Add latest changes from gitlab-org/gitlab@master

12 files changed, 200 insertions, 82 deletions

diff --git a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb
index 2de824bbf3c..ecff173b8ac 100644
--- a/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb
+++ b/spec/controllers/ldap/omniauth_callbacks_controller_spec.rb
@@ -11,6 +11,11 @@ RSpec.describe Ldap::OmniauthCallbacksController do
     expect(request.env['warden']).to be_authenticated
   end
 
+  it 'creates an authentication event record' do
+    expect { post provider }.to change { AuthenticationEvent.count }.by(1)
+    expect(AuthenticationEvent.last.provider).to eq(provider.to_s)
+  end
+
   context 'with sign in prevented' do
     let(:ldap_settings) { ldap_setting_defaults.merge(prevent_ldap_sign_in: true) }
 
diff --git a/spec/controllers/omniauth_callbacks_controller_spec.rb b/spec/controllers/omniauth_callbacks_controller_spec.rb
index de6edbe936d..291d51348e6 100644
--- a/spec/controllers/omniauth_callbacks_controller_spec.rb
+++ b/spec/controllers/omniauth_callbacks_controller_spec.rb
@@ -170,6 +170,11 @@ RSpec.describe OmniauthCallbacksController, type: :controller do
           expect(request.env['warden']).to be_authenticated
         end
 
+        it 'creates an authentication event record' do
+          expect { post provider }.to change { AuthenticationEvent.count }.by(1)
+          expect(AuthenticationEvent.last.provider).to eq(provider.to_s)
+        end
+
         context 'when user has no linked provider' do
           let(:user) { create(:user) }
 
diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb
index ef72416fc71..ed5198bf015 100644
--- a/spec/controllers/projects/issues_controller_spec.rb
+++ b/spec/controllers/projects/issues_controller_spec.rb
@@ -1029,7 +1029,8 @@ RSpec.describe Projects::IssuesController do
 
         go(id: issue.to_param)
 
-        expect(recent_issues_double).to have_received(:log_view)
+        expect(response).to be_successful
+        expect(recent_issues_double).to have_received(:log_view).with(issue)
       end
 
       context 'when not logged in' do
diff --git a/spec/controllers/projects/merge_requests_controller_spec.rb b/spec/controllers/projects/merge_requests_controller_spec.rb
index db97a962fbc..ee194e5ff2f 100644
--- a/spec/controllers/projects/merge_requests_controller_spec.rb
+++ b/spec/controllers/projects/merge_requests_controller_spec.rb
@@ -123,6 +123,16 @@ RSpec.describe Projects::MergeRequestsController do
         expect(response).to be_successful
       end
 
+      it 'logs the view with Gitlab::Search::RecentMergeRequests' do
+        recent_merge_requests_double = instance_double(::Gitlab::Search::RecentMergeRequests, log_view: nil)
+        expect(::Gitlab::Search::RecentMergeRequests).to receive(:new).with(user: user).and_return(recent_merge_requests_double)
+
+        go(format: :html)
+
+        expect(response).to be_successful
+        expect(recent_merge_requests_double).to have_received(:log_view).with(merge_request)
+      end
+
       context "that is invalid" do
         let(:merge_request) { create(:invalid_merge_request, target_project: project, source_project: project) }
 
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index 2c3815b36af..688539f2a03 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -140,6 +140,11 @@ RSpec.describe SessionsController do
           expect(AuditEvent.last.details[:with]).to eq('standard')
         end
 
+        it 'creates an authentication event record' do
+          expect { post(:create, params: { user: user_params }) }.to change { AuthenticationEvent.count }.by(1)
+          expect(AuthenticationEvent.last.provider).to eq('standard')
+        end
+
         include_examples 'user login request with unique ip limit', 302 do
           def request
             post(:create, params: { user: user_params })
@@ -407,6 +412,11 @@ RSpec.describe SessionsController do
         expect { authenticate_2fa(login: user.username, otp_attempt: user.current_otp) }.to change { AuditEvent.count }.by(1)
         expect(AuditEvent.last.details[:with]).to eq("two-factor")
       end
+
+      it "creates an authentication event record" do
+        expect { authenticate_2fa(login: user.username, otp_attempt: user.current_otp) }.to change { AuthenticationEvent.count }.by(1)
+        expect(AuthenticationEvent.last.provider).to eq("two-factor")
+      end
     end
 
