From 6c84e073765fe285844fd1a91b0e30492ad117e8 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Sat, 22 Oct 2022 03:09:18 +0000
Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master

---
 lib/api/invitations.rb                                    | 4 ++--
 lib/api/validations/validators/email_or_email_list.rb     | 7 ++++++-
 .../validations/validators/email_or_email_list_spec.rb    | 2 ++
 spec/requests/api/invitations_spec.rb                     | 8 ++++++++
 4 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/lib/api/invitations.rb b/lib/api/invitations.rb
index 6fb3eca0ba8..6dd4d55d38a 100644
--- a/lib/api/invitations.rb
+++ b/lib/api/invitations.rb
@@ -21,8 +21,8 @@ module API
         end
         params do
           requires :access_level, type: Integer, values: Gitlab::Access.all_values, desc: 'A valid access level (defaults: `30`, developer access level)'
-          optional :email, types: [String, Array[String]], email_or_email_list: true, desc: 'The email address to invite, or multiple emails separated by comma'
-          optional :user_id, types: [Integer, String], desc: 'The user ID of the new member or multiple IDs separated by commas.'
+          optional :email, type: Array[String], email_or_email_list: true, coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, desc: 'The email address to invite, or multiple emails separated by comma'
+          optional :user_id, type: Array[String], coerce_with: ::API::Validations::Types::CommaSeparatedToArray.coerce, desc: 'The user ID of the new member or multiple IDs separated by commas.'
           optional :expires_at, type: DateTime, desc: 'Date string in the format YEAR-MONTH-DAY'
           optional :invite_source, type: String, desc: 'Source that triggered the member creation process', default: 'invitations-api'
           optional :tasks_to_be_done, type: Array[String], coerce_with: Validations::Types::CommaSeparatedToArray.coerce, desc: 'Tasks the inviter wants the member to do'
diff --git a/lib/api/validations/validators/email_or_email_list.rb b/lib/api/validations/validators/email_or_email_list.rb
index da665f39130..715a29c613d 100644
--- a/lib/api/validations/validators/email_or_email_list.rb
+++ b/lib/api/validations/validators/email_or_email_list.rb
@@ -9,7 +9,12 @@ module API
 
           return unless value
 
-          return if value.split(',').map { |v| ValidateEmail.valid?(v) }.all?
+          case value
+          when String
+            return if value.split(',').map { |v| ValidateEmail.valid?(v) }.all?
+          when Array
+            return if value.map { |v| ValidateEmail.valid?(v) }.all?
+          end
 
           raise Grape::Exceptions::Validation.new(
             params: [@scope.full_name(attr_name)],
diff --git a/spec/lib/api/validations/validators/email_or_email_list_spec.rb b/spec/lib/api/validations/validators/email_or_email_list_spec.rb
index ac3111c2319..17cfdf93cdc 100644
--- a/spec/lib/api/validations/validators/email_or_email_list_spec.rb
+++ b/spec/lib/api/validations/validators/email_or_email_list_spec.rb
@@ -14,6 +14,7 @@ RSpec.describe API::Validations::Validators::EmailOrEmailList do
       expect_no_validation_error('test' => 'test@example.org')
       expect_no_validation_error('test' => 'test1@example.com,test2@example.org')
       expect_no_validation_error('test' => 'test1@example.com,test2@example.org,test3@example.co.uk')
+      expect_no_validation_error('test' => %w[test1@example.com test2@example.org test3@example.co.uk])
     end
   end
 
@@ -23,6 +24,7 @@ RSpec.describe API::Validations::Validators::EmailOrEmailList do
       expect_validation_error('test' => '@example.com')
       expect_validation_error('test' => 'test1@example.com,asdf')
       expect_validation_error('test' => 'asdf,testa1@example.com,asdf')
+      expect_validation_error('test' => %w[asdf testa1@example.com asdf])
     end
   end
 end
diff --git a/spec/requests/api/invitations_spec.rb b/spec/requests/api/invitations_spec.rb
index a795b49c44e..04981afc151 100644
--- a/spec/requests/api/invitations_spec.rb
+++ b/spec/requests/api/invitations_spec.rb
@@ -347,6 +347,14 @@ RSpec.describe API::Invitations do
       end
 
       it 'returns 400 when the email list is not a valid format' do
+        post invitations_url(source, maintainer),
+             params: { email: %w[email1@example.com not-an-email], access_level: Member::MAINTAINER }
+
+        expect(response).to have_gitlab_http_status(:bad_request)
+        expect(json_response['error']).to eq('email contains an invalid email address')
+      end
+
+      it 'returns 400 when the comma-separated email list is not a valid format' do
         post invitations_url(source, maintainer),
              params: { email: 'email1@example.com,not-an-email', access_level: Member::MAINTAINER }