Add latest changes from gitlab-org/gitlab@master

18 files changed, 155 insertions, 50 deletions

diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index 41d61f16d4c..db7b6473c06 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -1883,31 +1883,32 @@
     - <<: *if-merge-request-labels-run-review-app
     - <<: *if-dot-com-gitlab-org-merge-request
       changes: *ci-review-patterns
-      allow_failure: true
+      when: never
     - <<: *if-dot-com-gitlab-org-merge-request
       changes: *frontend-build-patterns
       variables: *review-change-pattern
-      allow_failure: true
+      when: never
     - <<: *if-dot-com-gitlab-org-merge-request
       changes: *controllers-patterns
       variables: *review-change-pattern
-      allow_failure: true
+      when: never
     - <<: *if-dot-com-gitlab-org-merge-request
       changes: *models-patterns
       variables: *review-change-pattern
-      allow_failure: true
+      when: never
     - <<: *if-dot-com-gitlab-org-merge-request
       changes: *lib-gitlab-patterns
       variables: *review-change-pattern
-      allow_failure: true
+      when: never
     - <<: *if-dot-com-gitlab-org-merge-request
       changes: *qa-patterns
-      allow_failure: true
+      when: never
     - <<: *if-dot-com-gitlab-org-merge-request
       changes: *code-patterns
       when: manual
       allow_failure: true
     - <<: *if-dot-com-gitlab-org-schedule
+      when: never
       allow_failure: true
       variables:
         KNAPSACK_GENERATE_REPORT: "true"
diff --git a/app/assets/javascripts/lib/utils/unit_format/index.js b/app/assets/javascripts/lib/utils/unit_format/index.js
index 5c5210027e4..bec7e48addc 100644
--- a/app/assets/javascripts/lib/utils/unit_format/index.js
+++ b/app/assets/javascripts/lib/utils/unit_format/index.js
@@ -22,6 +22,7 @@ export const SUPPORTED_FORMATS = {
   percentHundred: 'percentHundred',
 
   // Duration
+  days: 'days',
   seconds: 'seconds',
   milliseconds: 'milliseconds',
 
@@ -65,6 +66,9 @@ export const getFormatter = (format = SUPPORTED_FORMATS.engineering) => {
   }
 
   // Durations
+  if (format === SUPPORTED_FORMATS.days) {
+    return suffixFormatter(s__('Units|d'));
+  }
   if (format === SUPPORTED_FORMATS.seconds) {
     return suffixFormatter(s__('Units|s'));
   }
@@ -161,6 +165,19 @@ export const percent = getFormatter(SUPPORTED_FORMATS.percent);
 export const percentHundred = getFormatter(SUPPORTED_FORMATS.percentHundred);
 
 /**
+ * Formats a number of days
+ *
+ * @function
+ * @param {Number} value - Number to format, `1` is rendered as `1d`
+ * @param {Object} options - Formatting options
+ * @param {Number} options.fractionDigits - number of precision decimals
+ * @param {Number} options.maxLength - Max length of formatted number
+ * if length is exceeded, exponential format is used.
+ * @param {String} options.unitSeparator - Separator between value and unit
+ */
+export const days = getFormatter(SUPPORTED_FORMATS.days);
+
+/**
  * Formats a number of seconds
  *
  * @function
diff --git a/app/assets/javascripts/projects/settings_service_desk/components/service_desk_setting.vue b/app/assets/javascripts/projects/settings_service_desk/components/service_desk_setting.vue
index 452e7a4fd21..85550e262e6 100644
--- a/app/assets/javascripts/projects/settings_service_desk/components/service_desk_setting.vue
+++ b/app/assets/javascripts/projects/settings_service_desk/components/service_desk_setting.vue
@@ -265,35 +265,14 @@ export default {
           class="mt-3"
         >
           <gl-form-input
-            v-if="hasProjectKeySupport"
             id="service-desk-email-from-name"
             v-model.trim="outgoingName"
             data-testid="email-from-name"
           />
 
-          <template v-if="hasProjectKeySupport" #description>
+          <template #description>
             {{ __('Name to be used as the sender for emails from Service Desk.') }}
           </template>
-          <template v-else #description>
-            <span class="gl-text-gray-900">
-              <gl-sprintf
-                :message="
-                  __(
-                    'To add display name, set up a Service Desk email address. %{linkStart}Learn more.%{linkEnd}',
-                  )
-                "
-              >
-                <template #link="{ content }">
-                  <gl-link
-                    :href="customEmailAddressHelpUrl"
-                    target="_blank"
-                    class="gl-text-blue-600 font-size-inherit"
-                    >{{ content }}
-                  </gl-link>
-                </template>
-              </gl-sprintf>
-            </span>
-          </template>
         </gl-form-group>
 
