Merge branch 'sh-update-rack-2.1.4' into 'master'

Update to Rack v2.1.4 See merge request gitlab-org/gitlab!44518

Merge branch 'sh-update-rack-2.1.4' into 'master'
Update to Rack v2.1.4 See merge request gitlab-org/gitlab!44518
5b8bb87a · Dmytro Zaporozhets (DZ) · 30053faa · 7201c153 · 5b8bb87a · 5b8bb87a
Commit 5b8bb87a authored Oct 13, 2020 by Dmytro Zaporozhets (DZ)
11 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -172,7 +172,7 @@ gem 'diffy', '~> 3.3'
 gem 'diff_match_patch', '~> 0.1.0'

 # Application server
-gem 'rack', '~> 2.0.9'
+gem 'rack', '~> 2.1.4'
 # https://github.com/sharpstone/rack-timeout/blob/master/README.md#rails-apps-manually
 gem 'rack-timeout', '~> 0.5.1', require: 'rack/timeout/base'


--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -852,7 +852,7 @@ GEM
    public_suffix (4.0.3)
    pyu-ruby-sasl (0.0.3.3)
    raabro (1.1.6)
-    rack (2.0.9)
+    rack (2.1.4)
    rack-accept (0.4.5)
      rack (>= 0.4)
    rack-attack (6.3.0)
@@ -1423,7 +1423,7 @@ DEPENDENCIES
  prometheus-client-mmap (~> 0.12.0)
  pry-byebug (~> 3.9.0)
  pry-rails (~> 0.3.9)
-  rack (~> 2.0.9)
+  rack (~> 2.1.4)
  rack-attack (~> 6.3.0)
  rack-cors (~> 1.0.6)
  rack-oauth2 (~> 1.9.3)

--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -171,7 +171,7 @@ class Admin::UsersController < Admin::ApplicationController
        # restore username to keep form action url.
        user.username = params[:id]
        format.html { render "edit" }
-        format.json { render json: [result[:message]], status: result[:status] }
+        format.json { render json: [result[:message]], status: :internal_server_error }
      end
    end
  end

--- a/app/controllers/projects/merge_requests/drafts_controller.rb
+++ b/app/controllers/projects/merge_requests/drafts_controller.rb
@@ -45,7 +45,7 @@ class Projects::MergeRequests::DraftsController < Projects::MergeRequests::Appli
    if result[:status] == :success
      head :ok
    else
-      render json: { message: result[:message] }, status: result[:status]
+      render json: { message: result[:message] }, status: :internal_server_error
    end
  end


--- a/changelogs/unreleased/sh-update-rack-2-1-4.yml
+++ b/changelogs/unreleased/sh-update-rack-2-1-4.yml
+---
+title: Update to Rack v2.1.4
+merge_request: 44518
+author:
+type: fixed
--- a/lib/api/ci/runner.rb
+++ b/lib/api/ci/runner.rb
@@ -72,6 +72,7 @@ module API
        post '/verify' do
          authenticate_runner!
          status 200
+          body "200"
        end
      end

@@ -183,6 +184,7 @@ module API
          service.execute.then do |result|
            header 'X-GitLab-Trace-Update-Interval', result.backoff
            status result.status
+            body result.status.to_s
          end
        end

@@ -293,6 +295,7 @@ module API

          if result[:status] == :success
            status :created
+            body "201"
          else
            render_api_error!(result[:message], result[:http_status])
          end

--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -522,7 +522,7 @@ module API
      else
        header(*Gitlab::Workhorse.send_url(file.url))
        status :ok
-        body
+        body ""
      end
    end


--- a/lib/api/internal/lfs.rb
+++ b/lib/api/internal/lfs.rb
@@ -44,7 +44,7 @@ module API
              workhorse_headers = Gitlab::Workhorse.send_url(file.url)
              header workhorse_headers[0], workhorse_headers[1]
              env['api.format'] = :binary
-              body nil
+              body ""
            end
          end
        end

--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -327,7 +327,7 @@ RSpec.describe Admin::UsersController do

  describe 'POST update' do
    context 'when the password has changed' do
-      def update_password(user, password = User.random_password, password_confirmation = password)
+      def update_password(user, password = User.random_password, password_confirmation = password, format = :html)
        params = {
          id: user.to_param,
          user: {
@@ -336,7 +336,7 @@ RSpec.describe Admin::UsersController do
          }
        }

-        post :update, params: params
+        post :update, params: params, format: format
      end

      context 'when admin changes their own password' do
@@ -435,6 +435,23 @@ RSpec.describe Admin::UsersController do
            .not_to change { user.reload.encrypted_password }
        end
      end
+
+      context 'when the update fails' do
+        let(:password) { User.random_password }
+
+        before do
+          expect_next_instance_of(Users::UpdateService) do |service|
+            allow(service).to receive(:execute).and_return({ message: 'failed', status: :error })
+          end
+        end
+
+        it 'returns a 500 error' do
+          expect { update_password(admin, password, password, :json) }
+            .not_to change { admin.reload.password_expired? }
+
+          expect(response).to have_gitlab_http_status(:error)
+        end
+      end
    end

    context 'admin notes' do

--- a/spec/lib/gitlab/middleware/go_spec.rb
+++ b/spec/lib/gitlab/middleware/go_spec.rb
@@ -142,8 +142,8 @@ RSpec.describe Gitlab::Middleware::Go do
                        response = go

                        expect(response[0]).to eq(403)
-                        expect(response[1]['Content-Length']).to eq('0')
-                        expect(response[2].body).to eq([''])
+                        expect(response[1]['Content-Length']).to be_nil
+                        expect(response[2]).to eq([''])
                      end
                    end
                  end
@@ -187,10 +187,11 @@ RSpec.describe Gitlab::Middleware::Go do

          it 'returns 404' do
            response = go
+
            expect(response[0]).to eq(404)
            expect(response[1]['Content-Type']).to eq('text/html')
            expected_body = %{<html><body>go get #{Gitlab.config.gitlab.url}/#{project.full_path}</body></html>}
-            expect(response[2].body).to eq([expected_body])
+            expect(response[2]).to eq([expected_body])
          end
        end

@@ -262,7 +263,7 @@ RSpec.describe Gitlab::Middleware::Go do
      expect(response[0]).to eq(200)
      expect(response[1]['Content-Type']).to eq('text/html')
      expected_body = %{<html><head><meta name="go-import" content="#{Gitlab.config.gitlab.host}/#{path} git #{repository_url}" /><meta name="go-source" content="#{Gitlab.config.gitlab.host}/#{path} #{project_url} #{project_url}/-/tree/#{branch}{/dir} #{project_url}/-/blob/#{branch}{/dir}/{file}#L{line}" /></head><body>go get #{Gitlab.config.gitlab.url}/#{path}</body></html>}
-      expect(response[2].body).to eq([expected_body])
+      expect(response[2]).to eq([expected_body])
    end
  end
 end
--- a/spec/lib/gitlab/middleware/same_site_cookies_spec.rb
+++ b/spec/lib/gitlab/middleware/same_site_cookies_spec.rb
@@ -60,12 +60,12 @@ RSpec.describe Gitlab::Middleware::SameSiteCookies do
      end

      context 'with no cookies' do
-        let(:cookies) { nil }
+        let(:cookies) { "" }

        it 'does not add headers' do
          response = do_request

-          expect(response['Set-Cookie']).to be_nil
+          expect(response['Set-Cookie']).to eq("")
        end
      end