end + end end context "when using single-threaded runtime" do diff --git a/spec/initializers/google_api_client_spec.rb b/spec/initializers/google_api_client_spec.rb deleted file mode 100644 index 44a1bc0836c..00000000000 --- a/spec/initializers/google_api_client_spec.rb +++ /dev/null @@ -1,17 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -describe './config/initializers/google_api_client.rb' do - subject { Google::Apis::ContainerV1beta1 } - - it 'is needed' do |example| - is_expected.not_to be_const_defined(:CloudRunConfig), - <<-MSG.strip_heredoc - The google-api-client gem has been upgraded! - Remove: - #{example.example_group.description} - #{example.file_path} - MSG - end -end diff --git a/spec/initializers/lograge_spec.rb b/spec/initializers/lograge_spec.rb index c243217d2a2..f283ac100a9 100644 --- a/spec/initializers/lograge_spec.rb +++ b/spec/initializers/lograge_spec.rb @@ -99,7 +99,7 @@ describe 'lograge', type: :request do end context 'with a log subscriber' do - let(:subscriber) { Lograge::RequestLogSubscriber.new } + let(:subscriber) { Lograge::LogSubscribers::ActionController.new } let(:event) do ActiveSupport::Notifications::Event.new( -- cgit v1.2.3