     context 'when using two-factor authentication via U2F device' do
@@ -448,6 +458,13 @@ RSpec.describe SessionsController do
         expect { authenticate_2fa_u2f(login: user.username, device_response: "{}") }.to change { AuditEvent.count }.by(1)
         expect(AuditEvent.last.details[:with]).to eq("two-factor-via-u2f-device")
       end
+
+      it "creates an authentication event record" do
+        allow(U2fRegistration).to receive(:authenticate).and_return(true)
+
+        expect { authenticate_2fa_u2f(login: user.username, device_response: "{}") }.to change { AuthenticationEvent.count }.by(1)
+        expect(AuthenticationEvent.last.provider).to eq("two-factor-via-u2f-device")
+      end
     end
   end
 
diff --git a/spec/features/groups/import_export/import_file_spec.rb b/spec/features/groups/import_export/import_file_spec.rb
index ee4f2740f9f..f117b5d56e9 100644
--- a/spec/features/groups/import_export/import_file_spec.rb
+++ b/spec/features/groups/import_export/import_file_spec.rb
@@ -32,7 +32,7 @@ RSpec.describe 'Import/Export - Group Import', :js do
         fill_in :group_name, with: group_name
         find('#import-group-tab').click
 
-        expect(page).to have_content 'GitLab group export'
+        expect(page).to have_content 'Import a GitLab group export file'
         attach_file(file) do
           find('.js-filepicker-button').click
         end
diff --git a/spec/frontend/lib/utils/url_utility_spec.js b/spec/frontend/lib/utils/url_utility_spec.js
index dbb126e0ad1..869ae274a3f 100644
--- a/spec/frontend/lib/utils/url_utility_spec.js
+++ b/spec/frontend/lib/utils/url_utility_spec.js
@@ -161,6 +161,15 @@ describe('URL utility', () => {
       );
     });
 
+    it('sorts params in alphabetical order with sort option', () => {
+      expect(mergeUrlParams({ c: 'c', b: 'b', a: 'a' }, 'https://host/path', { sort: true })).toBe(
+        'https://host/path?a=a&b=b&c=c',
+      );
+      expect(
+        mergeUrlParams({ alpha: 'alpha' }, 'https://host/path?op=/&foo=bar', { sort: true }),
+      ).toBe('https://host/path?alpha=alpha&foo=bar&op=%2F');
+    });
+
     describe('with spread array option', () => {
       const spreadArrayOptions = { spreadArrays: true };
 
diff --git a/spec/helpers/search_helper_spec.rb b/spec/helpers/search_helper_spec.rb
index a39ef8634df..594c5c11994 100644
--- a/spec/helpers/search_helper_spec.rb
+++ b/spec/helpers/search_helper_spec.rb
@@ -106,6 +106,39 @@ RSpec.describe SearchHelper do
         })
       end
 
+      it 'includes the first 5 of the users recent merge requests' do
+        recent_merge_requests = instance_double(::Gitlab::Search::RecentMergeRequests)
+        expect(::Gitlab::Search::RecentMergeRequests).to receive(:new).with(user: user).and_return(recent_merge_requests)
+        project1 = create(:project, :with_avatar, namespace: user.namespace)
+        project2 = create(:project, namespace: user.namespace)
+        merge_request1 = create(:merge_request, :unique_branches, title: 'Merge request 1', target_project: project1, source_project: project1)
+        merge_request2 = create(:merge_request, :unique_branches, title: 'Merge request 2', target_project: project2, source_project: project2)
+
+        other_merge_requests = create_list(:merge_request, 5)
+
+        expect(recent_merge_requests).to receive(:search).with('the search term').and_return(MergeRequest.id_in_ordered([merge_request1.id, merge_request2.id, *other_merge_requests.map(&:id)]))
+
+        results = search_autocomplete_opts("the search term")
+
+        expect(results.count).to eq(5)
+
+        expect(results[0]).to include({
+          category: 'Recent merge requests',
+          id: merge_request1.id,
+          label: 'Merge request 1',
+          url: Gitlab::Routing.url_helpers.project_merge_request_path(merge_request1.project, merge_request1),
+          avatar_url: project1.avatar_url
+        })
+
+        expect(results[1]).to include({
+          category: 'Recent merge requests',
+          id: merge_request2.id,
+          label: 'Merge request 2',
+          url: Gitlab::Routing.url_helpers.project_merge_request_path(merge_request2.project, merge_request2),
+          avatar_url: '' # This project didn't have an avatar so set this to ''
+        })
+      end
+
       it "does not include the public group" do
         group = create(:group)
         expect(search_autocomplete_opts(group.name).size).to eq(0)
diff --git a/spec/lib/gitlab/search/recent_issues_spec.rb b/spec/lib/gitlab/search/recent_issues_spec.rb
index 1822c971a72..19a41d2aa38 100644
--- a/spec/lib/gitlab/search/recent_issues_spec.rb
+++ b/spec/lib/gitlab/search/recent_issues_spec.rb
@@ -2,86 +2,10 @@
 
