...@@ -303,6 +303,20 @@ describe User, :do_not_mock_admin_mode do ...@@ -303,6 +303,20 @@ describe User, :do_not_mock_admin_mode do
end end
end end
context 'bad regex' do
before do
allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['([a-zA-Z0-9]+)+\.com'])
end
it 'does not hang on evil input' do
user = build(:user, email: 'user@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!.com')
expect do
Timeout.timeout(2.seconds) { user.valid? }
end.not_to raise_error
end
end
context 'when a signup domain is whitelisted and subdomains are allowed' do context 'when a signup domain is whitelisted and subdomains are allowed' do
before do before do
allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['example.com', '*.example.com']) allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['example.com', '*.example.com'])
...@@ -356,6 +370,20 @@ describe User, :do_not_mock_admin_mode do ...@@ -356,6 +370,20 @@ describe User, :do_not_mock_admin_mode do
allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist).and_return(['example.com']) allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist).and_return(['example.com'])
end end
context 'bad regex' do
before do
allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist).and_return(['([a-zA-Z0-9]+)+\.com'])
end
it 'does not hang on evil input' do
user = build(:user, email: 'user@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!.com')
expect do
Timeout.timeout(2.seconds) { user.valid? }
end.not_to raise_error
end
end
context 'when a signup domain is blacklisted' do context 'when a signup domain is blacklisted' do
it 'accepts info@test.com' do it 'accepts info@test.com' do
user = build(:user, email: 'info@test.com') user = build(:user, email: 'info@test.com')
... ...
......
...@@ -3,12 +3,12 @@ ...@@ -3,12 +3,12 @@
require 'spec_helper' require 'spec_helper'
describe API::AccessRequests do describe API::AccessRequests do
set(:maintainer) { create(:user) } let_it_be(:maintainer) { create(:user) }
set(:developer) { create(:user) } let_it_be(:developer) { create(:user) }
set(:access_requester) { create(:user) } let_it_be(:access_requester) { create(:user) }
set(:stranger) { create(:user) } let_it_be(:stranger) { create(:user) }
set(:project) do let_it_be(:project) do
create(:project, :public, creator_id: maintainer.id, namespace: maintainer.namespace) do |project| create(:project, :public, creator_id: maintainer.id, namespace: maintainer.namespace) do |project|
project.add_developer(developer) project.add_developer(developer)
project.add_maintainer(maintainer) project.add_maintainer(maintainer)
...@@ -16,7 +16,7 @@ describe API::AccessRequests do ...@@ -16,7 +16,7 @@ describe API::AccessRequests do
end end
end end
set(:group) do let_it_be(:group) do
create(:group, :public) do |group| create(:group, :public) do |group|
group.add_developer(developer) group.add_developer(developer)
group.add_owner(maintainer) group.add_owner(maintainer)
... ...
......
...@@ -3,15 +3,14 @@ ...@@ -3,15 +3,14 @@
require 'spec_helper' require 'spec_helper'
describe API::AwardEmoji do describe API::AwardEmoji do
set(:user) { create(:user) } let_it_be(:user) { create(:user) }
set(:project) { create(:project) } let_it_be(:project) { create(:project) }
set(:issue) { create(:issue, project: project) } let_it_be(:issue) { create(:issue, project: project) }
set(:award_emoji) { create(:award_emoji, awardable: issue, user: user) } let_it_be(:award_emoji) { create(:award_emoji, awardable: issue, user: user) }
let_it_be(:note) { create(:note, project: project, noteable: issue) }
let!(:merge_request) { create(:merge_request, source_project: project, target_project: project) } let!(:merge_request) { create(:merge_request, source_project: project, target_project: project) }
let!(:downvote) { create(:award_emoji, :downvote, awardable: merge_request, user: user) } let!(:downvote) { create(:award_emoji, :downvote, awardable: merge_request, user: user) }
set(:note) { create(:note, project: project, noteable: issue) }
before do before do
project.add_maintainer(user) project.add_maintainer(user)
end end
... ...
......
