Add latest changes from gitlab-org/gitlab@master

spec/frontend/notes/components/note_app_spec.js

@@ -12,6 +12,8 @@ import '~/behaviors/markdown/render_gfm';
 import * as mockData from '../../notes/mock_data';
 import * as urlUtility from '~/lib/utils/url_utility';
+jest.mock('~/user_popovers', () => jest.fn());
+
 setTestTimeout(1000);
 describe('note_app', () => {

spec/graphql/features/authorization_spec.rb

@@ -3,6 +3,8 @@
 require 'spec_helper'
 describe 'Gitlab::Graphql::Authorization' do
+  include GraphqlHelpers
+
   set(:user) { create(:user) }
   let(:permission_single) { :foo }
@@ -300,37 +302,4 @@ describe 'Gitlab::Graphql::Authorization' do
       allow(Ability).to receive(:allowed?).with(user, permission, test_object).and_return(true)
     end
   end
-
-  def type_factory
-    Class.new(Types::BaseObject) do
-      graphql_name 'TestType'
-
-      field :name, GraphQL::STRING_TYPE, null: true
-
-      yield(self) if block_given?
-    end
-  end
-
-  def query_factory
-    Class.new(Types::BaseObject) do
-      graphql_name 'TestQuery'
-
-      yield(self) if block_given?
-    end
-  end
-
-  def execute_query(query_type)
-    schema = Class.new(GraphQL::Schema) do
-      use Gitlab::Graphql::Authorize
-      use Gitlab::Graphql::Connections
-
-      query(query_type)
-    end
-
-    schema.execute(
-      query_string,
-      context: { current_user: user },
-      variables: {}
-    )
-  end
 end

spec/graphql/features/feature_flag_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Graphql Field feature flags' do
+  include GraphqlHelpers
+
+  let_it_be(:user) { create(:user) }
+
+  let(:feature_flag) { 'test_feature' }
+  let(:test_object) { double(name: 'My name') }
+  let(:query_string) { '{ item() { name } }' }
+  let(:result) { execute_query(query_type)['data'] }
+
+  subject { result }
+
+  describe 'Feature flagged field' do
+    let(:type) { type_factory }
+
+    let(:query_type) do
+      query_factory do |query|
+        query.field :item, type, null: true, feature_flag: feature_flag, resolve: ->(obj, args, ctx) { test_object }
+      end
+    end
+
+    it 'returns the value when feature is enabled' do
+      expect(subject['item']).to eq('name' => test_object.name)
+    end
+
+    it 'returns nil when the feature is disabled' do
+      stub_feature_flags(feature_flag => false)
+
+      expect(subject).to be_nil
+    end
+  end
+end

spec/graphql/types/base_field_spec.rb

@@ -111,5 +111,70 @@ describe Types::BaseField do
         end
       end
     end
+
+    describe '#visible?' do
+      context 'and has a feature_flag' do
+        let(:flag) { :test_feature }
+        let(:field) { described_class.new(name: 'test', type: GraphQL::STRING_TYPE, feature_flag: flag, null: false) }
+        let(:context) { {} }
+
+        it 'returns false if the feature is not enabled' do
+          stub_feature_flags(flag => false)
+
+          expect(field.visible?(context)).to eq(false)
+        end
+
+        it 'returns true if the feature is enabled' do
+          expect(field.visible?(context)).to eq(true)
+        end
+
+        context 'falsey feature_flag values' do
+          using RSpec::Parameterized::TableSyntax
+
+          where(:flag, :feature_value, :visible) do
+            ''  | false | true
+            ''  | true  | true
+            nil | false | true
+            nil | true  | true
+          end
+
+          with_them do
+            it 'returns the correct value' do
+              stub_feature_flags(flag => feature_value)
+
+              expect(field.visible?(context)).to eq(visible)
+            end
+          end
+        end
+      end
+    end
+
+    describe '#description' do
+      context 'feature flag given' do
+        let(:field) { described_class.new(name: 'test', type: GraphQL::STRING_TYPE, feature_flag: flag, null: false, description: 'Test description') }
+        let(:flag) { :test_flag }
+
+        it 'prepends the description' do
+          expect(field.description). to eq 'Test description. Available only when feature flag test_flag is enabled.'
+        end
+
+        context 'falsey feature_flag values' do
+          using RSpec::Parameterized::TableSyntax
+
+          where(:flag, :feature_value) do
+            ''  | false
+            ''  | true
+            nil | false
+            nil | true
+          end
+
+          with_them do
+            it 'returns the correct description' do
+              expect(field.description).to eq('Test description')
+            end
+          end
+        end
+      end
+    end
   end
 end

spec/helpers/projects_helper_spec.rb

@@ -935,14 +935,14 @@ describe ProjectsHelper do
       helper.instance_variable_set(:@project, project)
     end
-    subject { helper.grafana_integration_token }
+    subject { helper.grafana_integration_masked_token }
     it { is_expected.to eq(nil) }
     context 'grafana integration exists' do
       let!(:grafana_integration) { create(:grafana_integration, project: project) }
-      it { is_expected.to eq(grafana_integration.token) }
+      it { is_expected.to eq(grafana_integration.masked_token) }
     end
   end

spec/javascripts/frequent_items/utils_spec.js

 import { GlBreakpointInstance as bp } from '@gitlab/ui/dist/utils';
-import { isMobile, getTopFrequentItems, updateExistingFrequentItem } from '~/frequent_items/utils';
+import {
+  isMobile,
+  getTopFrequentItems,
+  updateExistingFrequentItem,
+  sanitizeItem,
+} from '~/frequent_items/utils';
 import { HOUR_IN_MS, FREQUENT_ITEMS } from '~/frequent_items/constants';
 import { mockProject, unsortedFrequentItems, sortedFrequentItems } from './mock_data';
@@ -92,4 +97,16 @@ describe('Frequent Items utils spec', () => {
       expect(result.frequency).toBe(mockedProject.frequency);
     });
   });
+
+  describe('sanitizeItem', () => {
+    it('strips HTML tags for name and namespace', () => {
+      const input = {
+        name: '<br><b>test</b>',
+        namespace: '<br>test',
+        id: 1,
+      };
+
+      expect(sanitizeItem(input)).toEqual({ name: 'test', namespace: 'test', id: 1 });
+    });
+  });
 });

