Adds validators and rack cookie helper

These changes are backported from EE, related to SAML settings in
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4549

app/validators/certificate_fingerprint_validator.rb

+class CertificateFingerprintValidator < ActiveModel::EachValidator
+  FINGERPRINT_PATTERN = /\A([a-zA-Z0-9]{2}[\s\-:]?){16,}\z/.freeze
+
+  def validate_each(record, attribute, value)
+    unless value.try(:match, FINGERPRINT_PATTERN)
+      record.errors.add(attribute, "must be a hash containing only letters, numbers, spaces, : and -")
+    end
+  end
+end

app/validators/top_level_group_validator.rb

+class TopLevelGroupValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    if value&.subgroup?
+      record.errors.add(attribute, "must be a top level Group")
+    end
+  end
+end

spec/support/cookie_helper.rb

@@ -2,12 +2,25 @@
 #
 module CookieHelper
   def set_cookie(name, value, options = {})
+    case page.driver
+    when Capybara::RackTest::Driver
+      rack_set_cookie(name, value)
+    else
+      selenium_set_cookie(name, value, options)
+    end
+  end
+
+  def selenium_set_cookie(name, value, options = {})
     # Selenium driver will not set cookies for a given domain when the browser is at `about:blank`.
     # It also doesn't appear to allow overriding the cookie path. loading `/` is the most inclusive.
     visit options.fetch(:path, '/') unless on_a_page?
     page.driver.browser.manage.add_cookie(name: name, value: value, **options)
   end
 
+  def rack_set_cookie(name, value)
+    page.driver.browser.set_cookie("#{name}=#{value}")
+  end
+
   def get_cookie(name)
     page.driver.browser.manage.cookie_named(name)
   end

spec/support/login_helpers.rb

@@ -140,6 +140,10 @@ module LoginHelpers
     end
     allow(Gitlab::Auth::OAuth::Provider).to receive_messages(providers: [:saml], config_for: mock_saml_config)
     stub_omniauth_setting(messages)
+    stub_saml_authorize_path_helpers
+  end
+
+  def stub_saml_authorize_path_helpers
     allow_any_instance_of(Object).to receive(:user_saml_omniauth_authorize_path).and_return('/users/auth/saml')
     allow_any_instance_of(Object).to receive(:omniauth_authorize_path).with(:user, "saml").and_return('/users/auth/saml')
   end