Skip to content

G
gitlab-ce
Commit 4bcd5c6e authored by Manoj M J's avatar Manoj M J Committed by Max Woolf
Browse files
Options

Async auth refresh during member destroy

parent af9e7094
Hide whitespace changes
Inline Side-by-side
Showing with 268 additions and 124 deletions
app/models/member.rb
View file @ 4bcd5c6e
......@@ -178,7 +178,13 @@ class Member < ApplicationRecord
after_destroy :post_destroy_hook, unless: :pending?, if: :hook_prerequisites_met?
after_save :log_invitation_token_cleanup
after_commit :refresh_member_authorized_projects, unless: :importing?
after_commit on: [:create, :update], unless: :importing? do
refresh_member_authorized_projects(blocking: true)
end
after_commit on: [:destroy], unless: :importing? do
refresh_member_authorized_projects(blocking: Feature.disabled?(:member_destroy_async_auth_refresh, type: :ops))
end
default_value_for :notification_level, NotificationSetting.levels[:global]
......@@ -395,8 +401,8 @@ class Member < ApplicationRecord
# transaction has been committed, resulting in the job either throwing an
# error or not doing any meaningful work.
# rubocop: disable CodeReuse/ServiceClass
def refresh_member_authorized_projects
UserProjectAccessChangedService.new(user_id).execute
def refresh_member_authorized_projects(blocking:)
UserProjectAccessChangedService.new(user_id).execute(blocking: blocking)
end
# rubocop: enable CodeReuse/ServiceClass
......
app/models/members/group_member.rb
View file @ 4bcd5c6e
......@@ -50,8 +50,10 @@ class GroupMember < Member
{ group: group }
end
private
override :refresh_member_authorized_projects
def refresh_member_authorized_projects
def refresh_member_authorized_projects(blocking:)
# Here, `destroyed_by_association` will be present if the
# GroupMember is being destroyed due to the `dependent: :destroy`
# callback on Group. In this case, there is no need to refresh the
......@@ -63,8 +65,6 @@ class GroupMember < Member
super
end
private
def access_level_inclusion
return if access_level.in?(Gitlab::Access.all_values)
......
app/models/members/project_member.rb
View file @ 4bcd5c6e
......@@ -90,24 +90,28 @@ class ProjectMember < Member
{ project: project }
end
private
override :refresh_member_authorized_projects
def refresh_member_authorized_projects
def refresh_member_authorized_projects(blocking:)
return super unless Feature.enabled?(:specialized_service_for_project_member_auth_refresh)
return unless user
# rubocop:disable CodeReuse/ServiceClass
AuthorizedProjectUpdate::ProjectRecalculatePerUserService.new(project, user).execute
if blocking
AuthorizedProjectUpdate::ProjectRecalculatePerUserService.new(project, user).execute
else
AuthorizedProjectUpdate::ProjectRecalculatePerUserWorker.perform_async(project.id, user.id)
end
# Until we compare the inconsistency rates of the new, specialized service and
# the old approach, we still run AuthorizedProjectsWorker
# but with some delay and lower urgency as a safety net.
UserProjectAccessChangedService.new(user_id)
.execute(blocking: false, priority: UserProjectAccessChangedService::LOW_PRIORITY)
.execute(blocking: false, priority: UserProjectAccessChangedService::LOW_PRIORITY)
# rubocop:enable CodeReuse/ServiceClass
end
private
def send_invite
run_after_commit_or_now { notification_service.invite_project_member(self, @raw_invite_token) }
......
app/workers/all_queues.yml
View file @ 4bcd5c6e
......@@ -30,6 +30,15 @@
:weight: 1
:idempotent: true
:tags: []
- :name: authorized_project_update:authorized_project_update_project_recalculate_per_user
:worker_name: AuthorizedProjectUpdate::ProjectRecalculatePerUserWorker
:feature_category: :authentication_and_authorization
:has_external_dependencies:
:urgency: :high
:resource_boundary: :unknown
:weight: 1
:idempotent: true
:tags: []
- :name: authorized_project_update:authorized_project_update_user_refresh_from_replica
:worker_name: AuthorizedProjectUpdate::UserRefreshFromReplicaWorker
:feature_category: :authentication_and_authorization
......
app/workers/authorized_project_update/project_recalculate_per_user_worker.rb 0 → 100644
View file @ 4bcd5c6e
# frozen_string_literal: true
module AuthorizedProjectUpdate
class ProjectRecalculatePerUserWorker < ProjectRecalculateWorker
data_consistency :always
feature_category :authentication_and_authorization
urgency :high
queue_namespace :authorized_project_update
deduplicate :until_executing, including_scheduled: true
idempotent!
