Add latest changes from gitlab-org/gitlab@master

lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml

+# Read more about the feature here: https://docs.gitlab.com/ee/user/project/merge_requests/accessibility_testing.html
+
+stages:
+  - build
+  - test
+  - deploy
+  - accessibility
+
+a11y:
+  stage: accessibility
+  image: node
+  script:
+    - wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \
+    - echo "deb http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google.list && \
+    - apt-get update && \
+    - apt-get install -y google-chrome-stable && \
+    - rm -rf /var/lib/apt/lists/*
+    - npm install pa11y@5.3.0 pa11y-reporter-html@1.0.0
+    - 'echo { \"chromeLaunchConfig\": { \"args\": [\"--no-sandbox\"] }, \"includeWarnings\": true, \"reporter\": \"html\" } > pa11y.json'
+    - './node_modules/.bin/pa11y $a11y_urls > accessibility.html'
+  allow_failure: true
+  artifacts:
+    when: always
+    expose_as: 'accessibility'
+    paths: ['accessibility.html']
+  rules:
+    - if: $a11y_urls

lib/gitlab/template/finders/global_template_finder.rb

@@ -5,9 +5,11 @@ module Gitlab
   module Template
     module Finders
       class GlobalTemplateFinder < BaseTemplateFinder
-        def initialize(base_dir, extension, categories = {})
+        def initialize(base_dir, extension, categories = {}, exclusions: [])
           @categories = categories
           @extension  = extension
+          @exclusions = exclusions
+
           super(base_dir)
         end
@@ -16,6 +18,8 @@ module Gitlab
         end
         def find(key)
+          return if excluded?(key)
+
           file_name = "#{key}#{@extension}"
           # The key is untrusted input, so ensure we can't be directed outside
@@ -28,11 +32,20 @@ module Gitlab
         def list_files_for(dir)
           dir = "#{dir}/" unless dir.end_with?('/')
-          Dir.glob(File.join(dir, "*#{@extension}")).select { |f| f =~ self.class.filter_regex(@extension) }
+
+          Dir.glob(File.join(dir, "*#{@extension}")).select do |f|
+            next if excluded?(f)
+
+            f =~ self.class.filter_regex(@extension)
+          end
         end
         private
+        def excluded?(file_name)
+          @exclusions.include?(file_name)
+        end
+
         def select_directory(file_name)
           @categories.keys.find do |category|
             File.exist?(File.join(category_directory(category), file_name))

lib/gitlab/template/gitlab_ci_yml_template.rb

@@ -17,16 +17,25 @@ module Gitlab
           {
             'General' => '',
             'Pages' => 'Pages',
+            'Verify' => 'Verify',
             'Auto deploy' => 'autodeploy'
           }
         end
+        def disabled_templates
+          %w[
+            Verify/Browser-Performance
+          ]
+        end
+
         def base_dir
           Rails.root.join('lib/gitlab/ci/templates')
         end
         def finder(project = nil)
-          Gitlab::Template::Finders::GlobalTemplateFinder.new(self.base_dir, self.extension, self.categories)
+          Gitlab::Template::Finders::GlobalTemplateFinder.new(
+            self.base_dir, self.extension, self.categories, exclusions: self.disabled_templates
+          )
         end
       end
     end

