diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-18 06:09:31 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-18 06:09:31 +0000 |
commit | 0115b63f646be489bb9685dad0e4b0747a79de05 (patch) | |
tree | 1739ce6f3e7ab90db561e3415bd34427f4839b40 /spec | |
parent | 37ea4b5fbf55e039a2255f0f5d5508e5f479775c (diff) | |
download | gitlab-ce-0115b63f646be489bb9685dad0e4b0747a79de05.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/ldap/omniauth_callbacks_controller_spec.rb | 5 | ||||
-rw-r--r-- | spec/controllers/omniauth_callbacks_controller_spec.rb | 5 | ||||
-rw-r--r-- | spec/controllers/projects/issues_controller_spec.rb | 3 | ||||
-rw-r--r-- | spec/controllers/projects/merge_requests_controller_spec.rb | 10 | ||||
-rw-r--r-- | spec/controllers/sessions_controller_spec.rb | 17 | ||||
-rw-r--r-- | spec/features/groups/import_export/import_file_spec.rb | 2 | ||||
-rw-r--r-- | spec/frontend/lib/utils/url_utility_spec.js | 9 | ||||
-rw-r--r-- | spec/helpers/search_helper_spec.rb | 33 | ||||
-rw-r--r-- | spec/lib/gitlab/search/recent_issues_spec.rb | 84 | ||||
-rw-r--r-- | spec/lib/gitlab/search/recent_merge_requests_spec.rb | 11 | ||||
-rw-r--r-- | spec/services/audit_event_service_spec.rb | 16 | ||||
-rw-r--r-- | spec/support/shared_examples/lib/gitlab/search/recent_items.rb | 87 |
12 files changed, 200 insertions, 82 deletions
diff --git a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb index 2de824bbf3c..ecff173b8ac 100644 --- a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb +++ b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb @@ -11,6 +11,11 @@ RSpec.describe Ldap::OmniauthCallbacksController do expect(request.env['warden']).to be_authenticated end + it 'creates an authentication event record' do + expect { post provider }.to change { AuthenticationEvent.count }.by(1) + expect(AuthenticationEvent.last.provider).to eq(provider.to_s) + end + context 'with sign in prevented' do let(:ldap_settings) { ldap_setting_defaults.merge(prevent_ldap_sign_in: true) } diff --git a/spec/controllers/omniauth_callbacks_controller_spec.rb b/spec/controllers/omniauth_callbacks_controller_spec.rb index de6edbe936d..291d51348e6 100644 --- a/spec/controllers/omniauth_callbacks_controller_spec.rb +++ b/spec/controllers/omniauth_callbacks_controller_spec.rb @@ -170,6 +170,11 @@ RSpec.describe OmniauthCallbacksController, type: :controller do expect(request.env['warden']).to be_authenticated end + it 'creates an authentication event record' do + expect { post provider }.to change { AuthenticationEvent.count }.by(1) + expect(AuthenticationEvent.last.provider).to eq(provider.to_s) + end + context 'when user has no linked provider' do let(:user) { create(:user) } diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb index ef72416fc71..ed5198bf015 100644 --- a/spec/controllers/projects/issues_controller_spec.rb +++ b/spec/controllers/projects/issues_controller_spec.rb @@ -1029,7 +1029,8 @@ RSpec.describe Projects::IssuesController do go(id: issue.to_param) - expect(recent_issues_double).to have_received(:log_view) + expect(response).to be_successful + expect(recent_issues_double).to have_received(:log_view).with(issue) end context 'when not logged in' do diff --git a/spec/controllers/projects/merge_requests_controller_spec.rb b/spec/controllers/projects/merge_requests_controller_spec.rb index db97a962fbc..ee194e5ff2f 100644 --- a/spec/controllers/projects/merge_requests_controller_spec.rb +++ b/spec/controllers/projects/merge_requests_controller_spec.rb @@ -123,6 +123,16 @@ RSpec.describe Projects::MergeRequestsController do expect(response).to be_successful end + it 'logs the view with Gitlab::Search::RecentMergeRequests' do + recent_merge_requests_double = instance_double(::Gitlab::Search::RecentMergeRequests, log_view: nil) + expect(::Gitlab::Search::RecentMergeRequests).to receive(:new).with(user: user).and_return(recent_merge_requests_double) + + go(format: :html) + + expect(response).to be_successful + expect(recent_merge_requests_double).to have_received(:log_view).with(merge_request) + end + context "that is invalid" do let(:merge_request) { create(:invalid_merge_request, target_project: project, source_project: project) } diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb index 