...@@ -3,35 +3,35 @@ ...@@ -3,35 +3,35 @@
require 'spec_helper' require 'spec_helper'
describe API::Boards do describe API::Boards do
set(:user) { create(:user) } let_it_be(:user) { create(:user) }
set(:non_member) { create(:user) } let_it_be(:non_member) { create(:user) }
set(:guest) { create(:user) } let_it_be(:guest) { create(:user) }
set(:admin) { create(:user, :admin) } let_it_be(:admin) { create(:user, :admin) }
set(:board_parent) { create(:project, :public, creator_id: user.id, namespace: user.namespace ) } let_it_be(:board_parent, reload: true) { create(:project, :public, creator_id: user.id, namespace: user.namespace ) }
set(:dev_label) do let_it_be(:dev_label) do
create(:label, title: 'Development', color: '#FFAABB', project: board_parent) create(:label, title: 'Development', color: '#FFAABB', project: board_parent)
end end
set(:test_label) do let_it_be(:test_label) do
create(:label, title: 'Testing', color: '#FFAACC', project: board_parent) create(:label, title: 'Testing', color: '#FFAACC', project: board_parent)
end end
set(:ux_label) do let_it_be(:ux_label) do
create(:label, title: 'UX', color: '#FF0000', project: board_parent) create(:label, title: 'UX', color: '#FF0000', project: board_parent)
end end
set(:dev_list) do let_it_be(:dev_list) do
create(:list, label: dev_label, position: 1) create(:list, label: dev_label, position: 1)
end end
set(:test_list) do let_it_be(:test_list) do
create(:list, label: test_label, position: 2) create(:list, label: test_label, position: 2)
end end
set(:milestone) { create(:milestone, project: board_parent) } let_it_be(:milestone) { create(:milestone, project: board_parent) }
set(:board_label) { create(:label, project: board_parent) } let_it_be(:board_label) { create(:label, project: board_parent) }
set(:board) { create(:board, project: board_parent, lists: [dev_list, test_list]) } let_it_be(:board) { create(:board, project: board_parent, lists: [dev_list, test_list]) }
it_behaves_like 'group and project boards', "/projects/:id/boards" it_behaves_like 'group and project boards', "/projects/:id/boards"
...@@ -66,11 +66,11 @@ describe API::Boards do ...@@ -66,11 +66,11 @@ describe API::Boards do
end end
describe "POST /groups/:id/boards/lists" do describe "POST /groups/:id/boards/lists" do
set(:group) { create(:group) } let_it_be(:group) { create(:group) }
set(:board_parent) { create(:group, parent: group ) } let_it_be(:board_parent) { create(:group, parent: group ) }
let(:url) { "/groups/#{board_parent.id}/boards/#{board.id}/lists" } let(:url) { "/groups/#{board_parent.id}/boards/#{board.id}/lists" }
set(:board) { create(:board, group: board_parent) } let_it_be(:board) { create(:board, group: board_parent) }
it 'creates a new board list for ancestor group labels' do it 'creates a new board list for ancestor group labels' do
group.add_developer(user) group.add_developer(user)
... ...
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
require 'spec_helper' require 'spec_helper'
describe API::Branches do describe API::Branches do
set(:user) { create(:user) } let_it_be(:user) { create(:user) }
let(:project) { create(:project, :repository, creator: user, path: 'my.project') } let(:project) { create(:project, :repository, creator: user, path: 'my.project') }
let(:guest) { create(:user).tap { |u| project.add_guest(u) } } let(:guest) { create(:user).tap { |u| project.add_guest(u) } }
let(:branch_name) { 'feature' } let(:branch_name) { 'feature' }
... ...
......
...@@ -3,9 +3,9 @@ ...@@ -3,9 +3,9 @@
require 'spec_helper' require 'spec_helper'
describe API::BroadcastMessages do describe API::BroadcastMessages do
set(:user) { create(:user) } let_it_be(:user) { create(:user) }
set(:admin) { create(:admin) } let_it_be(:admin) { create(:admin) }
set(:message) { create(:broadcast_message) } let_it_be(:message) { create(:broadcast_message) }
describe 'GET /broadcast_messages' do describe 'GET /broadcast_messages' do
it 'returns an Array of BroadcastMessages' do it 'returns an Array of BroadcastMessages' do
... ...
