Add latest changes from gitlab-org/gitlab@master

5707f305 · GitLab Bot · 759cd6c2 · 5707f305 · 5707f305 · 5707f305
Commit 5707f305 authored 5 years ago by GitLab Bot
--- a/spec/factories/services.rb
+++ b/spec/factories/services.rb
@@ -117,7 +117,7 @@ FactoryBot.define do
  end
  
  # this is for testing storing values inside properties, which is deprecated and will be removed in
-  # https://gitlab.com/gitlab-org/gitlab-ce/issues/63084
+  # https://gitlab.com/gitlab-org/gitlab/issues/29404
  trait :without_properties_callback do
    jira_tracker_data nil
    issue_tracker_data nil

--- a/spec/features/admin/admin_settings_spec.rb
+++ b/spec/features/admin/admin_settings_spec.rb
--- a/spec/frontend/jobs/store/utils_spec.js
+++ b/spec/frontend/jobs/store/utils_spec.js
@@ -3,6 +3,8 @@ import {
  updateIncrementalTrace,
  parseHeaderLine,
  parseLine,
+  addDurationToHeader,
+  isCollapsibleSection,
  findOffsetAndRemove,
 } from '~/jobs/store/utils';
 import {
@@ -43,6 +45,127 @@ describe('Jobs Store Utils', () => {
    });
  });
  
+  describe('addDurationToHeader', () => {
+    const duration = {
+      offset: 106,
+      content: [],
+      section: 'prepare-script',
+      section_duration: '00:03',
+    };
+
+    it('adds the section duration to the correct header', () => {
+      const parsed = [
+        {
+          isClosed: true,
+          isHeader: true,
+          line: {
+            section: 'prepare-script',
+            content: [{ text: 'foo' }],
+          },
+          lines: [],
+        },
+        {
+          isClosed: true,
+          isHeader: true,
+          line: {
+            section: 'foo-bar',
+            content: [{ text: 'foo' }],
+          },
+          lines: [],
+        },
+      ];
+
+      addDurationToHeader(parsed, duration);
+
+      expect(parsed[0].line.section_duration).toEqual(duration.section_duration);
+      expect(parsed[1].line.section_duration).toEqual(undefined);
+    });
+
+    it('does not add the section duration when the headers do not match', () => {
+      const parsed = [
+        {
+          isClosed: true,
+          isHeader: true,
+          line: {
+            section: 'bar-foo',
+            content: [{ text: 'foo' }],
+          },
+          lines: [],
+        },
+        {
+          isClosed: true,
+          isHeader: true,
+          line: {
+            section: 'foo-bar',
+            content: [{ text: 'foo' }],
+          },
+          lines: [],
+        },
+      ];
+      addDurationToHeader(parsed, duration);
+
+      expect(parsed[0].line.section_duration).toEqual(undefined);
+      expect(parsed[1].line.section_duration).toEqual(undefined);
+    });
+
+    it('does not add when content has no headers', () => {
+      const parsed = [
+        {
+          section: 'bar-foo',
+          content: [{ text: 'foo' }],
+          lineNumber: 1,
+        },
+        {
+          section: 'foo-bar',
+          content: [{ text: 'foo' }],
+          lineNumber: 2,
+        },
+      ];
+
+      addDurationToHeader(parsed, duration);
+
+      expect(parsed[0].line).toEqual(undefined);
+      expect(parsed[1].line).toEqual(undefined);
+    });
+  });
+
+  describe('isCollapsibleSection', () => {
+    const header = {
+      isHeader: true,
+      line: {
+        section: 'foo',
+      },
+    };
+    const line = {
+      lineNumber: 1,
+      section: 'foo',
+      content: [],
+    };
+
+    it('returns true when line belongs to the last section', () => {
+      expect(isCollapsibleSection([header], header, { section: 'foo', content: [] })).toEqual(true);
+    });
+
+    it('returns false when last line was not an header', () => {
+      expect(isCollapsibleSection([line], line, { section: 'bar' })).toEqual(false);
+    });
+
+    it('returns false when accumulator is empty', () => {
+      expect(isCollapsibleSection([], { isHeader: true }, { section: 'bar' })).toEqual(false);
+    });
+
+    it('returns false when section_duration is defined', () => {
+      expect(isCollapsibleSection([header], header, { section_duration: '10:00' })).toEqual(false);
+    });
+
+    it('returns false when `section` is not a match', () => {
+      expect(isCollapsibleSection([header], header, { section: 'bar' })).toEqual(false);
+    });
+
+    it('returns false when no parameters are provided', () => {
+      expect(isCollapsibleSection()).toEqual(false);
+    });
+  });
  describe('logLinesParser', () => {
    let result;
  