def perform(project_id, user_id)
project = Project.find_by_id(project_id)
user = User.find_by_id(user_id)
return unless project && user
in_lock(lock_key(project), ttl: 10.seconds) do
AuthorizedProjectUpdate::ProjectRecalculatePerUserService.new(project, user).execute
end
end
end
end
app/workers/authorized_project_update/project_recalculate_worker.rb
View file @ 4bcd5c6e
......@@ -26,7 +26,9 @@ module AuthorizedProjectUpdate
private
def lock_key(project)
"#{self.class.name.underscore}/projects/#{project.id}"
# The self.class.name.underscore value is hardcoded here as the prefix, so that the same
# lock_key for this superclass will be used by the ProjectRecalculatePerUserWorker subclass.
"authorized_project_update/project_recalculate_worker/projects/#{project.id}"
end
end
end
config/feature_flags/ops/member_destroy_async_auth_refresh.yml 0 → 100644
View file @ 4bcd5c6e
---
name: member_destroy_async_auth_refresh
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/66424
rollout_issue_url:
milestone: '14.4'
type: ops
group: group::access
default_enabled: false
ee/spec/lib/ee/gitlab/auth/ldap/sync/group_spec.rb
View file @ 4bcd5c6e
......@@ -282,7 +282,7 @@ RSpec.describe EE::Gitlab::Auth::Ldap::Sync::Group do
.to eq(::Gitlab::Access::OWNER)
end
it 'updates projects authorizations' do
it 'updates projects authorizations', :sidekiq_inline do
project = create(:project, namespace: group)
group.add_user(user, Gitlab::Access::MAINTAINER)
......
ee/spec/models/approval_state_spec.rb
View file @ 4bcd5c6e
......@@ -1336,7 +1336,7 @@ RSpec.describe ApprovalState do
expect(subject.can_approve?(nil)).to be_falsey
end
context 'when an approver does not have access to the merge request' do
context 'when an approver does not have access to the merge request', :sidekiq_inline do
before do
project.members.find_by(user_id: developer.id).destroy!
end
......
ee/spec/services/todo_service_spec.rb
View file @ 4bcd5c6e
......@@ -324,7 +324,7 @@ RSpec.describe TodoService do
let(:project) { create(:project, :private, :repository) }
let(:merge_request) { create(:merge_request, source_project: project, author: author) }
context 'an approver has lost access to the project' do
context 'an approver has lost access to the project', :sidekiq_inline do
before do
create(:approver, user: non_member, target: project)
project.members.find_by(user_id: non_member.id).destroy
......
spec/controllers/projects/branches_controller_spec.rb
View file @ 4bcd5c6e
......@@ -239,7 +239,7 @@ RSpec.describe Projects::BranchesController do
end
end
context 'without issue feature access' do
context 'without issue feature access', :sidekiq_inline do
before do
project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE)
......
spec/controllers/projects/compare_controller_spec.rb
View file @ 4bcd5c6e
......@@ -409,7 +409,7 @@ RSpec.describe Projects::CompareController do
end
end
context 'when the user does not have access to the project' do
context 'when the user does not have access to the project', :sidekiq_inline do
before do
project.team.truncate
project.update!(visibility: 'private')
......
spec/graphql/types/project_type_spec.rb
View file @ 4bcd5c6e
......@@ -186,7 +186,7 @@ RSpec.describe GitlabSchema.types['Project'] do
expect(analyzer['enabled']).to eq(true)
end
context "with guest user" do
context 'with guest user' do
before do
project.add_guest(user)
end
......@@ -194,7 +194,7 @@ RSpec.describe GitlabSchema.types['Project'] do
context 'when project is private' do
let(:project) { create(:project, :private, :repository) }
it "returns no configuration" do
it 'returns no configuration' do
secure_analyzers_prefix = subject.dig('data', 'project', 'sastCiConfiguration')
expect(secure_analyzers_prefix).to be_nil
end
......@@ -214,7 +214,7 @@ RSpec.describe GitlabSchema.types['Project'] do
end
end
context "with non-member user" do
context 'with non-member user', :sidekiq_inline do
before do
project.team.truncate
end
......@@ -222,7 +222,7 @@ RSpec.describe GitlabSchema.types['Project'] do
context 'when project is private' do
let(:project) { create(:project, :private, :repository) }
it "returns no configuration" do
it 'returns no configuration' do
secure_analyzers_prefix = subject.dig('data', 'project', 'sastCiConfiguration')
expect(secure_analyzers_prefix).to be_nil
end
......@@ -240,7 +240,7 @@ RSpec.describe GitlabSchema.types['Project'] do
end
context 'when repository is accessible only by team members' do
it "returns no configuration" do
it 'returns no configuration' do
project.project_feature.update!(
merge_requests_access_level: ProjectFeature::DISABLED,
builds_access_level: ProjectFeature::DISABLED,
......
spec/lib/gitlab/middleware/go_spec.rb
View file @ 4bcd5c6e
......@@ -98,7 +98,7 @@ RSpec.describe Gitlab::Middleware::Go do
end
end
context 'without access to the project' do
context 'without access to the project', :sidekiq_inline do
before do
project.team.find_member(current_user).destroy
end
......
