Automatic merge of gitlab-org/gitlab master

app/assets/javascripts/packages_and_registries/container_registry/explorer/index.js

@@ -3,7 +3,7 @@ import Vue from 'vue';
 import { parseBoolean } from '~/lib/utils/common_utils';
 import PerformancePlugin from '~/performance/vue_performance_plugin';
 import Translate from '~/vue_shared/translate';
-import RegistryBreadcrumb from './components/registry_breadcrumb.vue';
+import RegistryBreadcrumb from '~/packages_and_registries/shared/components/registry_breadcrumb.vue';
 import { apolloProvider } from './graphql/index';
 import RegistryExplorer from './pages/index.vue';
 import createRouter from './router';

db/fixtures/development/18_abuse_reports.rb

@@ -11,7 +11,7 @@ module Db
                   name: FFaker::Name.name,
                   email: FFaker::Internet.email,
                   confirmed_at: DateTime.now,
-                  password: '12345678'
+                  password: Gitlab::Password.test_default
                 )
 
               ::AbuseReport.create(reporter: ::User.take, user: reported_user, message: 'User sends spam')

db/migrate/20220109133006_remove_ci_pipelines_lock_version_index.rb

+# frozen_string_literal: true
+
+class RemoveCiPipelinesLockVersionIndex < Gitlab::Database::Migration[1.0]
+  TABLE = :ci_pipelines
+  INDEX_NAME = 'tmp_index_ci_pipelines_lock_version'
+  COLUMN = :id
+
+  disable_ddl_transaction!
+
+  def up
+    remove_concurrent_index TABLE, COLUMN, where: "lock_version IS NULL", name: INDEX_NAME
+  end
+
+  def down
+    add_concurrent_index TABLE, COLUMN, where: "lock_version IS NULL", name: INDEX_NAME
+  end
+end

db/schema_migrations/20220109133006

+192fc0b934c7d52e431a0ce7524a51beb24fa004a940e6b0675e36b0da143891
\ No newline at end of file

doc/architecture/blueprints/ci_data_decay/index.md

@@ -23,17 +23,17 @@ the data storage for pipeline builds remains almost the same since 2012. In
 ia separate database. Now we want to improve the architecture of GitLab CI/CD
 product to enable further scaling.
 
-*Disclaimer: The following contain information related to upcoming products,
-features, and functionality.
+_Disclaimer: The following contains information related to upcoming products,
+features, and functionality._
 
-It is important to note that the information presented is for informational
+_It is important to note that the information presented is for informational
 purposes only. Please do not rely on this information for purchasing or
-planning purposes.
+planning purposes._
 
-As with all projects, the items mentioned in this document and linked pages are
+_As with all projects, the items mentioned in this document and linked pages are
 subject to change or delay. The development, release and timing of any
 products, features, or functionality remain at the sole discretion of GitLab
-Inc.*
+Inc._
 
 ## Goals
 

doc/development/geo/framework.md

@@ -14,7 +14,7 @@ team to discuss the options. You can contact them in `#g_geo` on Slack
 or mention `@geo-team` in the issue or merge request.
 
 Geo provides an API to make it possible to easily replicate data types
-across Geo nodes. This API is presented as a Ruby Domain-Specific
+across Geo sites. This API is presented as a Ruby Domain-Specific
 Language (DSL) and aims to make it possible to replicate data with
 minimal effort of the engineer who created a data type.
 
@@ -43,7 +43,7 @@ naming conventions:
   For more detail, see [Data types](../../administration/geo/replication/datatypes.md).
 
 - **Geo Replicable**:
-  A Replicable is a resource Geo wants to sync across Geo nodes. There
+  A Replicable is a resource Geo wants to sync across Geo sites. There
   is a limited set of supported data types of replicables. The effort
   required to implement replication of a resource that belongs to one
   of the known data types is minimal.
@@ -57,7 +57,7 @@ naming conventions:
   It's tied to the Geo Replicable data type. All replicators have a
   common interface that can be used to process (that is, produce and
   consume) events. It takes care of the communication between the
-  primary node (where events are produced) and the secondary node
+  primary site (where events are produced) and the secondary site
   (where events are consumed). The engineer who wants to incorporate
   Geo in their feature will use the API of replicators to make this
   happen.

