Commit 487bc0b5 authored by Max Woolf's avatar Max Woolf

Merge branch 'mmj-async-auth-refresh-during-member-destroy' into 'master'

Async auth refresh during member destroy

See merge request gitlab-org/gitlab!66424
parents 6bf44358 4bcd5c6e
...@@ -178,7 +178,13 @@ class Member < ApplicationRecord ...@@ -178,7 +178,13 @@ class Member < ApplicationRecord
after_destroy :post_destroy_hook, unless: :pending?, if: :hook_prerequisites_met? after_destroy :post_destroy_hook, unless: :pending?, if: :hook_prerequisites_met?
after_save :log_invitation_token_cleanup after_save :log_invitation_token_cleanup
after_commit :refresh_member_authorized_projects, unless: :importing? after_commit on: [:create, :update], unless: :importing? do
refresh_member_authorized_projects(blocking: true)
end
after_commit on: [:destroy], unless: :importing? do
refresh_member_authorized_projects(blocking: Feature.disabled?(:member_destroy_async_auth_refresh, type: :ops))
end
default_value_for :notification_level, NotificationSetting.levels[:global] default_value_for :notification_level, NotificationSetting.levels[:global]
...@@ -395,8 +401,8 @@ class Member < ApplicationRecord ...@@ -395,8 +401,8 @@ class Member < ApplicationRecord
# transaction has been committed, resulting in the job either throwing an # transaction has been committed, resulting in the job either throwing an
# error or not doing any meaningful work. # error or not doing any meaningful work.
# rubocop: disable CodeReuse/ServiceClass # rubocop: disable CodeReuse/ServiceClass
def refresh_member_authorized_projects def refresh_member_authorized_projects(blocking:)
UserProjectAccessChangedService.new(user_id).execute UserProjectAccessChangedService.new(user_id).execute(blocking: blocking)
end end
# rubocop: enable CodeReuse/ServiceClass # rubocop: enable CodeReuse/ServiceClass
......
...@@ -50,8 +50,10 @@ class GroupMember < Member ...@@ -50,8 +50,10 @@ class GroupMember < Member
{ group: group } { group: group }
end end
private
override :refresh_member_authorized_projects override :refresh_member_authorized_projects
def refresh_member_authorized_projects def refresh_member_authorized_projects(blocking:)
# Here, `destroyed_by_association` will be present if the # Here, `destroyed_by_association` will be present if the
# GroupMember is being destroyed due to the `dependent: :destroy` # GroupMember is being destroyed due to the `dependent: :destroy`
# callback on Group. In this case, there is no need to refresh the # callback on Group. In this case, there is no need to refresh the
...@@ -63,8 +65,6 @@ class GroupMember < Member ...@@ -63,8 +65,6 @@ class GroupMember < Member
super super
end end
private
def access_level_inclusion def access_level_inclusion
return if access_level.in?(Gitlab::Access.all_values) return if access_level.in?(Gitlab::Access.all_values)
......
...@@ -90,13 +90,19 @@ class ProjectMember < Member ...@@ -90,13 +90,19 @@ class ProjectMember < Member
{ project: project } { project: project }
end end
private
override :refresh_member_authorized_projects override :refresh_member_authorized_projects
def refresh_member_authorized_projects def refresh_member_authorized_projects(blocking:)
return super unless Feature.enabled?(:specialized_service_for_project_member_auth_refresh) return super unless Feature.enabled?(:specialized_service_for_project_member_auth_refresh)
return unless user return unless user
# rubocop:disable CodeReuse/ServiceClass # rubocop:disable CodeReuse/ServiceClass
if blocking
AuthorizedProjectUpdate::ProjectRecalculatePerUserService.new(project, user).execute AuthorizedProjectUpdate::ProjectRecalculatePerUserService.new(project, user).execute
else
AuthorizedProjectUpdate::ProjectRecalculatePerUserWorker.perform_async(project.id, user.id)
end
# Until we compare the inconsistency rates of the new, specialized service and # Until we compare the inconsistency rates of the new, specialized service and
# the old approach, we still run AuthorizedProjectsWorker # the old approach, we still run AuthorizedProjectsWorker
...@@ -106,8 +112,6 @@ class ProjectMember < Member ...@@ -106,8 +112,6 @@ class ProjectMember < Member
# rubocop:enable CodeReuse/ServiceClass # rubocop:enable CodeReuse/ServiceClass
end end
private
def send_invite def send_invite
run_after_commit_or_now { notification_service.invite_project_member(self, @raw_invite_token) } run_after_commit_or_now { notification_service.invite_project_member(self, @raw_invite_token) }
......
...@@ -30,6 +30,15 @@ ...@@ -30,6 +30,15 @@
:weight: 1 :weight: 1
:idempotent: true :idempotent: true
:tags: [] :tags: []
- :name: authorized_project_update:authorized_project_update_project_recalculate_per_user
:worker_name: AuthorizedProjectUpdate::ProjectRecalculatePerUserWorker
:feature_category: :authentication_and_authorization
:has_external_dependencies:
:urgency: :high
:resource_boundary: :unknown
:weight: 1
:idempotent: true
:tags: []
- :name: authorized_project_update:authorized_project_update_user_refresh_from_replica - :name: authorized_project_update:authorized_project_update_user_refresh_from_replica
:worker_name: AuthorizedProjectUpdate::UserRefreshFromReplicaWorker :worker_name: AuthorizedProjectUpdate::UserRefreshFromReplicaWorker
:feature_category: :authentication_and_authorization :feature_category: :authentication_and_authorization
......
# frozen_string_literal: true
module AuthorizedProjectUpdate
class ProjectRecalculatePerUserWorker < ProjectRecalculateWorker
data_consistency :always
feature_category :authentication_and_authorization
urgency :high
queue_namespace :authorized_project_update
deduplicate :until_executing, including_scheduled: true
idempotent!
def perform(project_id, user_id)
project = Project.find_by_id(project_id)
user = User.find_by_id(user_id)
return unless project && user
in_lock(lock_key(project), ttl: 10.seconds) do
AuthorizedProjectUpdate::ProjectRecalculatePerUserService.new(project, user).execute
end
end
end
end
...@@ -26,7 +26,9 @@ module AuthorizedProjectUpdate ...@@ -26,7 +26,9 @@ module AuthorizedProjectUpdate
private private
def lock_key(project) def lock_key(project)
"#{self.class.name.underscore}/projects/#{project.id}" # The self.class.name.underscore value is hardcoded here as the prefix, so that the same
# lock_key for this superclass will be used by the ProjectRecalculatePerUserWorker subclass.
"authorized_project_update/project_recalculate_worker/projects/#{project.id}"
end end
end end
end end
---
name: member_destroy_async_auth_refresh
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66424
rollout_issue_url:
milestone: '14.4'
type: ops
group: group::access
default_enabled: false
...@@ -282,7 +282,7 @@ RSpec.describe EE::Gitlab::Auth::Ldap::Sync::Group do ...@@ -282,7 +282,7 @@ RSpec.describe EE::Gitlab::Auth::Ldap::Sync::Group do
.to eq(::Gitlab::Access::OWNER) .to eq(::Gitlab::Access::OWNER)
end end
it 'updates projects authorizations' do it 'updates projects authorizations', :sidekiq_inline do
project = create(:project, namespace: group) project = create(:project, namespace: group)
group.add_user(user, Gitlab::Access::MAINTAINER) group.add_user(user, Gitlab::Access::MAINTAINER)
......