spec/lib/gitlab/slash_commands/issue_move_spec.rb
View file @ 4bcd5c6e
......@@ -95,7 +95,7 @@ RSpec.describe Gitlab::SlashCommands::IssueMove, service: true do
end
end
context 'when the user cannot see the target project' do
context 'when the user cannot see the target project', :sidekiq_inline do
it 'returns not found' do
message = "issue move #{issue.iid} #{other_project.full_path}"
other_project.team.truncate
......
spec/models/member_spec.rb
View file @ 4bcd5c6e
......@@ -7,11 +7,11 @@ RSpec.describe Member do
using RSpec::Parameterized::TableSyntax
describe "Associations" do
describe 'Associations' do
it { is_expected.to belong_to(:user) }
end
describe "Validation" do
describe 'Validation' do
subject { described_class.new(access_level: Member::GUEST) }
it { is_expected.to validate_presence_of(:user) }
......@@ -28,7 +28,7 @@ RSpec.describe Member do
subject { build(:project_member) }
end
context "when an invite email is provided" do
context 'when an invite email is provided' do
let_it_be(:project) { create(:project) }
let(:member) { build(:project_member, source: project, invite_email: "user@example.com", user: nil) }
......@@ -37,29 +37,29 @@ RSpec.describe Member do
expect(member).to be_valid
end
it "requires a valid invite email" do
it 'requires a valid invite email' do
member.invite_email = "nope"
expect(member).not_to be_valid
end
it "requires a unique invite email scoped to this source" do
it 'requires a unique invite email scoped to this source' do
create(:project_member, source: member.source, invite_email: member.invite_email)
expect(member).not_to be_valid
end
end
context "when an invite email is not provided" do
context 'when an invite email is not provided' do
let(:member) { build(:project_member) }
it "requires a user" do
it 'requires a user' do
member.user = nil
expect(member).not_to be_valid
end
it "is valid otherwise" do
it 'is valid otherwise' do
expect(member).to be_valid
end
end
......@@ -107,13 +107,13 @@ RSpec.describe Member do
end
end
context "when a child member inherits its access level" do
context 'when a child member inherits its access level' do
let(:user) { create(:user) }
let(:member) { create(:group_member, :developer, user: user) }
let(:child_group) { create(:group, parent: member.group) }
let(:child_member) { build(:group_member, group: child_group, user: user) }
it "requires a higher level" do
it 'requires a higher level' do
child_member.access_level = GroupMember::REPORTER
child_member.validate
......@@ -123,7 +123,7 @@ RSpec.describe Member do
# Membership in a subgroup confers certain access rights, such as being
# able to merge or push code to protected branches.
it "is valid with an equal level" do
it 'is valid with an equal level' do
child_member.access_level = GroupMember::DEVELOPER
child_member.validate
......@@ -131,7 +131,7 @@ RSpec.describe Member do
expect(child_member).to be_valid
end
it "is valid with a higher level" do
it 'is valid with a higher level' do
child_member.access_level = GroupMember::MAINTAINER
child_member.validate
......@@ -538,7 +538,7 @@ RSpec.describe Member do
end
end
describe "Delegate methods" do
describe 'Delegate methods' do
it { is_expected.to respond_to(:user_name) }
it { is_expected.to respond_to(:user_email) }
end
......@@ -608,29 +608,29 @@ RSpec.describe Member do
end
end
describe "#accept_invite!" do
describe '#accept_invite!' do
let!(:member) { create(:project_member, invite_email: "user@example.com", user: nil) }
let(:user) { create(:user) }
it "resets the invite token" do
it 'resets the invite token' do
member.accept_invite!(user)
expect(member.invite_token).to be_nil
end
it "sets the invite accepted timestamp" do
it 'sets the invite accepted timestamp' do
member.accept_invite!(user)
expect(member.invite_accepted_at).not_to be_nil
end
it "sets the user" do
it 'sets the user' do
member.accept_invite!(user)
expect(member.user).to eq(user)
end
it "calls #after_accept_invite" do
it 'calls #after_accept_invite' do
expect(member).to receive(:after_accept_invite)
member.accept_invite!(user)
......@@ -657,26 +657,26 @@ RSpec.describe Member do
end
end
describe "#decline_invite!" do
describe '#decline_invite!' do
let!(:member) { create(:project_member, invite_email: "user@example.com", user: nil) }
it "destroys the member" do
it 'destroys the member' do
member.decline_invite!
expect(member).to be_destroyed
end
it "calls #after_decline_invite" do
it 'calls #after_decline_invite' do
expect(member).to receive(:after_decline_invite)
member.decline_invite!
