issues_controller_spec.rb 34.1 KB
Newer Older
1
require 'spec_helper'
2 3

describe Projects::IssuesController do
4
  let(:project) { create(:project) }
5 6
  let(:user)    { create(:user) }
  let(:issue)   { create(:issue, project: project) }
7

8
  describe "GET #index" do
9
    context 'external issue tracker' do
10 11 12 13
      before do
        sign_in(user)
        project.add_developer(user)
        create(:jira_service, project: project)
14 15
      end

16 17 18 19
      context 'when GitLab issues disabled' do
        it 'returns 404 status' do
          project.issues_enabled = false
          project.save!
20

21
          get :index, namespace_id: project.namespace, project_id: project
22

23
          expect(response).to have_gitlab_http_status(404)
24 25 26 27 28 29 30
        end
      end

      context 'when GitLab issues enabled' do
        it 'renders the "index" template' do
          get :index, namespace_id: project.namespace, project_id: project

31
          expect(response).to have_gitlab_http_status(200)
32 33
          expect(response).to render_template(:index)
        end
34
      end
35 36
    end

37 38 39
    context 'internal issue tracker' do
      before do
        sign_in(user)
40
        project.add_developer(user)
41
      end
42

43 44
      it_behaves_like "issuables list meta-data", :issue

45
      it "returns index" do
46
        get :index, namespace_id: project.namespace, project_id: project
47

48
        expect(response).to have_gitlab_http_status(200)
49
      end
50

51
      it "returns 301 if request path doesn't match project path" do
52
        get :index, namespace_id: project.namespace, project_id: project.path.upcase
53

54
        expect(response).to redirect_to(project_issues_path(project))
55
      end
56

57 58
      it "returns 404 when issues are disabled" do
        project.issues_enabled = false
59
        project.save!
60

61
        get :index, namespace_id: project.namespace, project_id: project
62
        expect(response).to have_gitlab_http_status(404)
63 64
      end
    end
65 66 67

    context 'with page param' do
      let(:last_page) { project.issues.page().total_pages }
68
      let!(:issue_list) { create_list(:issue, 2, project: project) }
69 70 71

      before do
        sign_in(user)
72
        project.add_developer(user)
73
        allow(Kaminari.config).to receive(:default_per_page).and_return(1)
74 75 76 77
      end

      it 'redirects to last_page if page number is larger than number of pages' do
        get :index,
78 79
          namespace_id: project.namespace.to_param,
          project_id: project,
80 81
          page: (last_page + 1).to_param

82
        expect(response).to redirect_to(namespace_project_issues_path(page: last_page, state: controller.params[:state], scope: controller.params[:scope]))
83 84 85 86
      end

      it 'redirects to specified page' do
        get :index,
87 88
          namespace_id: project.namespace.to_param,
          project_id: project,
89 90 91
          page: last_page.to_param

        expect(assigns(:issues).current_page).to eq(last_page)
92
        expect(response).to have_gitlab_http_status(200)
93
      end
94 95 96 97 98 99 100 101 102 103 104

      it 'does not redirect to external sites when provided a host field' do
        external_host = "www.example.com"
        get :index,
          namespace_id: project.namespace.to_param,
          project_id: project,
          page: (last_page + 1).to_param,
          host: external_host

        expect(response).to redirect_to(namespace_project_issues_path(page: last_page, state: controller.params[:state], scope: controller.params[:scope]))
      end
105 106 107 108 109 110 111 112 113 114 115 116

      it 'does not use pagination if disabled' do
        allow(controller).to receive(:pagination_disabled?).and_return(true)

        get :index,
          namespace_id: project.namespace.to_param,
          project_id: project,
          page: (last_page + 1).to_param

        expect(response).to have_gitlab_http_status(200)
        expect(assigns(:issues).size).to eq(2)
      end
117
    end
118 119 120
  end

  describe 'GET #new' do
121 122 123
    it 'redirects to signin if not logged in' do
      get :new, namespace_id: project.namespace, project_id: project

124
      expect(flash[:notice]).to eq 'Please sign in to create the new issue.'
125 126 127
      expect(response).to redirect_to(new_user_session_path)
    end

