Merge branch 'master' into build-chunks-on-object-storage

5 files changed, 144 insertions, 7 deletions

diff --git a/spec/support/helpers/graphql_helpers.rb b/spec/support/helpers/graphql_helpers.rb
index 0930b9da368..b9322975b5a 100644
--- a/spec/support/helpers/graphql_helpers.rb
+++ b/spec/support/helpers/graphql_helpers.rb
@@ -57,12 +57,12 @@ module GraphqlHelpers
 
     type.fields.map do |name, field|
       # We can't guess arguments, so skip fields that require them
-      next if field.arguments.any?
+      next if required_arguments?(field)
 
-      if scalar?(field)
-        name
-      else
+      if nested_fields?(field)
         "#{name} { #{all_graphql_fields_for(field_type(field))} }"
+      else
+        name
       end
     end.compact.join("\n")
   end
@@ -85,10 +85,22 @@ module GraphqlHelpers
     json_response['data']
   end
 
+  def nested_fields?(field)
+    !scalar?(field) && !enum?(field)
+  end
+
   def scalar?(field)
     field_type(field).kind.scalar?
   end
 
+  def enum?(field)
+    field_type(field).kind.enum?
+  end
+
+  def required_arguments?(field)
+    field.arguments.values.any? { |argument| argument.type.non_null? }
+  end
+
   def field_type(field)
     if field.type.respond_to?(:of_type)
       field.type.of_type
diff --git a/spec/support/helpers/wait_for_requests.rb b/spec/support/helpers/wait_for_requests.rb
index fda0e29f983..c7f878b7371 100644
--- a/spec/support/helpers/wait_for_requests.rb
+++ b/spec/support/helpers/wait_for_requests.rb
@@ -24,7 +24,9 @@ module WaitForRequests
 
   # Wait for client-side AJAX requests
   def wait_for_requests
-    wait_for('JS requests complete') { finished_all_js_requests? }
+    wait_for('JS requests complete', max_wait_time: 2 * Capybara.default_max_wait_time) do
+      finished_all_js_requests?
+    end
   end
 
   # Wait for active Rack requests and client-side AJAX requests
diff --git a/spec/support/shared_examples/controllers/todos_shared_examples.rb b/spec/support/shared_examples/controllers/todos_shared_examples.rb
new file mode 100644
index 00000000000..bafd9bac8d0
--- /dev/null
+++ b/spec/support/shared_examples/controllers/todos_shared_examples.rb
@@ -0,0 +1,43 @@
+shared_examples 'todos actions' do
+  context 'when authorized' do
+    before do
+      sign_in(user)
+      parent.add_developer(user)
+    end
+
+    it 'creates todo' do
+      expect do
+        post_create
+      end.to change { user.todos.count }.by(1)
+
+      expect(response).to have_gitlab_http_status(200)
+    end
+
+    it 'returns todo path and pending count' do
+      post_create
+
+      expect(response).to have_gitlab_http_status(200)
+      expect(json_response['count']).to eq 1
+      expect(json_response['delete_path']).to match(%r{/dashboard/todos/\d{1}})
+    end
+  end
+
+  context 'when not authorized for project/group' do
+    it 'does not create todo for resource that user has no access to' do
+      sign_in(user)
+      expect do
+        post_create
+      end.to change { user.todos.count }.by(0)
+
+      expect(response).to have_gitlab_http_status(404)
+    end
+
+    it 'does not create todo when user is not logged in' do
+      expect do
+        post_create
+      end.to change { user.todos.count }.by(0)
+
+      expect(response).to have_gitlab_http_status(parent.is_a?(Group) ? 401 : 302)
+    end
+  end
+end
diff --git a/spec/support/shared_examples/controllers/uploads_actions_shared_examples.rb b/spec/support/shared_examples/controllers/uploads_actions_shared_examples.rb
index bbbad86dcd5..7088fb1e5fb 100644
--- a/spec/support/shared_examples/controllers/uploads_actions_shared_examples.rb
+++ b/spec/support/shared_examples/controllers/uploads_actions_shared_examples.rb
@@ -260,4 +260,83 @@ shared_examples 'handle uploads' do
       end
     end
   end
+
+  describe "POST #authorize" do
+    context 'when a user is not authorized to upload a file' do
+      it 'returns 404 status' do
+        post_authorize
+
+        expect(response.status).to eq(404)
+      end
+    end
+
+    context 'when a user can upload a file' do
+      before do
+        sign_in(user)
+        model.add_developer(user)
+      end
+
+      context 'and the request bypassed workhorse' do
+        it 'raises an exception' do
+          expect { post_authorize(verified: false) }.to raise_error JWT::DecodeError
+        end
+      end
+
+      context 'and request is sent by gitlab-workhorse to authorize the request' do
+        shared_examples 'a valid response' do
+          before do
+            post_authorize
+          end
+
+          it 'responds with status 200' do
+            expect(response).to have_gitlab_http_status(200)
+          end
+
+          it 'uses the gitlab-workhorse content type' do
+            expect(response.headers["Content-Type"]).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
+          end
+        end
+
+        shared_examples 'a local file' do
+          it_behaves_like 'a valid response' do
+            it 'responds with status 200, location of uploads store and object details' do
+              expect(json_response['TempPath']).to eq(uploader_class.workhorse_local_upload_path)
+              expect(json_response['RemoteObject']).to be_nil
+            end
+          end
+        end
+
+        context 'when using local storage' do
+          it_behaves_like 'a local file'
+        end
+
+        context 'when using remote storage' do
+          context 'when direct upload is enabled' do
+            before do
+              stub_uploads_object_storage(uploader_class, direct_upload: true)
+            end
+
+            it_behaves_like 'a valid response' do
+              it 'responds with status 200, location of uploads remote store and object details' do
+                expect(json_response['TempPath']).to eq(uploader_class.workhorse_local_upload_path)
+                expect(json_response['RemoteObject']).to have_key('ID')
+                expect(json_response['RemoteObject']).to have_key('GetURL')
+                expect(json_response['RemoteObject']).to have_key('StoreURL')
+                expect(json_response['RemoteObject']).to have_key('DeleteURL')
+                expect(json_response['RemoteObject']).to have_key('MultipartUpload')
+              end
+            end
+          end
+
+          context 'when direct upload is disabled' do
+            before do
+              stub_uploads_object_storage(uploader_class, direct_upload: false)
+            end
+
+            it_behaves_like 'a local file'
+          end
+        end
+      end
+    end
+  end
 end
diff --git a/spec/support/shared_examples/requests/api/merge_requests_list.rb b/spec/support/shared_examples/requests/api/merge_requests_list.rb
index a401f7541f0..1aed8ab0113 100644
--- a/spec/support/shared_examples/requests/api/merge_requests_list.rb
+++ b/spec/support/shared_examples/requests/api/merge_requests_list.rb
@@ -136,8 +136,9 @@ shared_examples 'merge requests list' do
     it 'returns an array of merge requests in given milestone' do
       get api(endpoint_path, user), milestone: '0.9'
 
-      expect(json_response.first['title']).to eq merge_request_closed.title
-      expect(json_response.first['id']).to eq merge_request_closed.id
+      closed_issues = json_response.select { |mr| mr['id'] == merge_request_closed.id }
+      expect(closed_issues.length).to eq(1)
+      expect(closed_issues.first['title']).to eq merge_request_closed.title
     end
 
     it 'returns an array of merge requests matching state in milestone' do