@@ -75,7 +198,7 @@ describe('Jobs Store Utils', () => {
  
    describe('section duration', () => {
      it('adds the section information to the header section', () => {
-        expect(result[1].section_duration).toEqual(utilsMockData[4].section_duration);
+        expect(result[1].line.section_duration).toEqual(utilsMockData[4].section_duration);
      });
  
      it('does not add section duration as a line', () => {

--- a/spec/frontend/releases/mock_data.js
+++ b/spec/frontend/releases/mock_data.js
@@ -89,7 +89,7 @@ export const release = {
        id: 2,
        name: 'my second link',
        url:
-          'https://gitlab.com/gitlab-org/gitlab-ce/-/jobs/artifacts/v11.6.0-rc4/download?job=rspec-mysql+41%2F50',
+          'https://gitlab.com/gitlab-org/gitlab-foss/-/jobs/artifacts/v11.6.0-rc4/download?job=rspec-mysql+41%2F50',
        external: false,
      },
    ],

--- a/spec/helpers/nav_helper_spec.rb
+++ b/spec/helpers/nav_helper_spec.rb
 require 'spec_helper'
  
-describe NavHelper do
+describe NavHelper, :do_not_mock_admin_mode do
  describe '#header_links' do
+    include_context 'custom session'
+
    before do
-      allow(helper).to receive(:session) { {} }
+      allow(helper).to receive(:session).and_return(session)
    end
  
    context 'when the user is logged in' do
-      let(:user) { build(:user) }
+      let(:user) { create(:user) }
+      let(:current_user_mode) { Gitlab::Auth::CurrentUserMode.new(user) }
  
      before do
        allow(helper).to receive(:current_user).and_return(user)
+        allow(helper).to receive(:current_user_mode).and_return(current_user_mode)
        allow(helper).to receive(:can?) { true }
      end
  
@@ -26,6 +30,46 @@ describe NavHelper do
        expect(helper.header_links).to include(:admin_impersonation)
      end
  
+      context 'as admin' do
+        let(:user) { create(:user, :admin) }
+
+        context 'feature flag :user_mode_in_session is enabled' do
+          it 'does not contain the admin mode link by default' do
+            expect(helper.header_links).not_to include(:admin_mode)
+          end
+
+          context 'with admin mode enabled' do
+            before do
+              current_user_mode.enable_admin_mode!(password: user.password)
+            end
+
+            it 'contains the admin mode link' do
+              expect(helper.header_links).to include(:admin_mode)
+            end
+          end
+        end
+
+        context 'feature flag :user_mode_in_session is disabled' do
+          before do
+            stub_feature_flags(user_mode_in_session: false)
+          end
+
+          it 'does not contain the admin mode link' do
+            expect(helper.header_links).not_to include(:admin_mode)
+          end
+
+          context 'with admin mode enabled' do
+            before do
+              current_user_mode.enable_admin_mode!(password: user.password)
+            end
+
+            it 'has no effect on header links' do
+              expect(helper.header_links).not_to include(:admin_mode)
+            end
+          end
+        end
+      end
+
      context 'when the user cannot read cross project' do
        before do
          allow(helper).to receive(:can?).with(user, :read_cross_project) { false }