...@@ -1336,7 +1336,7 @@ RSpec.describe ApprovalState do ...@@ -1336,7 +1336,7 @@ RSpec.describe ApprovalState do
expect(subject.can_approve?(nil)).to be_falsey expect(subject.can_approve?(nil)).to be_falsey
end end
context 'when an approver does not have access to the merge request' do context 'when an approver does not have access to the merge request', :sidekiq_inline do
before do before do
project.members.find_by(user_id: developer.id).destroy! project.members.find_by(user_id: developer.id).destroy!
end end
......
...@@ -324,7 +324,7 @@ RSpec.describe TodoService do ...@@ -324,7 +324,7 @@ RSpec.describe TodoService do
let(:project) { create(:project, :private, :repository) } let(:project) { create(:project, :private, :repository) }
let(:merge_request) { create(:merge_request, source_project: project, author: author) } let(:merge_request) { create(:merge_request, source_project: project, author: author) }
context 'an approver has lost access to the project' do context 'an approver has lost access to the project', :sidekiq_inline do
before do before do
create(:approver, user: non_member, target: project) create(:approver, user: non_member, target: project)
project.members.find_by(user_id: non_member.id).destroy project.members.find_by(user_id: non_member.id).destroy
......
...@@ -239,7 +239,7 @@ RSpec.describe Projects::BranchesController do ...@@ -239,7 +239,7 @@ RSpec.describe Projects::BranchesController do
end end
end end
context 'without issue feature access' do context 'without issue feature access', :sidekiq_inline do
before do before do
project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC) project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE) project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE)
......
...@@ -409,7 +409,7 @@ RSpec.describe Projects::CompareController do ...@@ -409,7 +409,7 @@ RSpec.describe Projects::CompareController do
end end
end end
context 'when the user does not have access to the project' do context 'when the user does not have access to the project', :sidekiq_inline do
before do before do
project.team.truncate project.team.truncate
project.update!(visibility: 'private') project.update!(visibility: 'private')
......
...@@ -187,7 +187,7 @@ RSpec.describe GitlabSchema.types['Project'] do ...@@ -187,7 +187,7 @@ RSpec.describe GitlabSchema.types['Project'] do
expect(analyzer['enabled']).to eq(true) expect(analyzer['enabled']).to eq(true)
end end
context "with guest user" do context 'with guest user' do
before do before do
project.add_guest(user) project.add_guest(user)
end end
...@@ -195,7 +195,7 @@ RSpec.describe GitlabSchema.types['Project'] do ...@@ -195,7 +195,7 @@ RSpec.describe GitlabSchema.types['Project'] do
context 'when project is private' do context 'when project is private' do
let(:project) { create(:project, :private, :repository) } let(:project) { create(:project, :private, :repository) }
it "returns no configuration" do it 'returns no configuration' do
secure_analyzers_prefix = subject.dig('data', 'project', 'sastCiConfiguration') secure_analyzers_prefix = subject.dig('data', 'project', 'sastCiConfiguration')
expect(secure_analyzers_prefix).to be_nil expect(secure_analyzers_prefix).to be_nil
end end
...@@ -215,7 +215,7 @@ RSpec.describe GitlabSchema.types['Project'] do ...@@ -215,7 +215,7 @@ RSpec.describe GitlabSchema.types['Project'] do
end end
end end
context "with non-member user" do context 'with non-member user', :sidekiq_inline do
before do before do
project.team.truncate project.team.truncate
end end
...@@ -223,7 +223,7 @@ RSpec.describe GitlabSchema.types['Project'] do ...@@ -223,7 +223,7 @@ RSpec.describe GitlabSchema.types['Project'] do
context 'when project is private' do context 'when project is private' do
let(:project) { create(:project, :private, :repository) } let(:project) { create(:project, :private, :repository) }
it "returns no configuration" do it 'returns no configuration' do
secure_analyzers_prefix = subject.dig('data', 'project', 'sastCiConfiguration') secure_analyzers_prefix = subject.dig('data', 'project', 'sastCiConfiguration')
expect(secure_analyzers_prefix).to be_nil expect(secure_analyzers_prefix).to be_nil
end end
...@@ -241,7 +241,7 @@ RSpec.describe GitlabSchema.types['Project'] do ...@@ -241,7 +241,7 @@ RSpec.describe GitlabSchema.types['Project'] do
end end
context 'when repository is accessible only by team members' do context 'when repository is accessible only by team members' do
it "returns no configuration" do it 'returns no configuration' do
project.project_feature.update!( project.project_feature.update!(
merge_requests_access_level: ProjectFeature::DISABLED, merge_requests_access_level: ProjectFeature::DISABLED,
builds_access_level: ProjectFeature::DISABLED, builds_access_level: ProjectFeature::DISABLED,
......
...@@ -98,7 +98,7 @@ RSpec.describe Gitlab::Middleware::Go do ...@@ -98,7 +98,7 @@ RSpec.describe Gitlab::Middleware::Go do
end end
end end
context 'without access to the project' do context 'without access to the project', :sidekiq_inline do
before do before do
project.team.find_member(current_user).destroy project.team.find_member(current_user).destroy
end end
......
...@@ -95,7 +95,7 @@ RSpec.describe Gitlab::SlashCommands::IssueMove, service: true do ...@@ -95,7 +95,7 @@ RSpec.describe Gitlab::SlashCommands::IssueMove, service: true do
end end
end end
context 'when the user cannot see the target project' do context 'when the user cannot see the target project', :sidekiq_inline do
it 'returns not found' do it 'returns not found' do
message = "issue move #{issue.iid} #{other_project.full_path}" message = "issue move #{issue.iid} #{other_project.full_path}"
other_project.team.truncate other_project.team.truncate
......