end
end
describe "#generate_invite_token" do
describe '#generate_invite_token' do
let!(:member) { create(:project_member, invite_email: "user@example.com", user: nil) }
it "sets the invite token" do
it 'sets the invite token' do
expect { member.generate_invite_token }.to change { member.invite_token }
end
end
......@@ -684,12 +684,12 @@ RSpec.describe Member do
describe 'generate invite token on create' do
let!(:member) { build(:project_member, invite_email: "user@example.com") }
it "sets the invite token" do
it 'sets the invite token' do
expect { member.save! }.to change { member.invite_token }.to(kind_of(String))
end
context 'when invite was already accepted' do
it "does not set invite token" do
it 'does not set invite token' do
member.invite_accepted_at = 1.day.ago
expect { member.save! }.not_to change { member.invite_token }.from(nil)
......@@ -744,7 +744,7 @@ RSpec.describe Member do
end
end
describe "#invite_to_unknown_user?" do
describe '#invite_to_unknown_user?' do
subject { member.invite_to_unknown_user? }
let(:member) { create(:project_member, invite_email: "user@example.com", invite_token: '1234', user: user) }
......@@ -762,7 +762,7 @@ RSpec.describe Member do
end
end
describe "destroying a record", :delete do
describe 'destroying a record', :delete, :sidekiq_inline do
it "refreshes user's authorized projects" do
project = create(:project, :private)
user = create(:user)
......
spec/models/members/project_member_spec.rb
View file @ 4bcd5c6e
......@@ -244,12 +244,32 @@ RSpec.describe ProjectMember do
project.add_user(user, Gitlab::Access::GUEST)
end
it 'changes access level' do
expect { action }.to change { user.can?(:guest_access, project) }.from(true).to(false)
context 'when :member_destroy_async_auth_refresh feature flag is enabled' do
it 'changes access level', :sidekiq_inline do
expect { action }.to change { user.can?(:guest_access, project) }.from(true).to(false)
end
it 'calls AuthorizedProjectUpdate::ProjectRecalculatePerUserWorker to recalculate authorizations' do
expect(AuthorizedProjectUpdate::ProjectRecalculatePerUserWorker).to receive(:perform_async).with(project.id, user.id)
action
end
it_behaves_like 'calls AuthorizedProjectUpdate::UserRefreshFromReplicaWorker with a delay to update project authorizations'
end
it_behaves_like 'calls AuthorizedProjectUpdate::ProjectRecalculatePerUserService to recalculate authorizations'
it_behaves_like 'calls AuthorizedProjectUpdate::UserRefreshFromReplicaWorker with a delay to update project authorizations'
context 'when :member_destroy_async_auth_refresh feature flag is disabled' do
before do
stub_feature_flags(member_destroy_async_auth_refresh: false)
end
it 'changes access level' do
expect { action }.to change { user.can?(:guest_access, project) }.from(true).to(false)
end
it_behaves_like 'calls AuthorizedProjectUpdate::ProjectRecalculatePerUserService to recalculate authorizations'
it_behaves_like 'calls AuthorizedProjectUpdate::UserRefreshFromReplicaWorker with a delay to update project authorizations'
end
end
context 'when the feature flag `specialized_service_for_project_member_auth_refresh` is disabled' do
......@@ -298,7 +318,7 @@ RSpec.describe ProjectMember do
project.add_user(user, Gitlab::Access::GUEST)
end
it 'changes access level' do
it 'changes access level', :sidekiq_inline do
expect { action }.to change { user.can?(:guest_access, project) }.from(true).to(false)
end
......
spec/models/user_spec.rb
View file @ 4bcd5c6e
......@@ -123,7 +123,7 @@ RSpec.describe User do
it { is_expected.to have_many(:callouts).class_name('UserCallout') }
it { is_expected.to have_many(:group_callouts).class_name('Users::GroupCallout') }
describe "#user_detail" do
describe '#user_detail' do
it 'does not persist `user_detail` by default' do
expect(create(:user).user_detail).not_to be_persisted
end
......@@ -160,25 +160,25 @@ RSpec.describe User do
end
end
describe "#abuse_report" do
describe '#abuse_report' do
let(:current_user) { create(:user) }
let(:other_user) { create(:user) }
it { is_expected.to have_one(:abuse_report) }
it "refers to the abuse report whose user_id is the current user" do
it 'refers to the abuse report whose user_id is the current user' do
abuse_report = create(:abuse_report, reporter: other_user, user: current_user)
expect(current_user.abuse_report).to eq(abuse_report)
end
it "does not refer to the abuse report whose reporter_id is the current user" do
it 'does not refer to the abuse report whose reporter_id is the current user' do
create(:abuse_report, reporter: current_user, user: other_user)
expect(current_user.abuse_report).to be_nil
end
it "does not update the user_id of an abuse report when the user is updated" do
it 'does not update the user_id of an abuse report when the user is updated' do
abuse_report = create(:abuse_report, reporter: current_user, user: other_user)
current_user.block