......
...@@ -3,8 +3,8 @@ ...@@ -3,8 +3,8 @@
require 'spec_helper' require 'spec_helper'
describe API::Features do describe API::Features do
set(:user) { create(:user) } let_it_be(:user) { create(:user) }
set(:admin) { create(:admin) } let_it_be(:admin) { create(:admin) }
before do before do
Flipper.unregister_groups Flipper.unregister_groups
... ...
......
...@@ -16,7 +16,7 @@ describe 'getting project information' do ...@@ -16,7 +16,7 @@ describe 'getting project information' do
end end
context 'when there is a current_user' do context 'when there is a current_user' do
set(:current_user) { create(:user) } let_it_be(:current_user) { create(:user) }
it_behaves_like 'a working graphql query' it_behaves_like 'a working graphql query'
... ...
......
...@@ -5,7 +5,7 @@ require 'spec_helper' ...@@ -5,7 +5,7 @@ require 'spec_helper'
describe 'GitlabSchema configurations' do describe 'GitlabSchema configurations' do
include GraphqlHelpers include GraphqlHelpers
set(:project) { create(:project) } let_it_be(:project) { create(:project) }
shared_examples 'imposing query limits' do shared_examples 'imposing query limits' do
describe 'timeouts' do describe 'timeouts' do
... ...
......
...@@ -5,9 +5,9 @@ require 'spec_helper' ...@@ -5,9 +5,9 @@ require 'spec_helper'
describe 'Adding an AwardEmoji' do describe 'Adding an AwardEmoji' do
include GraphqlHelpers include GraphqlHelpers
set(:current_user) { create(:user) } let_it_be(:current_user) { create(:user) }
set(:project) { create(:project) } let_it_be(:project) { create(:project) }
set(:awardable) { create(:note, project: project) } let_it_be(:awardable) { create(:note, project: project) }
let(:emoji_name) { 'thumbsup' } let(:emoji_name) { 'thumbsup' }
let(:mutation) do let(:mutation) do
variables = { variables = {
... ...
......
...@@ -5,9 +5,9 @@ require 'spec_helper' ...@@ -5,9 +5,9 @@ require 'spec_helper'
describe 'Toggling an AwardEmoji' do describe 'Toggling an AwardEmoji' do
include GraphqlHelpers include GraphqlHelpers
set(:current_user) { create(:user) } let_it_be(:current_user) { create(:user) }
set(:project) { create(:project) } let_it_be(:project, reload: true) { create(:project) }
set(:awardable) { create(:note, project: project) } let_it_be(:awardable) { create(:note, project: project) }
let(:emoji_name) { 'thumbsup' } let(:emoji_name) { 'thumbsup' }
let(:mutation) do let(:mutation) do
variables = { variables = {
... ...
......
...@@ -5,7 +5,7 @@ require 'spec_helper' ...@@ -5,7 +5,7 @@ require 'spec_helper'
describe 'Adding a DiffNote' do describe 'Adding a DiffNote' do
include GraphqlHelpers include GraphqlHelpers
set(:current_user) { create(:user) } let_it_be(:current_user) { create(:user) }
let(:noteable) { create(:merge_request, source_project: project, target_project: project) } let(:noteable) { create(:merge_request, source_project: project, target_project: project) }
let(:project) { create(:project, :repository) } let(:project) { create(:project, :repository) }
let(:diff_refs) { noteable.diff_refs } let(:diff_refs) { noteable.diff_refs }
... ...
......
...@@ -5,7 +5,7 @@ require 'spec_helper' ...@@ -5,7 +5,7 @@ require 'spec_helper'
describe 'Adding an image DiffNote' do describe 'Adding an image DiffNote' do
include GraphqlHelpers include GraphqlHelpers
set(:current_user) { create(:user) } let_it_be(:current_user) { create(:user) }
let(:noteable) { create(:merge_request, source_project: project, target_project: project) } let(:noteable) { create(:merge_request, source_project: project, target_project: project) }
let(:project) { create(:project, :repository) } let(:project) { create(:project, :repository) }
let(:diff_refs) { noteable.diff_refs } let(:diff_refs) { noteable.diff_refs }
... ...