128 129 130
    context 'internal issue tracker' do
      before do
        sign_in(user)
131
        project.add_developer(user)
132 133 134
      end

      it 'builds a new issue' do
135
        get :new, namespace_id: project.namespace, project_id: project
136 137 138 139 140

        expect(assigns(:issue)).to be_a_new(Issue)
      end

      it 'fills in an issue for a merge request' do
141
        project_with_repository = create(:project, :repository)
142
        project_with_repository.add_developer(user)
143 144
        mr = create(:merge_request_with_diff_notes, source_project: project_with_repository)

Bob Van Landuyt's avatar
Bob Van Landuyt committed
145
        get :new, namespace_id: project_with_repository.namespace, project_id: project_with_repository, merge_request_to_resolve_discussions_of: mr.iid
146 147 148 149

        expect(assigns(:issue).title).not_to be_empty
        expect(assigns(:issue).description).not_to be_empty
      end
150 151 152 153

      it 'fills in an issue for a discussion' do
        note = create(:note_on_merge_request, project: project)

Bob Van Landuyt's avatar
Bob Van Landuyt committed
154
        get :new, namespace_id: project.namespace.path, project_id: project, merge_request_to_resolve_discussions_of: note.noteable.iid, discussion_to_resolve: note.discussion_id
155 156 157 158

        expect(assigns(:issue).title).not_to be_empty
        expect(assigns(:issue).description).not_to be_empty
      end
159 160
    end

161
    context 'external issue tracker' do
162 163 164 165
      let!(:service) do
        create(:custom_issue_tracker_service, project: project, title: 'Custom Issue Tracker', new_issue_url: 'http://test.com')
      end

166 167
      before do
        sign_in(user)
168
        project.add_developer(user)
169 170 171

        external = double
        allow(project).to receive(:external_issue_tracker).and_return(external)
172 173
      end

174 175 176 177
      context 'when GitLab issues disabled' do
        it 'returns 404 status' do
          project.issues_enabled = false
          project.save!
178

179 180
          get :new, namespace_id: project.namespace, project_id: project

181
          expect(response).to have_gitlab_http_status(404)
182 183 184 185 186 187
        end
      end

      context 'when GitLab issues enabled' do
        it 'renders the "new" template' do
          get :new, namespace_id: project.namespace, project_id: project
188

189
          expect(response).to have_gitlab_http_status(200)
190 191
          expect(response).to render_template(:new)
        end
192
      end
193
    end
194 195
  end

196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221
  describe 'Redirect after sign in' do
    context 'with an AJAX request' do
      it 'does not store the visited URL' do
        xhr :get,
          :show,
          format: :json,
          namespace_id: project.namespace,
          project_id: project,
          id: issue.iid

        expect(session['user_return_to']).to be_blank
      end
    end

    context 'without an AJAX request' do
      it 'stores the visited URL' do
        get :show,
          namespace_id: project.namespace.to_param,
          project_id: project,
          id: issue.iid

        expect(session['user_return_to']).to eq("/#{project.namespace.to_param}/#{project.to_param}/issues/#{issue.iid}")
      end
    end
  end

222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238
  describe 'POST #move' do
    before do
      sign_in(user)
      project.add_developer(user)
    end

    context 'when moving issue to another private project' do
      let(:another_project) { create(:project, :private) }

      context 'when user has access to move issue' do
        before do
          another_project.add_reporter(user)
        end

        it 'moves issue to another project' do
          move_issue

239
          expect(response).to have_gitlab_http_status :ok
240 241 242 243 244 245 246 247
          expect(another_project.issues).not_to be_empty
        end
      end

      context 'when user does not have access to move issue' do
        it 'responds with 404' do
          move_issue

248
          expect(response).to have_gitlab_http_status :not_found
249 250
        end
      end
251

252
      def move_issue
253 254
        post :move,
          format: :json,
255
          namespace_id: project.namespace.to_param,
256
          project_id: project,
257 258 259 260 261 262
          id: issue.iid,
          move_to_project_id: another_project.id
      end
    end
  end