...@@ -7,11 +7,11 @@ RSpec.describe Member do ...@@ -7,11 +7,11 @@ RSpec.describe Member do
using RSpec::Parameterized::TableSyntax using RSpec::Parameterized::TableSyntax
describe "Associations" do describe 'Associations' do
it { is_expected.to belong_to(:user) } it { is_expected.to belong_to(:user) }
end end
describe "Validation" do describe 'Validation' do
subject { described_class.new(access_level: Member::GUEST) } subject { described_class.new(access_level: Member::GUEST) }
it { is_expected.to validate_presence_of(:user) } it { is_expected.to validate_presence_of(:user) }
...@@ -28,7 +28,7 @@ RSpec.describe Member do ...@@ -28,7 +28,7 @@ RSpec.describe Member do
subject { build(:project_member) } subject { build(:project_member) }
end end
context "when an invite email is provided" do context 'when an invite email is provided' do
let_it_be(:project) { create(:project) } let_it_be(:project) { create(:project) }
let(:member) { build(:project_member, source: project, invite_email: "user@example.com", user: nil) } let(:member) { build(:project_member, source: project, invite_email: "user@example.com", user: nil) }
...@@ -37,29 +37,29 @@ RSpec.describe Member do ...@@ -37,29 +37,29 @@ RSpec.describe Member do
expect(member).to be_valid expect(member).to be_valid
end end
it "requires a valid invite email" do it 'requires a valid invite email' do
member.invite_email = "nope" member.invite_email = "nope"
expect(member).not_to be_valid expect(member).not_to be_valid
end end
it "requires a unique invite email scoped to this source" do it 'requires a unique invite email scoped to this source' do
create(:project_member, source: member.source, invite_email: member.invite_email) create(:project_member, source: member.source, invite_email: member.invite_email)
expect(member).not_to be_valid expect(member).not_to be_valid
end end
end end
context "when an invite email is not provided" do context 'when an invite email is not provided' do
let(:member) { build(:project_member) } let(:member) { build(:project_member) }
it "requires a user" do it 'requires a user' do
member.user = nil member.user = nil
expect(member).not_to be_valid expect(member).not_to be_valid
end end
it "is valid otherwise" do it 'is valid otherwise' do
expect(member).to be_valid expect(member).to be_valid
end end
end end
...@@ -107,13 +107,13 @@ RSpec.describe Member do ...@@ -107,13 +107,13 @@ RSpec.describe Member do
end end
end end
context "when a child member inherits its access level" do context 'when a child member inherits its access level' do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:member) { create(:group_member, :developer, user: user) } let(:member) { create(:group_member, :developer, user: user) }
let(:child_group) { create(:group, parent: member.group) } let(:child_group) { create(:group, parent: member.group) }
let(:child_member) { build(:group_member, group: child_group, user: user) } let(:child_member) { build(:group_member, group: child_group, user: user) }
it "requires a higher level" do it 'requires a higher level' do
child_member.access_level = GroupMember::REPORTER child_member.access_level = GroupMember::REPORTER
child_member.validate child_member.validate
...@@ -123,7 +123,7 @@ RSpec.describe Member do ...@@ -123,7 +123,7 @@ RSpec.describe Member do
# Membership in a subgroup confers certain access rights, such as being # Membership in a subgroup confers certain access rights, such as being
# able to merge or push code to protected branches. # able to merge or push code to protected branches.
it "is valid with an equal level" do it 'is valid with an equal level' do
child_member.access_level = GroupMember::DEVELOPER child_member.access_level = GroupMember::DEVELOPER
child_member.validate child_member.validate
...@@ -131,7 +131,7 @@ RSpec.describe Member do ...@@ -131,7 +131,7 @@ RSpec.describe Member do
expect(child_member).to be_valid expect(child_member).to be_valid
end end
it "is valid with a higher level" do it 'is valid with a higher level' do
child_member.access_level = GroupMember::MAINTAINER child_member.access_level = GroupMember::MAINTAINER
child_member.validate child_member.validate
...@@ -538,7 +538,7 @@ RSpec.describe Member do ...@@ -538,7 +538,7 @@ RSpec.describe Member do
end end
end end
describe "Delegate methods" do describe 'Delegate methods' do
it { is_expected.to respond_to(:user_name) } it { is_expected.to respond_to(:user_name) }
it { is_expected.to respond_to(:user_email) } it { is_expected.to respond_to(:user_email) }
end end
...@@ -608,29 +608,29 @@ RSpec.describe Member do ...@@ -608,29 +608,29 @@ RSpec.describe Member do
end end
end end
describe "#accept_invite!" do describe '#accept_invite!' do
let!(:member) { create(:project_member, invite_email: "user@example.com", user: nil) } let!(:member) { create(:project_member, invite_email: "user@example.com", user: nil) }
let(:user) { create(:user) } let(:user) { create(:user) }
it "resets the invite token" do it 'resets the invite token' do
member.accept_invite!(user) member.accept_invite!(user)
expect(member.invite_token).to be_nil expect(member.invite_token).to be_nil
end end
it "sets the invite accepted timestamp" do it 'sets the invite accepted timestamp' do
member.accept_invite!(user) member.accept_invite!(user)
expect(member.invite_accepted_at).not_to be_nil expect(member.invite_accepted_at).not_to be_nil
end end
it "sets the user" do it 'sets the user' do
member.accept_invite!(user) member.accept_invite!(user)
expect(member.user).to eq(user) expect(member.user).to eq(user)
end end
it "calls #after_accept_invite" do it 'calls #after_accept_invite' do
expect(member).to receive(:after_accept_invite) expect(member).to receive(:after_accept_invite)
member.accept_invite!(user) member.accept_invite!(user)
...@@ -657,26 +657,26 @@ RSpec.describe Member do ...@@ -657,26 +657,26 @@ RSpec.describe Member do
end end
end end
describe "#decline_invite!" do describe '#decline_invite!' do
let!(:member) { create(:project_member, invite_email: "user@example.com", user: nil) } let!(:member) { create(:project_member, invite_email: "user@example.com", user: nil) }
it "destroys the member" do it 'destroys the member' do
member.decline_invite! member.decline_invite!
expect(member).to be_destroyed expect(member).to be_destroyed
end end
it "calls #after_decline_invite" do it 'calls #after_decline_invite' do
expect(member).to receive(:after_decline_invite) expect(member).to receive(:after_decline_invite)
member.decline_invite! member.decline_invite!
end end
end end
describe "#generate_invite_token" do describe '#generate_invite_token' do
let!(:member) { create(:project_member, invite_email: "user@example.com", user: nil) } let!(:member) { create(:project_member, invite_email: "user@example.com", user: nil) }
it "sets the invite token" do it 'sets the invite token' do
expect { member.generate_invite_token }.to change { member.invite_token } expect { member.generate_invite_token }.to change { member.invite_token }
end end
end end
...@@ -684,12 +684,12 @@ RSpec.describe Member do ...@@ -684,12 +684,12 @@ RSpec.describe Member do
describe 'generate invite token on create' do describe 'generate invite token on create' do
let!(:member) { build(:project_member, invite_email: "user@example.com") } let!(:member) { build(:project_member, invite_email: "user@example.com") }
it "sets the invite token" do it 'sets the invite token' do
expect { member.save! }.to change { member.invite_token }.to(kind_of(String)) expect { member.save! }.to change { member.invite_token }.to(kind_of(String))
end end
context 'when invite was already accepted' do context 'when invite was already accepted' do
it "does not set invite token" do it 'does not set invite token' do
member.invite_accepted_at = 1.day.ago member.invite_accepted_at = 1.day.ago
expect { member.save! }.not_to change { member.invite_token }.from(nil) expect { member.save! }.not_to change { member.invite_token }.from(nil)
...@@ -744,7 +744,7 @@ RSpec.describe Member do ...@@ -744,7 +744,7 @@ RSpec.describe Member do
end end
end end
describe "#invite_to_unknown_user?" do describe '#invite_to_unknown_user?' do
subject { member.invite_to_unknown_user? } subject { member.invite_to_unknown_user? }
let(:member) { create(:project_member, invite_email: "user@example.com", invite_token: '1234', user: user) } let(:member) { create(:project_member, invite_email: "user@example.com", invite_token: '1234', user: user) }
...@@ -762,7 +762,7 @@ RSpec.describe Member do ...@@ -762,7 +762,7 @@ RSpec.describe Member do
end end
end end
describe "destroying a record", :delete do describe 'destroying a record', :delete, :sidekiq_inline do
it "refreshes user's authorized projects" do it "refreshes user's authorized projects" do
project = create(:project, :private) project = create(:project, :private)
user = create(:user) user = create(:user)
......