 require 'spec_helper'
 
-RSpec.describe ::Gitlab::Search::RecentIssues, :clean_gitlab_redis_shared_state do
-  let(:user) { create(:user) }
-  let(:issue) { create(:issue, title: 'hello world 1', project: project) }
-  let(:recent_issues) { described_class.new(user: user, items_limit: 5) }
-  let(:project) { create(:project, :public) }
-
-  describe '#log_viewing' do
-    it 'adds the item to the recent items' do
-      recent_issues.log_view(issue)
-
-      results = recent_issues.search('hello')
-
-      expect(results).to eq([issue])
-    end
-
-    it 'removes an item when it exceeds the size items_limit' do
-      (1..6).each do |i|
-        recent_issues.log_view(create(:issue, title: "issue #{i}", project: project))
-      end
-
-      results = recent_issues.search('issue')
-
-      expect(results.map(&:title)).to contain_exactly('issue 6', 'issue 5', 'issue 4', 'issue 3', 'issue 2')
-    end
-
-    it 'expires the items after expires_after' do
-      recent_issues = described_class.new(user: user, expires_after: 0)
-
-      recent_issues.log_view(issue)
-
-      results = recent_issues.search('hello')
-
-      expect(results).to be_empty
-    end
-
-    it 'does not include results logged for another user' do
-      another_user = create(:user)
-      another_issue = create(:issue, title: 'hello world 2', project: project)
-      described_class.new(user: another_user).log_view(another_issue)
-      recent_issues.log_view(issue)
-
-      results = recent_issues.search('hello')
-
-      expect(results).to eq([issue])
-    end
+RSpec.describe ::Gitlab::Search::RecentIssues do
+  def create_item(content:, project:)
+    create(:issue, title: content, project: project)
   end
 
-  describe '#search' do
-    let(:issue1) { create(:issue, title: "matching issue 1", project: project) }
-    let(:issue2) { create(:issue, title: "matching issue 2", project: project) }
-    let(:issue3) { create(:issue, title: "matching issue 3", project: project) }
-    let(:non_matching_issue) { create(:issue, title: "different issue", project: project) }
-    let!(:non_viewed_issued) { create(:issue, title: "matching but not viewed issue", project: project) }
-
-    before do
-      recent_issues.log_view(issue1)
-      recent_issues.log_view(issue2)
-      recent_issues.log_view(issue3)
-      recent_issues.log_view(non_matching_issue)
-    end
-
-    it 'matches partial text in the issue title' do
-      expect(recent_issues.search('matching')).to contain_exactly(issue1, issue2, issue3)
-    end
-
-    it 'returns results sorted by recently viewed' do
-      recent_issues.log_view(issue2)
-
-      expect(recent_issues.search('matching')).to eq([issue2, issue3, issue1])
-    end
-
-    it 'does not leak issues you no longer have access to' do
-      private_project = create(:project, :public, namespace: create(:group))
-      private_issue = create(:issue, project: private_project, title: 'matching issue title')
-
-      recent_issues.log_view(private_issue)
-
-      private_project.update!(visibility_level: Project::PRIVATE)
-
-      expect(recent_issues.search('matching')).not_to include(private_issue)
-    end
-  end
+  it_behaves_like 'search recent items'
 end
diff --git a/spec/lib/gitlab/search/recent_merge_requests_spec.rb b/spec/lib/gitlab/search/recent_merge_requests_spec.rb
new file mode 100644
index 00000000000..c6678ce0342
--- /dev/null
+++ b/spec/lib/gitlab/search/recent_merge_requests_spec.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ::Gitlab::Search::RecentMergeRequests do
+  def create_item(content:, project:)
+    create(:merge_request, :unique_branches, title: content, target_project: project, source_project: project)
+  end
+
+  it_behaves_like 'search recent items'
+end
diff --git a/spec/services/audit_event_service_spec.rb b/spec/services/audit_event_service_spec.rb
index 5059727ac4a..93de2a23edc 100644
--- a/spec/services/audit_event_service_spec.rb
+++ b/spec/services/audit_event_service_spec.rb
@@ -52,6 +52,22 @@ RSpec.describe AuditEventService do
       expect(details[:action]).to eq(:create)
       expect(details[:target_id]).to eq(1)
     end
+
+    context 'authentication event' do
+      let(:audit_service) { described_class.new(user, user, with: 'standard') }
+
+      it 'creates an authentication event' do
+        expect(AuthenticationEvent).to receive(:create).with(
+          user: user,
+          user_name: user.name,
+          ip_address: user.current_sign_in_ip,
+          result: AuthenticationEvent.results[:success],
+          provider: 'standard'
+        )
+
+        audit_service.for_authentication.security_event
+      end
+    end
   end
 