......
...@@ -5,7 +5,7 @@ require 'spec_helper' ...@@ -5,7 +5,7 @@ require 'spec_helper'
describe 'Adding a Note' do describe 'Adding a Note' do
include GraphqlHelpers include GraphqlHelpers
set(:current_user) { create(:user) } let_it_be(:current_user) { create(:user) }
let(:noteable) { create(:merge_request, source_project: project, target_project: project) } let(:noteable) { create(:merge_request, source_project: project, target_project: project) }
let(:project) { create(:project) } let(:project) { create(:project) }
let(:discussion) { nil } let(:discussion) { nil }
... ...
......
...@@ -9,8 +9,8 @@ describe 'getting task completion status information' do ...@@ -9,8 +9,8 @@ describe 'getting task completion status information' do
DESCRIPTION_1_DONE = '- [x] task 1\n- [ ] task 2' DESCRIPTION_1_DONE = '- [x] task 1\n- [ ] task 2'
DESCRIPTION_2_DONE = '- [x] task 1\n- [x] task 2' DESCRIPTION_2_DONE = '- [x] task 1\n- [x] task 2'
set(:user1) { create(:user) } let_it_be(:user1) { create(:user) }
set(:project) { create(:project, :repository, :public) } let_it_be(:project) { create(:project, :repository, :public) }
let(:fields) do let(:fields) do
<<~QUERY <<~QUERY
... ...
......
...@@ -3,42 +3,42 @@ ...@@ -3,42 +3,42 @@
require 'spec_helper' require 'spec_helper'
describe API::GroupBoards do describe API::GroupBoards do
set(:user) { create(:user) } let_it_be(:user) { create(:user) }
set(:non_member) { create(:user) } let_it_be(:non_member) { create(:user) }
set(:guest) { create(:user) } let_it_be(:guest) { create(:user) }
set(:admin) { create(:user, :admin) } let_it_be(:admin) { create(:user, :admin) }
set(:board_parent) { create(:group, :public) } let_it_be(:board_parent) { create(:group, :public) }
before do before do
board_parent.add_owner(user) board_parent.add_owner(user)
end end
set(:project) { create(:project, :public, namespace: board_parent ) } let_it_be(:project) { create(:project, :public, namespace: board_parent ) }
set(:dev_label) do let_it_be(:dev_label) do
create(:group_label, title: 'Development', color: '#FFAABB', group: board_parent) create(:group_label, title: 'Development', color: '#FFAABB', group: board_parent)
end end
set(:test_label) do let_it_be(:test_label) do
create(:group_label, title: 'Testing', color: '#FFAACC', group: board_parent) create(:group_label, title: 'Testing', color: '#FFAACC', group: board_parent)
end end
set(:ux_label) do let_it_be(:ux_label) do
create(:group_label, title: 'UX', color: '#FF0000', group: board_parent) create(:group_label, title: 'UX', color: '#FF0000', group: board_parent)
end end
set(:dev_list) do let_it_be(:dev_list) do
create(:list, label: dev_label, position: 1) create(:list, label: dev_label, position: 1)
end end
set(:test_list) do let_it_be(:test_list) do
create(:list, label: test_label, position: 2) create(:list, label: test_label, position: 2)
end end
set(:milestone) { create(:milestone, group: board_parent) } let_it_be(:milestone) { create(:milestone, group: board_parent) }
set(:board_label) { create(:group_label, group: board_parent) } let_it_be(:board_label) { create(:group_label, group: board_parent) }
set(:board) { create(:board, group: board_parent, lists: [dev_list, test_list]) } let_it_be(:board) { create(:board, group: board_parent, lists: [dev_list, test_list]) }
it_behaves_like 'group and project boards', "/groups/:id/boards", false it_behaves_like 'group and project boards', "/groups/:id/boards", false
... ...
......