...@@ -244,6 +244,25 @@ RSpec.describe ProjectMember do ...@@ -244,6 +244,25 @@ RSpec.describe ProjectMember do
project.add_user(user, Gitlab::Access::GUEST) project.add_user(user, Gitlab::Access::GUEST)
end end
context 'when :member_destroy_async_auth_refresh feature flag is enabled' do
it 'changes access level', :sidekiq_inline do
expect { action }.to change { user.can?(:guest_access, project) }.from(true).to(false)
end
it 'calls AuthorizedProjectUpdate::ProjectRecalculatePerUserWorker to recalculate authorizations' do
expect(AuthorizedProjectUpdate::ProjectRecalculatePerUserWorker).to receive(:perform_async).with(project.id, user.id)
action
end
it_behaves_like 'calls AuthorizedProjectUpdate::UserRefreshFromReplicaWorker with a delay to update project authorizations'
end
context 'when :member_destroy_async_auth_refresh feature flag is disabled' do
before do
stub_feature_flags(member_destroy_async_auth_refresh: false)
end
it 'changes access level' do it 'changes access level' do
expect { action }.to change { user.can?(:guest_access, project) }.from(true).to(false) expect { action }.to change { user.can?(:guest_access, project) }.from(true).to(false)
end end
...@@ -251,6 +270,7 @@ RSpec.describe ProjectMember do ...@@ -251,6 +270,7 @@ RSpec.describe ProjectMember do
it_behaves_like 'calls AuthorizedProjectUpdate::ProjectRecalculatePerUserService to recalculate authorizations' it_behaves_like 'calls AuthorizedProjectUpdate::ProjectRecalculatePerUserService to recalculate authorizations'
it_behaves_like 'calls AuthorizedProjectUpdate::UserRefreshFromReplicaWorker with a delay to update project authorizations' it_behaves_like 'calls AuthorizedProjectUpdate::UserRefreshFromReplicaWorker with a delay to update project authorizations'
end end
end
context 'when the feature flag `specialized_service_for_project_member_auth_refresh` is disabled' do context 'when the feature flag `specialized_service_for_project_member_auth_refresh` is disabled' do
before do before do
...@@ -298,7 +318,7 @@ RSpec.describe ProjectMember do ...@@ -298,7 +318,7 @@ RSpec.describe ProjectMember do
project.add_user(user, Gitlab::Access::GUEST) project.add_user(user, Gitlab::Access::GUEST)
end end
it 'changes access level' do it 'changes access level', :sidekiq_inline do
expect { action }.to change { user.can?(:guest_access, project) }.from(true).to(false) expect { action }.to change { user.can?(:guest_access, project) }.from(true).to(false)
end end
......
...@@ -126,7 +126,7 @@ RSpec.describe User do ...@@ -126,7 +126,7 @@ RSpec.describe User do
it { is_expected.to have_many(:callouts).class_name('UserCallout') } it { is_expected.to have_many(:callouts).class_name('UserCallout') }
it { is_expected.to have_many(:group_callouts).class_name('Users::GroupCallout') } it { is_expected.to have_many(:group_callouts).class_name('Users::GroupCallout') }
describe "#user_detail" do describe '#user_detail' do
it 'does not persist `user_detail` by default' do it 'does not persist `user_detail` by default' do
expect(create(:user).user_detail).not_to be_persisted expect(create(:user).user_detail).not_to be_persisted
end end
...@@ -163,25 +163,25 @@ RSpec.describe User do ...@@ -163,25 +163,25 @@ RSpec.describe User do
end end
end end
describe "#abuse_report" do describe '#abuse_report' do
let(:current_user) { create(:user) } let(:current_user) { create(:user) }
let(:other_user) { create(:user) } let(:other_user) { create(:user) }
it { is_expected.to have_one(:abuse_report) } it { is_expected.to have_one(:abuse_report) }
it "refers to the abuse report whose user_id is the current user" do it 'refers to the abuse report whose user_id is the current user' do
abuse_report = create(:abuse_report, reporter: other_user, user: current_user) abuse_report = create(:abuse_report, reporter: other_user, user: current_user)
expect(current_user.abuse_report).to eq(abuse_report) expect(current_user.abuse_report).to eq(abuse_report)
end end
it "does not refer to the abuse report whose reporter_id is the current user" do it 'does not refer to the abuse report whose reporter_id is the current user' do
create(:abuse_report, reporter: current_user, user: other_user) create(:abuse_report, reporter: current_user, user: other_user)
expect(current_user.abuse_report).to be_nil expect(current_user.abuse_report).to be_nil
end end
it "does not update the user_id of an abuse report when the user is updated" do it 'does not update the user_id of an abuse report when the user is updated' do
abuse_report = create(:abuse_report, reporter: current_user, user: other_user) abuse_report = create(:abuse_report, reporter: current_user, user: other_user)
current_user.block current_user.block
...@@ -719,7 +719,7 @@ RSpec.describe User do ...@@ -719,7 +719,7 @@ RSpec.describe User do
end end
end end
describe "scopes" do describe 'scopes' do
context 'blocked users' do context 'blocked users' do
let_it_be(:active_user) { create(:user) } let_it_be(:active_user) { create(:user) }
let_it_be(:blocked_user) { create(:user, :blocked) } let_it_be(:blocked_user) { create(:user, :blocked) }
...@@ -757,8 +757,8 @@ RSpec.describe User do ...@@ -757,8 +757,8 @@ RSpec.describe User do
end end
end end
describe ".with_two_factor" do describe '.with_two_factor' do
it "returns users with 2fa enabled via OTP" do it 'returns users with 2fa enabled via OTP' do
user_with_2fa = create(:user, :two_factor_via_otp) user_with_2fa = create(:user, :two_factor_via_otp)
user_without_2fa = create(:user) user_without_2fa = create(:user)
users_with_two_factor = described_class.with_two_factor.pluck(:id) users_with_two_factor = described_class.with_two_factor.pluck(:id)
...@@ -767,8 +767,8 @@ RSpec.describe User do ...@@ -767,8 +767,8 @@ RSpec.describe User do
expect(users_with_two_factor).not_to include(user_without_2fa.id) expect(users_with_two_factor).not_to include(user_without_2fa.id)
end end
shared_examples "returns the right users" do |trait| shared_examples 'returns the right users' do |trait|
it "returns users with 2fa enabled via hardware token" do it 'returns users with 2fa enabled via hardware token' do
user_with_2fa = create(:user, trait) user_with_2fa = create(:user, trait)
user_without_2fa = create(:user) user_without_2fa = create(:user)
users_with_two_factor = described_class.with_two_factor.pluck(:id) users_with_two_factor = described_class.with_two_factor.pluck(:id)
...@@ -777,7 +777,7 @@ RSpec.describe User do ...@@ -777,7 +777,7 @@ RSpec.describe User do
expect(users_with_two_factor).not_to include(user_without_2fa.id) expect(users_with_two_factor).not_to include(user_without_2fa.id)
end end
it "returns users with 2fa enabled via OTP and hardware token" do it 'returns users with 2fa enabled via OTP and hardware token' do