263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286
  describe 'PUT #update' do
    subject do
      put :update,
        namespace_id: project.namespace,
        project_id: project,
        id: issue.to_param,
        issue: { title: 'New title' }, format: :json
    end

    before do
      sign_in(user)
    end

    context 'when user has access to update issue' do
      before do
        project.add_developer(user)
      end

      it 'updates the issue' do
        subject

        expect(response).to have_http_status(:ok)
        expect(issue.reload.title).to eq('New title')
      end
287 288 289 290 291 292 293 294 295 296 297 298 299 300

      context 'when Akismet is enabled and the issue is identified as spam' do
        before do
          stub_application_setting(recaptcha_enabled: true)
          allow_any_instance_of(SpamService).to receive(:check_for_spam?).and_return(true)
          allow_any_instance_of(AkismetService).to receive(:spam?).and_return(true)
        end

        it 'renders json with recaptcha_html' do
          subject

          expect(JSON.parse(response.body)).to have_key('recaptcha_html')
        end
      end
301 302 303 304 305 306 307 308 309 310 311 312 313 314 315
    end

    context 'when user does not have access to update issue' do
      before do
        project.add_guest(user)
      end

      it 'responds with 404' do
        subject

        expect(response).to have_http_status(:not_found)
      end
    end
  end

316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362
  describe 'GET #realtime_changes' do
    def go(id:)
      get :realtime_changes,
        namespace_id: project.namespace.to_param,
        project_id: project,
        id: id
    end

    context 'when an issue was edited' do
      before do
        project.add_developer(user)

        issue.update!(last_edited_by: user, last_edited_at: issue.created_at + 1.minute)

        sign_in(user)
      end

      it 'returns last edited time' do
        go(id: issue.iid)

        data = JSON.parse(response.body)

        expect(data).to include('updated_at')
        expect(data['updated_at']).to eq(issue.last_edited_at.to_time.iso8601)
      end
    end

    context 'when an issue was edited by a deleted user' do
      let(:deleted_user) { create(:user) }

      before do
        project.add_developer(user)

        issue.update!(last_edited_by: deleted_user, last_edited_at: Time.now)

        deleted_user.destroy
        sign_in(user)
      end

      it 'returns 200' do
        go(id: issue.iid)

        expect(response).to have_gitlab_http_status(200)
      end
    end
  end

363
  describe 'Confidential Issues' do
364
    let(:project) { create(:project_empty_repo, :public) }
365 366 367 368 369 370 371
    let(:assignee) { create(:assignee) }
    let(:author) { create(:user) }
    let(:non_member) { create(:user) }
    let(:member) { create(:user) }
    let(:admin) { create(:admin) }
    let!(:issue) { create(:issue, project: project) }
    let!(:unescaped_parameter_value) { create(:issue, :confidential, project: project, author: author) }
372
    let!(:request_forgery_timing_attack) { create(:issue, :confidential, project: project, assignees: [assignee]) }
373 374

    describe 'GET #index' do
375
      it 'does not list confidential issues for guests' do
376 377 378 379 380 381
        sign_out(:user)
        get_issues

        expect(assigns(:issues)).to eq [issue]
      end

382
      it 'does not list confidential issues for non project members' do
383 384 385 386 387 388
        sign_in(non_member)
        get_issues

        expect(assigns(:issues)).to eq [issue]
      end

389
      it 'does not list confidential issues for project members with guest role' do
390
        sign_in(member)
391
        project.add_guest(member)
392 393 394 395 396 397

        get_issues

        expect(assigns(:issues)).to eq [issue]
      end

398
      it 'lists confidential issues for author' do
399 400 401 402 403 404 405
        sign_in(author)
        get_issues

        expect(assigns(:issues)).to include unescaped_parameter_value
        expect(assigns(:issues)).not_to include request_forgery_timing_attack
      end

406
      it 'lists confidential issues for assignee' do
407 408 409 410 411 412 413
        sign_in(assignee)
        get_issues

        expect(assigns(:issues)).not_to include unescaped_parameter_value
        expect(assigns(:issues)).to include request_forgery_timing_attack
      end

414
      it 'lists confidential issues for project members' do
415
        sign_in(member)
416
        project.add_developer(member)
417 418 419 420 421 422 423

        get_issues

        expect(assigns(:issues)).to include unescaped_parameter_value
        expect(assigns(:issues)).to include request_forgery_timing_attack
      end

424
      it 'lists confidential issues for admin' do
425 426 427 428 429 430 431 432 433 434
        sign_in(admin)
        get_issues

        expect(assigns(:issues)).to include unescaped_parameter_value
        expect(assigns(:issues)).to include request_forgery_timing_attack
      end

      def get_issues
        get :index,
          namespace_id: project.namespace.to_param,
435
          project_id: project
436 437
      end
    end
438

439 440
    shared_examples_for 'restricted action' do |http_status|
      it 'returns 404 for guests' do
441
        sign_out(:user)
442 443
        go(id: unescaped_parameter_value.to_param)

444
        expect(response).to have_gitlab_http_status :not_found
445 446 447 448 449 450
      end

      it 'returns 404 for non project members' do
        sign_in(non_member)
        go(id: unescaped_parameter_value.to_param)

451
        expect(response).to have_gitlab_http_status :not_found
452 453 454 455
      end

      it 'returns 404 for project members with guest role' do
        sign_in(member)
456
        project.add_guest(member)
457 458
        go(id: unescaped_parameter_value.to_param)

459
        expect(response).to have_gitlab_http_status :not_found
460 461 462 463 464 465
      end

      it "returns #{http_status[:success]} for author" do
        sign_in(author)
        go(id: unescaped_parameter_value.to_param)

466
        expect(response).to have_gitlab_http_status http_status[:success]
467 468 469 470 471 472
      end

      it "returns #{http_status[:success]} for assignee" do
        sign_in(assignee)
        go(id: request_forgery_timing_attack.to_param)

473
        expect(response).to have_gitlab_http_status http_status[:success]
474 475 476 477
      end

      it "returns #{http_status[:success]} for project members" do
        sign_in(member)
478
        project.add_developer(member)
479 480
        go(id: unescaped_parameter_value.to_param)

481
        expect(response).to have_gitlab_http_status http_status[:success]
482 483 484 485 486 487
      end

      it "returns #{http_status[:success]} for admin" do
        sign_in(admin)
        go(id: unescaped_parameter_value.to_param)

488
        expect(response).to have_gitlab_http_status http_status[:success]
489 490 491
      end
    end

492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511
    describe 'PUT #update' do
      def update_issue(issue_params: {}, additional_params: {}, id: nil)
        id ||= issue.iid
        params = {
          namespace_id: project.namespace.to_param,
          project_id: project,
          id: id,
          issue: { title: 'New title' }.merge(issue_params),
          format: :json
        }.merge(additional_params)

        put :update, params
      end

      def go(id:)
        update_issue(id: id)
      end

      before do
        sign_in(user)
512
        project.add_developer(user)
513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579
      end

      it_behaves_like 'restricted action', success: 200
      it_behaves_like 'update invalid issuable', Issue

      context 'changing the assignee' do
        it 'limits the attributes exposed on the assignee' do
          assignee = create(:user)
          project.add_developer(assignee)

          update_issue(issue_params: { assignee_ids: [assignee.id] })

          body = JSON.parse(response.body)

          expect(body['assignees'].first.keys)
            .to match_array(%w(id name username avatar_url state web_url))
        end
      end

      context 'Akismet is enabled' do
        before do
          project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
          stub_application_setting(recaptcha_enabled: true)
          allow_any_instance_of(SpamService).to receive(:check_for_spam?).and_return(true)
        end

        context 'when an issue is not identified as spam' do
          before do
            allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(false)
            allow_any_instance_of(AkismetService).to receive(:spam?).and_return(false)
          end

          it 'normally updates the issue' do
            expect { update_issue(issue_params: { title: 'Foo' }) }.to change { issue.reload.title }.to('Foo')
          end
        end

        context 'when an issue is identified as spam' do
          before do
            allow_any_instance_of(AkismetService).to receive(:spam?).and_return(true)
          end

          context 'when captcha is not verified' do
            before do
              allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(false)
            end

            it 'rejects an issue recognized as a spam' do
              expect { update_issue }.not_to change { issue.reload.title }
            end

            it 'rejects an issue recognized as a spam when recaptcha disabled' do
              stub_application_setting(recaptcha_enabled: false)

              expect { update_issue }.not_to change { issue.reload.title }
            end

            it 'creates a spam log' do
              update_issue(issue_params: { title: 'Spam title' })

              spam_logs = SpamLog.all

              expect(spam_logs.count).to eq(1)
              expect(spam_logs.first.title).to eq('Spam title')
              expect(spam_logs.first.recaptcha_verified).to be_falsey
            end

580
            it 'renders recaptcha_html json response' do
581 582
              update_issue

583
              expect(json_response).to have_key('recaptcha_html')
584 585
            end

586
            it 'returns 200 status' do
587 588
              update_issue

589
              expect(response).to have_gitlab_http_status(200)
590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608
            end
          end

          context 'when captcha is verified' do
            let(:spammy_title) { 'Whatever' }
            let!(:spam_logs) { create_list(:spam_log, 2, user: user, title: spammy_title) }

            def update_verified_issue
              update_issue(
                issue_params: { title: spammy_title },
                additional_params: { spam_log_id: spam_logs.last.id, recaptcha_verification: true })
            end

            before do
              allow_any_instance_of(described_class).to receive(:verify_recaptcha)
                .and_return(true)
            end

            it 'returns 200 status' do
609
              expect(response).to have_gitlab_http_status(200)
610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630
            end

            it 'accepts an issue after recaptcha is verified' do
              expect { update_verified_issue }.to change { issue.reload.title }.to(spammy_title)
            end

            it 'marks spam log as recaptcha_verified' do
              expect { update_verified_issue }.to change { SpamLog.last.recaptcha_verified }.from(false).to(true)
            end

            it 'does not mark spam log as recaptcha_verified when it does not belong to current_user' do
              spam_log = create(:spam_log)

              expect { update_issue(issue_params: { spam_log_id: spam_log.id, recaptcha_verification: true }) }
                .not_to change { SpamLog.last.recaptcha_verified }
            end
          end
        end
      end
    end

631 632 633 634 635 636
    describe 'GET #show' do
      it_behaves_like 'restricted action', success: 200

      def go(id:)
        get :show,
          namespace_id: project.namespace.to_param,
637
          project_id: project,
638 639
          id: id
      end
640

641
      it 'avoids (most) N+1s loading labels', :request_store do
642 643 644 645 646 647 648 649 650 651
        label = create(:label, project: project).to_reference
        labels = create_list(:label, 10, project: project).map(&:to_reference)
        issue = create(:issue, project: project, description: 'Test issue')

        control_count = ActiveRecord::QueryRecorder.new { issue.update(description: [issue.description, label].join(' ')) }.count

        # Follow-up to get rid of this `2 * label.count` requirement: https://gitlab.com/gitlab-org/gitlab-ce/issues/52230
        expect { issue.update(description: [issue.description, labels].join(' ')) }
          .not_to exceed_query_limit(control_count + 2 * labels.count)
      end
652 653
    end

654 655 656 657 658 659 660 661 662 663
    describe 'GET #realtime_changes' do
      it_behaves_like 'restricted action', success: 200

      def go(id:)
        get :realtime_changes,
          namespace_id: project.namespace.to_param,
          project_id: project,
          id: id
      end
    end
664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686

    describe 'GET #edit' do
      it_behaves_like 'restricted action', success: 200

      def go(id:)
        get :edit,
          namespace_id: project.namespace.to_param,
          project_id: project,
          id: id
      end
    end

    describe 'PUT #update' do
      it_behaves_like 'restricted action', success: 302

      def go(id:)
        put :update,
          namespace_id: project.namespace.to_param,
          project_id: project,
          id: id,
          issue: { title: 'New title' }
      end
    end
687
  end
688

689
  describe 'POST #create' do
690
    def post_new_issue(issue_attrs = {}, additional_params = {})
691
      sign_in(user)
692
      project = create(:project, :public)
693
      project.add_developer(user)
694 695 696

      post :create, {
        namespace_id: project.namespace.to_param,
697
        project_id: project,
698 699
        issue: { title: 'Title', description: 'Description' }.merge(issue_attrs)
      }.merge(additional_params)
700 701 702 703

      project.issues.first
    end

704
    context 'resolving discussions in MergeRequest' do
705
      let(:discussion) { create(:diff_note_on_merge_request).to_discussion }
706 707 708 709
      let(:merge_request) { discussion.noteable }
      let(:project) { merge_request.source_project }

      before do
710
        project.add_maintainer(user)
711 712 713 714
        sign_in user
      end

      let(:merge_request_params) do
Bob Van Landuyt's avatar
Bob Van Landuyt committed
715
        { merge_request_to_resolve_discussions_of: merge_request.iid }
716 717
      end

718
      def post_issue(issue_params, other_params: {})
Bob Van Landuyt's avatar
Bob Van Landuyt committed
719
        post :create, { namespace_id: project.namespace.to_param, project_id: project, issue: issue_params, merge_request_to_resolve_discussions_of: merge_request.iid }.merge(other_params)
720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737
      end

      it 'creates an issue for the project' do
        expect { post_issue({ title: 'Hello' }) }.to change { project.issues.reload.size }.by(1)
      end

      it "doesn't overwrite given params" do
        post_issue(description: 'Manually entered description')

        expect(assigns(:issue).description).to eq('Manually entered description')
      end

      it 'resolves the discussion in the merge_request' do
        post_issue(title: 'Hello')
        discussion.first_note.reload

        expect(discussion.resolved?).to eq(true)
      end
738

739 740 741
      it 'sets a flash message' do
        post_issue(title: 'Hello')

742
        expect(flash[:notice]).to eq('Resolved all discussions.')
743 744
      end

745 746 747 748 749 750
      describe "resolving a single discussion" do
        before do
          post_issue({ title: 'Hello' }, other_params: { discussion_to_resolve: discussion.id })
        end
        it 'resolves a single discussion' do
          discussion.first_note.reload
751

752 753
          expect(discussion.resolved?).to eq(true)
        end
754

755 756 757
        it 'sets a flash message that one discussion was resolved' do
          expect(flash[:notice]).to eq('Resolved 1 discussion.')
        end
758
      end
759 760
    end

761 762
    context 'Akismet is enabled' do
      before do
763
        stub_application_setting(recaptcha_enabled: true)
764
        allow_any_instance_of(SpamService).to receive(:check_for_spam?).and_return(true)
765 766
      end

767
      context 'when an issue is not identified as spam' do
768 769
        before do
          allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(false)
770
          allow_any_instance_of(AkismetService).to receive(:spam?).and_return(false)
771
        end
772

773 774 775
        it 'does not create an issue' do
          expect { post_new_issue(title: '') }.not_to change(Issue, :count)
        end
776 777
      end

778
      context 'when an issue is identified as spam' do
779
        before do
780
          allow_any_instance_of(AkismetService).to receive(:spam?).and_return(true)
781
        end
782 783 784 785 786 787

        context 'when captcha is not verified' do
          def post_spam_issue
            post_new_issue(title: 'Spam Title', description: 'Spam lives here')
          end

788 789 790
          before do
            allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(false)
          end
791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837

          it 'rejects an issue recognized as a spam' do
            expect { post_spam_issue }.not_to change(Issue, :count)
          end

          it 'creates a spam log' do
            post_spam_issue
            spam_logs = SpamLog.all

            expect(spam_logs.count).to eq(1)
            expect(spam_logs.first.title).to eq('Spam Title')
            expect(spam_logs.first.recaptcha_verified).to be_falsey
          end

          it 'does not create an issue when it is not valid' do
            expect { post_new_issue(title: '') }.not_to change(Issue, :count)
          end

          it 'does not create an issue when recaptcha is not enabled' do
            stub_application_setting(recaptcha_enabled: false)

            expect { post_spam_issue }.not_to change(Issue, :count)
          end
        end

        context 'when captcha is verified' do
          let!(:spam_logs) { create_list(:spam_log, 2, user: user, title: 'Title') }

          def post_verified_issue
            post_new_issue({}, { spam_log_id: spam_logs.last.id, recaptcha_verification: true } )
          end

          before do
            allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(true)
          end

          it 'accepts an issue after recaptcha is verified' do
            expect { post_verified_issue }.to change(Issue, :count)
          end

          it 'marks spam log as recaptcha_verified' do
            expect { post_verified_issue }.to change { SpamLog.last.recaptcha_verified }.from(false).to(true)
          end

          it 'does not mark spam log as recaptcha_verified when it does not belong to current_user' do
            spam_log = create(:spam_log)

838 839
            expect { post_new_issue({}, { spam_log_id: spam_log.id, recaptcha_verification: true } ) }
              .not_to change { SpamLog.last.recaptcha_verified }
840 841
          end
        end
842 843
      end
    end
844 845 846 847 848 849

    context 'user agent details are saved' do
      before do
        request.env['action_dispatch.remote_ip'] = '127.0.0.1'
      end

850
      it 'creates a user agent detail' do
851
        expect { post_new_issue }.to change(UserAgentDetail, :count).by(1)
852 853 854
      end
    end

855
    context 'when description has quick actions' do
856
      before do
857 858 859
        sign_in(user)
      end

860 861 862 863 864 865 866 867 868 869
      it 'can add spent time' do
        issue = post_new_issue(description: '/spend 1h')

        expect(issue.total_time_spent).to eq(3600)
      end

      it 'can set the time estimate' do
        issue = post_new_issue(description: '/estimate 2h')

        expect(issue.time_estimate).to eq(7200)
870 871
      end
    end
872 873
  end

874 875 876
  describe 'POST #mark_as_spam' do
    context 'properly submits to Akismet' do
      before do
877
        allow_any_instance_of(AkismetService).to receive_messages(submit_spam: true)
878
        allow_any_instance_of(ApplicationSetting).to receive_messages(akismet_enabled: true)
879 880 881 882 883
      end

      def post_spam
        admin = create(:admin)
        create(:user_agent_detail, subject: issue)
884
        project.add_maintainer(admin)
885 886
        sign_in(admin)
        post :mark_as_spam, {
887 888
          namespace_id: project.namespace,
          project_id: project,
889 890 891 892 893 894
          id: issue.iid
        }
      end

      it 'updates issue' do
        post_spam
895
        expect(issue.submittable_as_spam?).to be_falsey
896 897 898 899
      end
    end
  end

900
  describe "DELETE #destroy" do
901
    context "when the user is a developer" do
902 903 904 905
      before do
        sign_in(user)
      end

906
      it "rejects a developer to destroy an issue" do
907
        delete :destroy, namespace_id: project.namespace, project_id: project, id: issue.iid
908
        expect(response).to have_gitlab_http_status(404)
909
      end
910 911
    end

912 913 914
    context "when the user is owner" do
      let(:owner)     { create(:user) }
      let(:namespace) { create(:namespace, owner: owner) }
915
      let(:project)   { create(:project, namespace: namespace) }
916

917 918 919
      before do
        sign_in(owner)
      end
920

921
      it "deletes the issue" do
922
        delete :destroy, namespace_id: project.namespace, project_id: project, id: issue.iid
923

924
        expect(response).to have_gitlab_http_status(302)
925
        expect(controller).to set_flash[:notice].to(/The issue was successfully deleted\./)
926
      end
927 928

      it 'delegates the update of the todos count cache to TodoService' do
929
        expect_any_instance_of(TodoService).to receive(:destroy_target).with(issue).once
930

931
        delete :destroy, namespace_id: project.namespace, project_id: project, id: issue.iid
932
      end
933 934
    end
  end
935 936 937 938

  describe 'POST #toggle_award_emoji' do
    before do
      sign_in(user)
939
      project.add_developer(user)
940 941
    end

942
    it "toggles the award emoji" do
Z.J. van de Weg's avatar
Z.J. van de Weg committed
943
      expect do
944 945
        post(:toggle_award_emoji, namespace_id: project.namespace,
                                  project_id: project, id: issue.iid, name: "thumbsup")
Z.J. van de Weg's avatar
Z.J. van de Weg committed
946
      end.to change { issue.award_emoji.count }.by(1)
947

948
      expect(response).to have_gitlab_http_status(200)
949 950
    end
  end
951 952

  describe 'POST create_merge_request' do
953
    let(:project) { create(:project, :repository, :public) }
954

955 956 957 958 959 960 961 962 963 964 965 966 967 968 969
    before do
      project.add_developer(user)
      sign_in(user)
    end

    it 'creates a new merge request' do
      expect { create_merge_request }.to change(project.merge_requests, :count).by(1)
    end

    it 'render merge request as json' do
      create_merge_request

      expect(response).to match_response_schema('merge_request')
    end

970
    it 'is not available when the project is archived' do
971
      project.update!(archived: true)
972 973 974 975 976 977 978 979 980 981 982 983 984 985

      create_merge_request

      expect(response).to have_gitlab_http_status(404)
    end

    it 'is not available for users who cannot create merge requests' do
      sign_in(create(:user))

      create_merge_request

      expect(response).to have_gitlab_http_status(404)
    end

986 987 988 989 990 991 992
    def create_merge_request
      post :create_merge_request, namespace_id: project.namespace.to_param,
                                  project_id: project.to_param,
                                  id: issue.to_param,
                                  format: :json
    end
  end
993 994 995

  describe 'GET #discussions' do
    let!(:discussion) { create(:discussion_note_on_issue, noteable: issue, project: issue.project) }
996
    context 'when authenticated' do
997
      before do
998 999
        project.add_developer(user)
        sign_in(user)
1000 1001
      end

1002
      it 'returns discussion json' do
1003 1004
        get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid

Felipe Artur's avatar
Felipe Artur committed
1005
        expect(json_response.first.keys).to match_array(%w[id reply_id expanded notes diff_discussion discussion_path individual_note resolvable resolved resolved_at resolved_by resolved_by_push commit_id for_commit project_id])
1006 1007
      end

1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030
      it 'renders the author status html if there is a status' do
        create(:user_status, user: discussion.author)

        get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid

        note_json = json_response.first['notes'].first

        expect(note_json['author']['status_tooltip_html']).to be_present
      end

      it 'does not cause an extra query for the status' do
        control = ActiveRecord::QueryRecorder.new do
          get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid
        end

        create(:user_status, user: discussion.author)
        second_discussion = create(:discussion_note_on_issue, noteable: issue, project: issue.project, author: create(:user))
        create(:user_status, user: second_discussion.author)

        expect { get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid }
          .not_to exceed_query_limit(control)
      end

1031 1032 1033 1034 1035 1036 1037
      context 'when user is setting notes filters' do
        let(:issuable) { issue }
        let!(:discussion_note) { create(:discussion_note_on_issue, :system, noteable: issuable, project: project) }

        it_behaves_like 'issuable notes filter'
      end

1038 1039 1040
      context 'with cross-reference system note', :request_store do
        let(:new_issue) { create(:issue) }
        let(:cross_reference) { "mentioned in #{new_issue.to_reference(issue.project)}" }
1041

1042 1043 1044
        before do
          create(:discussion_note_on_issue, :system, noteable: issue, project: issue.project, note: cross_reference)
        end
1045

1046
        it 'filters notes that the user should not see' do
1047 1048
          get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid

1049 1050
          expect(JSON.parse(response.body).count).to eq(1)
        end
1051

1052 1053 1054
        it 'does not result in N+1 queries' do
          # Instantiate the controller variables to ensure QueryRecorder has an accurate base count
          get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid
1055

1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067
          RequestStore.clear!

          control_count = ActiveRecord::QueryRecorder.new do
            get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid
          end.count

          RequestStore.clear!

          create_list(:discussion_note_on_issue, 2, :system, noteable: issue, project: issue.project, note: cross_reference)

          expect { get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid }.not_to exceed_query_limit(control_count)
        end
1068 1069
      end
    end
1070
  end
1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106

  context 'private project with token authentication' do
    let(:private_project) { create(:project, :private) }

    it_behaves_like 'authenticates sessionless user', :index, :atom do
      before do
        default_params.merge!(project_id: private_project, namespace_id: private_project.namespace)

        private_project.add_maintainer(user)
      end
    end

    it_behaves_like 'authenticates sessionless user', :calendar, :ics do
      before do
        default_params.merge!(project_id: private_project, namespace_id: private_project.namespace)

        private_project.add_maintainer(user)
      end
    end
  end

  context 'public project with token authentication' do
    let(:public_project) { create(:project, :public) }

    it_behaves_like 'authenticates sessionless user', :index, :atom, public: true do
      before do
        default_params.merge!(project_id: public_project, namespace_id: public_project.namespace)
      end
    end

    it_behaves_like 'authenticates sessionless user', :calendar, :ics, public: true do
      before do
        default_params.merge!(project_id: public_project, namespace_id: public_project.namespace)
      end
    end
  end
1107
end