From a7e2f96b59035fd4628a047370c87400e16a4b63 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Fri, 10 Aug 2018 12:15:06 -0700
Subject: Fix logins via OAuth2 geting logged out in an hour

Users without GitLab 2FA enabled would be logged out after an hour
due to a regression in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20700.

The OAuth2 controller sets the current_user after the controller is finished, so
we should only limit session times after this has been done.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/50210
---
 spec/controllers/application_controller_spec.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'spec/controllers')

diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 421ab006792..fbf116e533b 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -162,6 +162,10 @@ describe ApplicationController do
 
   describe 'session expiration' do
     controller(described_class) do
+      # The anonymous controller will report 401 and fail to run any actions.
+      # Normally, GitLab will just redirect you to sign in.
+      skip_before_action :authenticate_user!, only: :index
+
       def index
         render text: 'authenticated'
       end
-- 
cgit v1.2.1


From 8411d1cffc05171e82d727d883f03e279c8e9e05 Mon Sep 17 00:00:00 2001
From: Mark Chao <mchao@gitlab.com>
Date: Mon, 23 Jul 2018 10:42:19 +0800
Subject: Add email_events to replace EMAIL_EVENTS because it needs to be
 dynamic, allowing override for EE.

---
 spec/controllers/notification_settings_controller_spec.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'spec/controllers')

diff --git a/spec/controllers/notification_settings_controller_spec.rb b/spec/controllers/notification_settings_controller_spec.rb
index e133950e684..a3356a86d4b 100644
--- a/spec/controllers/notification_settings_controller_spec.rb
+++ b/spec/controllers/notification_settings_controller_spec.rb
@@ -21,10 +21,11 @@ describe NotificationSettingsController do
     end
 
     context 'when authorized' do
+      let(:notification_setting) { user.notification_settings_for(source) }
       let(:custom_events) do
         events = {}
 
-        NotificationSetting::EMAIL_EVENTS.each do |event|
+        NotificationSetting.email_events(source).each do |event|
           events[event.to_s] = true
         end
 
@@ -36,7 +37,7 @@ describe NotificationSettingsController do
       end
 
       context 'for projects' do
-        let(:notification_setting) { user.notification_settings_for(project) }
+        let(:source) { project }
 
         it 'creates notification setting' do
           post :create,
@@ -67,7 +68,7 @@ describe NotificationSettingsController do
       end
 
       context 'for groups' do
-        let(:notification_setting) { user.notification_settings_for(group) }
+        let(:source) { group }
 
         it 'creates notification setting' do
           post :create,
@@ -145,7 +146,7 @@ describe NotificationSettingsController do
         let(:custom_events) do
           events = {}
 
-          NotificationSetting::EMAIL_EVENTS.each do |event|
+          notification_setting.email_events.each do |event|
             events[event] = "true"
           end
         end
-- 
cgit v1.2.1