--- a/spec/lib/gitlab/auth/current_user_mode_spec.rb
+++ b/spec/lib/gitlab/auth/current_user_mode_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Gitlab::Auth::CurrentUserMode, :do_not_mock_admin_mode do
+  include_context 'custom session'
+
+  let(:user) { build(:user) }
+
+  subject { described_class.new(user) }
+
+  before do
+    allow(ActiveSession).to receive(:list_sessions).with(user).and_return([session])
+  end
+
+  describe '#admin_mode?', :request_store do
+    context 'when the user is a regular user' do
+      it 'is false by default' do
+        expect(subject.admin_mode?).to be(false)
+      end
+
+      it 'cannot be enabled with a valid password' do
+        subject.enable_admin_mode!(password: user.password)
+
+        expect(subject.admin_mode?).to be(false)
+      end
+
+      it 'cannot be enabled with an invalid password' do
+        subject.enable_admin_mode!(password: nil)
+
+        expect(subject.admin_mode?).to be(false)
+      end
+
+      it 'cannot be enabled with empty params' do
+        subject.enable_admin_mode!
+
+        expect(subject.admin_mode?).to be(false)
+      end
+
+      it 'disable has no effect' do
+        subject.enable_admin_mode!
+        subject.disable_admin_mode!
+
+        expect(subject.admin_mode?).to be(false)
+      end
+
+      context 'skipping password validation' do
+        it 'cannot be enabled with a valid password' do
+          subject.enable_admin_mode!(password: user.password, skip_password_validation: true)
+
+          expect(subject.admin_mode?).to be(false)
+        end
+
+        it 'cannot be enabled with an invalid password' do
+          subject.enable_admin_mode!(skip_password_validation: true)
+
+          expect(subject.admin_mode?).to be(false)
+        end
+      end
+    end
+
+    context 'when the user is an admin' do
+      let(:user) { build(:user, :admin) }
+
+      it 'is false by default' do
+        expect(subject.admin_mode?).to be(false)
+      end
+
+      it 'cannot be enabled with an invalid password' do
+        subject.enable_admin_mode!(password: nil)
+
+        expect(subject.admin_mode?).to be(false)
+      end
+
+      it 'can be enabled with a valid password' do
+        subject.enable_admin_mode!(password: user.password)
+
+        expect(subject.admin_mode?).to be(true)
+      end
+
+      it 'can be disabled' do
+        subject.enable_admin_mode!(password: user.password)
+        subject.disable_admin_mode!
+
+        expect(subject.admin_mode?).to be(false)
+      end
+
+      it 'will expire in the future' do
+        subject.enable_admin_mode!(password: user.password)
+        expect(subject.admin_mode?).to be(true), 'admin mode is not active in the present'
+
+        Timecop.freeze(Gitlab::Auth::CurrentUserMode::MAX_ADMIN_MODE_TIME.from_now) do
+          # in the future this will be a new request, simulate by clearing the RequestStore
+          Gitlab::SafeRequestStore.clear!
+
+          expect(subject.admin_mode?).to be(false), 'admin mode did not expire in the future'
+        end
+      end
+
+      context 'skipping password validation' do
+        it 'can be enabled with a valid password' do
+          subject.enable_admin_mode!(password: user.password, skip_password_validation: true)
+
+          expect(subject.admin_mode?).to be(true)
+        end
+
+        it 'can be enabled with an invalid password' do
+          subject.enable_admin_mode!(skip_password_validation: true)
+
+          expect(subject.admin_mode?).to be(true)
+        end
+      end
+
+      context 'with two independent sessions' do
+        let(:another_session) { {} }
+        let(:another_subject) { described_class.new(user) }
+
+        before do
+          allow(ActiveSession).to receive(:list_sessions).with(user).and_return([session, another_session])
+        end
+
+        it 'can be enabled in one and seen in the other' do
+          Gitlab::Session.with_session(another_session) do
+            another_subject.enable_admin_mode!(password: user.password)
+          end
+
+          expect(subject.admin_mode?).to be(true)
+        end
+      end
+    end
+  end
+
+  describe '#enable_admin_mode!' do
+    let(:user) { build(:user, :admin) }
+
+    it 'creates a timestamp in the session' do
+      subject.enable_admin_mode!(password: user.password)
+
+      expect(session).to include(expected_session_entry(be_within(1.second).of Time.now))
+    end
+  end
+
+  describe '#disable_admin_mode!' do
+    let(:user) { build(:user, :admin) }
+
+    it 'sets the session timestamp to nil' do
+      subject.disable_admin_mode!
+
+      expect(session).to include(expected_session_entry(be_nil))
+    end
+  end
+
+  def expected_session_entry(value_matcher)
+    {
+      Gitlab::Auth::CurrentUserMode::SESSION_STORE_KEY => a_hash_including(
+        Gitlab::Auth::CurrentUserMode::ADMIN_MODE_START_TIME_KEY => value_matcher)
+    }
+  end
+end
--- a/spec/lib/gitlab/health_checks/simple_check_shared.rb
+++ b/spec/lib/gitlab/health_checks/simple_check_shared.rb
@@ -58,9 +58,4 @@ shared_context 'simple_check' do |metrics_prefix, check_name, success_result|
      it { is_expected.to have_attributes(success: false, message: "#{described_class.human_name} check timed out") }
    end
  end
-
-  describe '#liveness' do
-    subject { described_class.readiness }
-    it { is_expected.to eq(Gitlab::HealthChecks::Result.new(true)) }
-  end
 end
--- a/spec/requests/api/helpers_spec.rb
+++ b/spec/requests/api/helpers_spec.rb
@@ -343,6 +343,8 @@ describe API::Helpers do
  end
  
  context 'sudo' do
+    include_context 'custom session'
+
    shared_examples 'successful sudo' do
      it 'sets current_user' do
        expect(current_user).to eq(user)