......@@ -715,7 +715,7 @@ RSpec.describe User do
end
end
describe "scopes" do
describe 'scopes' do
context 'blocked users' do
let_it_be(:active_user) { create(:user) }
let_it_be(:blocked_user) { create(:user, :blocked) }
......@@ -753,8 +753,8 @@ RSpec.describe User do
end
end
describe ".with_two_factor" do
it "returns users with 2fa enabled via OTP" do
describe '.with_two_factor' do
it 'returns users with 2fa enabled via OTP' do
user_with_2fa = create(:user, :two_factor_via_otp)
user_without_2fa = create(:user)
users_with_two_factor = described_class.with_two_factor.pluck(:id)
......@@ -763,8 +763,8 @@ RSpec.describe User do
expect(users_with_two_factor).not_to include(user_without_2fa.id)
end
shared_examples "returns the right users" do |trait|
it "returns users with 2fa enabled via hardware token" do
shared_examples 'returns the right users' do |trait|
it 'returns users with 2fa enabled via hardware token' do
user_with_2fa = create(:user, trait)
user_without_2fa = create(:user)
users_with_two_factor = described_class.with_two_factor.pluck(:id)
......@@ -773,7 +773,7 @@ RSpec.describe User do
expect(users_with_two_factor).not_to include(user_without_2fa.id)
end
it "returns users with 2fa enabled via OTP and hardware token" do
it 'returns users with 2fa enabled via OTP and hardware token' do
user_with_2fa = create(:user, :two_factor_via_otp, trait)
user_without_2fa = create(:user)
users_with_two_factor = described_class.with_two_factor.pluck(:id)
......@@ -791,17 +791,17 @@ RSpec.describe User do
end
end
describe "and U2F" do
describe 'and U2F' do
it_behaves_like "returns the right users", :two_factor_via_u2f
end
describe "and WebAuthn" do
describe 'and WebAuthn' do
it_behaves_like "returns the right users", :two_factor_via_webauthn
end
end
describe ".without_two_factor" do
it "excludes users with 2fa enabled via OTP" do
describe '.without_two_factor' do
it 'excludes users with 2fa enabled via OTP' do
user_with_2fa = create(:user, :two_factor_via_otp)
user_without_2fa = create(:user)
users_without_two_factor = described_class.without_two_factor.pluck(:id)
......@@ -810,8 +810,8 @@ RSpec.describe User do
expect(users_without_two_factor).not_to include(user_with_2fa.id)
end
describe "and u2f" do
it "excludes users with 2fa enabled via U2F" do
describe 'and u2f' do
it 'excludes users with 2fa enabled via U2F' do
user_with_2fa = create(:user, :two_factor_via_u2f)
user_without_2fa = create(:user)
users_without_two_factor = described_class.without_two_factor.pluck(:id)
......@@ -820,7 +820,7 @@ RSpec.describe User do
expect(users_without_two_factor).not_to include(user_with_2fa.id)
end
it "excludes users with 2fa enabled via OTP and U2F" do
it 'excludes users with 2fa enabled via OTP and U2F' do
user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_u2f)
user_without_2fa = create(:user)
users_without_two_factor = described_class.without_two_factor.pluck(:id)
......@@ -830,8 +830,8 @@ RSpec.describe User do
end
end
describe "and webauthn" do
it "excludes users with 2fa enabled via WebAuthn" do
describe 'and webauthn' do
it 'excludes users with 2fa enabled via WebAuthn' do
user_with_2fa = create(:user, :two_factor_via_webauthn)
user_without_2fa = create(:user)
users_without_two_factor = described_class.without_two_factor.pluck(:id)
......@@ -840,7 +840,7 @@ RSpec.describe User do
expect(users_without_two_factor).not_to include(user_with_2fa.id)
end
it "excludes users with 2fa enabled via OTP and WebAuthn" do
it 'excludes users with 2fa enabled via OTP and WebAuthn' do
user_with_2fa = create(:user, :two_factor_via_otp, :two_factor_via_webauthn)
user_without_2fa = create(:user)
users_without_two_factor = described_class.without_two_factor.pluck(:id)
......@@ -1073,7 +1073,7 @@ RSpec.describe User do
end
end
describe "Respond to" do
describe 'Respond to' do
it { is_expected.to respond_to(:admin?) }
it { is_expected.to respond_to(:name) }
it { is_expected.to respond_to(:external?) }
......@@ -1095,7 +1095,7 @@ RSpec.describe User do
let(:user) { create(:user) }
let(:external_user) { create(:user, external: true) }
it "sets other properties as well" do
it 'sets other properties as well' do
expect(external_user.can_create_team).to be_falsey
expect(external_user.can_create_group).to be_falsey
expect(external_user.projects_limit).to be 0
......@@ -1514,7 +1514,7 @@ RSpec.describe User do
end
describe '#generate_password' do
it "does not generate password by default" do
it 'does not generate password by default' do
user = create(:user, password: 'abcdefghe')
expect(user.password).to eq('abcdefghe')
......@@ -1882,14 +1882,14 @@ RSpec.describe User do
describe 'deactivating a user' do
let(:user) { create(:user, name: 'John Smith') }
context "an active user" do
it "can be deactivated" do
context 'an active user' do
it 'can be deactivated' do
user.deactivate