ee/spec/features/merge_request/user_approves_with_password_spec.rb

@@ -16,7 +16,7 @@ RSpec.describe 'Merge request > User approves with password', :js do
   end
 
   it 'works, when user approves and enters correct password' do
-    approve_with_password '12345678'
+    approve_with_password Gitlab::Password.test_default
 
     page.within('.js-mr-approvals') do
       expect(page).not_to have_button('Approve')
@@ -25,7 +25,7 @@ RSpec.describe 'Merge request > User approves with password', :js do
   end
 
   it 'does not need password to unapprove' do
-    approve_with_password '12345678'
+    approve_with_password Gitlab::Password.test_default
     unapprove
 
     expect(page).to have_button('Approve')

ee/spec/features/trial_registrations/signin_spec.rb

@@ -18,7 +18,7 @@ RSpec.describe 'Trial Sign In' do
 
       within('div#login-pane') do
         fill_in 'user_login', with: user.email
-        fill_in 'user_password', with: '12345678'
+        fill_in 'user_password', with: Gitlab::Password.test_default
 
         click_button 'Sign in'
       end

ee/spec/features/users/login_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe 'Login' do
   end
 
   it 'creates a security event for an invalid password login' do
-    user = create(:user, password: 'not-the-default')
+    user = create(:user, password: "not" + Gitlab::Password.test_default)
 
     expect { gitlab_sign_in(user) }
       .to change { AuditEvent.where(entity_id: -1).count }.from(0).to(1)

ee/spec/lib/ee/gitlab/scim/provisioning_service_spec.rb

@@ -128,7 +128,8 @@ RSpec.describe ::EE::Gitlab::Scim::ProvisioningService do
         email: 'work@example.com',
         name: 'Test Name',
         extern_uid: 'test_uid',
-        username: 'username'
+        username: 'username',
+        password: Gitlab::Password.test_default
       }
     end
 

ee/spec/lib/gitlab/auth/smartcard/certificate_spec.rb

@@ -142,7 +142,7 @@ RSpec.describe Gitlab::Auth::Smartcard::Certificate do
 
         context 'avoids conflicting namespaces' do
           let(:subject_dn) { '/CN=Gitlab User/emailAddress=gitlab-user@random-corp.org' }
-          let!(:existing_user) { create(:user, username: 'GitlabUser') }
+          let!(:existing_user) { create(:user, username: 'GitlabUser', password: Gitlab::Password.test_default) }
 
           it 'creates user with correct usnername' do
             expect { subject }.to change { User.count }.from(1).to(2)

ee/spec/lib/gitlab/auth_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe Gitlab::Auth do
   end
 
   let(:username) { 'John' } # username isn't lowercase, test this
-  let(:password) { 'my-secret' }
+  let(:password) { Gitlab::Password.test_default }
 
   context 'with kerberos' do
     before do

ee/spec/requests/api/merge_request_approvals_spec.rb

@@ -405,7 +405,7 @@ RSpec.describe API::MergeRequestApprovals do
       context 'when project requires force auth for approval' do
         before do
           project.update!(require_password_to_approve: true)
-          approver.update!(password: 'password')
+          approver.update!(password: Gitlab::Password.test_default)
         end
 
         it 'does not approve the merge request with no password' do
@@ -416,14 +416,14 @@ RSpec.describe API::MergeRequestApprovals do
         end
 
         it 'does not approve the merge request with incorrect password' do
-          approve(approval_password: 'incorrect')
+          approve(approval_password: "not" + Gitlab::Password.test_default)
 
           expect(response).to have_gitlab_http_status(:unauthorized)
           expect(merge_request.reload.approvals_left).to eq(2)
         end
 
         it 'approves the merge request with correct password' do
-          approve(approval_password: 'password')
+          approve(approval_password: Gitlab::Password.test_default)
 
           expect(response).to have_gitlab_http_status(:created)
           expect(merge_request.reload.approvals_left).to eq(1)

ee/spec/requests/api/scim_spec.rb

@@ -7,7 +7,7 @@ RSpec.describe API::Scim do
   let(:scim_token) { create(:scim_oauth_access_token, group: group) }
   let(:group) { identity.group }
 
-  let_it_be(:password) { 'secret_pass' }
+  let_it_be(:password) { Gitlab::Password.test_default }
   let_it_be(:access_token) { 'secret_token' }
 
   before do

ee/spec/requests/api/users_spec.rb

@@ -71,7 +71,7 @@ RSpec.describe API::Users do
 
     describe "PUT /users/:id" do
       it "creates audit event when updating user with new password" do
-        put api("/users/#{user.id}", admin), params: { password: '12345678' }
+        put api("/users/#{user.id}", admin), params: { password: Gitlab::Password.test_default }
 