spec/javascripts/user_popovers_spec.js

@@ -10,9 +10,14 @@ describe('User Popovers', () => {
   const dummyUser = { name: 'root' };
   const dummyUserStatus = { message: 'active' };
+  let popovers;
+
   const triggerEvent = (eventName, el) => {
-    const event = document.createEvent('MouseEvents');
-    event.initMouseEvent(eventName, true, true, window);
+    const event = new MouseEvent(eventName, {
+      bubbles: true,
+      cancelable: true,
+      view: window,
+    });
     el.dispatchEvent(event);
   };
@@ -26,46 +31,54 @@ describe('User Popovers', () => {
     const userStatusCacheSpy = () => Promise.resolve(dummyUserStatus);
     spyOn(UsersCache, 'retrieveStatusById').and.callFake(userId => userStatusCacheSpy(userId));
-    initUserPopovers(document.querySelectorAll('.js-user-link'));
+    popovers = initUserPopovers(document.querySelectorAll(selector));
   });
-  it('Should Show+Hide Popover on mouseenter and mouseleave', done => {
-    const targetLink = document.querySelector(selector);
-    const { userId } = targetLink.dataset;
-    triggerEvent('mouseenter', targetLink);
-    setTimeout(() => {
-      const shownPopover = document.querySelector('.popover');
-      expect(shownPopover).not.toBeNull();
-      expect(targetLink.getAttribute('aria-describedby')).not.toBeNull();
-      expect(shownPopover.innerHTML).toContain(dummyUser.name);
-      expect(UsersCache.retrieveById).toHaveBeenCalledWith(userId.toString());
-      triggerEvent('mouseleave', targetLink);
-      setTimeout(() => {
-        // After Mouse leave it should be hidden now
-        expect(document.querySelector('.popover')).toBeNull();
-        expect(targetLink.getAttribute('aria-describedby')).toBeNull();
-        done();
-      });
-    }, 210); // We need to wait until the 200ms mouseover delay is over, only then the popover will be visible
-  });
-  it('Should Not show a popover on short mouse over', done => {
-    const targetLink = document.querySelector(selector);
-    const { userId } = targetLink.dataset;
-    triggerEvent('mouseenter', targetLink);
-    setTimeout(() => {
-      expect(document.querySelector('.popover')).toBeNull();
-      expect(UsersCache.retrieveById).not.toHaveBeenCalledWith(userId.toString());
-      triggerEvent('mouseleave', targetLink);
-      done();
-    });
+  it('initializes a popover for each js-user-link element found in the document', () => {
+    expect(document.querySelectorAll(selector).length).toBe(popovers.length);
+  });
+  describe('when user link emits mouseenter event', () => {
+    let userLink;
+    beforeEach(() => {
+      userLink = document.querySelector(selector);
+      triggerEvent('mouseenter', userLink);
+    });
+    it('removes title attribute from user links', () => {
+      expect(userLink.getAttribute('title')).toBeFalsy();
+      expect(userLink.dataset.originalTitle).toBeFalsy();
+    });
+    it('populates popovers with preloaded user data', () => {
+      const { name, userId, username } = userLink.dataset;
+      const [firstPopover] = popovers;
+
+      expect(firstPopover.$props.user).toEqual(
+        jasmine.objectContaining({
+          name,
+          userId,
+          username,
+        }),
+      );
+    });
+    it('fetches user info and status from the user cache', () => {
+      const { userId } = userLink.dataset;
+      expect(UsersCache.retrieveById).toHaveBeenCalledWith(userId);
+      expect(UsersCache.retrieveStatusById).toHaveBeenCalledWith(userId);
+    });
+  });
+  it('removes aria-describedby attribute from the user link on mouseleave', () => {
+    const userLink = document.querySelector(selector);
+    userLink.setAttribute('aria-describedby', 'popover');
+    triggerEvent('mouseleave', userLink);
+
+    expect(userLink.getAttribute('aria-describedby')).toBe(null);
   });
 });

spec/lib/banzai/reference_parser/mentioned_group_parser_spec.rb

@@ -19,7 +19,7 @@ describe Banzai::ReferenceParser::MentionedGroupParser do
         it 'returns empty array' do
           link['data-group'] = project.group.id.to_s
-          expect(subject.gather_references([link])).to eq([])
+          expect_gathered_references(subject.gather_references([link]), [], 1)
         end
       end
@@ -30,7 +30,7 @@ describe Banzai::ReferenceParser::MentionedGroupParser do
         end
         it 'returns groups' do
-          expect(subject.gather_references([link])).to eq([group])
+          expect_gathered_references(subject.gather_references([link]), [group], 0)
         end
       end
@@ -38,7 +38,7 @@ describe Banzai::ReferenceParser::MentionedGroupParser do
         it 'returns an empty Array' do
           link['data-group'] = 'test-non-existing'
-          expect(subject.gather_references([link])).to eq([])
+          expect_gathered_references(subject.gather_references([link]), [], 1)
         end
       end
     end

spec/lib/banzai/reference_parser/mentioned_project_parser_spec.rb

@@ -19,7 +19,7 @@ describe Banzai::ReferenceParser::MentionedProjectParser do
         it 'returns empty Array' do
           link['data-project'] = project.id.to_s
-          expect(subject.gather_references([link])).to eq([])
+          expect_gathered_references(subject.gather_references([link]), [], 1)
         end
       end
@@ -30,7 +30,7 @@ describe Banzai::ReferenceParser::MentionedProjectParser do
         end
         it 'returns an Array of referenced projects' do
-          expect(subject.gather_references([link])).to eq([project])
+          expect_gathered_references(subject.gather_references([link]), [project], 0)
         end
       end
@@ -38,7 +38,7 @@ describe Banzai::ReferenceParser::MentionedProjectParser do
         it 'returns an empty Array' do
           link['data-project'] = 'inexisting-project-id'
-          expect(subject.gather_references([link])).to eq([])
+          expect_gathered_references(subject.gather_references([link]), [], 1)
         end
       end
     end

spec/lib/banzai/reference_parser/mentioned_user_parser_spec.rb

@@ -22,7 +22,7 @@ describe Banzai::ReferenceParser::MentionedUserParser do
         end
         it 'returns empty list of users' do
-          expect(subject.gather_references([link])).to eq([])
+          expect_gathered_references(subject.gather_references([link]), [], 0)
         end
       end
     end
@@ -35,7 +35,7 @@ describe Banzai::ReferenceParser::MentionedUserParser do
         end
         it 'returns empty list of users' do
-          expect(subject.gather_references([link])).to eq([])
+          expect_gathered_references(subject.gather_references([link]), [], 0)
         end
       end
     end
@@ -44,7 +44,7 @@ describe Banzai::ReferenceParser::MentionedUserParser do
       it 'returns an Array of users' do
         link['data-user'] = user.id.to_s
-        expect(subject.referenced_by([link])).to eq([user])
+        expect_gathered_references(subject.gather_references([link]), [user], 0)
       end
     end
   end

spec/lib/banzai/reference_parser/project_parser_spec.rb

@@ -17,7 +17,7 @@ describe Banzai::ReferenceParser::ProjectParser do
         it 'returns an Array of projects' do
           link['data-project'] = project.id.to_s
-          expect(subject.gather_references([link])).to eq([project])
+          expect_gathered_references(subject.gather_references([link]), [project], 0)
         end
       end
@@ -25,7 +25,7 @@ describe Banzai::ReferenceParser::ProjectParser do
         it 'returns an empty Array' do
           link['data-project'] = ''
-          expect(subject.gather_references([link])).to eq([])
+          expect_gathered_references(subject.gather_references([link]), [], 1)
         end
       end
@@ -35,7 +35,7 @@ describe Banzai::ReferenceParser::ProjectParser do
           link['data-project'] = private_project.id.to_s
-          expect(subject.gather_references([link])).to eq([])
+          expect_gathered_references(subject.gather_references([link]), [], 1)
         end
         it 'returns an Array when authorized' do
@@ -43,7 +43,7 @@ describe Banzai::ReferenceParser::ProjectParser do
           link['data-project'] = private_project.id.to_s
-          expect(subject.gather_references([link])).to eq([private_project])
+          expect_gathered_references(subject.gather_references([link]), [private_project], 0)
         end
       end
     end

spec/lib/gitlab/asciidoc/include_processor_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'nokogiri'
+
+describe Gitlab::Asciidoc::IncludeProcessor do
+  let_it_be(:project) { create(:project, :repository) }
+
+  let(:processor_context) do
+    {
+      project: project,
+      max_includes: max_includes,
+      ref: ref
+    }
+  end
+  let(:ref) { project.repository.root_ref }
+  let(:max_includes) { 10 }
+
+  let(:reader) { Asciidoctor::PreprocessorReader.new(document, lines, 'file.adoc') }
+  let(:document) { Asciidoctor::Document.new(lines) }
+
+  subject(:processor) { described_class.new(processor_context) }
+
+  let(:a_blob) { double(:Blob, readable_text?: true, data: a_data) }
+  let(:a_data) { StringIO.new('include::b.adoc[]') }
+
+  let(:lines) { [':max-include-depth: 1000'] + Array.new(10, 'include::a.adoc[]') }
+
+  before do
+    allow(project.repository).to receive(:blob_at).with(ref, 'a.adoc').and_return(a_blob)
+  end
+
+  describe '#include_allowed?' do
+    it 'allows the first include' do
+      expect(processor.send(:include_allowed?, 'foo.adoc', reader)).to be_truthy
+    end
+
+    it 'allows the Nth + 1 include' do
+      (max_includes - 1).times { processor.send(:read_blob, ref, 'a.adoc') }
+
+      expect(processor.send(:include_allowed?, 'foo.adoc', reader)).to be_truthy
+    end
+
+    it 'disallows the Nth + 1 include' do
+      max_includes.times { processor.send(:read_blob, ref, 'a.adoc') }
+
+      expect(processor.send(:include_allowed?, 'foo.adoc', reader)).to be_falsey
+    end
+  end
+end

spec/lib/gitlab/asciidoc_spec.rb

@@ -425,6 +425,24 @@ module Gitlab
           create_file(current_file, "= AsciiDoc\n")
         end
+        def many_includes(target)
+          Array.new(10, "include::#{target}[]").join("\n")
+        end
+
+        context 'cyclic imports' do
+          before do
+            create_file('doc/api/a.adoc', many_includes('b.adoc'))
+            create_file('doc/api/b.adoc', many_includes('a.adoc'))
+          end
+
+          let(:include_path) { 'a.adoc' }
+          let(:requested_path) { 'doc/api/README.md' }
+
+          it 'completes successfully' do
+            is_expected.to include('<p>Include this:</p>')
+          end
+        end
+
         context 'with path to non-existing file' do
           let(:include_path) { 'not-exists.adoc' }

spec/lib/gitlab/git/cross_repo_comparer_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Gitlab::Git::CrossRepoComparer do
+  let(:source_project) { create(:project, :repository) }
+  let(:target_project) { create(:project, :repository) }
+
+  let(:source_repo) { source_project.repository.raw_repository }
+  let(:target_repo) { target_project.repository.raw_repository }
+
+  let(:source_branch) { 'feature' }
+  let(:target_branch) { 'master' }
+  let(:straight) { false }
+
+  let(:source_commit) { source_repo.commit(source_branch) }
+  let(:target_commit) { source_repo.commit(target_branch) }
+
+  subject(:result) { described_class.new(source_repo, target_repo).compare(source_branch, target_branch, straight: straight) }
+
+  describe '#compare' do
+    context 'within a single repository' do
+      let(:target_project) { source_project }
+
+      context 'a non-straight comparison' do
+        it 'compares without fetching from another repo' do
+          expect(source_repo).not_to receive(:fetch_source_branch!)
+
+          expect_compare(result, from: source_commit, to: target_commit)
+          expect(result.straight).to eq(false)
+        end
+      end
+
+      context 'a straight comparison' do
+        let(:straight) { true }
+
+        it 'compares without fetching from another repo' do
+          expect(source_repo).not_to receive(:fetch_source_branch!)
+
+          expect_compare(result, from: source_commit, to: target_commit)
+          expect(result.straight).to eq(true)
+        end
+      end
+    end
+
+    context 'across two repositories' do
+      context 'target ref exists in source repo' do
+        it 'compares without fetching from another repo' do
+          expect(source_repo).not_to receive(:fetch_source_branch!)
+          expect(source_repo).not_to receive(:delete_refs)
+
+          expect_compare(result, from: source_commit, to: target_commit)
+        end
+      end
+
+      context 'target ref does not exist in source repo' do
+        it 'compares in the source repo by fetching from the target to a temporary ref' do
+          new_commit_id = create_commit(target_project.owner, target_repo, target_branch)
+          new_commit = target_repo.commit(new_commit_id)
+
+          # This is how the temporary ref is generated
+          expect(SecureRandom).to receive(:hex).at_least(:once).and_return('foo')
+
+          expect(source_repo)
+            .to receive(:fetch_source_branch!)
+            .with(target_repo, new_commit_id, 'refs/tmp/foo')
+            .and_call_original
+
+          expect(source_repo).to receive(:delete_refs).with('refs/tmp/foo').and_call_original
+
+          expect_compare(result, from: source_commit, to: new_commit)
+        end
+      end
+
+      context 'source ref does not exist in source repo' do
+        let(:source_branch) { 'does-not-exist' }
+
+        it 'returns an empty comparison' do
+          expect(source_repo).not_to receive(:fetch_source_branch!)
+          expect(source_repo).not_to receive(:delete_refs)
+
+          expect(result).to be_a(::Gitlab::Git::Compare)
+          expect(result.commits.size).to eq(0)
+        end
+      end
+
+      context 'target ref does not exist in target repo' do
+        let(:target_branch) { 'does-not-exist' }
+
+        it 'returns nil' do
+          expect(source_repo).not_to receive(:fetch_source_branch!)
+          expect(source_repo).not_to receive(:delete_refs)
+
+          is_expected.to be_nil
+        end
+      end
+    end
+  end
+
+  def expect_compare(of, from:, to:)
+    expect(of).to be_a(::Gitlab::Git::Compare)
+    expect(from).to be_a(::Gitlab::Git::Commit)
+    expect(to).to be_a(::Gitlab::Git::Commit)
+
+    expect(of.commits).not_to be_empty
+    expect(of.head).to eq(from)
+    expect(of.base).to eq(to)
+  end
+
+  def create_commit(user, repo, branch)
+    action = { action: :create, file_path: '/FILE', content: 'content' }
+
+    result = repo.multi_action(user, branch_name: branch, message: 'Commit', actions: [action])
+
+    result.newrev
+  end
+end

