Prevent sync for ghosted user namespaces

6f14e36d · Vladlena Shumilo · Kerri Miller · 921fd6ab · 6f14e36d · 6f14e36d
Commit 6f14e36d authored Dec 16, 2021 by Vladlena Shumilo Committed by Kerri Miller Dec 16, 2021
4 changed files
--- a/ee/app/models/ee/namespace.rb
+++ b/ee/app/models/ee/namespace.rb
@@ -485,6 +485,7 @@ module EE
    def sync_name_with_customers_dot
      return unless ::Gitlab.com?
+      return if user_namespace? && owner.privatized_by_abuse_automation?
      ::Namespaces::SyncNamespaceNameWorker.perform_async(id)
    end

--- a/ee/app/models/ee/user.rb
+++ b/ee/app/models/ee/user.rb
@@ -436,6 +436,12 @@ module EE
      credit_card_validated_at.present?
    end
+    def privatized_by_abuse_automation?
+      # Prevent abuse automation names are expected to be in the format: ghost-:id-:id. Ex: ghost-123-4567
+      # More context: https://gitlab.com/gitlab-org/customers-gitlab-com/-/issues/3871 for more context on the
+      private_profile? && name.match?(/\Aghost-\d+-\d+\z/)
+    end
    protected
    override :password_required?

--- a/ee/spec/models/ee/namespace_spec.rb
+++ b/ee/spec/models/ee/namespace_spec.rb
@@ -359,11 +359,14 @@ RSpec.describe Namespace do
  describe 'after_commit :sync_name_with_customers_dot' do
    let(:namespace) { create(:group) }
+    let(:privatized_by_abuse_automation) { false }
    subject(:update_namespace) { namespace.update!(attributes) }
    before do
      allow(Gitlab).to receive(:com?).and_return(true)
+      allow(namespace.owner).to receive(:privatized_by_abuse_automation?)
+        .and_return(privatized_by_abuse_automation)
    end
    shared_examples 'no sync' do
@@ -374,6 +377,15 @@ RSpec.describe Namespace do
      end
    end
+    shared_examples 'sync' do
+      it 'triggers a name sync with CustomersDot' do
+        expect(::Namespaces::SyncNamespaceNameWorker).to receive(:perform_async)
+          .with(namespace.id).once
+        update_namespace
+      end
+    end
    context 'when the name is not updated' do
      let(:attributes) { { path: 'Foo' } }
@@ -394,14 +406,41 @@ RSpec.describe Namespace do
      context 'when project namespace' do
        let(:namespace) { create(:project_namespace) }
-        include_examples 'no sync'
+        context 'when the owner is privatized by abuse automation' do
+          let(:privatized_by_abuse_automation) { true }
+          include_examples 'no sync'
+        end
+        context 'when the owner is not privatized by abuse automation' do
+          include_examples 'no sync'
+        end
      end
-      it 'triggers a name sync with CustomersDot' do
+      context 'when group namespace' do
-        expect(::Namespaces::SyncNamespaceNameWorker).to receive(:perform_async)
+        context 'when the owner is privatized by abuse automation' do
-          .with(namespace.id).once
+          let(:privatized_by_abuse_automation) { true }
-        update_namespace
+          include_examples 'sync'
+        end
+        context 'when the owner is not privatized by abuse automation' do
+          include_examples 'sync'
+        end
+      end
+      context 'when user namespace' do
+        let(:namespace) { create(:namespace) }
+        context 'when the owner is privatized by abuse automation' do
+          let(:privatized_by_abuse_automation) { true }
+          include_examples 'no sync'
+        end
+        context 'when the owner is not privatized by abuse automation' do
+          include_examples 'sync'
+        end
      end
    end
  end

--- a/ee/spec/models/ee/user_spec.rb
+++ b/ee/spec/models/ee/user_spec.rb
@@ -2015,6 +2015,58 @@ RSpec.describe User do
    end
  end
+  describe "#privatized_by_abuse_automation?" do
+    let(:user) { build(:user, private_profile: true, name: 'ghost-123-456') }
+    subject(:spam_check) { user.privatized_by_abuse_automation? }
+    context 'when the user has a non private profile' do
+      it 'returns false' do
+        user.private_profile = false
+        expect(spam_check).to eq false
+      end
+    end
+    context 'when the user name is not ghost-:id-:id like' do
+      it 'returns false' do
+        user.name = 'spam-is-not-cool'
+        expect(spam_check).to eq false
+      end
+    end
+    context 'when the user name matches ghost-:id-:id' do
+      context 'with extra chars at the beginning' do
+        it 'returns false' do
+          user.name = 'ABCghost-123-456'
+          expect(spam_check).to eq false
+        end
+      end
+      context 'with extra chars at the end' do
+        it 'returns false' do
+          user.name = 'ghost-123-456XYZ'
+          expect(spam_check).to eq false
+        end
+      end
+      context 'with extra chars at the beginning and the end' do
+        it 'returns false' do
+          user.name = 'ABCghost-123-456XYZ'
+          expect(spam_check).to eq false
+        end
+      end
+    end
+    context 'when the user has a private profile and the format is ghost-:id-:id' do
+      it { is_expected.to eq true }
+    end
+  end
  describe '#activate_based_on_user_cap?' do
    using RSpec::Parameterized::TableSyntax