From 0e1dde0c2cb4ad25a5dd803ddf0aa3cc11109680 Mon Sep 17 00:00:00 2001
From: David Elizondo <daelmo@gmail.com>
Date: Mon, 5 Dec 2022 23:05:52 +0000
Subject: [PATCH 1/4] Add event type information for email address confirmation
 after sign in

When the user changes the email address and then signs in, the
event_type is audited as 'audit_operation'. This commits adds a
meaninful value and not the default value of audit_operation.

Changelog: changed
EE: true
---
 ee/app/controllers/ee/confirmations_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ee/app/controllers/ee/confirmations_controller.rb b/ee/app/controllers/ee/confirmations_controller.rb
index 530d0020b66caf..368cd33a8f1edc 100644
--- a/ee/app/controllers/ee/confirmations_controller.rb
+++ b/ee/app/controllers/ee/confirmations_controller.rb
@@ -9,7 +9,7 @@ module ConfirmationsController
 
     override :after_sign_in
     def after_sign_in(resource)
-      audit_changes(:email, as: 'email address', model: resource)
+      audit_changes(:email, as: 'email address', model: resource, event_type: 'user_email_changed_and_user_signed_in')
 
       super(resource)
     end
-- 
GitLab


From 2255466737b4289ab21c8c612a64052d0cabae06 Mon Sep 17 00:00:00 2001
From: David Elizondo <daelmo@gmail.com>
Date: Tue, 20 Dec 2022 23:46:11 -0600
Subject: [PATCH 2/4] Add spec for email address confirmation after sign in

Changelog: changed
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106090
EE: true
---
 .../ee/confirmations_controller_spec.rb       | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 ee/spec/controllers/ee/confirmations_controller_spec.rb

diff --git a/ee/spec/controllers/ee/confirmations_controller_spec.rb b/ee/spec/controllers/ee/confirmations_controller_spec.rb
new file mode 100644
index 00000000000000..d55bb6066ba16c
--- /dev/null
+++ b/ee/spec/controllers/ee/confirmations_controller_spec.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ConfirmationsController do
+  include DeviseHelpers
+
+  describe "#show" do
+    let_it_be_with_reload(:user) { create(:user, :unconfirmed) }
+    let(:confirmation_token) { user.confirmation_token }
+
+    before do
+      set_devise_mapping(context: @request)
+    end
+
+    subject(:perform_request) do
+      get :show, params: { confirmation_token: confirmation_token }
+    end
+
+    context "when user is already confirmed" do
+      before do
+        sign_in(user)
+      end
+
+      it "sets event_type" do
+        expect(controller).to receive(:audit_changes).with(:email,
+          hash_including(event_type: 'user_email_changed_and_user_signed_in'))
+
+        perform_request
+      end
+    end
+  end
+end
-- 
GitLab


From 50c243f62ebde1b4939d3071b972e53697ec0d08 Mon Sep 17 00:00:00 2001
From: David Elizondo <daelmo@gmail.com>
Date: Wed, 21 Dec 2022 00:18:08 -0600
Subject: [PATCH 3/4] Apply rubocop suggestions

Changelog: changed
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106090
EE: true
---
 ee/spec/controllers/ee/confirmations_controller_spec.rb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ee/spec/controllers/ee/confirmations_controller_spec.rb b/ee/spec/controllers/ee/confirmations_controller_spec.rb
index d55bb6066ba16c..0384b971c73d61 100644
--- a/ee/spec/controllers/ee/confirmations_controller_spec.rb
+++ b/ee/spec/controllers/ee/confirmations_controller_spec.rb
@@ -5,14 +5,14 @@
 RSpec.describe ConfirmationsController do
   include DeviseHelpers
 
+  before do
+    set_devise_mapping(context: request)
+  end
+
   describe "#show" do
     let_it_be_with_reload(:user) { create(:user, :unconfirmed) }
     let(:confirmation_token) { user.confirmation_token }
 
-    before do
-      set_devise_mapping(context: @request)
-    end
-
     subject(:perform_request) do
       get :show, params: { confirmation_token: confirmation_token }
     end
-- 
GitLab


From 5ec83e426fafee799eaad2fbe2ae130c1601764d Mon Sep 17 00:00:00 2001
From: David Elizondo <daelmo@gmail.com>
Date: Thu, 22 Dec 2022 17:07:55 -0600
Subject: [PATCH 4/4] Move spec from controllers to requests and add spec
 category

Changelog: changed
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106090
EE: true
---
 .../ee/confirmations_controller_spec.rb       | 33 -------------------
 .../ee/confirmations_controller_spec.rb       | 30 +++++++++++++++++
 2 files changed, 30 insertions(+), 33 deletions(-)
 delete mode 100644 ee/spec/controllers/ee/confirmations_controller_spec.rb
 create mode 100644 ee/spec/requests/ee/confirmations_controller_spec.rb

diff --git a/ee/spec/controllers/ee/confirmations_controller_spec.rb b/ee/spec/controllers/ee/confirmations_controller_spec.rb
deleted file mode 100644
index 0384b971c73d61..00000000000000
--- a/ee/spec/controllers/ee/confirmations_controller_spec.rb
+++ /dev/null
@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe ConfirmationsController do
-  include DeviseHelpers
-
-  before do
-    set_devise_mapping(context: request)
-  end
-
-  describe "#show" do
-    let_it_be_with_reload(:user) { create(:user, :unconfirmed) }
-    let(:confirmation_token) { user.confirmation_token }
-
-    subject(:perform_request) do
-      get :show, params: { confirmation_token: confirmation_token }
-    end
-
-    context "when user is already confirmed" do
-      before do
-        sign_in(user)
-      end
-
-      it "sets event_type" do
-        expect(controller).to receive(:audit_changes).with(:email,
-          hash_including(event_type: 'user_email_changed_and_user_signed_in'))
-
-        perform_request
-      end
-    end
-  end
-end
diff --git a/ee/spec/requests/ee/confirmations_controller_spec.rb b/ee/spec/requests/ee/confirmations_controller_spec.rb
new file mode 100644
index 00000000000000..4af4c7cad0bd53
--- /dev/null
+++ b/ee/spec/requests/ee/confirmations_controller_spec.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe ConfirmationsController, type: :request,
+                                        feature_category: :authentication_and_authorization do
+  describe "GET #show" do
+    let_it_be_with_reload(:user) { create(:user, :unconfirmed) }
+    let(:confirmation_token) { user.confirmation_token }
+
+    subject(:perform_request) do
+      get user_confirmation_path, params: { confirmation_token: confirmation_token }
+    end
+
+    context "when user is signed in" do
+      before do
+        sign_in(user)
+      end
+
+      it "sets event_type" do
+        expect_next_instance_of(described_class) do |controller|
+          expect(controller).to receive(:audit_changes).with(:email,
+            hash_including(event_type: 'user_email_changed_and_user_signed_in'))
+        end
+
+        perform_request
+      end
+    end
+  end
+end
-- 
GitLab