spec/lib/gitlab/git/repository_spec.rb

@@ -1962,66 +1962,15 @@ describe Gitlab::Git::Repository, :seed_helper do
   end
   describe '#compare_source_branch' do
-    let(:repository) { Gitlab::Git::Repository.new('default', TEST_GITATTRIBUTES_REPO_PATH, '', 'group/project') }
-
-    context 'within same repository' do
-      it 'does not create a temp ref' do
-        expect(repository).not_to receive(:fetch_source_branch!)
-        expect(repository).not_to receive(:delete_refs)
-
-        compare = repository.compare_source_branch('master', repository, 'feature', straight: false)
-        expect(compare).to be_a(Gitlab::Git::Compare)
-        expect(compare.commits.count).to be > 0
-      end
-
-      it 'returns empty commits when source ref does not exist' do
-        compare = repository.compare_source_branch('master', repository, 'non-existent-branch', straight: false)
-        expect(compare.commits).to be_empty
+    it 'delegates to Gitlab::Git::CrossRepoComparer' do
+      expect_next_instance_of(::Gitlab::Git::CrossRepoComparer) do |instance|
+        expect(instance.source_repo).to eq(:source_repository)
+        expect(instance.target_repo).to eq(repository)
+        expect(instance).to receive(:compare).with('feature', 'master', straight: :straight)
       end
-    end
-    context 'with different repositories' do
-      context 'when ref is known by source repo, but not by target' do
-        before do
-          mutable_repository.write_ref('another-branch', 'feature')
-        end
-
-        it 'creates temp ref' do
-          expect(repository).not_to receive(:fetch_source_branch!)
-          expect(repository).not_to receive(:delete_refs)
-
-          compare = repository.compare_source_branch('master', mutable_repository, 'another-branch', straight: false)
-          expect(compare).to be_a(Gitlab::Git::Compare)
-          expect(compare.commits.count).to be > 0
-        end
-      end
-
-      context 'when ref is known by source and target repos' do
-        before do
-          mutable_repository.write_ref('another-branch', 'feature')
-          repository.write_ref('another-branch', 'feature')
-        end
-
-        it 'does not create a temp ref' do
-          expect(repository).not_to receive(:fetch_source_branch!)
-          expect(repository).not_to receive(:delete_refs)
-
-          compare = repository.compare_source_branch('master', mutable_repository, 'another-branch', straight: false)
-          expect(compare).to be_a(Gitlab::Git::Compare)
-          expect(compare.commits.count).to be > 0
-        end
-      end
-
-      context 'when ref is unknown by source repo' do
-        it 'returns nil when source ref does not exist' do
-          expect(repository).to receive(:fetch_source_branch!).and_call_original
-          expect(repository).to receive(:delete_refs).and_call_original
-
-          compare = repository.compare_source_branch('master', mutable_repository, 'non-existent-branch', straight: false)
-          expect(compare).to be_nil
-        end
-      end
+      repository.compare_source_branch('master', :source_repository, 'feature', straight: :straight)
     end
   end

spec/lib/gitlab/no_cache_headers_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Gitlab::NoCacheHeaders do
+  class NoCacheTester
+    include Gitlab::NoCacheHeaders
+  end
+
+  describe "#no_cache_headers" do
+    subject { NoCacheTester.new }
+
+    it "raises a RuntimeError" do
+      expect { subject.no_cache_headers }.to raise_error(RuntimeError)
+    end
+  end
+end

spec/lib/gitlab/reference_extractor_spec.rb

@@ -3,7 +3,7 @@
 require 'spec_helper'
 describe Gitlab::ReferenceExtractor do
-  let(:project) { create(:project) }
+  let_it_be(:project) { create(:project) }
   before do
     project.add_developer(project.creator)
@@ -293,4 +293,34 @@ describe Gitlab::ReferenceExtractor do
       end
     end
   end
+
+  describe '#references' do
+    let_it_be(:user) { create(:user) }
+    let_it_be(:issue) { create(:issue, project: project) }
+    let(:text) { "Ref. #{issue.to_reference}" }
+
+    subject { described_class.new(project, user) }
+
+    before do
+      subject.analyze(text)
+    end
+
+    context 'when references are visible' do
+      before do
+        project.add_developer(user)
+      end
+
+      it 'returns visible references of given type' do
+        expect(subject.references(:issue)).to eq([issue])
+      end
+
+      it 'does not increase stateful_not_visible_counter' do
+        expect { subject.references(:issue) }.not_to change { subject.stateful_not_visible_counter }
+      end
+    end
+
+    it 'increases stateful_not_visible_counter' do
+      expect { subject.references(:issue) }.to change { subject.stateful_not_visible_counter }.by(1)
+    end
+  end
 end

spec/models/generic_commit_status_spec.rb

@@ -19,6 +19,74 @@ describe GenericCommitStatus do
     it { is_expected.not_to allow_value('javascript:alert(1)').for(:target_url) }
   end
+  describe '#name_uniqueness_across_types' do
+    let(:attributes) { {} }
+    let(:commit_status) { described_class.new(attributes) }
+    let(:status_name) { 'test-job' }
+
+    subject(:errors) { commit_status.errors[:name] }
+
+    shared_examples 'it does not have uniqueness errors' do
+      it 'does not return errors' do
+        commit_status.valid?
+
+        is_expected.to be_empty
+      end
+    end
+
+    context 'without attributes' do
+      it_behaves_like 'it does not have uniqueness errors'
+    end
+
+    context 'with only a pipeline' do
+      let(:attributes) { { pipeline: pipeline } }
+
+      context 'without name' do
+        it_behaves_like 'it does not have uniqueness errors'
+      end
+    end
+
+    context 'with only a name' do
+      let(:attributes) { { name: status_name } }
+
+      context 'without pipeline' do
+        it_behaves_like 'it does not have uniqueness errors'
+      end
+    end
+
+    context 'with pipeline and name' do
+      let(:attributes) do
+        {
+          pipeline: pipeline,
+          name: status_name
+        }
+      end
+
+      context 'without other statuses' do
+        it_behaves_like 'it does not have uniqueness errors'
+      end
+
+      context 'with generic statuses' do
+        before do
+          create(:generic_commit_status, pipeline: pipeline, name: status_name)
+        end
+
+        it_behaves_like 'it does not have uniqueness errors'
+      end
+
+      context 'with ci_build statuses' do
+        before do
+          create(:ci_build, pipeline: pipeline, name: status_name)
+        end
+
+        it 'returns name error' do
+          expect(commit_status).to be_invalid
+          is_expected.to include('has already been taken')
+        end
+      end
+    end
+  end
+
   describe '#context' do
     subject { generic_commit_status.context }
@@ -79,6 +147,12 @@ describe GenericCommitStatus do
       it { is_expected.not_to be_nil }
     end
+
+    describe '#stage_idx' do
+      subject { generic_commit_status.stage_idx }
+
+      it { is_expected.not_to be_nil }
+    end
   end
   describe '#present' do

spec/models/grafana_integration_spec.rb

@@ -9,7 +9,7 @@ describe GrafanaIntegration do
   describe 'validations' do
     it { is_expected.to validate_presence_of(:project) }
-    it { is_expected.to validate_presence_of(:token) }
+    it { is_expected.to validate_presence_of(:encrypted_token) }
     it 'disallows invalid urls for grafana_url' do
       unsafe_url = %{https://replaceme.com/'><script>alert(document.cookie)</script>}
@@ -66,4 +66,24 @@ describe GrafanaIntegration do
       end
     end
   end
+
+  describe 'attribute encryption' do
+    subject(:grafana_integration) { create(:grafana_integration, token: 'super-secret') }
+
+    context 'token' do
+      it 'encrypts original value into encrypted_token attribute' do
+        expect(grafana_integration.encrypted_token).not_to be_nil
+      end
+
+      it 'locks access to raw value in private method', :aggregate_failures do
+        expect { grafana_integration.token }.to raise_error(NoMethodError, /private method .token. called/)
+        expect(grafana_integration.send(:token)).to eql('super-secret')
+      end
+
+      it 'prevents overriding token value with its encrypted or masked version', :aggregate_failures do
+        expect { grafana_integration.update(token: grafana_integration.encrypted_token) }.not_to change { grafana_integration.reload.send(:token) }
+        expect { grafana_integration.update(token: grafana_integration.masked_token) }.not_to change { grafana_integration.reload.send(:token) }
+      end
+    end
+  end
 end

spec/models/note_spec.rb

@@ -350,12 +350,12 @@ describe Note do
   end
   describe "cross_reference_not_visible_for?" do
-    let(:private_user)    { create(:user) }
-    let(:private_project) { create(:project, namespace: private_user.namespace) { |p| p.add_maintainer(private_user) } }
-    let(:private_issue)   { create(:issue, project: private_project) }
-    let(:ext_proj)  { create(:project, :public) }
-    let(:ext_issue) { create(:issue, project: ext_proj) }
+    let_it_be(:private_user)    { create(:user) }
+    let_it_be(:private_project) { create(:project, namespace: private_user.namespace) { |p| p.add_maintainer(private_user) } }
+    let_it_be(:private_issue)   { create(:issue, project: private_project) }
+    let_it_be(:ext_proj)  { create(:project, :public) }
+    let_it_be(:ext_issue) { create(:issue, project: ext_proj) }
     shared_examples "checks references" do
       it "returns true" do
@@ -393,10 +393,24 @@ describe Note do
       it_behaves_like "checks references"
     end
-    context "when there are two references in note" do
+    context "when there is a reference to a label" do
+      let_it_be(:private_label) { create(:label, project: private_project) }
       let(:note) do
         create :note,
           noteable: ext_issue, project: ext_proj,
+          note: "added label #{private_label.to_reference(ext_proj)}",
+          system: true
+      end
+      let!(:system_note_metadata) { create(:system_note_metadata, note: note, action: :label) }
+
+      it_behaves_like "checks references"
+    end
+
+    context "when there are two references in note" do
+      let_it_be(:ext_issue2) { create(:issue, project: ext_proj) }
+      let(:note) do
+        create :note,
+          noteable: ext_issue2, project: ext_proj,
           note: "mentioned in issue #{private_issue.to_reference(ext_proj)} and " \
                 "public issue #{ext_issue.to_reference(ext_proj)}",
           system: true