user_with_2fa = create(:user, :two_factor_via_otp, trait) user_with_2fa = create(:user, :two_factor_via_otp, trait)
user_without_2fa = create(:user) user_without_2fa = create(:user)
users_with_two_factor = described_class.with_two_factor.pluck(:id) users_with_two_factor = described_class.with_two_factor.pluck(:id)
...@@ -795,17 +795,17 @@ RSpec.describe User do ...@@ -795,17 +795,17 @@ RSpec.describe User do
end end
end end
describe "and U2F" do describe 'and U2F' do
it_behaves_like "returns the right users", :two_factor_via_u2f it_behaves_like "returns the right users", :two_factor_via_u2f
end end
describe "and WebAuthn" do describe 'and WebAuthn' do
it_behaves_like "returns the right users", :two_factor_via_webauthn it_behaves_like "returns the right users", :two_factor_via_webauthn
end end
end end
describe ".without_two_factor" do describe '.without_two_factor' do
it "excludes users with 2fa enabled via OTP" do it 'excludes users with 2fa enabled via OTP' do
user_with_2fa = create(:user, :two_factor_via_otp) user_with_2fa = create(:user, :two_factor_via_otp)
user_without_2fa = create(:user) user_without_2fa = create(:user)
users_without_two_factor = described_class.without_two_factor.pluck(:id) users_without_two_factor = described_class.without_two_factor.pluck(:id)
...@@ -814,8 +814,8 @@ RSpec.describe User do ...@@ -814,8 +814,8 @@ RSpec.describe User do
expect(users_without_two_factor).not_to include(user_with_2fa.id) expect(users_without_two_factor).not_to include(user_with_2fa.id)
end end
describe "and u2f" do describe 'and u2f' do
it "excludes users with 2fa enabled via U2F" do it 'excludes users with 2fa enabled via U2F' do
user_with_2fa = create(:user, :two_factor_via_u2f) user_with_2fa = create(:user, :two_factor_via_u2f)
user_without_2fa = create(:user) user_without_2fa = create(:user)
users_without_two_factor = described_class.without_two_factor.pluck(:id) users_without_two_factor = described_class.without_two_factor.pluck(:id)
...@@ -824,7 +824,7 @@ RSpec.describe User do ...@@ -824,7 +824,7 @@ RSpec.describe User do
expect(users_without_two_factor).not_to include(user_with_2fa.id) expect(users_without_two_factor).not_to include(user_with_2fa.id)
end end
it "excludes users with 2fa enabled via OTP and U2F" do it 'excludes users with 2fa enabled via OTP and U2F' do
user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_u2f) user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_u2f)
user_without_2fa = create(:user) user_without_2fa = create(:user)
users_without_two_factor = described_class.without_two_factor.pluck(:id) users_without_two_factor = described_class.without_two_factor.pluck(:id)
...@@ -834,8 +834,8 @@ RSpec.describe User do ...@@ -834,8 +834,8 @@ RSpec.describe User do
end end
end end
describe "and webauthn" do describe 'and webauthn' do
it "excludes users with 2fa enabled via WebAuthn" do it 'excludes users with 2fa enabled via WebAuthn' do
user_with_2fa = create(:user, :two_factor_via_webauthn) user_with_2fa = create(:user, :two_factor_via_webauthn)
user_without_2fa = create(:user) user_without_2fa = create(:user)
users_without_two_factor = described_class.without_two_factor.pluck(:id) users_without_two_factor = described_class.without_two_factor.pluck(:id)
...@@ -844,7 +844,7 @@ RSpec.describe User do ...@@ -844,7 +844,7 @@ RSpec.describe User do
expect(users_without_two_factor).not_to include(user_with_2fa.id) expect(users_without_two_factor).not_to include(user_with_2fa.id)
end end
it "excludes users with 2fa enabled via OTP and WebAuthn" do it 'excludes users with 2fa enabled via OTP and WebAuthn' do
user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_webauthn) user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_webauthn)
user_without_2fa = create(:user) user_without_2fa = create(:user)
users_without_two_factor = described_class.without_two_factor.pluck(:id) users_without_two_factor = described_class.without_two_factor.pluck(:id)
...@@ -1077,7 +1077,7 @@ RSpec.describe User do ...@@ -1077,7 +1077,7 @@ RSpec.describe User do
end end
end end
describe "Respond to" do describe 'Respond to' do
it { is_expected.to respond_to(:admin?) } it { is_expected.to respond_to(:admin?) }
it { is_expected.to respond_to(:name) } it { is_expected.to respond_to(:name) }
it { is_expected.to respond_to(:external?) } it { is_expected.to respond_to(:external?) }
...@@ -1099,7 +1099,7 @@ RSpec.describe User do ...@@ -1099,7 +1099,7 @@ RSpec.describe User do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:external_user) { create(:user, external: true) } let(:external_user) { create(:user, external: true) }
it "sets other properties as well" do it 'sets other properties as well' do
expect(external_user.can_create_team).to be_falsey expect(external_user.can_create_team).to be_falsey
expect(external_user.can_create_group).to be_falsey expect(external_user.can_create_group).to be_falsey
expect(external_user.projects_limit).to be 0 expect(external_user.projects_limit).to be 0
...@@ -1518,7 +1518,7 @@ RSpec.describe User do ...@@ -1518,7 +1518,7 @@ RSpec.describe User do
end end
describe '#generate_password' do describe '#generate_password' do
it "does not generate password by default" do it 'does not generate password by default' do
user = create(:user, password: 'abcdefghe') user = create(:user, password: 'abcdefghe')
expect(user.password).to eq('abcdefghe') expect(user.password).to eq('abcdefghe')
...@@ -1886,14 +1886,14 @@ RSpec.describe User do ...@@ -1886,14 +1886,14 @@ RSpec.describe User do
describe 'deactivating a user' do describe 'deactivating a user' do
let(:user) { create(:user, name: 'John Smith') } let(:user) { create(:user, name: 'John Smith') }
context "an active user" do context 'an active user' do
it "can be deactivated" do it 'can be deactivated' do
user.deactivate user.deactivate
expect(user.deactivated?).to be_truthy expect(user.deactivated?).to be_truthy
end end
context "when user deactivation emails are disabled" do context 'when user deactivation emails are disabled' do
before do before do
stub_application_setting(user_deactivation_emails_enabled: false) stub_application_setting(user_deactivation_emails_enabled: false)
end end
...@@ -1904,7 +1904,7 @@ RSpec.describe User do ...@@ -1904,7 +1904,7 @@ RSpec.describe User do
end end
end end
context "when user deactivation emails are enabled" do context 'when user deactivation emails are enabled' do
it 'sends deactivated user an email' do it 'sends deactivated user an email' do
expect_next_instance_of(NotificationService) do |notification| expect_next_instance_of(NotificationService) do |notification|