expect(user.deactivated?).to be_truthy
end
context "when user deactivation emails are disabled" do
context 'when user deactivation emails are disabled' do
before do
stub_application_setting(user_deactivation_emails_enabled: false)
end
......@@ -1900,7 +1900,7 @@ RSpec.describe User do
end
end
context "when user deactivation emails are enabled" do
context 'when user deactivation emails are enabled' do
it 'sends deactivated user an email' do
expect_next_instance_of(NotificationService) do |notification|
allow(notification).to receive(:user_deactivated).with(user.name, user.notification_email_or_default)
......@@ -1911,12 +1911,12 @@ RSpec.describe User do
end
end
context "a user who is blocked" do
context 'a user who is blocked' do
before do
user.block
end
it "cannot be deactivated" do
it 'cannot be deactivated' do
user.deactivate
expect(user.reload.deactivated?).to be_falsy
......@@ -2083,7 +2083,7 @@ RSpec.describe User do
describe 'with defaults' do
let(:user) { described_class.new }
it "applies defaults to user" do
it 'applies defaults to user' do
expect(user.projects_limit).to eq(Gitlab.config.gitlab.default_projects_limit)
expect(user.can_create_group).to eq(Gitlab.config.gitlab.default_can_create_group)
expect(user.theme_id).to eq(Gitlab.config.gitlab.default_theme)
......@@ -2095,7 +2095,7 @@ RSpec.describe User do
describe 'with default overrides' do
let(:user) { described_class.new(projects_limit: 123, can_create_group: false, can_create_team: true) }
it "applies defaults to user" do
it 'applies defaults to user' do
expect(user.projects_limit).to eq(123)
expect(user.can_create_group).to be_falsey
expect(user.theme_id).to eq(1)
......@@ -2114,7 +2114,7 @@ RSpec.describe User do
stub_application_setting(user_default_external: true)
end
it "creates external user by default" do
it 'creates external user by default' do
user = create(:user)
expect(user.external).to be_truthy
......@@ -2123,7 +2123,7 @@ RSpec.describe User do
end
describe 'with default overrides' do
it "creates a non-external user" do
it 'creates a non-external user' do
user = create(:user, external: false)
expect(user.external).to be_falsey
......@@ -2139,7 +2139,7 @@ RSpec.describe User do
}
protocol_and_expectation.each do |protocol, expected|
it "has correct require_ssh_key?" do
it 'has correct require_ssh_key?' do
stub_application_setting(enabled_git_access_protocol: protocol)
user = build(:user)
......@@ -2615,7 +2615,7 @@ RSpec.describe User do
describe 'all_ssh_keys' do
it { is_expected.to have_many(:keys).dependent(:destroy) }
it "has all ssh keys" do
it 'has all ssh keys' do
user = create :user
key = create :key, key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD33bWLBxu48Sev9Fert1yzEO4WGcWglWF7K/AwblIUFselOt/QdOL9DSjpQGxLagO1s9wl53STIO8qGS4Ms0EJZyIXOEFMjFJ5xmjSy+S37By4sG7SsltQEHMxtbtFOaW5LV2wCrX+rUsRNqLMamZjgjcPO0/EgGCXIGMAYW4O7cwGZdXWYIhQ1Vwy+CsVMDdPkPgBXqK7nR/ey8KMs8ho5fMNgB5hBw/AL9fNGhRw3QTD6Q12Nkhl4VZES2EsZqlpNnJttnPdp847DUsT6yuLRlfiQfz5Cn9ysHFdXObMN5VYIiPFwHeYCZp1X2S4fDZooRE8uOLTfxWHPXwrhqSH", user_id: user.id
......@@ -2651,10 +2651,10 @@ RSpec.describe User do
end
end
describe "#clear_avatar_caches" do
describe '#clear_avatar_caches' do
let(:user) { create(:user) }
it "clears the avatar cache when saving" do
it 'clears the avatar cache when saving' do
allow(user).to receive(:avatar_changed?).and_return(true)
expect(Gitlab::AvatarCache).to receive(:delete_by_email).with(*user.verified_emails)
......@@ -3180,7 +3180,7 @@ RSpec.describe User do
end
end
describe "#last_active_at" do
describe '#last_active_at' do
let(:last_activity_on) { 5.days.ago.to_date }
let(:current_sign_in_at) { 8.days.ago }
......@@ -3218,7 +3218,7 @@ RSpec.describe User do
end
end
describe "#can_be_deactivated?" do
describe '#can_be_deactivated?' do
let(:activity) { {} }
let(:user) { create(:user, name: 'John Smith', **activity) }
let(:day_within_minium_inactive_days_threshold) { User::MINIMUM_INACTIVE_DAYS.pred.days.ago }
......@@ -3236,7 +3236,7 @@ RSpec.describe User do
end
end
context "a user who is not active" do
context 'a user who is not active' do
before do
user.block
end
......@@ -3277,7 +3277,7 @@ RSpec.describe User do
end
end
describe "#contributed_projects" do
describe '#contributed_projects' do
subject { create(:user) }
let!(:project1) { create(:project) }
......@@ -3292,11 +3292,11 @@ RSpec.describe User do
project2.add_maintainer(subject)
end
it "includes IDs for projects the user has pushed to" do
it 'includes IDs for projects the user has pushed to' do
expect(subject.contributed_projects).to include(project1)
end
it "includes IDs for projects the user has had merge requests merged into" do
it 'includes IDs for projects the user has had merge requests merged into' do
expect(subject.contributed_projects).to include(project3)
end
......@@ -3390,7 +3390,7 @@ RSpec.describe User do
end
end