spec/controllers/users/terms_controller_spec.rb

@@ -4,7 +4,8 @@ require 'spec_helper'
 describe Users::TermsController do
   include TermsHelper
-  let(:user) { create(:user) }
+
+  let_it_be(:user) { create(:user) }
   let(:term) { create(:term) }
   before do
@@ -12,88 +13,145 @@ describe Users::TermsController do
   end
   describe 'GET #index' do
-    it 'redirects when no terms exist' do
-      get :index
-      expect(response).to have_gitlab_http_status(:redirect)
+    context 'when a user is signed in' do
+      it 'redirects when no terms exist' do
+        get :index
+
+        expect(response).to redirect_to(root_path)
+      end
+
+      context 'when terms exist' do
+        before do
+          stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
+          term
+        end
+
+        it 'shows terms when they exist' do
+          get :index
+
+          expect(response).to have_gitlab_http_status(:success)
+        end
+
+        it 'shows a message when the user already accepted the terms' do
+          accept_terms(user)
+
+          get :index
+          expect(controller).to set_flash.now[:notice].to(/already accepted/)
+        end
+      end
     end
-    context 'when terms exist' do
+    context 'when a user is not signed in' do
       before do
-        stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
-        term
+        sign_out user
       end
-      it 'shows terms when they exist' do
-        get :index
-        expect(response).to have_gitlab_http_status(:success)
-      end
-      it 'shows a message when the user already accepted the terms' do
-        accept_terms(user)
-        get :index
-        expect(controller).to set_flash.now[:notice].to(/already accepted/)
+      context 'when terms exist' do
+        before do
+          stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
+          term
+        end
+        it 'returns success response' do
+          get :index
+          expect(response).to have_gitlab_http_status(:success)
+        end
+      end
+      context 'when no terms exist' do
+        it 'redirects' do
+          get :index
+          expect(response).to redirect_to(root_path)
+        end
       end
     end
   end
   describe 'POST #accept' do
-    it 'saves that the user accepted the terms' do
-      post :accept, params: { id: term.id }
-      agreement = user.term_agreements.find_by(term: term)
-      expect(agreement.accepted).to eq(true)
-    end
-    it 'redirects to a path when specified' do
-      post :accept, params: { id: term.id, redirect: groups_path }
-      expect(response).to redirect_to(groups_path)
-    end
-    it 'redirects to the referer when no redirect specified' do
-      request.env["HTTP_REFERER"] = groups_url
-      post :accept, params: { id: term.id }
-      expect(response).to redirect_to(groups_path)
-    end
-    context 'redirecting to another domain' do
-      it 'is prevented when passing a redirect param' do
-        post :accept, params: { id: term.id, redirect: '//example.com/random/path' }
-        expect(response).to redirect_to(root_path)
+    context 'when a user is signed in' do
+      it 'saves that the user accepted the terms' do
+        post :accept, params: { id: term.id }
+        agreement = user.term_agreements.find_by(term: term)
+        expect(agreement.accepted).to eq(true)
+      end
+      it 'redirects to a path when specified' do
+        post :accept, params: { id: term.id, redirect: groups_path }
+        expect(response).to redirect_to(groups_path)
+      end
+      it 'redirects to the referer when no redirect specified' do
+        request.env["HTTP_REFERER"] = groups_url
+        post :accept, params: { id: term.id }
+        expect(response).to redirect_to(groups_path)
+      end
+      context 'redirecting to another domain' do
+        it 'is prevented when passing a redirect param' do
+          post :accept, params: { id: term.id, redirect: '//example.com/random/path' }
+          expect(response).to redirect_to(root_path)
+        end
+
+        it 'is prevented when redirecting to the referer' do
+          request.env["HTTP_REFERER"] = 'http://example.com/and/a/path'
+
+          post :accept, params: { id: term.id }
+
+          expect(response).to redirect_to(root_path)
+        end
       end
-      it 'is prevented when redirecting to the referer' do
-        request.env["HTTP_REFERER"] = 'http://example.com/and/a/path'
+    end
+    context 'when a user is not signed in' do
+      before do
+        sign_out user
+      end
+      it 'redirects to login page' do
         post :accept, params: { id: term.id }
-        expect(response).to redirect_to(root_path)
+        expect(response).to redirect_to(new_user_session_path)
       end
     end
   end
   describe 'POST #decline' do
-    it 'stores that the user declined the terms' do
-      post :decline, params: { id: term.id }
-      agreement = user.term_agreements.find_by(term: term)
-      expect(agreement.accepted).to eq(false)
+    context 'when a user is signed in' do
+      it 'stores that the user declined the terms' do
+        post :decline, params: { id: term.id }
+
+        agreement = user.term_agreements.find_by(term: term)
+        expect(agreement.accepted).to eq(false)
+      end
+      it 'signs out the user' do
+        post :decline, params: { id: term.id }
+
+        expect(response).to redirect_to(root_path)
+        expect(assigns(:current_user)).to be_nil
+      end
     end
-    it 'signs out the user' do
-      post :decline, params: { id: term.id }
-      expect(response).to redirect_to(root_path)
-      expect(assigns(:current_user)).to be_nil
+    context 'when a user is not signed in' do
+      before do
+        sign_out user
+      end
+      it 'redirects to login page' do
+        post :decline, params: { id: term.id }
+
+        expect(response).to redirect_to(new_user_session_path)
+      end
     end
   end
 end