         expect(AuditEvent.count).to eq(1)
       end

ee/spec/services/ee/users/create_service_spec.rb

@@ -10,7 +10,7 @@ RSpec.describe Users::CreateService do
       name: 'John Doe',
       username: 'jduser',
       email: 'jd@example.com',
-      password: 'mydummypass'
+      password: Gitlab::Password.test_default
     }
   end
 

ee/spec/services/ee/users/update_service_spec.rb

@@ -177,7 +177,7 @@ RSpec.describe Users::UpdateService do
 
       let(:service) { described_class.new(admin_user, ActionController::Parameters.new(params).permit!) }
       let(:params) do
-        { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: 'mydummypass' }
+        { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: Gitlab::Password.test_default }
       end
 
       context 'allowed params' do

ee/spec/services/merge_requests/approval_service_spec.rb

@@ -134,7 +134,7 @@ RSpec.describe MergeRequests::ApprovalService do
     context 'when project requires force auth for approval' do
       before do
         project.update!(require_password_to_approve: true)
-        user.update!(password: 'password')
+        user.update!(password: Gitlab::Password.test_default)
       end
       context 'when password not specified' do
         it 'does not update the approvals' do
@@ -144,7 +144,7 @@ RSpec.describe MergeRequests::ApprovalService do
 
       context 'when incorrect password is specified' do
         let(:params) do
-          { approval_password: 'incorrect' }
+          { approval_password: "not" + Gitlab::Password.test_default }
         end
 
         it 'does not update the approvals' do
@@ -156,7 +156,7 @@ RSpec.describe MergeRequests::ApprovalService do
 
       context 'when correct password is specified' do
         let(:params) do
-          { approval_password: 'password' }
+          { approval_password: Gitlab::Password.test_default }
         end
 
         it 'approves the merge request' do

lib/gitlab/auth/o_auth/user.rb

@@ -230,8 +230,8 @@ module Gitlab
             name:                       name.strip.presence || valid_username,
             username:                   valid_username,
             email:                      email,
-            password:                   auth_hash.password,
-            password_confirmation:      auth_hash.password,
+            password:                   Gitlab::Password.test_default(21),
+            password_confirmation:      Gitlab::Password.test_default(21),
             password_automatically_set: true
           }
         end

lib/gitlab/password.rb

+# frozen_string_literal: true
+
+# This module is used to return fake strong password for tests
+
+module Gitlab
+  module Password
+    DEFAULT_LENGTH = 12
+    TEST_DEFAULT = "123qweQWE!@#" + "0" * (User.password_length.max - DEFAULT_LENGTH)
+    def self.test_default(length = 12)
+      password_length = [[User.password_length.min, length].max, User.password_length.max].min
+      TEST_DEFAULT[...password_length]
+    end
+  end
+end

lib/tasks/gitlab/seed/group_seed.rake

@@ -125,7 +125,7 @@ class GroupSeeder
       name: FFaker::Name.name,
       email: FFaker::Internet.email,
       confirmed_at: DateTime.now,
-      password: Devise.friendly_token
+      password: Gitlab::Password.test_default
     )
   end
 

spec/controllers/admin/users_controller_spec.rb

@@ -612,8 +612,8 @@ RSpec.describe Admin::UsersController do
       end
 
       context 'when the new password does not match the password confirmation' do
-        let(:password) { 'some_password' }
-        let(:password_confirmation) { 'not_same_as_password' }
+        let(:password) { Gitlab::Password.test_default }
+        let(:password_confirmation) { "not" + Gitlab::Password.test_default }
 
         it 'shows the edit page again' do
           update_password(user, password, password_confirmation)

spec/controllers/ldap/omniauth_callbacks_controller_spec.rb

@@ -58,7 +58,7 @@ RSpec.describe Ldap::OmniauthCallbacksController do
   end
 
   context 'sign up' do
-    let(:user) { double(email: +'new@example.com') }
+    let(:user) { create(:user) }
 
     before do
       stub_omniauth_setting(block_auto_created_users: false)

spec/controllers/registrations_controller_spec.rb

@@ -483,7 +483,7 @@ RSpec.describe RegistrationsController do
       end
 
       it 'succeeds if password is confirmed' do
-        post :destroy, params: { password: '12345678' }
+        post :destroy, params: { password: Gitlab::Password.test_default }
 
         expect_success
       end
@@ -524,7 +524,7 @@ RSpec.describe RegistrationsController do
           end
 
           it 'fails' do
-            delete :destroy, params: { password: '12345678' }
+            delete :destroy, params: { password: Gitlab::Password.test_default }
 
             expect_failure(s_('Profiles|You must transfer ownership or delete groups you are an owner of before you can delete your account'))
           end

spec/factories/users.rb

@@ -5,7 +5,7 @@ FactoryBot.define do
     email { generate(:email) }
     name { generate(:name) }
     username { generate(:username) }
-    password { "12345678" }
+    password { Gitlab::Password.test_default }
     role { 'software_developer' }
     confirmed_at { Time.now }
     confirmation_token { nil }

spec/features/dashboard/todos/todos_spec.rb

@@ -5,10 +5,11 @@ require 'spec_helper'
 RSpec.describe 'Dashboard Todos' do
   include DesignManagementTestHelpers
 
-  let_it_be(:user)    { create(:user, username: 'john') }
-  let_it_be(:author)  { create(:user) }
+  let_it_be(:user) { create(:user, username: 'john') }
+  let_it_be(:user2) { create(:user, username: 'diane') }
+  let_it_be(:author) { create(:user) }
   let_it_be(:project) { create(:project, :public) }
-  let_it_be(:issue)   { create(:issue, project: project, due_date: Date.today, title: "Fix bug") }
+  let_it_be(:issue) { create(:issue, project: project, due_date: Date.today, title: "Fix bug") }
 
   before_all do
     project.add_developer(user)
@@ -23,6 +24,19 @@ RSpec.describe 'Dashboard Todos' do
     it 'shows "All done" message' do
       expect(page).to have_content 'Your To-Do List shows what to work on next'
     end
+
+    context 'when user was assigned to an issue and marked it as done' do
+      before do
+        sign_in(user)
+      end
+
+      it 'shows "Are you looking for things to do?" message' do
+        create(:todo, :assigned, :done, user: user, project: project, target: issue, author: user2)
+        visit dashboard_todos_path
+
+        expect(page).to have_content 'Are you looking for things to do? Take a look at open issues, contribute to a merge request, or mention someone in a comment to automatically assign them a new to-do item.'
+      end
+    end
   end
 
   context 'when the todo references a merge request' do

spec/features/password_reset_spec.rb

@@ -44,8 +44,8 @@ RSpec.describe 'Password reset' do
 
       visit(edit_user_password_path(reset_password_token: token))
 
-      fill_in 'New password', with: 'hello1234'
-      fill_in 'Confirm new password', with: 'hello1234'
+      fill_in 'New password', with: "new" + Gitlab::Password.test_default
+      fill_in 'Confirm new password', with: "new" + Gitlab::Password.test_default
 
       click_button 'Change your password'
 

spec/features/profile_spec.rb

@@ -29,7 +29,7 @@ RSpec.describe 'Profile account page', :js do
     it 'deletes user', :js, :sidekiq_might_not_need_inline do
       click_button 'Delete account'
 
-      fill_in 'password', with: '12345678'
+      fill_in 'password', with: Gitlab::Password.test_default
 
       page.within '.modal' do
         click_button 'Delete account'

spec/features/profiles/password_spec.rb

@@ -39,7 +39,7 @@ RSpec.describe 'Profile > Password' do
 
       describe 'User puts the same passwords in the field and in the confirmation' do
         it 'shows a success message' do
-          fill_passwords('mypassword', 'mypassword')
+          fill_passwords(Gitlab::Password.test_default, Gitlab::Password.test_default)
 
           page.within('.flash-notice') do
             expect(page).to have_content('Password was successfully updated. Please sign in again.')
@@ -79,7 +79,7 @@ RSpec.describe 'Profile > Password' do
   end
 
   context 'Change password' do
-    let(:new_password) { '22233344' }
+    let(:new_password) { "new" + Gitlab::Password.test_default }
 
     before do
       sign_in(user)
@@ -170,8 +170,8 @@ RSpec.describe 'Profile > Password' do
       expect(current_path).to eq new_profile_password_path
 
       fill_in :user_password,      with: user.password
-      fill_in :user_new_password,  with: '12345678'
-      fill_in :user_password_confirmation, with: '12345678'
+      fill_in :user_new_password,  with: Gitlab::Password.test_default
+      fill_in :user_password_confirmation, with: Gitlab::Password.test_default
       click_button 'Set new password'
 
       expect(current_path).to eq new_user_session_path

spec/features/users/anonymous_sessions_spec.rb

@@ -9,7 +9,7 @@ RSpec.describe 'Session TTLs', :clean_gitlab_redis_shared_state do
     visit new_user_session_path
     # The session key only gets created after a post
     fill_in 'user_login', with: 'non-existant@gitlab.org'
-    fill_in 'user_password', with: '12345678'
+    fill_in 'user_password', with: Gitlab::Password.test_default
     click_button 'Sign in'
 
     expect(page).to have_content('Invalid login or password')

spec/features/users/login_spec.rb

@@ -49,15 +49,15 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
       expect(current_path).to eq edit_user_password_path
       expect(page).to have_content('Please create a password for your new account.')
 
-      fill_in 'user_password',              with: 'password'
-      fill_in 'user_password_confirmation', with: 'password'
+      fill_in 'user_password',              with: Gitlab::Password.test_default
+      fill_in 'user_password_confirmation', with: Gitlab::Password.test_default
       click_button 'Change your password'
 
       expect(current_path).to eq new_user_session_path
       expect(page).to have_content(I18n.t('devise.passwords.updated_not_active'))
 
       fill_in 'user_login',    with: user.username
-      fill_in 'user_password', with: 'password'
+      fill_in 'user_password', with: Gitlab::Password.test_default
       click_button 'Sign in'
 
       expect_single_session_with_authenticated_ttl
@@ -210,7 +210,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
       end
 
       it 'does not allow sign-in if the user password is updated before entering a one-time code' do
-        user.update!(password: 'new_password')
+        user.update!(password: "new" + Gitlab::Password.test_default)
 
         enter_code(user.current_otp)
 
@@ -447,7 +447,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
           visit new_user_session_path
 
           fill_in 'user_login', with: user.email
-          fill_in 'user_password', with: '12345678'
+          fill_in 'user_password', with: Gitlab::Password.test_default
           click_button 'Sign in'
 
           expect(current_path).to eq(new_profile_password_path)
@@ -456,7 +456,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
     end
 
     context 'with invalid username and password' do
-      let(:user) { create(:user, password: 'not-the-default') }
+      let(:user) { create(:user, password: "not" + Gitlab::Password.test_default) }
 
       it 'blocks invalid login' do
         expect(authentication_metrics)
@@ -767,7 +767,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
       visit new_user_session_path
 
       fill_in 'user_login', with: user.email
-      fill_in 'user_password', with: '12345678'
+      fill_in 'user_password', with: Gitlab::Password.test_default
 
       click_button 'Sign in'
 
@@ -788,7 +788,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
       visit new_user_session_path
 
       fill_in 'user_login', with: user.email
-      fill_in 'user_password', with: '12345678'
+      fill_in 'user_password', with: Gitlab::Password.test_default
 
       click_button 'Sign in'
 
@@ -809,7 +809,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
           visit new_user_session_path
 
           fill_in 'user_login', with: user.email
-          fill_in 'user_password', with: '12345678'
+          fill_in 'user_password', with: Gitlab::Password.test_default
 
           click_button 'Sign in'
 
@@ -844,7 +844,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
           visit new_user_session_path
 
           fill_in 'user_login', with: user.email
-          fill_in 'user_password', with: '12345678'
+          fill_in 'user_password', with: Gitlab::Password.test_default
           click_button 'Sign in'
 
           fill_in 'user_otp_attempt', with: user.reload.current_otp
@@ -870,7 +870,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
         visit new_user_session_path
 
         fill_in 'user_login', with: user.email
-        fill_in 'user_password', with: '12345678'
+        fill_in 'user_password', with: Gitlab::Password.test_default
         click_button 'Sign in'
 
         expect_to_be_on_terms_page
@@ -878,7 +878,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_sessions do
 
         expect(current_path).to eq(new_profile_password_path)
 
-        fill_in 'user_password', with: '12345678'
+        fill_in 'user_password', with: Gitlab::Password.test_default
         fill_in 'user_new_password', with: 'new password'
         fill_in 'user_password_confirmation', with: 'new password'
         click_button 'Set new password'

spec/frontend/packages_and_registries/container_registry/explorer/components/registry_breadcrumb_spec.js → spec/frontend/packages_and_registries/shared/components/registry_breadcrumb_spec.js

 import { mount } from '@vue/test-utils';
 
-import component from '~/packages_and_registries/container_registry/explorer/components/registry_breadcrumb.vue';
+import component from '~/packages_and_registries/shared/components/registry_breadcrumb.vue';
 
 describe('Registry Breadcrumb', () => {
   let wrapper;

spec/lib/gitlab/auth_spec.rb

@@ -87,7 +87,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
       end
 
       context 'when IP is already banned' do
-        subject { gl_auth.find_for_git_client('username', 'password', project: nil, ip: 'ip') }
+        subject { gl_auth.find_for_git_client('username', Gitlab::Password.test_default, project: nil, ip: 'ip') }
 
         before do
           expect_next_instance_of(Gitlab::Auth::IpRateLimiter) do |rate_limiter|
@@ -204,16 +204,16 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
     end
 
     it 'recognizes master passwords' do
-      user = create(:user, password: 'password')
+      user = create(:user, password: Gitlab::Password.test_default)
 