describe "#recent_push" do
describe '#recent_push' do
let(:user) { build(:user) }
let(:project) { build(:project) }
let(:event) { build(:push_event) }
......@@ -3554,7 +3554,7 @@ RSpec.describe User do
expect(user.authorized_projects).to include(project)
end
it "includes personal projects user has been given access to" do
it 'includes personal projects user has been given access to' do
user1 = create(:user)
user2 = create(:user)
project = create(:project, :private, namespace: user1.namespace)
......@@ -3564,7 +3564,7 @@ RSpec.describe User do
expect(user2.authorized_projects).to include(project)
end
it "includes projects of groups user has been added to" do
it 'includes projects of groups user has been added to' do
group = create(:group)
project = create(:project, group: group)
user = create(:user)
......@@ -3574,7 +3574,7 @@ RSpec.describe User do
expect(user.authorized_projects).to include(project)
end
it "does not include projects of groups user has been removed from" do
it 'does not include projects of groups user has been removed from', :sidekiq_inline do
group = create(:group)
project = create(:project, group: group)
user = create(:user)
......@@ -3599,7 +3599,7 @@ RSpec.describe User do
expect(user.authorized_projects).to include(project)
end
it "does not include destroyed projects user had access to" do
it 'does not include destroyed projects user had access to' do
user1 = create(:user)
user2 = create(:user)
project = create(:project, :private, namespace: user1.namespace)
......@@ -3613,7 +3613,7 @@ RSpec.describe User do
expect(user2.authorized_projects).not_to include(project)
end
it "does not include projects of destroyed groups user had access to" do
it 'does not include projects of destroyed groups user had access to' do
group = create(:group)
project = create(:project, namespace: group)
user = create(:user)
......@@ -4166,7 +4166,7 @@ RSpec.describe User do
expect(user.admin).to be true
end
it "accepts string values in addition to symbols" do
it 'accepts string values in addition to symbols' do
user.access_level = 'admin'
expect(user.access_level).to eq(:admin)
......@@ -4247,7 +4247,7 @@ RSpec.describe User do
expect(ghost.user_type).to eq 'ghost'
end
it "does not create a second ghost user if one is already present" do
it 'does not create a second ghost user if one is already present' do
expect do
described_class.ghost
described_class.ghost
......@@ -4256,7 +4256,7 @@ RSpec.describe User do
end
context "when a regular user exists with the username 'ghost'" do
it "creates a ghost user with a non-conflicting username" do
it 'creates a ghost user with a non-conflicting username' do
create(:user, username: 'ghost')
ghost = described_class.ghost
......@@ -4266,7 +4266,7 @@ RSpec.describe User do
end
context "when a regular user exists with the email 'ghost@example.com'" do
it "creates a ghost user with a non-conflicting email" do
it 'creates a ghost user with a non-conflicting email' do
create(:user, email: 'ghost@example.com')
ghost = described_class.ghost
......@@ -4746,7 +4746,7 @@ RSpec.describe User do
it { is_expected.to be true }
end
context 'when email and username aren\'t changed' do
context "when email and username aren't changed" do
before do
user.name = 'new_name'
end
......@@ -5057,26 +5057,26 @@ RSpec.describe User do
subject { user.required_terms_not_accepted? }
context "when terms are not enforced" do
context 'when terms are not enforced' do
it { is_expected.to be_falsey }
end
context "when terms are enforced" do
context 'when terms are enforced' do
before do
enforce_terms
end
it "is not accepted by the user" do
it 'is not accepted by the user' do
expect(subject).to be_truthy
end
it "is accepted by the user" do
it 'is accepted by the user' do
accept_terms(user)
expect(subject).to be_falsey
end
it "auto accepts the term for project bots" do
it 'auto accepts the term for project bots' do
expect(project_bot.required_terms_not_accepted?).to be_falsey
end
end
......
spec/requests/api/package_files_spec.rb
View file @ 4bcd5c6e
......@@ -38,7 +38,7 @@ RSpec.describe API::PackageFiles do
expect(response).to have_gitlab_http_status(:not_found)
end
it 'returns 404 for a user without access to the project' do
it 'returns 404 for a user without access to the project', :sidekiq_inline do
project.team.truncate
get api(url, user)
......
spec/serializers/merge_request_poll_cached_widget_entity_spec.rb
View file @ 4bcd5c6e
......@@ -275,7 +275,7 @@ RSpec.describe MergeRequestPollCachedWidgetEntity do
expect(subject[:merge_pipeline]).to be_nil
end
context 'when is merged' do
context 'when is merged', :sidekiq_inline do
let(:resource) { create(:merged_merge_request, source_project: project, merge_commit_sha: project.commit.id) }
let(:pipeline) { create(:ci_empty_pipeline, project: project, ref: resource.target_branch, sha: resource.merge_commit_sha) }
......