spec/graphql/features/authorization_spec.rb

@@ -5,8 +5,7 @@ require 'spec_helper'
 describe 'Gitlab::Graphql::Authorization' do
   include GraphqlHelpers
-  set(:user) { create(:user) }
-
+  let_it_be(:user) { create(:user) }
   let(:permission_single) { :foo }
   let(:permission_collection) { [:foo, :bar] }
   let(:test_object) { double(name: 'My name') }

spec/graphql/resolvers/concerns/resolves_pipelines_spec.rb

@@ -17,11 +17,11 @@ describe ResolvesPipelines do
   let(:current_user) { create(:user) }
-  set(:project) { create(:project, :private) }
-  set(:pipeline) { create(:ci_pipeline, project: project) }
-  set(:failed_pipeline) { create(:ci_pipeline, :failed, project: project) }
-  set(:ref_pipeline) { create(:ci_pipeline, project: project, ref: 'awesome-feature') }
-  set(:sha_pipeline) { create(:ci_pipeline, project: project, sha: 'deadbeef') }
+  let_it_be(:project) { create(:project, :private) }
+  let_it_be(:pipeline) { create(:ci_pipeline, project: project) }
+  let_it_be(:failed_pipeline) { create(:ci_pipeline, :failed, project: project) }
+  let_it_be(:ref_pipeline) { create(:ci_pipeline, project: project, ref: 'awesome-feature') }
+  let_it_be(:sha_pipeline) { create(:ci_pipeline, project: project, sha: 'deadbeef') }
   before do
     project.add_developer(current_user)

spec/graphql/resolvers/group_resolver_spec.rb

@@ -5,8 +5,8 @@ require 'spec_helper'
 describe Resolvers::GroupResolver do
   include GraphqlHelpers
-  set(:group1) { create(:group) }
-  set(:group2) { create(:group) }
+  let_it_be(:group1) { create(:group) }
+  let_it_be(:group2) { create(:group) }
   describe '#resolve' do
     it 'batch-resolves groups by full path' do

spec/graphql/resolvers/issues_resolver_spec.rb

@@ -8,11 +8,11 @@ describe Resolvers::IssuesResolver do
   let(:current_user) { create(:user) }
   context "with a project" do
-    set(:project) { create(:project) }
-    set(:issue1) { create(:issue, project: project, state: :opened, created_at: 3.hours.ago, updated_at: 3.hours.ago) }
-    set(:issue2) { create(:issue, project: project, state: :closed, title: 'foo', created_at: 1.hour.ago, updated_at: 1.hour.ago, closed_at: 1.hour.ago) }
-    set(:label1) { create(:label, project: project) }
-    set(:label2) { create(:label, project: project) }
+    let_it_be(:project) { create(:project) }
+    let_it_be(:issue1) { create(:issue, project: project, state: :opened, created_at: 3.hours.ago, updated_at: 3.hours.ago) }
+    let_it_be(:issue2) { create(:issue, project: project, state: :closed, title: 'foo', created_at: 1.hour.ago, updated_at: 1.hour.ago, closed_at: 1.hour.ago) }
+    let_it_be(:label1) { create(:label, project: project) }
+    let_it_be(:label2) { create(:label, project: project) }
     before do
       project.add_developer(current_user)

spec/graphql/resolvers/merge_request_pipelines_resolver_spec.rb

@@ -5,8 +5,8 @@ require 'spec_helper'
 describe Resolvers::MergeRequestPipelinesResolver do
   include GraphqlHelpers
-  set(:merge_request) { create(:merge_request) }
-  set(:pipeline) do
+  let_it_be(:merge_request) { create(:merge_request) }
+  let_it_be(:pipeline) do
     create(
       :ci_pipeline,
       project: merge_request.source_project,
@@ -14,8 +14,8 @@ describe Resolvers::MergeRequestPipelinesResolver do
       sha: merge_request.diff_head_sha
     )
   end
-  set(:other_project_pipeline) { create(:ci_pipeline, project: merge_request.source_project) }
-  set(:other_pipeline) { create(:ci_pipeline) }
+  let_it_be(:other_project_pipeline) { create(:ci_pipeline, project: merge_request.source_project) }
+  let_it_be(:other_pipeline) { create(:ci_pipeline) }
   let(:current_user) { create(:user) }
   before do

spec/graphql/resolvers/merge_requests_resolver_spec.rb

@@ -5,16 +5,13 @@ require 'spec_helper'
 describe Resolvers::MergeRequestsResolver do
   include GraphqlHelpers
-  set(:project) { create(:project, :repository) }
-  set(:merge_request_1) { create(:merge_request, :simple, source_project: project, target_project: project) }
-  set(:merge_request_2) { create(:merge_request, :rebased, source_project: project, target_project: project) }
-
-  set(:other_project) { create(:project, :repository) }
-  set(:other_merge_request) { create(:merge_request, source_project: other_project, target_project: other_project) }
-
+  let_it_be(:project) { create(:project, :repository) }
+  let_it_be(:merge_request_1) { create(:merge_request, :simple, source_project: project, target_project: project) }
+  let_it_be(:merge_request_2) { create(:merge_request, :rebased, source_project: project, target_project: project) }
+  let_it_be(:other_project) { create(:project, :repository) }
+  let_it_be(:other_merge_request) { create(:merge_request, source_project: other_project, target_project: other_project) }
   let(:iid_1) { merge_request_1.iid }
   let(:iid_2) { merge_request_2.iid }
-
   let(:other_iid) { other_merge_request.iid }
   describe '#resolve' do

spec/graphql/resolvers/project_pipelines_resolver_spec.rb

@@ -5,9 +5,9 @@ require 'spec_helper'
 describe Resolvers::ProjectPipelinesResolver do
   include GraphqlHelpers
-  set(:project) { create(:project) }
-  set(:pipeline) { create(:ci_pipeline, project: project) }
-  set(:other_pipeline) { create(:ci_pipeline) }
+  let_it_be(:project) { create(:project) }
+  let_it_be(:pipeline) { create(:ci_pipeline, project: project) }
+  let_it_be(:other_pipeline) { create(:ci_pipeline) }
   let(:current_user) { create(:user) }
   before do

spec/graphql/resolvers/project_resolver_spec.rb

@@ -5,10 +5,9 @@ require 'spec_helper'
 describe Resolvers::ProjectResolver do
   include GraphqlHelpers
-  set(:project1) { create(:project) }
-  set(:project2) { create(:project) }
-
-  set(:other_project) { create(:project) }
+  let_it_be(:project1) { create(:project) }
+  let_it_be(:project2) { create(:project) }
+  let_it_be(:other_project) { create(:project) }
   describe '#resolve' do
     it 'batch-resolves projects by full path' do

spec/helpers/auto_devops_helper_spec.rb

@@ -3,8 +3,8 @@
 require 'spec_helper'
 describe AutoDevopsHelper do
-  set(:project) { create(:project) }
-  set(:user) { create(:user) }
+  let_it_be(:project, reload: true) { create(:project) }
+  let_it_be(:user) { create(:user) }
   describe '.show_auto_devops_callout?' do
     let(:allowed) { true }

spec/helpers/boards_helper_spec.rb

@@ -3,7 +3,7 @@
 require 'spec_helper'
 describe BoardsHelper do
-  set(:project) { create(:project) }
+  let_it_be(:project) { create(:project) }
   describe '#build_issue_link_base' do
     context 'project board' do

spec/helpers/environments_helper_spec.rb

@@ -3,9 +3,9 @@
 require 'spec_helper'
 describe EnvironmentsHelper do
-  set(:user) { create(:user) }
-  set(:project) { create(:project, :repository) }
-  set(:environment) { create(:environment, project: project) }
+  let_it_be(:user) { create(:user) }
+  let_it_be(:project, reload: true) { create(:project, :repository) }
+  let_it_be(:environment) { create(:environment, project: project) }
   describe '#metrics_data' do
     before do