-      expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to have_attributes(actor: user, project: nil, type: :gitlab_or_ldap, authentication_abilities: described_class.full_authentication_abilities)
+      expect(gl_auth.find_for_git_client(user.username, Gitlab::Password.test_default, project: nil, ip: 'ip')).to have_attributes(actor: user, project: nil, type: :gitlab_or_ldap, authentication_abilities: described_class.full_authentication_abilities)
     end
 
     include_examples 'user login operation with unique ip limit' do
-      let(:user) { create(:user, password: 'password') }
+      let(:user) { create(:user, password: Gitlab::Password.test_default) }
 
       def operation
-        expect(gl_auth.find_for_git_client(user.username, 'password', project: nil, ip: 'ip')).to have_attributes(actor: user, project: nil, type: :gitlab_or_ldap, authentication_abilities: described_class.full_authentication_abilities)
+        expect(gl_auth.find_for_git_client(user.username, Gitlab::Password.test_default, project: nil, ip: 'ip')).to have_attributes(actor: user, project: nil, type: :gitlab_or_ldap, authentication_abilities: described_class.full_authentication_abilities)
       end
     end
 
@@ -477,7 +477,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
           :user,
           :blocked,
           username: 'normal_user',
-          password: 'my-secret'
+          password: Gitlab::Password.test_default
         )
 
         expect(gl_auth.find_for_git_client(user.username, user.password, project: nil, ip: 'ip'))
@@ -486,7 +486,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
 
       context 'when 2fa is enabled globally' do
         let_it_be(:user) do
-          create(:user, username: 'normal_user', password: 'my-secret', otp_grace_period_started_at: 1.day.ago)
+          create(:user, username: 'normal_user', password: Gitlab::Password.test_default, otp_grace_period_started_at: 1.day.ago)
         end
 
         before do
@@ -510,7 +510,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
 
       context 'when 2fa is enabled personally' do
         let(:user) do
-          create(:user, :two_factor, username: 'normal_user', password: 'my-secret', otp_grace_period_started_at: 1.day.ago)
+          create(:user, :two_factor, username: 'normal_user', password: Gitlab::Password.test_default, otp_grace_period_started_at: 1.day.ago)
         end
 
         it 'fails' do
@@ -523,7 +523,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
         user = create(
           :user,
           username: 'normal_user',
-          password: 'my-secret'
+          password: Gitlab::Password.test_default
         )
 
         expect(gl_auth.find_for_git_client(user.username, user.password, project: nil, ip: 'ip'))
@@ -534,7 +534,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
         user = create(
           :user,
           username: 'oauth2',
-          password: 'my-secret'
+          password: Gitlab::Password.test_default
         )
 
         expect(gl_auth.find_for_git_client(user.username, user.password, project: nil, ip: 'ip'))
@@ -609,7 +609,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
 
       context 'when deploy token and user have the same username' do
         let(:username) { 'normal_user' }
-        let(:user) { create(:user, username: username, password: 'my-secret') }
+        let(:user) { create(:user, username: username, password: Gitlab::Password.test_default) }
         let(:deploy_token) { create(:deploy_token, username: username, read_registry: false, projects: [project]) }
 
         it 'succeeds for the token' do
@@ -622,7 +622,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
         it 'succeeds for the user' do
           auth_success = { actor: user, project: nil, type: :gitlab_or_ldap, authentication_abilities: described_class.full_authentication_abilities }
 
-          expect(gl_auth.find_for_git_client(username, 'my-secret', project: project, ip: 'ip'))
+          expect(gl_auth.find_for_git_client(username, Gitlab::Password.test_default, project: project, ip: 'ip'))
             .to have_attributes(auth_success)
         end
       end
@@ -816,7 +816,7 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
     end
 
     let(:username) { 'John' } # username isn't lowercase, test this
-    let(:password) { 'my-secret' }
+    let(:password) { Gitlab::Password.test_default }
 
     it "finds user by valid login/password" do
       expect(gl_auth.find_with_user_password(username, password)).to eql user
@@ -941,13 +941,13 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
       it "does not find user by using ldap as fallback to for authentication" do
         expect(Gitlab::Auth::Ldap::Authentication).to receive(:login).and_return(nil)
 
