Commit 1de1210e authored by Kerri Miller's avatar Kerri Miller

Merge branch 'vshumilo-prevent-namespace-sync-on-automated-abuse-renames' into 'master'

Prevent sync for ghosted user namespaces

See merge request gitlab-org/gitlab!76615
parents b9e80d44 6f14e36d
...@@ -485,6 +485,7 @@ module EE ...@@ -485,6 +485,7 @@ module EE
def sync_name_with_customers_dot def sync_name_with_customers_dot
return unless ::Gitlab.com? return unless ::Gitlab.com?
return if user_namespace? && owner.privatized_by_abuse_automation?
::Namespaces::SyncNamespaceNameWorker.perform_async(id) ::Namespaces::SyncNamespaceNameWorker.perform_async(id)
end end
......
...@@ -436,6 +436,12 @@ module EE ...@@ -436,6 +436,12 @@ module EE
credit_card_validated_at.present? credit_card_validated_at.present?
end end
def privatized_by_abuse_automation?
# Prevent abuse automation names are expected to be in the format: ghost-:id-:id. Ex: ghost-123-4567
# More context: https://gitlab.com/gitlab-org/customers-gitlab-com/-/issues/3871 for more context on the
private_profile? && name.match?(/\Aghost-\d+-\d+\z/)
end
protected protected
override :password_required? override :password_required?
......
...@@ -359,11 +359,14 @@ RSpec.describe Namespace do ...@@ -359,11 +359,14 @@ RSpec.describe Namespace do
describe 'after_commit :sync_name_with_customers_dot' do describe 'after_commit :sync_name_with_customers_dot' do
let(:namespace) { create(:group) } let(:namespace) { create(:group) }
let(:privatized_by_abuse_automation) { false }
subject(:update_namespace) { namespace.update!(attributes) } subject(:update_namespace) { namespace.update!(attributes) }
before do before do
allow(Gitlab).to receive(:com?).and_return(true) allow(Gitlab).to receive(:com?).and_return(true)
allow(namespace.owner).to receive(:privatized_by_abuse_automation?)
.and_return(privatized_by_abuse_automation)
end end
shared_examples 'no sync' do shared_examples 'no sync' do
...@@ -374,6 +377,15 @@ RSpec.describe Namespace do ...@@ -374,6 +377,15 @@ RSpec.describe Namespace do
end end
end end
shared_examples 'sync' do
it 'triggers a name sync with CustomersDot' do
expect(::Namespaces::SyncNamespaceNameWorker).to receive(:perform_async)
.with(namespace.id).once
update_namespace
end
end
context 'when the name is not updated' do context 'when the name is not updated' do
let(:attributes) { { path: 'Foo' } } let(:attributes) { { path: 'Foo' } }
...@@ -394,14 +406,41 @@ RSpec.describe Namespace do ...@@ -394,14 +406,41 @@ RSpec.describe Namespace do
context 'when project namespace' do context 'when project namespace' do
let(:namespace) { create(:project_namespace) } let(:namespace) { create(:project_namespace) }
include_examples 'no sync' context 'when the owner is privatized by abuse automation' do
let(:privatized_by_abuse_automation) { true }
include_examples 'no sync'
end
context 'when the owner is not privatized by abuse automation' do
include_examples 'no sync'
end
end end
it 'triggers a name sync with CustomersDot' do context 'when group namespace' do
expect(::Namespaces::SyncNamespaceNameWorker).to receive(:perform_async) context 'when the owner is privatized by abuse automation' do
.with(namespace.id).once let(:privatized_by_abuse_automation) { true }
update_namespace include_examples 'sync'
end
context 'when the owner is not privatized by abuse automation' do
include_examples 'sync'
end
end
context 'when user namespace' do
let(:namespace) { create(:namespace) }
context 'when the owner is privatized by abuse automation' do
let(:privatized_by_abuse_automation) { true }
include_examples 'no sync'
end
context 'when the owner is not privatized by abuse automation' do
include_examples 'sync'
end
end end
end end
end end
......
...@@ -2015,6 +2015,58 @@ RSpec.describe User do ...@@ -2015,6 +2015,58 @@ RSpec.describe User do
end end
end end
describe "#privatized_by_abuse_automation?" do
let(:user) { build(:user, private_profile: true, name: 'ghost-123-456') }
subject(:spam_check) { user.privatized_by_abuse_automation? }
context 'when the user has a non private profile' do
it 'returns false' do
user.private_profile = false
expect(spam_check).to eq false
end
end
context 'when the user name is not ghost-:id-:id like' do
it 'returns false' do
user.name = 'spam-is-not-cool'
expect(spam_check).to eq false
end
end
context 'when the user name matches ghost-:id-:id' do
context 'with extra chars at the beginning' do
it 'returns false' do
user.name = 'ABCghost-123-456'
expect(spam_check).to eq false
end
end
context 'with extra chars at the end' do
it 'returns false' do
user.name = 'ghost-123-456XYZ'
expect(spam_check).to eq false
end
end
context 'with extra chars at the beginning and the end' do
it 'returns false' do
user.name = 'ABCghost-123-456XYZ'
expect(spam_check).to eq false
end
end
end
context 'when the user has a private profile and the format is ghost-:id-:id' do
it { is_expected.to eq true }
end
end
describe '#activate_based_on_user_cap?' do describe '#activate_based_on_user_cap?' do
using RSpec::Parameterized::TableSyntax using RSpec::Parameterized::TableSyntax
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment