From e8d2c2579383897a1dd7f9debd359abe8ae8373d Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Tue, 20 Jul 2021 09:55:51 +0000
Subject: Add latest changes from gitlab-org/gitlab@14-1-stable-ee

---
 spec/lib/gitlab/auth/auth_finders_spec.rb | 24 +++++++++-
 spec/lib/gitlab/auth/ldap/adapter_spec.rb | 75 ++++++++++++++++++++++---------
 2 files changed, 77 insertions(+), 22 deletions(-)

(limited to 'spec/lib/gitlab/auth')

diff --git a/spec/lib/gitlab/auth/auth_finders_spec.rb b/spec/lib/gitlab/auth/auth_finders_spec.rb
index 7475ed2796f..14200733c19 100644
--- a/spec/lib/gitlab/auth/auth_finders_spec.rb
+++ b/spec/lib/gitlab/auth/auth_finders_spec.rb
@@ -460,7 +460,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do
       expect { find_user_from_access_token }.to raise_error(Gitlab::Auth::UnauthorizedError)
     end
 
-    context 'no feed or API requests' do
+    context 'no feed, API or archive requests' do
       it 'returns nil if the request is not RSS' do
         expect(find_user_from_web_access_token(:rss)).to be_nil
       end
@@ -472,6 +472,10 @@ RSpec.describe Gitlab::Auth::AuthFinders do
       it 'returns nil if the request is not API' do
         expect(find_user_from_web_access_token(:api)).to be_nil
       end
+
+      it 'returns nil if the request is not ARCHIVE' do
+        expect(find_user_from_web_access_token(:archive)).to be_nil
+      end
     end
 
     it 'returns the user for RSS requests' do
@@ -486,6 +490,24 @@ RSpec.describe Gitlab::Auth::AuthFinders do
       expect(find_user_from_web_access_token(:ics)).to eq(user)
     end
 
+    it 'returns the user for ARCHIVE requests' do
+      set_header('SCRIPT_NAME', '/-/archive/main.zip')
+
+      expect(find_user_from_web_access_token(:archive)).to eq(user)
+    end
+
+    context 'when allow_archive_as_web_access_format feature flag is disabled' do
+      before do
+        stub_feature_flags(allow_archive_as_web_access_format: false)
+      end
+
+      it 'returns nil for ARCHIVE requests' do
+        set_header('SCRIPT_NAME', '/-/archive/main.zip')
+
+        expect(find_user_from_web_access_token(:archive)).to be_nil
+      end
+    end
+
     context 'for API requests' do
       it 'returns the user' do
         set_header('SCRIPT_NAME', '/api/endpoint')
diff --git a/spec/lib/gitlab/auth/ldap/adapter_spec.rb b/spec/lib/gitlab/auth/ldap/adapter_spec.rb
index 8546d63cf77..b7b12e49a8e 100644
--- a/spec/lib/gitlab/auth/ldap/adapter_spec.rb
+++ b/spec/lib/gitlab/auth/ldap/adapter_spec.rb
@@ -95,6 +95,40 @@ RSpec.describe Gitlab::Auth::Ldap::Adapter do
   describe '#ldap_search' do
     subject { adapter.ldap_search(base: :dn, filter: :filter) }
 
+    shared_examples 'connection retry' do
+      before do
+        allow(adapter).to receive(:renew_connection_adapter).and_return(ldap)
+        allow(Gitlab::AppLogger).to receive(:warn)
+      end
+
+      context 'retries the operation' do
+        before do
+          stub_const("#{described_class}::MAX_SEARCH_RETRIES", 3)
+        end
+
+        it 'as many times as MAX_SEARCH_RETRIES' do
+          expect(ldap).to receive(:search).exactly(3).times
+          expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
+        end
+
+        context 'when no more retries' do
+          before do
+            stub_const("#{described_class}::MAX_SEARCH_RETRIES", 1)
+          end
+
+          it 'raises the exception' do
+            expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
+          end
+
+          it 'logs the error' do
+            expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
+            expect(Gitlab::AppLogger).to have_received(:warn).with(
+              "LDAP search raised exception Net::LDAP::Error: #{err_message}")
+          end
+        end
+      end
+    end
+
     context "when the search is successful" do
       context "and the result is non-empty" do
         before do
@@ -110,6 +144,22 @@ RSpec.describe Gitlab::Auth::Ldap::Adapter do
         end
 
         it { is_expected.to eq [] }
+
+        context 'when returned with expected code' do
+          let(:response_code) { 80 }
+          let(:response_message) { 'Other' }
+          let(:err_message) { "Got empty results with response code: #{response_code}, message: #{response_message}" }
+
+          before do
+            stub_ldap_config(retry_empty_result_with_codes: [response_code])
+            allow(ldap).to receive_messages(
+              search: nil,
+              get_operation_result: double(code: response_code, message: response_message)
+            )
+          end
+
+          it_behaves_like 'connection retry'
+        end
       end
     end
 
@@ -132,30 +182,13 @@ RSpec.describe Gitlab::Auth::Ldap::Adapter do
       end
 
       context 'retries the operation' do
-        before do
-          stub_const("#{described_class}::MAX_SEARCH_RETRIES", 3)
-        end
+        let(:err_message) { 'some error' }
 
-        it 'as many times as MAX_SEARCH_RETRIES' do
-          expect(ldap).to receive(:search).exactly(3).times
-          expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
+        before do
+          allow(ldap).to receive(:search) { raise Net::LDAP::Error, err_message }
         end
 
-        context 'when no more retries' do
-          before do
-            stub_const("#{described_class}::MAX_SEARCH_RETRIES", 1)
-          end
-
-          it 'raises the exception' do
-            expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
-          end
-
-          it 'logs the error' do
-            expect { subject }.to raise_error(Gitlab::Auth::Ldap::LdapConnectionError)
-            expect(Gitlab::AppLogger).to have_received(:warn).with(
-              "LDAP search raised exception Net::LDAP::Error: some error")
-          end
-        end
+        it_behaves_like 'connection retry'
       end
     end
   end
-- 
cgit v1.2.3