diff options
| author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-04-27 17:50:33 +0300 |
|---|---|---|
| committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-05-04 14:54:43 +0300 |
| commit | 7684217d6806408cd338260119364419260d1720 (patch) | |
| tree | 7b913d6c6c051a463d99ad286e2ac04a6b8d5632 | |
| parent | 10aa55a770c2985c22c92d17b8a7ea90b0a09085 (diff) | |
Enforces terms in the web application
This enforces the terms in the web application. These cases are
specced:
- Logging in: When terms are enforced, and a user logs in that has not
accepted the terms, they are presented with the screen. They get
directed to their customized root path afterwards.
- Signing up: After signing up, the first screen the user is presented
with the screen to accept the terms. After they accept they are
directed to the dashboard.
- While a session is active:
- For a GET: The user will be directed to the terms page first,
after they accept the terms, they will be directed to the page
they were going to
- For any other request: They are directed to the terms, after they
accept the terms, they are directed back to the page they came
from to retry the request. Any information entered would be
persisted in localstorage and available on the page.
25 files changed, 734 insertions, 92 deletions
diff --git a/app/assets/javascripts/issuable_form.js b/app/assets/javascripts/issuable_form.js index bb8b3d91e40..90d4e19e90b 100644 --- a/app/assets/javascripts/issuable_form.js +++ b/app/assets/javascripts/issuable_form.js @@ -30,7 +30,7 @@ export default class IssuableForm { } this.initAutosave(); - this.form.on('submit', this.handleSubmit); + this.form.on('submit:success', this.handleSubmit); this.form.on('click', '.btn-cancel', this.resetAutosave); this.initWip(); diff --git a/app/assets/stylesheets/framework/terms.scss b/app/assets/stylesheets/framework/terms.scss index c73274540ac..dadfaf1c3f9 100644 --- a/app/assets/stylesheets/framework/terms.scss +++ b/app/assets/stylesheets/framework/terms.scss @@ -1,4 +1,12 @@ .terms { + .alert-wrapper { + min-height: $header-height + $gl-padding; + } + + .content { + padding-top: $gl-padding; + } + .panel { .panel-heading { display: -webkit-flex; @@ -7,17 +15,15 @@ justify-content: space-between; .title { - display: -webkit-flex; display: flex; align-items: center; - padding: 2px 8px; - margin: 5px 2px 5px -8px; - border-radius: 4px; .logo-text { width: 55px; height: 24px; - margin: 0 15px; + display: flex; + flex-direction: column; + justify-content: center; } } @@ -31,15 +37,19 @@ } .panel-content { - padding: 0 $gl-padding; + padding: $gl-padding; + + *:first-child { + margin-top: 0; + } + + *:last-child { + margin-bottom: 0; + } } .footer-block { margin: 0; - - .btn { - margin-left: 5px; - } } } } diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8ad13a82f89..2caffec66ac 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -13,12 +13,14 @@ class ApplicationController < ActionController::Base before_action :authenticate_sessionless_user! before_action :authenticate_user! + before_action :enforce_terms!, if: -> { Gitlab::CurrentSettings.current_application_settings.enforce_terms }, + unless: :peek_request? before_action :validate_user_service_ticket! before_action :check_password_expiration before_action :ldap_security_check before_action :sentry_context before_action :default_headers - before_action :add_gon_variables, unless: -> { request.path.start_with?('/-/peek') } + before_action :add_gon_variables, unless: :peek_request? before_action :configure_permitted_parameters, if: :devise_controller? before_action :require_email, unless: :devise_controller? @@ -269,6 +271,27 @@ class ApplicationController < ActionController::Base end end + def enforce_terms! + return unless current_user + return if current_user.terms_accepted? + + if sessionless_user? + render_403 + else + # Redirect to the destination if the request is a get. + # Redirect to the source if it was a post, so the user can re-submit after + # accepting the terms. + redirect_path = if request.get? + request.fullpath + else + URI(request.referer).path if request.referer + end + + flash[:notice] = _("Please accept the Terms of Service before continuing.") + redirect_to terms_path(redirect: redirect_path), status: :found + end + end + def import_sources_enabled? !Gitlab::CurrentSettings.import_sources.empty? end @@ -342,4 +365,12 @@ class ApplicationController < ActionController::Base # Per https://tools.ietf.org/html/rfc5987, headers need to be ISO-8859-1, not UTF-8 response.headers['Page-Title'] = URI.escape(page_title('GitLab')) end + + def sessionless_user? + current_user && !session.keys.include?