spec/services/merge_requests/assign_issues_service_spec.rb
View file @ 4bcd5c6e
......@@ -17,7 +17,7 @@ RSpec.describe MergeRequests::AssignIssuesService do
expect(service.assignable_issues.map(&:id)).to include(issue.id)
end
it 'ignores issues the user cannot update assignee on' do
it 'ignores issues the user cannot update assignee on', :sidekiq_inline do
project.team.truncate
expect(service.assignable_issues).to be_empty
......
spec/services/merge_requests/build_service_spec.rb
View file @ 4bcd5c6e
......@@ -440,7 +440,7 @@ RSpec.describe MergeRequests::BuildService do
expect(merge_request.title).to eq('Closes #1234 Second commit')
end
it 'adds the remaining lines of the first multi-line commit message as the description' do
it 'adds the remaining lines of the first multi-line commit message as the description', :sidekiq_inline do
expect(merge_request.description).to eq('Create the app')
end
end
......
spec/services/merge_requests/push_options_handler_service_spec.rb
View file @ 4bcd5c6e
......@@ -701,7 +701,7 @@ RSpec.describe MergeRequests::PushOptionsHandlerService do
let(:push_options) { { create: true } }
let(:changes) { new_branch_changes }
it 'records an error' do
it 'records an error', :sidekiq_inline do
Members::DestroyService.new(user1).execute(ProjectMember.find_by!(user_id: user1.id))
service.execute
......
spec/services/notes/quick_actions_service_spec.rb
View file @ 4bcd5c6e
......@@ -47,7 +47,7 @@ RSpec.describe Notes::QuickActionsService do
let(:note_text) { "/relate #{other_issue.to_reference}" }
let(:note) { create(:note_on_issue, noteable: issue, project: project, note: note_text) }
context 'user cannot relate issues' do
context 'user cannot relate issues', :sidekiq_inline do
before do
project.team.find_member(maintainer.id).destroy!
project.update!(visibility: Gitlab::VisibilityLevel::PUBLIC)
......
spec/services/notification_service_spec.rb
View file @ 4bcd5c6e
......@@ -3155,7 +3155,7 @@ RSpec.describe NotificationService, :mailer do
notification.pipeline_finished(pipeline)
end
it 'does not send emails' do
it 'does not send emails', :sidekiq_inline do
should_not_email_anyone
end
end
......
spec/services/projects/move_access_service_spec.rb
View file @ 4bcd5c6e
......@@ -26,7 +26,7 @@ RSpec.describe Projects::MoveAccessService do
describe '#execute' do
shared_examples 'move the accesses' do
it do
it 'moves the accesses', :sidekiq_inline do
expect(project_with_access.project_members.count).to eq 4
expect(project_with_access.project_group_links.count).to eq 3
expect(project_with_access.authorized_users.count).to eq 4
......
spec/workers/authorized_project_update/project_recalculate_per_user_worker_spec.rb 0 → 100644
View file @ 4bcd5c6e
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe AuthorizedProjectUpdate::ProjectRecalculatePerUserWorker do
include ExclusiveLeaseHelpers
let_it_be(:project) { create(:project) }
let_it_be(:user) { create(:user) }
subject(:worker) { described_class.new }
include_examples 'an idempotent worker' do
let(:job_args) { [project.id, user.id] }
it 'does not change authorizations when run twice' do
project.add_developer(user)
user.project_authorizations.delete_all
expect { worker.perform(project.id, user.id) }.to change { project.project_authorizations.reload.size }.by(1)
expect { worker.perform(project.id, user.id) }.not_to change { project.project_authorizations.reload.size }
end
end
describe '#perform' do
it 'does not fail if the project does not exist' do
expect do
worker.perform(non_existing_record_id, user.id)
end.not_to raise_error
end
it 'does not fail if the user does not exist' do
expect do
worker.perform(project.id, non_existing_record_id)
end.not_to raise_error
end
it 'calls AuthorizedProjectUpdate::ProjectRecalculatePerUserService' do
expect_next_instance_of(AuthorizedProjectUpdate::ProjectRecalculatePerUserService, project, user) do |service|
expect(service).to receive(:execute)
end
worker.perform(project.id, user.id)
end
context 'exclusive lease' do
let(:lock_key) { "#{described_class.superclass.name.underscore}/projects/#{project.id}" }
let(:timeout) { 10.seconds }
context 'when exclusive lease has not been taken' do
it 'obtains a new exclusive lease' do
expect_to_obtain_exclusive_lease(lock_key, timeout: timeout)
worker.perform(project.id, user.id)
end
end
context 'when exclusive lease has already been taken' do
before do
stub_exclusive_lease_taken(lock_key, timeout: timeout)
end
it 'raises an error' do
expect { worker.perform(project.id, user.id) }.to raise_error(Gitlab::ExclusiveLeaseHelpers::FailedToObtainLockError)
end
end
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7