...@@ -3,17 +3,15 @@ ...@@ -3,17 +3,15 @@
require 'spec_helper' require 'spec_helper'
describe API::Issues do describe API::Issues do
set(:user) { create(:user) } let_it_be(:user) { create(:user) }
let(:user2) { create(:user) } let(:user2) { create(:user) }
let(:non_member) { create(:user) } let(:non_member) { create(:user) }
set(:guest) { create(:user) } let_it_be(:guest) { create(:user) }
set(:author) { create(:author) } let_it_be(:author) { create(:author) }
set(:assignee) { create(:assignee) } let_it_be(:assignee) { create(:assignee) }
let(:admin) { create(:user, :admin) } let(:admin) { create(:user, :admin) }
let(:issue_title) { 'foo' } let(:issue_title) { 'foo' }
let(:issue_description) { 'closed' } let(:issue_description) { 'closed' }
let(:no_milestone_title) { 'None' } let(:no_milestone_title) { 'None' }
let(:any_milestone_title) { 'Any' } let(:any_milestone_title) { 'Any' }
... ...
......
...@@ -3,17 +3,17 @@ ...@@ -3,17 +3,17 @@
require 'spec_helper' require 'spec_helper'
describe API::Issues do describe API::Issues do
set(:user) { create(:user) } let_it_be(:user) { create(:user) }
set(:project) { create(:project, :public, :repository, creator_id: user.id, namespace: user.namespace) } let_it_be(:project, reload: true) { create(:project, :public, :repository, creator_id: user.id, namespace: user.namespace) }
set(:private_mrs_project) do let_it_be(:private_mrs_project) do
create(:project, :public, :repository, creator_id: user.id, namespace: user.namespace, merge_requests_access_level: ProjectFeature::PRIVATE) create(:project, :public, :repository, creator_id: user.id, namespace: user.namespace, merge_requests_access_level: ProjectFeature::PRIVATE)
end end
let(:user2) { create(:user) } let(:user2) { create(:user) }
let(:non_member) { create(:user) } let(:non_member) { create(:user) }
set(:guest) { create(:user) } let_it_be(:guest) { create(:user) }
set(:author) { create(:author) } let_it_be(:author) { create(:author) }
set(:assignee) { create(:assignee) } let_it_be(:assignee) { create(:assignee) }
let(:admin) { create(:user, :admin) } let(:admin) { create(:user, :admin) }
let(:issue_title) { 'foo' } let(:issue_title) { 'foo' }
let(:issue_description) { 'closed' } let(:issue_description) { 'closed' }
...@@ -48,12 +48,12 @@ describe API::Issues do ...@@ -48,12 +48,12 @@ describe API::Issues do
title: issue_title, title: issue_title,
description: issue_description description: issue_description
end end
set(:label) do let_it_be(:label) do
create(:label, title: 'label', color: '#FFAABB', project: project) create(:label, title: 'label', color: '#FFAABB', project: project)
end end
let!(:label_link) { create(:label_link, label: label, target: issue) } let!(:label_link) { create(:label_link, label: label, target: issue) }
let(:milestone) { create(:milestone, title: '1.0.0', project: project) } let(:milestone) { create(:milestone, title: '1.0.0', project: project) }
set(:empty_milestone) do let_it_be(:empty_milestone) do
create(:milestone, title: '2.0.0', project: project) create(:milestone, title: '2.0.0', project: project)
end end
let!(:note) { create(:note_on_issue, author: user, project: project, noteable: issue) } let!(:note) { create(:note_on_issue, author: user, project: project, noteable: issue) }
... ...
......