allow(notification).to receive(:user_deactivated).with(user.name, user.notification_email_or_default) allow(notification).to receive(:user_deactivated).with(user.name, user.notification_email_or_default)
...@@ -1915,12 +1915,12 @@ RSpec.describe User do ...@@ -1915,12 +1915,12 @@ RSpec.describe User do
end end
end end
context "a user who is blocked" do context 'a user who is blocked' do
before do before do
user.block user.block
end end
it "cannot be deactivated" do it 'cannot be deactivated' do
user.deactivate user.deactivate
expect(user.reload.deactivated?).to be_falsy expect(user.reload.deactivated?).to be_falsy
...@@ -2087,7 +2087,7 @@ RSpec.describe User do ...@@ -2087,7 +2087,7 @@ RSpec.describe User do
describe 'with defaults' do describe 'with defaults' do
let(:user) { described_class.new } let(:user) { described_class.new }
it "applies defaults to user" do it 'applies defaults to user' do
expect(user.projects_limit).to eq(Gitlab.config.gitlab.default_projects_limit) expect(user.projects_limit).to eq(Gitlab.config.gitlab.default_projects_limit)
expect(user.can_create_group).to eq(Gitlab.config.gitlab.default_can_create_group) expect(user.can_create_group).to eq(Gitlab.config.gitlab.default_can_create_group)
expect(user.theme_id).to eq(Gitlab.config.gitlab.default_theme) expect(user.theme_id).to eq(Gitlab.config.gitlab.default_theme)
...@@ -2099,7 +2099,7 @@ RSpec.describe User do ...@@ -2099,7 +2099,7 @@ RSpec.describe User do
describe 'with default overrides' do describe 'with default overrides' do
let(:user) { described_class.new(projects_limit: 123, can_create_group: false, can_create_team: true) } let(:user) { described_class.new(projects_limit: 123, can_create_group: false, can_create_team: true) }
it "applies defaults to user" do it 'applies defaults to user' do
expect(user.projects_limit).to eq(123) expect(user.projects_limit).to eq(123)
expect(user.can_create_group).to be_falsey expect(user.can_create_group).to be_falsey
expect(user.theme_id).to eq(1) expect(user.theme_id).to eq(1)
...@@ -2118,7 +2118,7 @@ RSpec.describe User do ...@@ -2118,7 +2118,7 @@ RSpec.describe User do
stub_application_setting(user_default_external: true) stub_application_setting(user_default_external: true)
end end
it "creates external user by default" do it 'creates external user by default' do
user = create(:user) user = create(:user)
expect(user.external).to be_truthy expect(user.external).to be_truthy
...@@ -2127,7 +2127,7 @@ RSpec.describe User do ...@@ -2127,7 +2127,7 @@ RSpec.describe User do
end end
describe 'with default overrides' do describe 'with default overrides' do
it "creates a non-external user" do it 'creates a non-external user' do
user = create(:user, external: false) user = create(:user, external: false)
expect(user.external).to be_falsey expect(user.external).to be_falsey
...@@ -2143,7 +2143,7 @@ RSpec.describe User do ...@@ -2143,7 +2143,7 @@ RSpec.describe User do
} }
protocol_and_expectation.each do |protocol, expected| protocol_and_expectation.each do |protocol, expected|
it "has correct require_ssh_key?" do it 'has correct require_ssh_key?' do
stub_application_setting(enabled_git_access_protocol: protocol) stub_application_setting(enabled_git_access_protocol: protocol)
user = build(:user) user = build(:user)
...@@ -2627,7 +2627,7 @@ RSpec.describe User do ...@@ -2627,7 +2627,7 @@ RSpec.describe User do
describe 'all_ssh_keys' do describe 'all_ssh_keys' do
it { is_expected.to have_many(:keys).dependent(:destroy) } it { is_expected.to have_many(:keys).dependent(:destroy) }
it "has all ssh keys" do it 'has all ssh keys' do
user = create :user user = create :user
key = create :key, key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD33bWLBxu48Sev9Fert1yzEO4WGcWglWF7K/AwblIUFselOt/QdOL9DSjpQGxLagO1s9wl53STIO8qGS4Ms0EJZyIXOEFMjFJ5xmjSy+S37By4sG7SsltQEHMxtbtFOaW5LV2wCrX+rUsRNqLMamZjgjcPO0/EgGCXIGMAYW4O7cwGZdXWYIhQ1Vwy+CsVMDdPkPgBXqK7nR/ey8KMs8ho5fMNgB5hBw/AL9fNGhRw3QTD6Q12Nkhl4VZES2EsZqlpNnJttnPdp847DUsT6yuLRlfiQfz5Cn9ysHFdXObMN5VYIiPFwHeYCZp1X2S4fDZooRE8uOLTfxWHPXwrhqSH", user_id: user.id key = create :key, key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD33bWLBxu48Sev9Fert1yzEO4WGcWglWF7K/AwblIUFselOt/QdOL9DSjpQGxLagO1s9wl53STIO8qGS4Ms0EJZyIXOEFMjFJ5xmjSy+S37By4sG7SsltQEHMxtbtFOaW5LV2wCrX+rUsRNqLMamZjgjcPO0/EgGCXIGMAYW4O7cwGZdXWYIhQ1Vwy+CsVMDdPkPgBXqK7nR/ey8KMs8ho5fMNgB5hBw/AL9fNGhRw3QTD6Q12Nkhl4VZES2EsZqlpNnJttnPdp847DUsT6yuLRlfiQfz5Cn9ysHFdXObMN5VYIiPFwHeYCZp1X2S4fDZooRE8uOLTfxWHPXwrhqSH", user_id: user.id
...@@ -2663,10 +2663,10 @@ RSpec.describe User do ...@@ -2663,10 +2663,10 @@ RSpec.describe User do
end end
end end
describe "#clear_avatar_caches" do describe '#clear_avatar_caches' do
let(:user) { create(:user) } let(:user) { create(:user) }
it "clears the avatar cache when saving" do it 'clears the avatar cache when saving' do
allow(user).to receive(:avatar_changed?).and_return(true) allow(user).to receive(:avatar_changed?).and_return(true)
expect(Gitlab::AvatarCache).to receive(:delete_by_email).with(*user.verified_emails) expect(Gitlab::AvatarCache).to receive(:delete_by_email).with(*user.verified_emails)
...@@ -3192,7 +3192,7 @@ RSpec.describe User do ...@@ -3192,7 +3192,7 @@ RSpec.describe User do
end end
end end
describe "#last_active_at" do describe '#last_active_at' do
let(:last_activity_on) { 5.days.ago.to_date } let(:last_activity_on) { 5.days.ago.to_date }
let(:current_sign_in_at) { 8.days.ago } let(:current_sign_in_at) { 8.days.ago }
...@@ -3230,7 +3230,7 @@ RSpec.describe User do ...@@ -3230,7 +3230,7 @@ RSpec.describe User do
end end
end end
describe "#can_be_deactivated?" do describe '#can_be_deactivated?' do
let(:activity) { {} } let(:activity) { {} }
let(:user) { create(:user, name: 'John Smith', **activity) } let(:user) { create(:user, name: 'John Smith', **activity) }
let(:day_within_minium_inactive_days_threshold) { User::MINIMUM_INACTIVE_DAYS.pred.days.ago } let(:day_within_minium_inactive_days_threshold) { User::MINIMUM_INACTIVE_DAYS.pred.days.ago }
...@@ -3248,7 +3248,7 @@ RSpec.describe User do ...@@ -3248,7 +3248,7 @@ RSpec.describe User do
end end
end end
context "a user who is not active" do context 'a user who is not active' do
before do before do
user.block user.block
end end
...@@ -3289,7 +3289,7 @@ RSpec.describe User do ...@@ -3289,7 +3289,7 @@ RSpec.describe User do
end end
end end
describe "#contributed_projects" do describe '#contributed_projects' do
subject { create(:user) } subject { create(:user) }
let!(:project1) { create(:project) } let!(:project1) { create(:project) }
...@@ -3304,11 +3304,11 @@ RSpec.describe User do ...@@ -3304,11 +3304,11 @@ RSpec.describe User do
project2.add_maintainer(subject) project2.add_maintainer(subject)
end end
it "includes IDs for projects the user has pushed to" do it 'includes IDs for projects the user has pushed to' do
expect(subject.contributed_projects).to include(project1) expect(subject.contributed_projects).to include(project1)
end end
it "includes IDs for projects the user has had merge requests merged into" do it 'includes IDs for projects the user has had merge requests merged into' do
expect(subject.contributed_projects).to include(project3) expect(subject.contributed_projects).to include(project3)
end end
...@@ -3402,7 +3402,7 @@ RSpec.describe User do ...@@ -3402,7 +3402,7 @@ RSpec.describe User do
end end
end end
describe "#recent_push" do describe '#recent_push' do
let(:user) { build(:user) } let(:user) { build(:user) }
let(:project) { build(:project) } let(:project) { build(:project) }
let(:event) { build(:push_event) } let(:event) { build(:push_event) }
...@@ -3566,7 +3566,7 @@ RSpec.describe User do ...@@ -3566,7 +3566,7 @@ RSpec.describe User do
expect(user.authorized_projects).to include(project) expect(user.authorized_projects).to include(project)
end end
it "includes personal projects user has been given access to" do it 'includes personal projects user has been given access to' do
user1 = create(:user) user1 = create(:user)
user2 = create(:user) user2 = create(:user)
project = create(:project, :private, namespace: user1.namespace) project = create(:project, :private, namespace: user1.namespace)
...@@ -3576,7 +3576,7 @@ RSpec.describe User do ...@@ -3576,7 +3576,7 @@ RSpec.describe User do
expect(user2.authorized_projects).to include(project) expect(user2.authorized_projects).to include(project)
end end
it "includes projects of groups user has been added to" do it 'includes projects of groups user has been added to' do
group = create(:group) group = create(:group)
project = create(:project, group: group) project = create(:project, group: group)
user = create(:user) user = create(:user)
...@@ -3586,7 +3586,7 @@ RSpec.describe User do ...@@ -3586,7 +3586,7 @@ RSpec.describe User do
expect(user.authorized_projects).to include(project) expect(user.authorized_projects).to include(project)
end end
it "does not include projects of groups user has been removed from" do it 'does not include projects of groups user has been removed from', :sidekiq_inline do
group = create(:group) group = create(:group)
project = create(:project, group: group) project = create(:project, group: group)
user = create(:user) user = create(:user)
...@@ -3611,7 +3611,7 @@ RSpec.describe User do ...@@ -3611,7 +3611,7 @@ RSpec.describe User do
expect(user.authorized_projects).to include(project) expect(user.authorized_projects).to include(project)
end end
it "does not include destroyed projects user had access to" do it 'does not include destroyed projects user had access to' do
user1 = create(:user) user1 = create(:user)
user2 = create(:user) user2 = create(:user)
project = create(:project, :private, namespace: user1.namespace) project = create(:project, :private, namespace: user1.namespace)
...@@ -3625,7 +3625,7 @@ RSpec.describe User do ...@@ -3625,7 +3625,7 @@ RSpec.describe User do
expect(user2.authorized_projects).not_to include(project) expect(user2.authorized_projects).not_to include(project)
end end
it "does not include projects of destroyed groups user had access to" do it 'does not include projects of destroyed groups user had access to' do
group = create(:group) group = create(:group)
project = create(:project, namespace: group) project = create(:project, namespace: group)
user = create(:user) user = create(:user)
...@@ -4178,7 +4178,7 @@ RSpec.describe User do ...@@ -4178,7 +4178,7 @@ RSpec.describe User do
expect(user.admin).to be true expect(user.admin).to be true
end end
it "accepts string values in addition to symbols" do it 'accepts string values in addition to symbols' do
user.access_level = 'admin' user.access_level = 'admin'
expect(user.access_level).to eq(:admin) expect(user.access_level).to eq(:admin)
...@@ -4259,7 +4259,7 @@ RSpec.describe User do ...@@ -4259,7 +4259,7 @@ RSpec.describe User do
expect(ghost.user_type).to eq 'ghost' expect(ghost.user_type).to eq 'ghost'
end end
it "does not create a second ghost user if one is already present" do it 'does not create a second ghost user if one is already present' do
expect do expect do
described_class.ghost described_class.ghost
described_class.ghost described_class.ghost
...@@ -4268,7 +4268,7 @@ RSpec.describe User do ...@@ -4268,7 +4268,7 @@ RSpec.describe User do
end end
context "when a regular user exists with the username 'ghost'" do context "when a regular user exists with the username 'ghost'" do
it "creates a ghost user with a non-conflicting username" do it 'creates a ghost user with a non-conflicting username' do
create(:user, username: 'ghost') create(:user, username: 'ghost')
ghost = described_class.ghost ghost = described_class.ghost
...@@ -4278,7 +4278,7 @@ RSpec.describe User do ...@@ -4278,7 +4278,7 @@ RSpec.describe User do
end end
context "when a regular user exists with the email 'ghost@example.com'" do context "when a regular user exists with the email 'ghost@example.com'" do
it "creates a ghost user with a non-conflicting email" do it 'creates a ghost user with a non-conflicting email' do
create(:user, email: 'ghost@example.com') create(:user, email: 'ghost@example.com')
ghost = described_class.ghost ghost = described_class.ghost
...@@ -4758,7 +4758,7 @@ RSpec.describe User do ...@@ -4758,7 +4758,7 @@ RSpec.describe User do
it { is_expected.to be true } it { is_expected.to be true }
end end
context 'when email and username aren\'t changed' do context "when email and username aren't changed" do
before do before do
user.name = 'new_name' user.name = 'new_name'
end end
...@@ -5069,26 +5069,26 @@ RSpec.describe User do ...@@ -5069,26 +5069,26 @@ RSpec.describe User do
subject { user.required_terms_not_accepted? } subject { user.required_terms_not_accepted? }
context "when terms are not enforced" do context 'when terms are not enforced' do
it { is_expected.to be_falsey } it { is_expected.to be_falsey }
end end
context "when terms are enforced" do context 'when terms are enforced' do
before do before do
enforce_terms enforce_terms
end end
it "is not accepted by the user" do it 'is not accepted by the user' do
expect(subject).to be_truthy expect(subject).to be_truthy
end end
it "is accepted by the user" do it 'is accepted by the user' do
accept_terms(user) accept_terms(user)
expect(subject).to be_falsey expect(subject).to be_falsey
end end
it "auto accepts the term for project bots" do it 'auto accepts the term for project bots' do
expect(project_bot.required_terms_not_accepted?).to be_falsey expect(project_bot.required_terms_not_accepted?).to be_falsey
end end
end end
......
...@@ -38,7 +38,7 @@ RSpec.describe API::PackageFiles do ...@@ -38,7 +38,7 @@ RSpec.describe API::PackageFiles do
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
it 'returns 404 for a user without access to the project' do it 'returns 404 for a user without access to the project', :sidekiq_inline do
project.team.truncate project.team.truncate
get api(url, user) get api(url, user)
......
...@@ -275,7 +275,7 @@ RSpec.describe MergeRequestPollCachedWidgetEntity do ...@@ -275,7 +275,7 @@ RSpec.describe MergeRequestPollCachedWidgetEntity do
expect(subject[:merge_pipeline]).to be_nil expect(subject[:merge_pipeline]).to be_nil
end end
context 'when is merged' do context 'when is merged', :sidekiq_inline do
let(:resource) { create(:merged_merge_request, source_project: project, merge_commit_sha: project.commit.id) } let(:resource) { create(:merged_merge_request, source_project: project, merge_commit_sha: project.commit.id) }
let(:pipeline) { create(:ci_empty_pipeline, project: project, ref: resource.target_branch, sha: resource.merge_commit_sha) } let(:pipeline) { create(:ci_empty_pipeline, project: project, ref: resource.target_branch, sha: resource.merge_commit_sha) }
......
...@@ -17,7 +17,7 @@ RSpec.describe MergeRequests::AssignIssuesService do ...@@ -17,7 +17,7 @@ RSpec.describe MergeRequests::AssignIssuesService do
expect(service.assignable_issues.map(&:id)).to include(issue.id) expect(service.assignable_issues.map(&:id)).to include(issue.id)
end end
it 'ignores issues the user cannot update assignee on' do it 'ignores issues the user cannot update assignee on', :sidekiq_inline do
project.team.truncate project.team.truncate
expect(service.assignable_issues).to be_empty expect(service.assignable_issues).to be_empty
......
...@@ -440,7 +440,7 @@ RSpec.describe MergeRequests::BuildService do ...@@ -440,7 +440,7 @@ RSpec.describe MergeRequests::BuildService do
expect(merge_request.title).to eq('Closes #1234 Second commit') expect(merge_request.title).to eq('Closes #1234 Second commit')
end end
it 'adds the remaining lines of the first multi-line commit message as the description' do it 'adds the remaining lines of the first multi-line commit message as the description', :sidekiq_inline do
expect(merge_request.description).to eq('Create the app') expect(merge_request.description).to eq('Create the app')
end end
end end
......
...@@ -701,7 +701,7 @@ RSpec.describe MergeRequests::PushOptionsHandlerService do ...@@ -701,7 +701,7 @@ RSpec.describe MergeRequests::PushOptionsHandlerService do
let(:push_options) { { create: true } } let(:push_options) { { create: true } }
let(:changes) { new_branch_changes } let(:changes) { new_branch_changes }
it 'records an error' do it 'records an error', :sidekiq_inline do
Members::DestroyService.new(user1).execute(ProjectMember.find_by!(user_id: user1.id)) Members::DestroyService.new(user1).execute(ProjectMember.find_by!(user_id: user1.id))
service.execute service.execute
......
...@@ -47,7 +47,7 @@ RSpec.describe Notes::QuickActionsService do ...@@ -47,7 +47,7 @@ RSpec.describe Notes::QuickActionsService do
let(:note_text) { "/relate #{other_issue.to_reference}" } let(:note_text) { "/relate #{other_issue.to_reference}" }
let(:note) { create(:note_on_issue, noteable: issue, project: project, note: note_text) } let(:note) { create(:note_on_issue, noteable: issue, project: project, note: note_text) }
context 'user cannot relate issues' do context 'user cannot relate issues', :sidekiq_inline do
before do before do
project.team.find_member(maintainer.id).destroy! project.team.find_member(maintainer.id).destroy!
project.update!(visibility: Gitlab::VisibilityLevel::PUBLIC) project.update!(visibility: Gitlab::VisibilityLevel::PUBLIC)
......
...@@ -3155,7 +3155,7 @@ RSpec.describe NotificationService, :mailer do ...@@ -3155,7 +3155,7 @@ RSpec.describe NotificationService, :mailer do
notification.pipeline_finished(pipeline) notification.pipeline_finished(pipeline)
end end
it 'does not send emails' do it 'does not send emails', :sidekiq_inline do
should_not_email_anyone should_not_email_anyone
end end
end end
......
...@@ -26,7 +26,7 @@ RSpec.describe Projects::MoveAccessService do ...@@ -26,7 +26,7 @@ RSpec.describe Projects::MoveAccessService do
describe '#execute' do describe '#execute' do
shared_examples 'move the accesses' do shared_examples 'move the accesses' do
it do it 'moves the accesses', :sidekiq_inline do
expect(project_with_access.project_members.count).to eq 4 expect(project_with_access.project_members.count).to eq 4
expect(project_with_access.project_group_links.count).to eq 3 expect(project_with_access.project_group_links.count).to eq 3
expect(project_with_access.authorized_users.count).to eq 4 expect(project_with_access.authorized_users.count).to eq 4
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe AuthorizedProjectUpdate::ProjectRecalculatePerUserWorker do
include ExclusiveLeaseHelpers
let_it_be(:project) { create(:project) }
let_it_be(:user) { create(:user) }
subject(:worker) { described_class.new }
include_examples 'an idempotent worker' do
let(:job_args) { [project.id, user.id] }
it 'does not change authorizations when run twice' do
project.add_developer(user)
user.project_authorizations.delete_all
expect { worker.perform(project.id, user.id) }.to change { project.project_authorizations.reload.size }.by(1)
expect { worker.perform(project.id, user.id) }.not_to change { project.project_authorizations.reload.size }
end
end
describe '#perform' do
it 'does not fail if the project does not exist' do
expect do
worker.perform(non_existing_record_id, user.id)
end.not_to raise_error
end
it 'does not fail if the user does not exist' do
expect do
worker.perform(project.id, non_existing_record_id)
end.not_to raise_error
end
it 'calls AuthorizedProjectUpdate::ProjectRecalculatePerUserService' do
expect_next_instance_of(AuthorizedProjectUpdate::ProjectRecalculatePerUserService, project, user) do |service|
expect(service).to receive(:execute)
end
worker.perform(project.id, user.id)
end
context 'exclusive lease' do
let(:lock_key) { "#{described_class.superclass.name.underscore}/projects/#{project.id}" }
let(:timeout) { 10.seconds }
context 'when exclusive lease has not been taken' do
it 'obtains a new exclusive lease' do
expect_to_obtain_exclusive_lease(lock_key, timeout: timeout)
worker.perform(project.id, user.id)
end
end
context 'when exclusive lease has already been taken' do
before do
stub_exclusive_lease_taken(lock_key, timeout: timeout)
end
it 'raises an error' do
expect { worker.perform(project.id, user.id) }.to raise_error(Gitlab::ExclusiveLeaseHelpers::FailedToObtainLockError)
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment