7 files changed, 67 insertions, 30 deletions

diff --git a/spec/controllers/concerns/internal_redirect_spec.rb b/spec/controllers/concerns/internal_redirect_spec.rb
index a0ee13b2352..7e23b56356e 100644
--- a/spec/controllers/concerns/internal_redirect_spec.rb
+++ b/spec/controllers/concerns/internal_redirect_spec.rb
@@ -54,6 +54,31 @@ describe InternalRedirect do
     end
   end
 
+  describe '#sanitize_redirect' do
+    let(:valid_path) { '/hello/world?hello=world' }
+    let(:valid_url) { "http://test.host#{valid_path}" }
+
+    it 'returns `nil` for invalid paths' do
+      invalid_path = '//not/valid'
+
+      expect(controller.sanitize_redirect(invalid_path)).to eq nil
+    end
+
+    it 'returns `nil` for invalid urls' do
+      input = 'http://test.host:3000/invalid'
+
+      expect(controller.sanitize_redirect(input)).to eq nil
+    end
+
+    it 'returns input for valid paths' do
+      expect(controller.sanitize_redirect(valid_path)).to eq valid_path
+    end
+
+    it 'returns path for valid urls' do
+      expect(controller.sanitize_redirect(valid_url)).to eq valid_path
+    end
+  end
+
   describe '#host_allowed?' do
     it 'allows uris with the same host and port' do
       expect(controller.host_allowed?(URI('http://test.host/test'))).to be(true)
diff --git a/spec/controllers/projects/blob_controller_spec.rb b/spec/controllers/projects/blob_controller_spec.rb
index 00a7df6ccc8..9e696e9cb29 100644
--- a/spec/controllers/projects/blob_controller_spec.rb
+++ b/spec/controllers/projects/blob_controller_spec.rb
@@ -55,6 +55,25 @@ describe Projects::BlobController do
           expect(json_response).to have_key 'raw_path'
         end
       end
+
+      context "with viewer=none" do
+        let(:id) { 'master/README.md' }
+
+        before do
+          get(:show,
+              namespace_id: project.namespace,
+              project_id: project,
+              id: id,
+              format: :json,
+              viewer: 'none')
+        end
+
+        it do
+          expect(response).to be_ok
+          expect(json_response).not_to have_key 'html'
+          expect(json_response).to have_key 'raw_path'
+        end
+      end
     end
 
     context 'with tree path' do
diff --git a/spec/controllers/projects/imports_controller_spec.rb b/spec/controllers/projects/imports_controller_spec.rb
index 011843baffc..812833cc86b 100644
--- a/spec/controllers/projects/imports_controller_spec.rb
+++ b/spec/controllers/projects/imports_controller_spec.rb
@@ -29,7 +29,7 @@ describe Projects::ImportsController do
 
       context 'when import is in progress' do
         before do
-          project.update_attribute(:import_status, :started)
+          project.update_attributes(import_status: :started)
         end
 
         it 'renders template' do
@@ -47,7 +47,7 @@ describe Projects::ImportsController do
 
       context 'when import failed' do
         before do
-          project.update_attribute(:import_status, :failed)
+          project.update_attributes(import_status: :failed)
         end
 
         it 'redirects to new_namespace_project_import_path' do
@@ -59,7 +59,7 @@ describe Projects::ImportsController do
 
       context 'when import finished' do
         before do
-          project.update_attribute(:import_status, :finished)
+          project.update_attributes(import_status: :finished)
         end
 
         context 'when project is a fork' do
@@ -108,7 +108,7 @@ describe Projects::ImportsController do
 
       context 'when import never happened' do
         before do
-          project.update_attribute(:import_status, :none)
+          project.update_attributes(import_status: :none)
         end
 
         it 'redirects to namespace_project_path' do
diff --git a/spec/controllers/projects/merge_requests_controller_spec.rb b/spec/controllers/projects/merge_requests_controller_spec.rb
index 22858de0475..a412e74581d 100644
--- a/spec/controllers/projects/merge_requests_controller_spec.rb
+++ b/spec/controllers/projects/merge_requests_controller_spec.rb
@@ -234,7 +234,7 @@ describe Projects::MergeRequestsController do
         body = JSON.parse(response.body)
 
         expect(body['assignee'].keys)
-          .to match_array(%w(name username avatar_url))
+          .to match_array(%w(name username avatar_url id state web_url))
       end
     end
 
diff --git a/spec/controllers/projects/pipeline_schedules_controller_spec.rb b/spec/controllers/projects/pipeline_schedules_controller_spec.rb
index 3506305f755..4cdaa54e0bc 100644
--- a/spec/controllers/projects/pipeline_schedules_controller_spec.rb
+++ b/spec/controllers/projects/pipeline_schedules_controller_spec.rb
@@ -310,9 +310,19 @@ describe Projects::PipelineSchedulesController do
     end
 
     def go
-      put :update, namespace_id: project.namespace.to_param,
-                   project_id: project, id: pipeline_schedule,
-                   schedule: schedule
+      if Gitlab.rails5?
+        put :update, params: { namespace_id: project.namespace.to_param,
+                               project_id: project,
+                               id: pipeline_schedule,
+                               schedule: schedule },
+                     as: :html
+
+      else
+        put :update, namespace_id: project.namespace.to_param,
+                     project_id: project,
+                     id: pipeline_schedule,
+                     schedule: schedule
+      end
     end
   end
 
diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb
index 555b186fe31..2b61e0d4a85 100644
--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -257,15 +257,15 @@ describe SessionsController do
     end
   end
 
-  describe '#new' do
+  describe "#new" do
     before do
       set_devise_mapping(context: @request)
     end
 
-    it 'redirects correctly for referer on same host with params' do
-      search_path = '/search?search=seed_project'
-      allow(controller.request).to receive(:referer)
-        .and_return('http://%{host}%{path}' % { host: 'test.host', path: search_path })
+    it "redirects correctly for referer on same host with params" do
+      host = "test.host"
+      search_path = "/search?search=seed_project"
+      request.headers[:HTTP_REFERER] = "http://#{host}#{search_path}"
 
       get(:new, redirect_to_referer: :yes)
 
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index 1df2c954893..eb94d395a9e 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -580,23 +580,6 @@ describe UploadsController do
           expect(response).to have_gitlab_http_status(404)
         end
       end
-
-      context 'has a valid filename on the version file' do
-        it 'successfully returns the file' do
-          get :show, model: 'appearance', mounted_as: 'favicon', id: appearance.id, filename: 'favicon_main_dk.png'
-
-          expect(response).to have_gitlab_http_status(200)
-          expect(response.header['Content-Disposition']).to end_with 'filename="favicon_main_dk.png"'
-        end
-      end
-
-      context 'has an invalid filename on the version file' do
-        it 'returns a 404' do
-          get :show, model: 'appearance', mounted_as: 'favicon', id: appearance.id, filename: 'favicon_bogusversion_dk.png'
-
-          expect(response).to have_gitlab_http_status(404)
-        end
-      end
     end
   end
 end