spec/helpers/labels_helper_spec.rb

@@ -35,7 +35,7 @@ describe LabelsHelper do
     end
     context 'with a group label' do
-      set(:group) { create(:group) }
+      let_it_be(:group) { create(:group) }
       let(:label) { create(:group_label, group: group, title: 'bug') }
       context 'when asking for an issue link' do
@@ -135,7 +135,7 @@ describe LabelsHelper do
   end
   describe 'create_label_title' do
-    set(:group) { create(:group) }
+    let_it_be(:group) { create(:group) }
     context 'with a group as subject' do
       it 'returns "Create group label"' do
@@ -144,7 +144,7 @@ describe LabelsHelper do
     end
     context 'with a project as subject' do
-      set(:project) { create(:project, namespace: group) }
+      let_it_be(:project) { create(:project, namespace: group) }
       it 'returns "Create project label"' do
         expect(create_label_title(project)).to eq _('Create project label')
@@ -159,7 +159,7 @@ describe LabelsHelper do
   end
   describe 'manage_labels_title' do
-    set(:group) { create(:group) }
+    let_it_be(:group) { create(:group) }
     context 'with a group as subject' do
       it 'returns "Manage group labels"' do
@@ -168,7 +168,7 @@ describe LabelsHelper do
     end
     context 'with a project as subject' do
-      set(:project) { create(:project, namespace: group) }
+      let_it_be(:project) { create(:project, namespace: group) }
       it 'returns "Manage project labels"' do
         expect(manage_labels_title(project)).to eq _('Manage project labels')
@@ -183,7 +183,7 @@ describe LabelsHelper do
   end
   describe 'view_labels_title' do
-    set(:group) { create(:group) }
+    let_it_be(:group) { create(:group) }
     context 'with a group as subject' do
       it 'returns "View group labels"' do
@@ -192,7 +192,7 @@ describe LabelsHelper do
     end
     context 'with a project as subject' do
-      set(:project) { create(:project, namespace: group) }
+      let_it_be(:project) { create(:project, namespace: group) }
       it 'returns "View project labels"' do
         expect(view_labels_title(project)).to eq _('View project labels')

spec/helpers/markup_helper_spec.rb

@@ -3,15 +3,15 @@
 require 'spec_helper'
 describe MarkupHelper do
-  set(:project) { create(:project, :repository) }
-  set(:user) do
+  let_it_be(:project) { create(:project, :repository) }
+  let_it_be(:user) do
     user = create(:user, username: 'gfm')
     project.add_maintainer(user)
     user
   end
-  set(:issue) { create(:issue, project: project) }
-  set(:merge_request) { create(:merge_request, source_project: project, target_project: project) }
-  set(:snippet) { create(:project_snippet, project: project) }
+  let_it_be(:issue) { create(:issue, project: project) }
+  let_it_be(:merge_request) { create(:merge_request, source_project: project, target_project: project) }
+  let_it_be(:snippet) { create(:project_snippet, project: project) }
   let(:commit) { project.commit }
   before do
@@ -45,8 +45,8 @@ describe MarkupHelper do
     describe "override default project" do
       let(:actual) { issue.to_reference }
-      set(:second_project) { create(:project, :public) }
-      set(:second_issue) { create(:issue, project: second_project) }
+      let_it_be(:second_project) { create(:project, :public) }
+      let_it_be(:second_issue) { create(:issue, project: second_project) }
       it 'links to the issue' do
         expected = urls.project_issue_path(second_project, second_issue)
@@ -57,7 +57,7 @@ describe MarkupHelper do
     describe 'uploads' do
       let(:text) { "![ImageTest](/uploads/test.png)" }
-      set(:group) { create(:group) }
+      let_it_be(:group) { create(:group) }
       subject { helper.markdown(text) }
@@ -79,7 +79,7 @@ describe MarkupHelper do
       end
       describe "with a group in the context" do
-        set(:project_in_group) { create(:project, group: group) }
+        let_it_be(:project_in_group) { create(:project, group: group) }
         before do
           helper.instance_variable_set(:@group, group)

spec/helpers/projects/error_tracking_helper_spec.rb

@@ -5,8 +5,8 @@ require 'spec_helper'
 describe Projects::ErrorTrackingHelper do
   include Gitlab::Routing.url_helpers
-  set(:project) { create(:project) }
-  set(:current_user) { create(:user) }
+  let_it_be(:project, reload: true) { create(:project) }
+  let_it_be(:current_user) { create(:user) }
   describe '#error_tracking_data' do
     let(:can_enable_error_tracking) { true }