2c3815b36af..688539f2a03 100644 --- a/spec/controllers/sessions_controller_spec.rb +++ b/spec/controllers/sessions_controller_spec.rb @@ -140,6 +140,11 @@ RSpec.describe SessionsController do expect(AuditEvent.last.details[:with]).to eq('standard') end + it 'creates an authentication event record' do + expect { post(:create, params: { user: user_params }) }.to change { AuthenticationEvent.count }.by(1) + expect(AuthenticationEvent.last.provider).to eq('standard') + end + include_examples 'user login request with unique ip limit', 302 do def request post(:create, params: { user: user_params }) @@ -407,6 +412,11 @@ RSpec.describe SessionsController do expect { authenticate_2fa(login: user.username, otp_attempt: user.current_otp) }.to change { AuditEvent.count }.by(1) expect(AuditEvent.last.details[:with]).to eq("two-factor") end + + it "creates an authentication event record" do + expect { authenticate_2fa(login: user.username, otp_attempt: user.current_otp) }.to change { AuthenticationEvent.count }.by(1) + expect(AuthenticationEvent.last.provider).to eq("two-factor") + end end context 'when using two-factor authentication via U2F device' do @@ -448,6 +458,13 @@ RSpec.describe SessionsController do expect { authenticate_2fa_u2f(login: user.username, device_response: "{}") }.to change { AuditEvent.count }.by(1) expect(AuditEvent.last.details[:with]).to eq("two-factor-via-u2f-device") end + + it "creates an authentication event record" do + allow(U2fRegistration).to receive(:authenticate).and_return(true) + + expect { authenticate_2fa_u2f(login: user.username, device_response: "{}") }.to change { AuthenticationEvent.count }.by(1) + expect(AuthenticationEvent.last.provider).to eq("two-factor-via-u2f-device") + end end end diff --git a/spec/features/groups/import_export/import_file_spec.rb b/spec/features/groups/import_export/import_file_spec.rb index ee4f2740f9f..f117b5d56e9 100644 --- a/spec/features/groups/import_export/import_file_spec.rb +++ b/spec/features/groups/import_export/import_file_spec.rb @@ -32,7 +32,7 @@ RSpec.describe 'Import/Export - Group Import', :js do fill_in :group_name, with: group_name find('#import-group-tab').click - expect(page).to have_content 'GitLab group export' + expect(page).to have_content 'Import a GitLab group export file' attach_file(file) do find('.js-filepicker-button').click end diff --git a/spec/frontend/lib/utils/url_utility_spec.js b/spec/frontend/lib/utils/url_utility_spec.js index dbb126e0ad1..869ae274a3f 100644 --- a/spec/frontend/lib/utils/url_utility_spec.js +++ b/spec/frontend/lib/utils/url_utility_spec.js @@ -161,6 +161,15 @@ describe('URL utility', () => { ); }); + it('sorts params in alphabetical order with sort option', () => { + expect(mergeUrlParams({ c: 'c', b: 'b', a: 'a' }, 'https://host/path', { sort: true })).toBe( + 'https://host/path?a=a&b=b&c=c', + ); + expect( + mergeUrlParams({ alpha: 'alpha' }, 'https://host/path?op=/&foo=bar', { sort: true }), + ).toBe('https://host/path?alpha=alpha&foo=bar&op=%2F'); + }); + describe('with spread array option', () => { const spreadArrayOptions = { spreadArrays: true }; diff --git a/spec/helpers/search_helper_spec.rb b/spec/helpers/search_helper_spec.rb index a39ef8634df..594c5c11994 100644 --- a/spec/helpers/search_helper_spec.rb +++ b/spec/helpers/search_helper_spec.rb @@ -106,6 +106,39 @@ RSpec.describe SearchHelper do }) end + it 'includes the first 5 of the users recent merge requests' do + recent_merge_requests = instance_double(::Gitlab::Search::RecentMergeRequests) + expect(::Gitlab::Search::RecentMergeRequests).to receive(:new).with(user: user).and_return(recent_merge_requests) + project1 = create(:project, :with_avatar, namespace: user.namespace) + project2 = create(:project, namespace: user.namespace) + merge_request1 = create(:merge_request, :unique_branches, title: 'Merge request 1', target_project: project1, source_project: project1) + merge_request2 = create(:merge_request, :unique_branches, title: 'Merge request 2', target_project: project2, source_project: project2) + + other_merge_requests = create_list(:merge_request, 5) + + expect(recent_merge_requests).to receive(:search).with('the search term').and_return(MergeRequest.id_in_ordered([merge_request1.id, merge_request2.id, *other_merge_requests.map(&:id)])) + + results = search_autocomplete_opts("the search term") + + expect(results.count).to eq(5) + + expect(results[0]).to include({ + category: 'Recent merge requests', + id: merge_request1.id, + label: 'Merge request 1', + url: Gitlab::Routing.url_helpers.project_merge_request_path(merge_request1.project, merge_request1), + avatar_url: project1.avatar_url + }) + + expect(results[1]).to include({ + category: 'Recent merge requests', + id: merge_request2.id, + label: 'Merge request 2', + url: Gitlab::Routing.url_helpers.project_merge_request_path(merge_request2.project, merge_request2), + avatar_url: '' # This project didn't have an avatar so set this to '' + }) + end + it "does not include the public group" do group = create(:group) expect(search_autocomplete_opts(group.name).size).to eq(0) diff --git a/spec/lib/gitlab/search/recent_issues_spec.rb b/spec/lib/gitlab/search/recent_issues_spec.rb index 1822c971a72..19a41d2aa38 100644 --- a/spec/lib/gitlab/search/recent_issues_spec.rb +++ b/spec/lib/gitlab/search/recent_issues_spec.rb @@ -2,86 +2,10 @@ require 'spec_helper' -RSpec.describe ::Gitlab::Search::RecentIssues, :clean_gitlab_redis_shared_state do - let(:user) { create(:user) } - let(:issue) { create(:issue, title: 'hello world 1', project: project) } - let(:recent_issues) { described_class.new(user: user, items_limit: 5) } - let(:project) { create(:project, :public) } - - describe '#log_viewing' do - it 'adds the item to the recent items' do - recent_issues.log_view(issue) - - results = recent_issues.search('hello') - - expect(results).to eq([issue]) - end - - it 'removes an item when it exceeds the size items_limit' do - (1..6).each do |i| - recent_issues.log_view(create(:issue, title: "issue #{i}", project: project)) - end - - results = recent_issues.search('issue') - - expect(results.map(&:title)).to contain_exactly('issue 6', 'issue 5', 'issue 4', 'issue 3', 'issue 2') - end - - it 'expires the items after expires_after' do - recent_issues = described_class.new(user: user, expires_after: 0) - - recent_issues.log_view(issue) - - results = recent_issues.search('hello') - - expect(results).to be_empty - end - - it 'does not include results logged for another user' do - another_user = create(:user) - another_issue = create(:issue, title: 'hello world 2', project: project) - described_class.new(user: another_user).log_view(another_issue) - recent_issues.log_view(issue) - - results = recent_issues.search('hello') - - expect(results).to eq([issue]) - end +RSpec.describe ::Gitlab::Search::RecentIssues do + def create_item(content:, project:) + create(:issue, title: content, project: project) end - describe '#search' do - let(:issue1) { create(:issue, title: "matching issue 1", project: project) } - let(:issue2) { create(:issue, title: "matching issue 2", project: project) } - let(:issue3) { create(:issue, title: "matching issue 3", project: project) } - let(:non_matching_issue) { create(:issue, title: "different issue", project: project) } - let!(:non_viewed_issued) { create(:issue, title: "matching but not viewed issue", project: project) } - - before do - recent_issues.log_view(issue1) - recent_issues.log_view(issue2) - recent_issues.log_view(issue3) - recent_issues.log_view(non_matching_issue) - end - - it 'matches partial text in the issue title' do - expect(recent_issues.search('matching')).to contain_exactly(issue1, issue2, issue3) - end - - it 'returns results sorted by recently viewed' do - recent_issues.log_view(issue2) - - expect(recent_issues.search('matching')).to eq([issue2, issue3, issue1]) - end - - it 'does not leak issues you no longer have access to' do - private_project = create(:project, :public, namespace: create(:group)) - private_issue = create(:issue, project: private_project, title: 'matching issue title') - - recent_issues.log_view(private_issue) - - private_project.update!(visibility_level: Project::PRIVATE) - - expect(recent_issues.search('matching')).not_to include(private_issue) - end - end + it_behaves_like 'search recent items' end diff --git a/spec/lib/gitlab/search/recent_merge_requests_spec.rb b/spec/lib/gitlab/search/recent_merge_requests_spec.rb new file mode 100644 index 00000000000..c6678ce0342 --- /dev/null +++ b/spec/lib/gitlab/search/recent_merge_requests_spec.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe ::Gitlab::Search::RecentMergeRequests do + def create_item(content:, project:) + create(:merge_request, :unique_branches, title: content, target_project: project, source_project: project) + end + + it_behaves_like 'search recent items' +end diff --git a/spec/services/audit_event_service_spec.rb b/spec/services/audit_event_service_spec.rb index 5059727ac4a..93de2a23edc 100644 --- a/spec/services/audit_event_service_spec.rb +++ b/spec/services/audit_event_service_spec.rb @@ -52,6 +52,22 @@ RSpec.describe AuditEventService do expect(details[:action]).to eq(:create) expect(details[:target_id]).to eq(1) end + + context 'authentication event' do + let(:audit_service) { described_class.new(user, user, with: 'standard') } + + it 'creates an authentication event' do + expect(AuthenticationEvent).to receive(:create).with( + user: user, + user_name: user.name, + ip_address: user.current_sign_in_ip, + result: AuthenticationEvent.results[:success], + provider: 'standard' + ) + + audit_service.for_authentication.security_event + end + end end describe '#log_security_event_to_file' do diff --git a/spec/support/shared_examples/lib/gitlab/search/recent_items.rb b/spec/support/shared_examples/lib/gitlab/search/recent_items.rb new file mode 100644 index 00000000000..f96ff4b101e --- /dev/null +++ b/spec/support/shared_examples/lib/gitlab/search/recent_items.rb @@ -0,0 +1,87 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.shared_examples 'search recent items' do + let_it_be(:user) { create(:user) } + let_it_be(:recent_items) { described_class.new(user: user, items_limit: 5) } + let(:item) { create_item(content: 'hello world 1', project: project) } + let(:project) { create(:project, :public) } + + describe '#log_view', :clean_gitlab_redis_shared_state do + it 'adds the item to the recent items' do + recent_items.log_view(item) + + results = recent_items.search('hello') + + expect(results).to eq([item]) + end + + it 'removes an item when it exceeds the size items_limit' do + (1..6).each do |i| + recent_items.log_view(create_item(content: "item #{i}", project: project)) + end + + results = recent_items.search('item') + + expect(results.map(&:title)).to contain_exactly('item 6', 'item 5', 'item 4', 'item 3', 'item 2') + end + + it 'expires the items after expires_after' do + recent_items = described_class.new(user: user, expires_after: 0) + + recent_items.log_view(item) + + results = recent_items.search('hello') + + expect(results).to be_empty + end + + it 'does not include results logged for another user' do + another_user = create(:user) + another_item = create_item(content: 'hello world 2', project: project) + described_class.new(user: another_user).log_view(another_item) + recent_items.log_view(item) + + results = recent_items.search('hello') + + expect(results).to eq([item]) + end + end + + describe '#search', :clean_gitlab_redis_shared_state do + let(:item1) { create_item(content: "matching item 1", project: project) } + let(:item2) { create_item(content: "matching item 2", project: project) } + let(:item3) { create_item(content: "matching item 3", project: project) } + let(:non_matching_item) { create_item(content: "different item", project: project) } + let!(:non_viewed_item) { create_item(content: "matching but not viewed item", project: project) } + + before do + recent_items.log_view(item1) + recent_items.log_view(item2) + recent_items.log_view(item3) + recent_items.log_view(non_matching_item) + end + + it 'matches partial text in the item title' do + expect(recent_items.search('matching')).to contain_exactly(item1, item2, item3) + end + + it 'returns results sorted by recently viewed' do + recent_items.log_view(item2) + + expect(recent_items.search('matching')).to eq([item2, item3, item1]) + end + + it 'does not leak items you no longer have access to' do + private_project = create(:project, :public, namespace: create(:group)) + private_item = create_item(content: 'matching item title', project: private_project) + + recent_items.log_view(private_item) + + private_project.update!(visibility_level: Project::PRIVATE) + + expect(recent_items.search('matching')).not_to include(private_item) + end + end +end |