-        expect(gl_auth.find_with_user_password('ldap_user', 'password')).to be_nil
+        expect(gl_auth.find_with_user_password('ldap_user', Gitlab::Password.test_default)).to be_nil
       end
 
       it "find new user by using ldap as fallback to for authentication" do
         expect(Gitlab::Auth::Ldap::Authentication).to receive(:login).and_return(user)
 
-        expect(gl_auth.find_with_user_password('ldap_user', 'password')).to eq(user)
+        expect(gl_auth.find_with_user_password('ldap_user', Gitlab::Password.test_default)).to eq(user)
       end
     end
 

spec/mailers/emails/profile_spec.rb

@@ -49,7 +49,7 @@ RSpec.describe Emails::Profile do
 
   describe 'for users that signed up, the email' do
     let(:example_site_path) { root_path }
-    let(:new_user) { create(:user, email: new_user_address, password: "securePassword") }
+    let(:new_user) { create(:user, email: new_user_address, password: Gitlab::Password.test_default) }
 
     subject { Notify.new_user_email(new_user.id) }
 

spec/models/hooks/system_hook_spec.rb

@@ -37,7 +37,7 @@ RSpec.describe SystemHook do
     let(:project)     { create(:project, namespace: user.namespace) }
     let(:group)       { create(:group) }
     let(:params) do
-      { name: 'John Doe', username: 'jduser', email: 'jg@example.com', password: 'mydummypass' }
+      { name: 'John Doe', username: 'jduser', email: 'jg@example.com', password: Gitlab::Password.test_default }
     end
 
     before do

spec/models/user_spec.rb

@@ -1672,9 +1672,9 @@ RSpec.describe User do
 
   describe '#generate_password' do
     it 'does not generate password by default' do
-      user = create(:user, password: 'abcdefghe')
+      user = create(:user, password: Gitlab::Password.test_default)
 
-      expect(user.password).to eq('abcdefghe')
+      expect(user.password).to eq(Gitlab::Password.test_default)
     end
   end
 

spec/requests/api/users_spec.rb

@@ -1027,7 +1027,7 @@ RSpec.describe API::Users do
       post api('/users', admin),
         params: {
           email: 'invalid email',
-          password: 'password',
+          password: Gitlab::Password.test_default,
           name: 'test'
         }
       expect(response).to have_gitlab_http_status(:bad_request)
@@ -1093,7 +1093,7 @@ RSpec.describe API::Users do
         post api('/users', admin),
           params: {
             email: 'test@example.com',
-            password: 'password',
+            password: Gitlab::Password.test_default,
             username: 'test',
             name: 'foo'
           }
@@ -1105,7 +1105,7 @@ RSpec.describe API::Users do
             params: {
               name: 'foo',
               email: 'test@example.com',
-              password: 'password',
+              password: Gitlab::Password.test_default,
               username: 'foo'
             }
         end.to change { User.count }.by(0)
@@ -1119,7 +1119,7 @@ RSpec.describe API::Users do
             params: {
               name: 'foo',
               email: 'foo@example.com',
-              password: 'password',
+              password: Gitlab::Password.test_default,
               username: 'test'
             }
         end.to change { User.count }.by(0)
@@ -1133,7 +1133,7 @@ RSpec.describe API::Users do
             params: {
               name: 'foo',
               email: 'foo@example.com',
-              password: 'password',
+              password: Gitlab::Password.test_default,
               username: 'TEST'
             }
         end.to change { User.count }.by(0)
@@ -1478,8 +1478,8 @@ RSpec.describe API::Users do
 
     context "with existing user" do
       before do
-        post api("/users", admin), params: { email: 'test@example.com', password: 'password', username: 'test', name: 'test' }
-        post api("/users", admin), params: { email: 'foo@bar.com', password: 'password', username: 'john', name: 'john' }
+        post api("/users", admin), params: { email: 'test@example.com', password: Gitlab::Password.test_default, username: 'test', name: 'test' }
+        post api("/users", admin), params: { email: 'foo@bar.com', password: Gitlab::Password.test_default, username: 'john', name: 'john' }
         @user = User.all.last
       end
 

spec/requests/git_http_spec.rb

@@ -319,7 +319,7 @@ RSpec.describe 'Git HTTP requests' do
             context 'when user is using credentials with special characters' do
               context 'with password with special characters' do
                 before do
-                  user.update!(password: 'RKszEwéC5kFnû∆f243fycGu§Gh9ftDj!U')
+                  user.update!(password: Gitlab::Password.test_default)
                 end
 
                 it 'allows clones' do
@@ -1670,7 +1670,7 @@ RSpec.describe 'Git HTTP requests' do
             context 'when user is using credentials with special characters' do
               context 'with password with special characters' do
                 before do
-                  user.update!(password: 'RKszEwéC5kFnû∆f243fycGu§Gh9ftDj!U')
+                  user.update!(password: Gitlab::Password.test_default)
                 end
 
                 it 'allows clones' do

spec/services/users/create_service_spec.rb

@@ -12,7 +12,7 @@ RSpec.describe Users::CreateService do
 
       context 'when required parameters are provided' do
         let(:params) do
-          { name: 'John Doe', username: 'jduser', email: email, password: 'mydummypass' }
+          { name: 'John Doe', username: 'jduser', email: email, password: Gitlab::Password.test_default }
         end
 
         it 'returns a persisted user' do
@@ -82,13 +82,13 @@ RSpec.describe Users::CreateService do
 
       context 'when force_random_password parameter is true' do
         let(:params) do
-          { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: 'mydummypass', force_random_password: true }
+          { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: Gitlab::Password.test_default, force_random_password: true }
         end
 
         it 'generates random password' do
           user = service.execute
 
-          expect(user.password).not_to eq 'mydummypass'
+          expect(user.password).not_to eq Gitlab::Password.test_default
           expect(user.password).to be_present
         end
       end
@@ -99,7 +99,7 @@ RSpec.describe Users::CreateService do
             name: 'John Doe',
             username: 'jduser',
             email: 'jd@example.com',
-            password: 'mydummypass',
+            password: Gitlab::Password.test_default,
             password_automatically_set: true
           }
         end
@@ -121,7 +121,7 @@ RSpec.describe Users::CreateService do
 
       context 'when skip_confirmation parameter is true' do
         let(:params) do
-          { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: 'mydummypass', skip_confirmation: true }
+          { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: Gitlab::Password.test_default, skip_confirmation: true }
         end
 
         it 'confirms the user' do
@@ -131,7 +131,7 @@ RSpec.describe Users::CreateService do
 
       context 'when reset_password parameter is true' do
         let(:params) do
-          { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: 'mydummypass', reset_password: true }
+          { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: Gitlab::Password.test_default, reset_password: true }
         end
 
         it 'resets password even if a password parameter is given' do
@@ -152,7 +152,7 @@ RSpec.describe Users::CreateService do
 
     context 'with nil user' do
       let(:params) do
-        { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: 'mydummypass', skip_confirmation: true }
+        { name: 'John Doe', username: 'jduser', email: 'jd@example.com', password: Gitlab::Password.test_default, skip_confirmation: true }
       end
 
       let(:service) { described_class.new(nil, params) }

spec/support/helpers/login_helpers.rb

@@ -95,7 +95,7 @@ module LoginHelpers
     visit new_user_session_path
 
     fill_in "user_login", with: user.email
-    fill_in "user_password", with: "12345678"
+    fill_in "user_password", with: Gitlab::Password.test_default
     check 'user_remember_me' if remember
 
     click_button "Sign in"

spec/tasks/gitlab/password_rake_spec.rb

@@ -3,7 +3,7 @@
 require 'rake_helper'
 
 RSpec.describe 'gitlab:password rake tasks', :silence_stdout do
-  let_it_be(:user_1) { create(:user, username: 'foobar', password: 'initial_password') }
+  let_it_be(:user_1) { create(:user, username: 'foobar', password: Gitlab::Password.test_default) }
 
   def stub_username(username)
     allow(Gitlab::TaskHelpers).to receive(:prompt).with('Enter username: ').and_return(username)
@@ -19,14 +19,14 @@ RSpec.describe 'gitlab:password rake tasks', :silence_stdout do
     Rake.application.rake_require 'tasks/gitlab/password'
 
     stub_username('foobar')
-    stub_password('secretpassword')
+    stub_password(Gitlab::Password.test_default)
   end
 
   describe ':reset' do
     context 'when all inputs are correct' do
       it 'updates the password properly' do
         run_rake_task('gitlab:password:reset', user_1.username)
-        expect(user_1.reload.valid_password?('secretpassword')).to eq(true)
+        expect(user_1.reload.valid_password?(Gitlab::Password.test_default)).to eq(true)
       end
     end
 
@@ -55,7 +55,7 @@ RSpec.describe 'gitlab:password rake tasks', :silence_stdout do
 
     context 'when passwords do not match' do
       before do
-        stub_password('randompassword', 'differentpassword')
+        stub_password(Gitlab::Password.test_default, "different" + Gitlab::Password.test_default)
       end
 
       it 'aborts with an error' do