   describe '#log_security_event_to_file' do
diff --git a/spec/support/shared_examples/lib/gitlab/search/recent_items.rb b/spec/support/shared_examples/lib/gitlab/search/recent_items.rb
new file mode 100644
index 00000000000..f96ff4b101e
--- /dev/null
+++ b/spec/support/shared_examples/lib/gitlab/search/recent_items.rb
@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.shared_examples 'search recent items' do
+  let_it_be(:user) { create(:user) }
+  let_it_be(:recent_items) { described_class.new(user: user, items_limit: 5) }
+  let(:item) { create_item(content: 'hello world 1', project: project) }
+  let(:project) { create(:project, :public) }
+
+  describe '#log_view', :clean_gitlab_redis_shared_state do
+    it 'adds the item to the recent items' do
+      recent_items.log_view(item)
+
+      results = recent_items.search('hello')
+
+      expect(results).to eq([item])
+    end
+
+    it 'removes an item when it exceeds the size items_limit' do
+      (1..6).each do |i|
+        recent_items.log_view(create_item(content: "item #{i}", project: project))
+      end
+
+      results = recent_items.search('item')
+
+      expect(results.map(&:title)).to contain_exactly('item 6', 'item 5', 'item 4', 'item 3', 'item 2')
+    end
+
+    it 'expires the items after expires_after' do
+      recent_items = described_class.new(user: user, expires_after: 0)
+
+      recent_items.log_view(item)
+
+      results = recent_items.search('hello')
+
+      expect(results).to be_empty
+    end
+
+    it 'does not include results logged for another user' do
+      another_user = create(:user)
+      another_item = create_item(content: 'hello world 2', project: project)
+      described_class.new(user: another_user).log_view(another_item)
+      recent_items.log_view(item)
+
+      results = recent_items.search('hello')
+
+      expect(results).to eq([item])
+    end
+  end
+
+  describe '#search', :clean_gitlab_redis_shared_state do
+    let(:item1) { create_item(content: "matching item 1", project: project) }
+    let(:item2) { create_item(content: "matching item 2", project: project) }
+    let(:item3) { create_item(content: "matching item 3", project: project) }
+    let(:non_matching_item) { create_item(content: "different item", project: project) }
+    let!(:non_viewed_item) { create_item(content: "matching but not viewed item", project: project) }
+
+    before do
+      recent_items.log_view(item1)
+      recent_items.log_view(item2)
+      recent_items.log_view(item3)
+      recent_items.log_view(non_matching_item)
+    end
+
+    it 'matches partial text in the item title' do
+      expect(recent_items.search('matching')).to contain_exactly(item1, item2, item3)
+    end
+
+    it 'returns results sorted by recently viewed' do
+      recent_items.log_view(item2)
+
+      expect(recent_items.search('matching')).to eq([item2, item3, item1])
+    end
+
+    it 'does not leak items you no longer have access to' do
+      private_project = create(:project, :public, namespace: create(:group))
+      private_item = create_item(content: 'matching item title', project: private_project)
+
+      recent_items.log_view(private_item)
+
+      private_project.update!(visibility_level: Project::PRIVATE)
+
+      expect(recent_items.search('matching')).not_to include(private_item)
+    end
+  end
+end