         <gl-button
diff --git a/db/migrate/20221101195903_change_email_confirmation_setting_default.rb b/db/migrate/20221101195903_change_email_confirmation_setting_default.rb
new file mode 100644
index 00000000000..86c1896f184
--- /dev/null
+++ b/db/migrate/20221101195903_change_email_confirmation_setting_default.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class ChangeEmailConfirmationSettingDefault < Gitlab::Database::Migration[2.0]
+  def change
+    change_column_default(:application_settings, :email_confirmation_setting, from: 2, to: 0)
+  end
+end
diff --git a/db/migrate/20221101201031_set_email_confirmation_setting_from_send_user_confirmation_email_setting.rb b/db/migrate/20221101201031_set_email_confirmation_setting_from_send_user_confirmation_email_setting.rb
new file mode 100644
index 00000000000..0c0a0dc1a58
--- /dev/null
+++ b/db/migrate/20221101201031_set_email_confirmation_setting_from_send_user_confirmation_email_setting.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+class SetEmailConfirmationSettingFromSendUserConfirmationEmailSetting < Gitlab::Database::Migration[2.0]
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+  class ApplicationSetting < MigrationRecord
+    self.table_name = 'application_settings'
+  end
+
+  def up
+    return unless ApplicationSetting.exists?
+    return unless ApplicationSetting.last.send_user_confirmation_email
+
+    ApplicationSetting.last.update(email_confirmation_setting: 2)
+  end
+
+  def down
+    return unless ApplicationSetting.exists?
+
+    ApplicationSetting.last.update(email_confirmation_setting: 0)
+  end
+end
diff --git a/db/schema_migrations/20221101195903 b/db/schema_migrations/20221101195903
new file mode 100644
index 00000000000..9b19cb05b66
--- /dev/null
+++ b/db/schema_migrations/20221101195903
@@ -0,0 +1 @@
+984a2bcc65364293cd110d3a917aecd37253f621150220000f99e8ea215e30ab
\ No newline at end of file
diff --git a/db/schema_migrations/20221101201031 b/db/schema_migrations/20221101201031
new file mode 100644
index 00000000000..82544cf461d
--- /dev/null
+++ b/db/schema_migrations/20221101201031
@@ -0,0 +1 @@
+6ed6a3fdd144b118c7f85960d08500f21a7f666abfdaafc9d681e03723ed22e8
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index f863dbd2cec..d1901a84f5a 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -11521,7 +11521,7 @@ CREATE TABLE application_settings (
     password_expires_in_days integer DEFAULT 90 NOT NULL,
     password_expires_notice_before_days integer DEFAULT 7 NOT NULL,
     product_analytics_enabled boolean DEFAULT false NOT NULL,
-    email_confirmation_setting smallint DEFAULT 2,
+    email_confirmation_setting smallint DEFAULT 0,
     disable_admin_oauth_scopes boolean DEFAULT false NOT NULL,
     default_preferred_language text DEFAULT 'en'::text NOT NULL,
     disable_download_button boolean DEFAULT false NOT NULL,
diff --git a/doc/user/application_security/policies/scan-result-policies.md b/doc/user/application_security/policies/scan-result-policies.md
index 215604ff18d..6d6c8a03d55 100644
--- a/doc/user/application_security/policies/scan-result-policies.md
+++ b/doc/user/application_security/policies/scan-result-policies.md
@@ -40,6 +40,9 @@ before the policy changes take effect.
 
 The [policy editor](index.md#policy-editor) supports YAML mode and rule mode.
 
+NOTE:
+Propagating scan result policies created for groups with a large number of projects will take a while to complete.
+
 ## Scan result policies schema
 
 The YAML file with scan result policies consists of an array of objects matching the scan result
diff --git a/doc/user/profile/account/two_factor_authentication.md b/doc/user/profile/account/two_factor_authentication.md
index 3dc768f6606..39826bf59c4 100644
--- a/doc/user/profile/account/two_factor_authentication.md
+++ b/doc/user/profile/account/two_factor_authentication.md
@@ -61,7 +61,6 @@ To enable 2FA with a one-time password:
    1. Install a compatible application. For example:
       - Cloud-based (recommended because you can restore access if you lose the hardware device):
         - [Authy](https://authy.com/)
-        - [Duo Mobile](https://duo.com/product/multi-factor-authentication-mfa/duo-mobile-app)
       - Other:
         - [Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en)
         - [Microsoft Authenticator](https://www.microsoft.com/en-us/security/mobile-authenticator-app)
@@ -73,6 +72,9 @@ To enable 2FA with a one-time password:
    1. Enter your current password.
    1. Select **Submit**.
 