spec/lib/gitlab/ci/templates/templates_spec.rb

@@ -2,33 +2,43 @@
 require 'spec_helper'
-describe "CI YML Templates" do
-  using RSpec::Parameterized::TableSyntax
-
+describe 'CI YML Templates' do
   subject { Gitlab::Ci::YamlProcessor.new(content) }
-  where(:template_name) do
-    Gitlab::Template::GitlabCiYmlTemplate.all.map(&:full_name)
-  end
-
-  with_them do
-    let(:content) do
-      <<~EOS
-        include:
-          - template: #{template_name}
-        concrete_build_implemented_by_a_user:
-          stage: test
-          script: do something
-      EOS
+  let(:all_templates) { Gitlab::Template::GitlabCiYmlTemplate.all.map(&:full_name) }
+  let(:disabled_templates) do
+    Gitlab::Template::GitlabCiYmlTemplate.disabled_templates.map do |template|
+      template + Gitlab::Template::GitlabCiYmlTemplate.extension
     end
-    it 'is valid' do
-      expect { subject }.not_to raise_error
+  end
+
+  context 'included in a CI YAML configuration' do
+    using RSpec::Parameterized::TableSyntax
+    where(:template_name) do
+      all_templates - disabled_templates
     end
-    it 'require default stages to be included' do
-      expect(subject.stages).to include(*Gitlab::Ci::Config::Entry::Stages.default)
+    with_them do
+      let(:content) do
+        <<~EOS
+          include:
+            - template: #{template_name}
+
+          concrete_build_implemented_by_a_user:
+            stage: test
+            script: do something
+        EOS
+      end
+
+      it 'is valid' do
+        expect { subject }.not_to raise_error
+      end
+
+      it 'require default stages to be included' do
+        expect(subject.stages).to include(*Gitlab::Ci::Config::Entry::Stages.default)
+      end
     end
   end
 end

spec/lib/gitlab/template/finders/global_template_finder_spec.rb

@@ -15,23 +15,87 @@ describe Gitlab::Template::Finders::GlobalTemplateFinder do
     FileUtils.rm_rf(base_dir)
   end
-  subject(:finder) { described_class.new(base_dir, '', 'Foo' => '', 'Bar' => 'bar') }
+  subject(:finder) { described_class.new(base_dir, '', { 'General' => '', 'Bar' => 'Bar' }, exclusions: exclusions) }
+
+  let(:exclusions) { [] }
   describe '.find' do
-    it 'finds a template in the Foo category' do
-      create_template!('test-template')
-      expect(finder.find('test-template')).to be_present
-    end
-    it 'finds a template in the Bar category' do
-      create_template!('bar/test-template')
-      expect(finder.find('test-template')).to be_present
+    context 'with a non-prefixed General template' do
+      before do
+        create_template!('test-template')
+      end
+      it 'finds the template with no prefix' do
+        expect(finder.find('test-template')).to be_present
+      end
+
+      it 'does not find a prefixed template' do
+        expect(finder.find('Bar/test-template')).to be_nil
+      end
+
+      it 'does not permit path traversal requests' do
+        expect { finder.find('../foo') }.to raise_error(/Invalid path/)
+      end
+      context 'while listed as an exclusion' do
+        let(:exclusions) { %w[test-template] }
+        it 'does not find the template without a prefix' do
+          expect(finder.find('test-template')).to be_nil
+        end
+
+        it 'does not find the template with a prefix' do
+          expect(finder.find('Bar/test-template')).to be_nil
+        end
+
+        it 'finds another prefixed template with the same name' do
+          create_template!('Bar/test-template')
+
+          expect(finder.find('test-template')).to be_nil
+          expect(finder.find('Bar/test-template')).to be_present
+        end
+      end
     end
-    it 'does not permit path traversal requests' do
-      expect { finder.find('../foo') }.to raise_error(/Invalid path/)
+    context 'with a prefixed template' do
+      before do
+        create_template!('Bar/test-template')
+      end
+
+      it 'finds the template with a prefix' do
+        expect(finder.find('Bar/test-template')).to be_present
+      end
+
+      # NOTE: This spec fails, the template Bar/test-template is found
+      # See Gitlab issue: https://gitlab.com/gitlab-org/gitlab/issues/205719
+      xit 'does not find the template without a prefix' do
+        expect(finder.find('test-template')).to be_nil
+      end
+
+      it 'does not permit path traversal requests' do
+        expect { finder.find('../foo') }.to raise_error(/Invalid path/)
+      end
+
+      context 'while listed as an exclusion' do
+        let(:exclusions) { %w[Bar/test-template] }
+
+        it 'does not find the template with a prefix' do
+          expect(finder.find('Bar/test-template')).to be_nil
+        end
+
+        # NOTE: This spec fails, the template Bar/test-template is found
+        # See Gitlab issue: https://gitlab.com/gitlab-org/gitlab/issues/205719
+        xit 'does not find the template without a prefix' do
+          expect(finder.find('test-template')).to be_nil
+        end
+
+        it 'finds another non-prefixed template with the same name' do
+          create_template!('Bar/test-template')
+
+          expect(finder.find('test-template')).to be_present
+          expect(finder.find('Bar/test-template')).to be_nil
+        end
+      end
     end
   end
 end