--- a/spec/serializers/build_action_entity_spec.rb
+++ b/spec/serializers/build_action_entity_spec.rb
@@ -3,9 +3,14 @@ require 'spec_helper'
 describe BuildActionEntity do
  let(:job) { create(:ci_build, name: 'test_job') }
  let(:request) { double('request') }
+  let(:user) { create(:user) }
  
  let(:entity) do
-    described_class.new(job, request: spy('request'))
+    described_class.new(job, request: request)
+  end
+
+  before do
+    allow(request).to receive(:current_user).and_return(user)
  end
  
  describe '#as_json' do

--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -160,6 +160,25 @@ RSpec.configure do |config|
    allow(Gitlab::Git::KeepAround).to receive(:execute)
  
    Gitlab::ThreadMemoryCache.cache_backend.clear
+
+    # Temporary patch to force admin mode to be active by default in tests when
+    # using the feature flag :user_mode_in_session, since this will require
+    # modifying a significant number of specs to test both states for admin
+    # mode enabled / disabled.
+    #
+    # See https://gitlab.com/gitlab-org/gitlab/issues/31511
+    # See gitlab/spec/support/helpers/admin_mode_helpers.rb
+    #
+    # If it is required to have the real behaviour that an admin is signed in
+    # with normal user mode and needs to switch to admin mode, it is possible to
+    # mark such tests with the `do_not_mock_admin_mode` metadata tag, e.g:
+    #
+    # context 'some test with normal user mode', :do_not_mock_admin_mode do ... end
+    unless example.metadata[:do_not_mock_admin_mode]
+      allow_any_instance_of(Gitlab::Auth::CurrentUserMode).to receive(:admin_mode?) do |current_user_mode|
+        current_user_mode.send(:user)&.admin?
+      end
+    end
  end
  
  config.around(:example, :quarantine) do |example|

--- a/spec/support/helpers/admin_mode_helpers.rb
+++ b/spec/support/helpers/admin_mode_helpers.rb
+# frozen_string_literal: true
+
+# Helper for enabling admin mode in tests
+
+module AdminModeHelper
+  # Users are logged in by default in user mode and have to switch to admin
+  # mode for accessing any administrative functionality. This helper lets a user
+  # be in admin mode without requiring a second authentication step (provided
+  # the user is an admin)
+  def enable_admin_mode!(user)
+    fake_user_mode = instance_double(Gitlab::Auth::CurrentUserMode)
+
+    allow(Gitlab::Auth::CurrentUserMode).to receive(:new).with(user).and_return(fake_user_mode)
+    allow(fake_user_mode).to receive(:admin_mode?).and_return(user&.admin?)
+  end
+end
--- a/spec/support/helpers/login_helpers.rb
+++ b/spec/support/helpers/login_helpers.rb
@@ -48,6 +48,14 @@ module LoginHelpers
    @current_user = user
  end
  
+  def gitlab_enable_admin_mode_sign_in(user)
+    visit new_admin_session_path
+
+    fill_in 'password', with: user.password
+
+    click_button 'Enter admin mode'
+  end
+
  def gitlab_sign_in_via(provider, user, uid, saml_response = nil)
    mock_auth_hash_with_saml_xml(provider, uid, user.email, saml_response)
    visit new_user_session_path

--- a/spec/support/shared_contexts/session_shared_context.rb
+++ b/spec/support/shared_contexts/session_shared_context.rb
+# frozen_string_literal: true
+
+# the session is empty by default; you can overwrite it by defining your own
+# let(:session) variable
+# we do not use a parameter such as |session| because it does not play nice
+# with let variables
+shared_context 'custom session' do
+  let!(:session) { {} }
+
+  around do |example|
+    Gitlab::Session.with_session(session) do
+      example.run
+    end
+  end
+end
--- a/spec/views/admin/sessions/new.html.haml_spec.rb
+++ b/spec/views/admin/sessions/new.html.haml_spec.rb
+require 'spec_helper'
+
+describe 'admin/sessions/new.html.haml' do
+  context 'admin has password set' do
+    before do
+      allow(view).to receive(:password_authentication_enabled_for_web?).and_return(true)
+    end
+
+    it "shows enter password form" do
+      render
+
+      expect(rendered).to have_css('#login-pane.active')
+      expect(rendered).to have_selector('input[name="password"]')
+    end
+  end
+
+  context 'admin has no password set' do
+    before do
+      allow(view).to receive(:password_authentication_enabled_for_web?).and_return(false)
+    end
+
+    it "warns authentication not possible" do
+      render
+
+      expect(rendered).not_to have_css('#login-pane')
+      expect(rendered).to have_content 'No authentication methods configured'
+    end
+  end
+end