...@@ -3,17 +3,17 @@ ...@@ -3,17 +3,17 @@
require 'spec_helper' require 'spec_helper'
describe API::Issues do describe API::Issues do
set(:user) { create(:user) } let_it_be(:user) { create(:user) }
set(:project) { create(:project, :public, :repository, creator_id: user.id, namespace: user.namespace) } let_it_be(:project, reload: true) { create(:project, :public, :repository, creator_id: user.id, namespace: user.namespace) }
set(:private_mrs_project) do let_it_be(:private_mrs_project) do
create(:project, :public, :repository, creator_id: user.id, namespace: user.namespace, merge_requests_access_level: ProjectFeature::PRIVATE) create(:project, :public, :repository, creator_id: user.id, namespace: user.namespace, merge_requests_access_level: ProjectFeature::PRIVATE)
end end
let(:user2) { create(:user) } let(:user2) { create(:user) }
let(:non_member) { create(:user) } let(:non_member) { create(:user) }
set(:guest) { create(:user) } let_it_be(:guest) { create(:user) }
set(:author) { create(:author) } let_it_be(:author) { create(:author) }
set(:assignee) { create(:assignee) } let_it_be(:assignee) { create(:assignee) }
let(:admin) { create(:user, :admin) } let(:admin) { create(:user, :admin) }
let(:issue_title) { 'foo' } let(:issue_title) { 'foo' }
let(:issue_description) { 'closed' } let(:issue_description) { 'closed' }
...@@ -48,12 +48,12 @@ describe API::Issues do ...@@ -48,12 +48,12 @@ describe API::Issues do
title: issue_title, title: issue_title,
description: issue_description description: issue_description
end end
set(:label) do let_it_be(:label) do
create(:label, title: 'label', color: '#FFAABB', project: project) create(:label, title: 'label', color: '#FFAABB', project: project)
end end
let!(:label_link) { create(:label_link, label: label, target: issue) } let!(:label_link) { create(:label_link, label: label, target: issue) }
let(:milestone) { create(:milestone, title: '1.0.0', project: project) } let(:milestone) { create(:milestone, title: '1.0.0', project: project) }
set(:empty_milestone) do let_it_be(:empty_milestone) do
create(:milestone, title: '2.0.0', project: project) create(:milestone, title: '2.0.0', project: project)
end end
let!(:note) { create(:note_on_issue, author: user, project: project, noteable: issue) } let!(:note) { create(:note_on_issue, author: user, project: project, noteable: issue) }
... ...
......
...@@ -3,16 +3,16 @@ ...@@ -3,16 +3,16 @@
require 'spec_helper' require 'spec_helper'
describe API::Issues do describe API::Issues do
set(:user) { create(:user) } let_it_be(:user) { create(:user) }
set(:project) do let_it_be(:project, reload: true) do
create(:project, :public, creator_id: user.id, namespace: user.namespace) create(:project, :public, creator_id: user.id, namespace: user.namespace)
end end
let(:user2) { create(:user) } let(:user2) { create(:user) }
let(:non_member) { create(:user) } let(:non_member) { create(:user) }
set(:guest) { create(:user) } let_it_be(:guest) { create(:user) }
set(:author) { create(:author) } let_it_be(:author) { create(:author) }
set(:assignee) { create(:assignee) } let_it_be(:assignee) { create(:assignee) }
let(:admin) { create(:user, :admin) } let(:admin) { create(:user, :admin) }
let(:issue_title) { 'foo' } let(:issue_title) { 'foo' }
let(:issue_description) { 'closed' } let(:issue_description) { 'closed' }
...@@ -47,12 +47,12 @@ describe API::Issues do ...@@ -47,12 +47,12 @@ describe API::Issues do
title: issue_title, title: issue_title,
description: issue_description description: issue_description
end end
set(:label) do let_it_be(:label) do
create(:label, title: 'label', color: '#FFAABB', project: project) create(:label, title: 'label', color: '#FFAABB', project: project)
end end
let!(:label_link) { create(:label_link, label: label, target: issue) } let!(:label_link) { create(:label_link, label: label, target: issue) }
let(:milestone) { create(:milestone, title: '1.0.0', project: project) } let(:milestone) { create(:milestone, title: '1.0.0', project: project) }
set(:empty_milestone) do let_it_be(:empty_milestone) do
create(:milestone, title: '2.0.0', project: project) create(:milestone, title: '2.0.0', project: project)
end end
let!(:note) { create(:note_on_issue, author: user, project: project, noteable: issue) } let!(:note) { create(:note_on_issue, author: user, project: project, noteable: issue) }
... ...
......