+NOTE:
+DUO [cannot be used for 2FA](https://gitlab.com/gitlab-org/gitlab/-/issues/15760).
+
 If you entered the correct pin, GitLab displays a list of [recovery codes](#recovery-codes). Download them and keep them
 in a safe place.
 
diff --git a/lib/gitlab/octokit/middleware.rb b/lib/gitlab/octokit/middleware.rb
index a3c0fdcf467..a92860f7eb8 100644
--- a/lib/gitlab/octokit/middleware.rb
+++ b/lib/gitlab/octokit/middleware.rb
@@ -8,7 +8,11 @@ module Gitlab
       end
 
       def call(env)
-        Gitlab::UrlBlocker.validate!(env[:url], allow_localhost: allow_local_requests?, allow_local_network: allow_local_requests?)
+        Gitlab::UrlBlocker.validate!(env[:url],
+          schemes: %w[http https],
+          allow_localhost: allow_local_requests?,
+          allow_local_network: allow_local_requests?
+        )
 
         @app.call(env)
       end
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 64fe7b182e2..9841a48a601 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -12053,6 +12053,9 @@ msgstr ""
 msgid "DORA4Metrics|Average (last %{days}d)"
 msgstr ""
 
+msgid "DORA4Metrics|Change Failure Rate"
+msgstr ""
+
 msgid "DORA4Metrics|Change failure rate"
 msgstr ""
 
@@ -12071,9 +12074,15 @@ msgstr ""
 msgid "DORA4Metrics|Days from merge to deploy"
 msgstr ""
 
+msgid "DORA4Metrics|Deployment Frequency"
+msgstr ""
+
 msgid "DORA4Metrics|Deployment frequency"
 msgstr ""
 
+msgid "DORA4Metrics|Lead Time for Changes"
+msgstr ""
+
 msgid "DORA4Metrics|Lead time for changes"
 msgstr ""
 
@@ -12125,6 +12134,9 @@ msgstr ""
 msgid "DORA4Metrics|The chart displays the median time between a merge request being merged and deployed to production environment(s) that are based on the %{linkStart}deployment_tier%{linkEnd} value."
 msgstr ""
 
+msgid "DORA4Metrics|Time to Restore Service"
+msgstr ""
+
 msgid "DORA4Metrics|Time to restore service"
 msgstr ""
 
@@ -42368,9 +42380,6 @@ msgstr ""
 msgid "To add a custom suffix, set up a Service Desk email address. %{linkStart}Learn more.%{linkEnd}"
 msgstr ""
 
-msgid "To add display name, set up a Service Desk email address. %{linkStart}Learn more.%{linkEnd}"
-msgstr ""
-
 msgid "To add the entry manually, provide the following details to the application on your phone."
 msgstr ""
 
@@ -43378,6 +43387,9 @@ msgstr ""
 msgid "Unhappy?"
 msgstr ""
 
+msgid "Units|d"
+msgstr ""
+
 msgid "Units|ms"
 msgstr ""
 
diff --git a/qa/qa/page/profile/two_factor_auth.rb b/qa/qa/page/profile/two_factor_auth.rb
index 63593bf0482..16aa60262d8 100644
--- a/qa/qa/page/profile/two_factor_auth.rb
+++ b/qa/qa/page/profile/two_factor_auth.rb
@@ -23,7 +23,14 @@ module QA
         end
 
         def click_configure_it_later_button
+          # TO DO: Investigate why button does not appear sometimes:
+          # https://gitlab.com/gitlab-org/gitlab/-/issues/382698
+          return unless has_element?(:configure_it_later_button)
+
           click_element :configure_it_later_button
+          wait_until(max_duration: 10, message: "Waiting for create a group page") do
+            has_text?("Welcome to GitLab") && has_text?("Create a group")
+          end
         end
 
         def otp_secret_content
diff --git a/spec/features/admin/admin_settings_spec.rb b/spec/features/admin/admin_settings_spec.rb
index 25ea8743b53..72c9053ba49 100644
--- a/spec/features/admin/admin_settings_spec.rb
+++ b/spec/features/admin/admin_settings_spec.rb
@@ -208,16 +208,16 @@ RSpec.describe 'Admin updates settings' do
 
         context 'Email confirmation settings' do
           it "is set to 'hard' by default" do
-            expect(current_settings.email_confirmation_setting).to eq('hard')
+            expect(current_settings.email_confirmation_setting).to eq('off')
           end
 
           it 'changes the setting', :js do
             page.within('.as-signup') do
-              choose 'Off'
+              choose 'Hard'
               click_button 'Save changes'
             end
 
-            expect(current_settings.email_confirmation_setting).to eq('off')
+            expect(current_settings.email_confirmation_setting).to eq('hard')
             expect(page).to have_content "Application settings saved successfully"
           end
         end
diff --git a/spec/frontend/lib/utils/unit_format/index_spec.js b/spec/frontend/lib/utils/unit_format/index_spec.js
index dc9d6ece48e..057d7aded02 100644
--- a/spec/frontend/lib/utils/unit_format/index_spec.js
+++ b/spec/frontend/lib/utils/unit_format/index_spec.js
@@ -2,6 +2,7 @@ import {
   number,
   percent,
   percentHundred,
+  days,
   seconds,
   milliseconds,
   decimalBytes,
@@ -72,6 +73,11 @@ describe('unit_format', () => {
     expect(percentHundred(1000)).toBe('1,000%');
   });
 
+  it('days', () => {
+    expect(days(1)).toBe('1d');
+    expect(days(1, undefined, { unitSeparator: '/' })).toBe('1/d');
+  });
+
   it('seconds', () => {
     expect(seconds(1)).toBe('1s');
     expect(seconds(1, undefined, { unitSeparator: ' ' })).toBe('1 s');
diff --git a/spec/frontend/projects/settings_service_desk/components/service_desk_setting_spec.js b/spec/frontend/projects/settings_service_desk/components/service_desk_setting_spec.js
index 7c3f4e76ae5..f9762491507 100644
--- a/spec/frontend/projects/settings_service_desk/components/service_desk_setting_spec.js
+++ b/spec/frontend/projects/settings_service_desk/components/service_desk_setting_spec.js
@@ -64,20 +64,14 @@ describe('ServiceDeskSetting', () => {
       });
     });
 
-    describe('when customEmailEnabled', () => {
-      beforeEach(() => {
-        wrapper = createComponent({
-          props: { customEmailEnabled: true },
-        });
-      });
+    describe('service desk email "from" name', () => {
+      it('service desk e-mail "from" name input appears', () => {
+        wrapper = createComponent();
 
-      it('should not display help text', () => {
-        expect(findSuffixFormGroup().text()).not.toContain(
-          'To add a custom suffix, set up a Service Desk email address',
-        );
-        expect(findSuffixFormGroup().text()).toContain(
-          'Add a suffix to Service Desk email address',
-        );
+        const input = wrapper.findByTestId('email-from-name');
+
+        expect(input.exists()).toBe(true);
+        expect(input.attributes('disabled')).toBeUndefined();
       });
     });
 
diff --git a/spec/lib/gitlab/octokit/middleware_spec.rb b/spec/lib/gitlab/octokit/middleware_spec.rb
index 92e424978ff..7bce0788327 100644
--- a/spec/lib/gitlab/octokit/middleware_spec.rb
+++ b/spec/lib/gitlab/octokit/middleware_spec.rb
@@ -66,5 +66,13 @@ RSpec.describe Gitlab::Octokit::Middleware do
         it_behaves_like 'Public URL'
       end
     end
+
+    context 'when a non HTTP/HTTPS URL is provided' do
+      let(:env) { { url: 'ssh://172.16.0.0' } }
+
+      it 'raises an error' do
+        expect { middleware.call(env) }.to raise_error(Gitlab::UrlBlocker::BlockedUrlError)
+      end
+    end
   end
 end
diff --git a/spec/migrations/set_email_confirmation_setting_from_send_user_confirmation_email_setting_spec.rb b/spec/migrations/set_email_confirmation_setting_from_send_user_confirmation_email_setting_spec.rb
new file mode 100644
index 00000000000..761c0ef2fdb
--- /dev/null
+++ b/spec/migrations/set_email_confirmation_setting_from_send_user_confirmation_email_setting_spec.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require_migration!
+
+RSpec.describe SetEmailConfirmationSettingFromSendUserConfirmationEmailSetting do
+  let(:migration) { described_class.new }
+  let(:application_settings_table) { table(:application_settings) }
+
+  describe '#up' do
+    context "when 'send_user_confirmation_email' is set to 'true'" do
+      it "updates 'email_confirmation_setting' to '2' (hard)" do
+        application_settings_table.create!(send_user_confirmation_email: true, email_confirmation_setting: 0)
+
+        migration.up
+
+        expect(application_settings_table.last.email_confirmation_setting).to eq 2
+      end
+    end
+
+    context "when 'send_user_confirmation_email' is set to 'false'" do
+      it "updates 'email_confirmation_setting' to '0' (off)" do
+        application_settings_table.create!(send_user_confirmation_email: false, email_confirmation_setting: 0)
+
+        migration.up
+
+        expect(application_settings_table.last.email_confirmation_setting).to eq 0
+      end
+    end
+  end
+
+  describe '#down' do
+    it "updates 'email_confirmation_setting' to default value: '0' (off)" do
+      application_settings_table.create!(send_user_confirmation_email: true, email_confirmation_setting: 2)
+
+      migration.down
+
+      expect(application_settings_table.last.email_confirmation_setting).to eq 0
+    end
+  end
+end