('warden.user.user.key') + end + + def peek_request? + request.path.start_with?('/-/peek') + end end diff --git a/app/controllers/concerns/internal_redirect.rb b/app/controllers/concerns/internal_redirect.rb new file mode 100644 index 00000000000..7409b2e89a5 --- /dev/null +++ b/app/controllers/concerns/internal_redirect.rb @@ -0,0 +1,35 @@ +module InternalRedirect + extend ActiveSupport::Concern + + def safe_redirect_path(path) + return unless path + # Verify that the string starts with a `/` but not a double `/`. + return unless path =~ %r{^/\w.*$} + + uri = URI(path) + # Ignore anything path of the redirect except for the path, querystring and, + # fragment, forcing the redirect within the same host. + full_path_for_uri(uri) + rescue URI::InvalidURIError + nil + end + + def safe_redirect_path_for_url(url) + return unless url + + uri = URI(url) + safe_redirect_path(full_path_for_uri(uri)) if host_allowed?(uri) + rescue URI::InvalidURIError + nil + end + + def host_allowed?(uri) + uri.host == request.host && + uri.port == request.port + end + + def full_path_for_uri(uri) + path_with_query = [uri.path, uri.query].compact.join('?') + [path_with_query, uri.fragment].compact.join("#") + end +end diff --git a/app/controllers/users/terms_controller.rb b/app/controllers/users/terms_controller.rb index 32507bdb7b1..95c5c3432d5 100644 --- a/app/controllers/users/terms_controller.rb +++ b/app/controllers/users/terms_controller.rb @@ -1,5 +1,8 @@ module Users class TermsController < ApplicationController + include InternalRedirect + + skip_before_action :enforce_terms! before_action :terms layout 'terms' @@ -46,11 +49,18 @@ module Users end def redirect_path - referer = if request.referer && !request.referer.include?(terms_path) - URI(request.referer).path - end + redirect_to_path = safe_redirect_path(params[:redirect]) || safe_redirect_path_for_url(request.referer) + + if redirect_to_path && + excluded_redirect_paths.none? { |excluded| redirect_to_path.include?(excluded) } + redirect_to_path + else + root_path + end + end - params[:redirect] || referer || root_path + def excluded_redirect_paths + [terms_path, new_user_session_path] end end end diff --git a/app/policies/application_setting/term_policy.rb b/app/policies/application_setting/term_policy.rb index 648932ddba9..f03bf748c76 100644 --- a/app/policies/application_setting/term_policy.rb +++ b/app/policies/application_setting/term_policy.rb @@ -2,17 +2,15 @@ class ApplicationSetting class TermPolicy < BasePolicy include Gitlab::Utils::StrongMemoize - condition(:logged_in, scope: :user) { @user } - condition(:current_terms, scope: :subject) do Gitlab::CurrentSettings.current_application_settings.latest_terms == @subject end - condition(:terms_accepted, scope: :user, score: 1) do + condition(:terms_accepted, score: 1) do agreement&.accepted end - rule { logged_in & current_terms }.policy do + rule { ~anonymous & current_terms }.policy do enable :accept_terms enable :decline_terms end diff --git a/app/views/admin/application_settings/show.html.haml b/app/views/admin/application_settings/show.html.haml index 8cb5bba8f63..3c00e3c8fc4 100644 --- a/app/views/admin/application_settings/show.html.haml +++ b/app/views/admin/application_settings/show.html.haml @@ -8,7 +8,7 @@ %h4 = _('Visibility and access controls') %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + = expanded ? _('Collapse') : _('Expand') %p = _('Set default and restrict visibility levels. Configure import sources and git access protocol.') .settings-content @@ -19,7 +19,7 @@ %h4 = _('Account and limit settings') %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + = expanded ? _('Collapse') : _('Expand') %p = _('Session expiration, projects limit and attachment size.') .settings-content @@ -30,7 +30,7 @@ %h4 = _('Sign-up restrictions') %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + = expanded ? _('Collapse') : _('Expand') %p = _('Configure the way a user creates a new account.') .settings-content @@ -41,7 +41,7 @@ %h4 = _('Sign-in restrictions') %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + = expanded ? _('Collapse') : _('Expand') %p = _('Set requirements for a user to sign-in. Enable mandatory two-factor authentication.') .settings-content @@ -51,8 +51,8 @@ .settings-header %h4 = _('Terms of Service') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Include a Terms of Service agreement that all users must accept.') .settings-content @@ -62,8 +62,8 @@ .settings-header %h4 = _('Help page') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Help page text and support page url.') .settings-content @@ -73,8 +73,8 @@ .settings-header %h4 = _('Pages') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Size and domain settings for static websites') .settings-content @@ -84,8 +84,8 @@ .settings-header %h4 = _('Continuous Integration and Deployment') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Auto DevOps, runners and job artifacts') .settings-content @@ -95,8 +95,8 @@ .settings-header %h4 = _('Metrics - Influx') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Enable and configure InfluxDB metrics.') .settings-content @@ -106,8 +106,8 @@ .settings-header %h4 = _('Metrics - Prometheus') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Enable and configure Prometheus metrics.') .settings-content @@ -117,8 +117,8 @@ .settings-header %h4 = _('Profiling - Performance bar') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Enable the Performance Bar for a given group.') = link_to icon('question-circle'), help_page_path('administration/monitoring/performance/performance_bar') @@ -129,8 +129,8 @@ .settings-header %h4 = _('Background jobs') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Configure Sidekiq job throttling.') .settings-content @@ -140,8 +140,8 @@ .settings-header %h4 = _('Spam and Anti-bot Protection') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Enable reCAPTCHA or Akismet and set IP limits.') .settings-content @@ -151,8 +151,8 @@ .settings-header %h4 = _('Abuse reports') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Set notification email for abuse reports.') .settings-content @@ -162,8 +162,8 @@ .settings-header %h4 = _('Error Reporting and Logging') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Enable Sentry for error reporting and logging.') .settings-content @@ -173,8 +173,8 @@ .settings-header %h4 = _('Repository storage') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Configure storage path and circuit breaker settings.') .settings-content @@ -184,8 +184,8 @@ .settings-header %h4 = _('Repository maintenance') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Configure automatic git checks and housekeeping on repositories.') .settings-content @@ -196,8 +196,8 @@ .settings-header %h4 = _('Container Registry') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Various container registry settings.') .settings-content @@ -208,8 +208,8 @@ .settings-header %h4 = _('Koding') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Online IDE integration settings.') .settings-content @@ -219,8 +219,8 @@ .settings-header %h4 = _('PlantUML') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Allow rendering of PlantUML diagrams in Asciidoc documents.') .settings-content @@ -230,8 +230,8 @@ .settings-header#usage-statistics %h4 = _('Usage statistics') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Enable or disable version check and usage ping.') .settings-content @@ -241,8 +241,8 @@ .settings-header %h4 = _('Email') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Various email settings.') .settings-content @@ -252,8 +252,8 @@ .settings-header %h4 = _('Gitaly') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Configure Gitaly timeouts.') .settings-content @@ -263,8 +263,8 @@ .settings-header %h4 = _('Web terminal') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Set max session time for web terminal.') .settings-content @@ -274,8 +274,8 @@ .settings-header %h4 = _('Real-time features') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Change this value to influence how frequently the GitLab UI polls for updates.') .settings-content @@ -285,8 +285,8 @@ .settings-header %h4 = _('Performance optimization') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Various settings that affect GitLab performance.') .settings-content @@ -296,8 +296,8 @@ .settings-header %h4 = _('User and IP Rate Limits') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Configure limits for web and API requests.') .settings-content @@ -307,8 +307,8 @@ .settings-header %h4 = _('Outbound requests') - %button.btn.js-settings-toggle{ type: 'button' } - = expanded ? 'Collapse' : 'Expand' + %button.btn.btn-default.js-settings-toggle{ type: 'button' } + = expanded ? _('Collapse') : _('Expand') %p = _('Allow requests to the local network from hooks and services.') .settings-content diff --git a/app/views/layouts/_flash.html.haml b/app/views/layouts/_flash.html.haml index 05ddd0ec733..8bd5708d490 100644 --- a/app/views/layouts/_flash.html.haml +++ b/app/views/layouts/_flash.html.haml @@ -1,8 +1,10 @@ +- extra_flash_class = local_assigns.fetch(:extra_flash_class, nil) + .flash-container.flash-container-page -# We currently only support `alert`, `notice`, `success` - flash.each do |key, value| -# Don't show a flash message if the message is nil - if value %div{ class: "flash-#{key}" } - %div{ class: (container_class) } + %div{ class: "#{container_class} #{extra_flash_class}" } %span= value diff --git a/app/views/layouts/terms.html.haml b/app/views/layouts/terms.html.haml index b04dbc595a5..a30d6e2688c 100644 --- a/app/views/layouts/terms.html.haml +++ b/app/views/layouts/terms.html.haml @@ -4,17 +4,15 @@ = render "layouts/head" %body{ data: { page: body_data_page } } - = render 'peek/bar' - .layout-page.terms - .content-wrapper + .layout-page.terms{ class: page_class } + .content-wrapper.prepend-top-0 .mobile-overlay .alert-wrapper = render "layouts/broadcast" = render 'layouts/header/read_only_banner' - = yield :flash_message - = render "layouts/flash" + = render "layouts/flash", extra_flash_class: 'limit-container-width' - %div{ class: "#{container_class}" } + %div{ class: "#{container_class} limit-container-width" } .content{ id: "content-body" } .panel.panel-default .panel-heading @@ -22,7 +20,7 @@ = brand_header_logo - logo_text = brand_header_logo_type - if logo_text.present? - %span.logo-text.hidden-xs + %span.logo-text.hidden-xs.prepend-left-8 = logo_text - if header_link?(:user_dropdown) .navbar-collapse.collapse @@ -34,4 +32,3 @@ .dropdown-menu-nav.dropdown-menu-align-right = render 'layouts/header/current_user_dropdown' = yield - = yield :scripts_body diff --git a/app/views/users/terms/index.html.haml b/app/views/users/terms/index.html.haml index 614dab57331..c5406696bdd 100644 --- a/app/views/users/terms/index.html.haml +++ b/app/views/users/terms/index.html.haml @@ -1,4 +1,5 @@ - redirect_params = { redirect: @redirect } if @redirect + .panel-content.rendered-terms = markdown_field(@term, :terms) .row-content-block.footer-block.clearfix diff --git a/changelogs/unreleased/bvl-enforce-terms.yml b/changelogs/unreleased/bvl-enforce-terms.yml new file mode 100644 index 00000000000..1bb1ecdf623 --- /dev/null +++ b/changelogs/unreleased/bvl-enforce-terms.yml @@ -0,0 +1,5 @@ +--- +title: Allow admins to enforce accepting Terms of Service on an instance +merge_request: 18570 +author: +type: added diff --git a/doc/administration/index.md b/doc/administration/index.md index b472ca5b4d8..5551a04959c 100644 --- a/doc/administration/index.md +++ b/doc/administration/index.md @@ -40,6 +40,7 @@ Learn how to install, configure, update, and maintain your GitLab instance. [source installations](../install/installation.md#installation-from-source). - [Environment variables](environment_variables.md): Supported environment variables that can be used to override their defaults values in order to configure GitLab. - [Plugins](plugins.md): With custom plugins, GitLab administrators can introduce custom integrations without modifying GitLab's source code. +- [Enforcing Terms of Service](../user/admin_area/settings/terms.md) #### Customizing GitLab's appearance diff --git a/doc/user/admin_area/settings/img/enforce_terms.png b/doc/user/admin_area/settings/img/enforce_terms.png Binary files differnew file mode 100755 index 00000000000..e5f0a2683b5 --- /dev/null +++ b/doc/user/admin_area/settings/img/enforce_terms.png diff --git a/doc/user/admin_area/settings/img/respond_to_terms.png b/doc/user/admin_area/settings/img/respond_to_terms.png Binary files differnew file mode 100755 index 00000000000..d0d086c3498 --- /dev/null +++ b/doc/user/admin_area/settings/img/respond_to_terms.png diff --git a/doc/user/admin_area/settings/terms.md b/doc/user/admin_area/settings/terms.md new file mode 100644 index 00000000000..8e1fb982aba --- /dev/null +++ b/doc/user/admin_area/settings/terms.md @@ -0,0 +1,38 @@ +# Enforce accepting Terms of Service + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/18570) +> in [GitLab Core](https://about.gitlab.com/pricing/) 10.8 + +## Configuration + +When it is required for all users of the GitLab instance to accept the +Terms of Service, this can be configured by an admin on the settings +page: + +. + +The terms itself can be entered using Markdown. For each update to the +terms, a new version is stored. When a user accepts or declines the +terms, GitLab will keep track of which version they accepted or +declined. + +When an admin enables this feature, they will automattically be +directed to the page to accept the terms themselves. After they +accept, they will be directed back to the settings page. + +## Accepting terms + +When this feature was enabled, the users that have not accepted the +terms of service will be presented with a screen where they can either +accept or decline the terms. + + + +When the user accepts the terms, they will be directed to where they +were going. After a sign-in or sign-up this will most likely be the +dashboard. + +When the user was already logged in when the feature was turned on, +they will be asked to accept the terms on their next interaction. + +When a user declines the terms, they will be signed out. diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 17917b1176f..728c3605131 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -8,8 +8,8 @@ msgid "" msgstr "" "Project-Id-Version: gitlab 1.0.0\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2018-04-24 13:19+0000\n" -"PO-Revision-Date: 2018-04-24 13:19+0000\n" +"POT-Creation-Date: 2018-05-02 22:28+0200\n" +"PO-Revision-Date: 2018-05-02 22:28+0200\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" "Language: \n" @@ -84,6 +84,9 @@ msgstr "" msgid "%{openOrClose} %{noteable}" msgstr "" +msgid "%{percent}%% complete" +msgstr "" + msgid "%{storage_name}: failed storage access attempt on host:" msgid_plural "%{storage_name}: %{failed_attempts} failed storage access attempts:" msgstr[0] "" @@ -92,6 +95,9 @@ msgstr[1] "" msgid "%{text} is available" msgstr "" +msgid "%{title} changes" +msgstr "" + msgid "(checkout the %{link} for information on how to install it)." msgstr "" @@ -101,6 +107,41 @@ msgstr "" msgid "- show less" msgstr "" +msgid "1 %{type} addition" +msgid_plural "%d %{type} additions" +msgstr[0] "" +msgstr[1] "" + +msgid "1 %{type} modification" +msgid_plural "%d %{type} modifications" +msgstr[0] "" +msgstr[1] "" + +msgid "1 closed issue" +msgid_plural "%d closed issues" +msgstr[0] "" +msgstr[1] "" + +msgid "1 closed merge request" +msgid_plural "%d closed merge requests" +msgstr[0] "" +msgstr[1] "" + +msgid "1 merged merge request" +msgid_plural "%d merged merge requests" +msgstr[0] "" +msgstr[1] "" + +msgid "1 open issue" +msgid_plural "%d open issues" +msgstr[0] "" +msgstr[1] "" + +msgid "1 open merge request" +msgid_plural "%d open merge requests" +msgstr[0] "" +msgstr[1] "" + msgid "1 pipeline" msgid_plural "%d pipelines" msgstr[0] "" @@ -136,6 +177,9 @@ msgstr "" msgid "Abuse reports" msgstr "" +msgid "Accept terms" +msgstr "" + msgid "Access Tokens" msgstr "" @@ -367,6 +411,9 @@ msgstr "" msgid "Assignee" msgstr "" +msgid "Assignee(s)" +msgstr "" + msgid "Attach a file by drag & drop or %{upload_link}" msgstr "" @@ -669,9 +716,39 @@ msgstr "" msgid "CI/CD configuration" msgstr "" +msgid "CICD|An explicit %{ci_file} needs to be specified before you can begin using Continuous Integration and Delivery." +msgstr "" + +msgid "CICD|Auto DevOps (Beta)" +msgstr "" + +msgid "CICD|Auto DevOps will automatically build, test, and deploy your application based on a predefined Continuous Integration and Delivery configuration." +msgstr "" + +msgid "CICD|Disable Auto DevOps" +msgstr "" + +msgid "CICD|Enable Auto DevOps" +msgstr "" + +msgid "CICD|Follow the instance default to either have Auto DevOps enabled or disabled when there is no project specific %{ci_file}." +msgstr "" + +msgid "CICD|Instance default (%{state})" +msgstr "" + msgid "CICD|Jobs" msgstr "" +msgid "CICD|Learn more about Auto DevOps" +msgstr "" + +msgid "CICD|The Auto DevOps pipeline configuration will be used when there is no %{ci_file} in the project." +msgstr "" + +msgid "CICD|You need to specify a domain if you want to use Auto Review Apps and Auto Deploy stages." +msgstr "" + msgid "Cancel" msgstr "" @@ -825,6 +902,9 @@ msgstr "" msgid "CircuitBreakerApiLink|circuitbreaker api" msgstr "" +msgid "Clear search input" +msgstr "" + msgid "Click any <strong>project name</strong> in the project list below to navigate to the project milestone." msgstr "" @@ -1128,6 +1208,12 @@ msgstr "" msgid "ClusterIntegration|properly configured" msgstr "" +msgid "Collapse" +msgstr "" + +msgid "Collapse sidebar" +msgstr "" + msgid "Comment and resolve discussion" msgstr "" @@ -1411,16 +1497,16 @@ msgstr "" msgid "CreateTokenToCloneLink|create a personal access token" msgstr "" -msgid "Creates a new branch from %{branchName}" +msgid "Cron Timezone" msgstr "" -msgid "Creates a new branch from %{branchName} and re-directs to create a new merge request" +msgid "Cron syntax" msgstr "" -msgid "Cron Timezone" +msgid "CurrentUser|Profile" msgstr "" -msgid "Cron syntax" +msgid "CurrentUser|Settings" msgstr "" msgid "Custom notification events" @@ -1465,6 +1551,9 @@ msgstr "" msgid "December" msgstr "" +msgid "Decline and sign out" +msgstr "" + msgid "Define a custom pattern with cron syntax" msgstr "" @@ -1563,12 +1652,18 @@ msgstr "" msgid "Directory name" msgstr "" +msgid "Discard changes" +msgstr "" + msgid "Discard draft" msgstr "" msgid "Dismiss Cycle Analytics introduction box" msgstr "" +msgid "Domain" +msgstr "" + msgid "Don't show again" msgstr "" @@ -1734,6 +1829,9 @@ msgstr "" msgid "Error updating todo status." msgstr "" +msgid "Estimated" +msgstr "" + msgid "EventFilterBy|Filter by all" msgstr "" @@ -1761,6 +1859,12 @@ msgstr "" msgid "Every week (Sundays at 4:00am)" msgstr "" +msgid "Expand" +msgstr "" + +msgid "Expand sidebar" +msgstr "" + msgid "Explore projects" msgstr "" @@ -1797,9 +1901,6 @@ msgstr "" msgid "Fields on this page are now uneditable, you can configure" msgstr "" -msgid "File name" -msgstr "" - msgid "Files" msgstr "" @@ -1901,6 +2002,9 @@ msgstr "" msgid "Got it!" msgstr "" +msgid "Group ID" +msgstr "" + msgid "GroupSettings|Prevent sharing a project within %{group} with other groups" msgstr "" @@ -2023,6 +2127,9 @@ msgstr "" msgid "Import repository" msgstr "" +msgid "Include a Terms of Service agreement that all users must accept." +msgstr "" + msgid "Install Runner on Kubernetes" msgstr "" @@ -2199,6 +2306,9 @@ msgstr "" msgid "Loading the GitLab IDE..." msgstr "" +msgid "Loading..." +msgstr "" + msgid "Lock" msgstr "" @@ -2229,7 +2339,10 @@ msgstr "" msgid "March" msgstr "" -msgid "Mark done" +msgid "Mark todo as done" +msgstr "" + +msgid "Markdown enabled" msgstr "" msgid "Maximum git storage failures" @@ -2244,6 +2357,9 @@ msgstr "" msgid "Members" msgstr "" +msgid "Merge Request:" +msgstr "" + msgid "Merge Requests" msgstr "" @@ -2253,6 +2369,9 @@ msgstr "" msgid "Merge request" msgstr "" +msgid "Merge requests" +msgstr "" + msgid "Merge requests are a place to propose changes you've made to a project and discuss those changes with others" msgstr "" @@ -2313,6 +2432,9 @@ msgstr "" msgid "Move issue" msgstr "" +msgid "Name" +msgstr "" + msgid "Name new label" msgstr "" @@ -2387,6 +2509,9 @@ msgstr "" msgid "No file chosen" msgstr "" +msgid "No files found." +msgstr "" + msgid "No labels created yet." msgstr "" @@ -2675,12 +2800,27 @@ msgstr "" msgid "Pipelines|This project is not currently set up to run pipelines." msgstr "" +msgid "Pipeline|Existing branch name, tag" +msgstr "" + msgid "Pipeline|Retry pipeline" msgstr "" msgid "Pipeline|Retry pipeline #%{pipelineId}?" msgstr "" +msgid "Pipeline|Run Pipeline" +msgstr "" + +msgid "Pipeline|Run on" +msgstr "" + +msgid "Pipeline|Run pipeline" +msgstr "" + +msgid "Pipeline|Search branches" +msgstr "" + msgid "Pipeline|Stop pipeline" msgstr "" @@ -2714,6 +2854,9 @@ msgstr "" msgid "Please <a href=%{link_to_billing} target=\"_blank\" rel=\"noopener noreferrer\">enable billing for one of your projects to be able to create a Kubernetes cluster</a>, then try again." msgstr "" +msgid "Please accept the Terms of Service before continuing." +msgstr "" + msgid "Please select at least one filter to see results" msgstr "" @@ -2798,6 +2941,9 @@ msgstr "" msgid "Programming languages used in this repository" msgstr "" +msgid "Progress" +msgstr "" + msgid "Project '%{project_name}' is in the process of being deleted." msgstr "" @@ -3041,6 +3187,9 @@ msgstr "" msgid "Request Access" msgstr "" +msgid "Require all users to accept Terms of Service when they access GitLab." +msgstr "" + msgid "Reset git storage health information" msgstr "" @@ -3053,6 +3202,9 @@ msgstr "" msgid "Resolve discussion" msgstr "" +msgid "Retry" +msgstr "" + msgid "Retry this job" msgstr "" @@ -3115,6 +3267,9 @@ msgstr "" msgid "Search branches and tags" msgstr "" +msgid "Search files" +msgstr "" + msgid "Search milestones" msgstr "" @@ -3219,6 +3374,9 @@ msgid_plural "Showing %d events" msgstr[0] "" msgstr[1] "" +msgid "Sign out" +msgstr "" + msgid "Sign-in restrictions" msgstr "" @@ -3360,6 +3518,18 @@ msgstr "" msgid "Specify the following URL during the Runner setup:" msgstr "" +msgid "Stage all" +msgstr "" + +msgid "Stage changes" +msgstr "" + +msgid "Staged" +msgstr "" + +msgid "Staged %{type}" +msgstr "" + msgid "StarProject|Star" msgstr "" @@ -3410,6 +3580,9 @@ msgstr[1] "" msgid "Tags" msgstr "" +msgid "Tags:" +msgstr "" + msgid "TagsPage|Browse commits" msgstr "" @@ -3488,6 +3661,12 @@ msgstr "" msgid "Team" msgstr "" +msgid "Terms of Service" +msgstr "" + +msgid "Terms of Service Agreement" +msgstr "" + msgid "The Issue Tracker is the place to add things that need to be improved or solved in a project" msgstr "" @@ -3665,6 +3844,12 @@ msgstr "" msgid "Time between merge request creation and merge/close" msgstr "" +msgid "Time remaining" +msgstr "" + +msgid "Time spent" +msgstr "" + msgid "Time tracking" msgstr "" @@ -3837,6 +4022,9 @@ msgstr "" msgid "Todo" msgstr "" +msgid "Toggle Sidebar" +msgstr "" + msgid "Toggle sidebar" msgstr "" @@ -3861,6 +4049,12 @@ msgstr "" msgid "Trigger this manual action" msgstr "" +msgid "Try again" +msgstr "" + +msgid "Unable to load the diff. %{button_try_again}" +msgstr "" + msgid "Unlock" msgstr "" @@ -3870,6 +4064,21 @@ msgstr "" msgid "Unresolve discussion" msgstr "" +msgid "Unstage all" +msgstr "" + +msgid "Unstage changes" +msgstr "" + +msgid "Unstaged" +msgstr "" + +msgid "Unstaged %{type}" +msgstr "" + +msgid "Unstaged and staged %{type}" +msgstr "" + msgid "Unstar" msgstr "" @@ -3978,6 +4187,9 @@ msgstr "" msgid "Web terminal" msgstr "" +msgid "When enabled, users cannot use GitLab until the terms have been accepted." +msgstr "" + msgid "Wiki" msgstr "" @@ -4200,6 +4412,9 @@ msgstr "" msgid "Your projects" msgstr "" +msgid "ago" +msgstr "" + msgid "among other things" msgstr "" @@ -4223,6 +4438,12 @@ msgstr[1] "" msgid "deploy token" msgstr "" +msgid "disabled" +msgstr "" + +msgid "enabled" +msgstr "" + msgid "estimateCommand|%{slash_command} will update the estimated time with the latest command." msgstr "" @@ -4422,6 +4643,9 @@ msgstr "" msgid "personal access token" msgstr "" +msgid "remaining" +msgstr "" + msgid "remove due date" msgstr "" diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index fe95d1ef9cd..f0caac40afd 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe ApplicationController do + include TermsHelper + let(:user) { create(:user) } describe '#check_password_expiration' do @@ -406,4 +408,65 @@ describe ApplicationController do end end end + + context 'terms' do + controller(described_class) do + def index + render text: 'authenticated' + end + end + + before do + stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false') + sign_in user + end + + it 'does not query more when terms are enforced' do + control = ActiveRecord::QueryRecorder.new { get :index } + + enforce_terms + + expect { get :index }.not_to exceed_query_limit(control) + end + + context 'when terms are enforced' do + before do + enforce_terms + end + + it 'redirects if the user did not accept the terms' do + get :index + + expect(response).to have_gitlab_http_status(302) + end + + it 'does not redirect when the user accepted terms' do + accept_terms(user) + + get :index + + expect(response).to have_gitlab_http_status(200) + end + + context 'for sessionless users' do + before do + sign_out user + end + + it 'renders a 403 when the sessionless user did not accept the terms' do + get :index, rss_token: user.rss_token, format: :atom + + expect(response).to have_gitlab_http_status(403) + end + + it 'renders a 200 when the sessionless user accepted the terms' do + accept_terms(user) + + get :index, rss_token: user.rss_token, format: :atom + + expect(response).to have_gitlab_http_status(200) + end + end + end + end end diff --git a/spec/controllers/concerns/internal_redirect_spec.rb b/spec/controllers/concerns/internal_redirect_spec.rb new file mode 100644 index 00000000000..a0ee13b2352 --- /dev/null +++ b/spec/controllers/concerns/internal_redirect_spec.rb @@ -0,0 +1,66 @@ +require 'spec_helper' + +describe InternalRedirect do + let(:controller_class) do + Class.new do + include InternalRedirect + + def request + @request ||= Struct.new(:host, :port).new('test.host', 80) + end + end + end + subject(:controller) { controller_class.new } + + describe '#safe_redirect_path' do + it 'is `nil` for invalid uris' do + expect(controller.safe_redirect_path('Hello world')).to be_nil + end + + it 'is `nil` for paths trying to include a host' do + expect(controller.safe_redirect_path('//example.com/hello/world')).to be_nil + end + + it 'returns the path if it is valid' do + expect(controller.safe_redirect_path('/hello/world')).to eq('/hello/world') + end + + it 'returns the path with querystring if it is valid' do + expect(controller.safe_redirect_path('/hello/world?hello=world#L123')) + .to eq('/hello/world?hello=world#L123') + end + end + + describe '#safe_redirect_path_for_url' do + it 'is `nil` for invalid urls' do + expect(controller.safe_redirect_path_for_url('Hello world')).to be_nil + end + + it 'is `nil` for urls from a with a different host' do + expect(controller.safe_redirect_path_for_url('http://example.com/hello/world')).to be_nil + end + + it 'is `nil` for urls from a with a different port' do + expect(controller.safe_redirect_path_for_url('http://test.host:3000/hello/world')).to be_nil + end + + it 'returns the path if the url is on the same host' do + expect(controller.safe_redirect_path_for_url('http://test.host/hello/world')).to eq('/hello/world') + end + + it 'returns the path including querystring if the url is on the same host' do + expect(controller.safe_redirect_path_for_url('http://test.host/hello/world?hello=world#L123')) + .to eq('/hello/world?hello=world#L123') + end + end + + describe '#host_allowed?' do + it 'allows uris with the same host and port' do + expect(controller.host_allowed?(URI('http://test.host/test'))).to be(true) + end + + it 'rejects uris with other host and port' do + expect(controller.host_allowed?(URI('http://example.com/test'))).to be(false) + end + end +end diff --git a/spec/controllers/users/terms_controller_spec.rb b/spec/controllers/users/terms_controller_spec.rb index 50e818a4520..a744463413c 100644 --- a/spec/controllers/users/terms_controller_spec.rb +++ b/spec/controllers/users/terms_controller_spec.rb @@ -36,6 +36,30 @@ describe Users::TermsController do expect(response).to redirect_to(groups_path) end + + it 'redirects to the referer when no redirect specified' do + request.env["HTTP_REFERER"] = groups_url + + post :accept, id: term.id + + expect(response).to redirect_to(groups_path) + end + + context 'redirecting to another domain' do + it 'is prevented when passing a redirect param' do + post :accept, id: term.id, redirect: '//example.com/random/path' + + expect(response).to redirect_to(root_path) + end + + it 'is prevented when redirecting to the referer' do + request.env["HTTP_REFERER"] = 'http://example.com/and/a/path' + + post :accept, id: term.id + + expect(response).to redirect_to(root_path) + end + end end describe 'POST #decline' do diff --git a/spec/features/admin/admin_settings_spec.rb b/spec/features/admin/admin_settings_spec.rb index b74643bac55..f2f9b734c39 100644 --- a/spec/features/admin/admin_settings_spec.rb +++ b/spec/features/admin/admin_settings_spec.rb @@ -2,10 +2,13 @@ require 'spec_helper' feature 'Admin updates settings' do include StubENV + include TermsHelper + + let(:admin) { create(:admin) } before do stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false') - sign_in(create(:admin)) + sign_in(admin) visit admin_application_settings_path end @@ -86,6 +89,10 @@ feature 'Admin updates settings' do end scenario 'Terms of Service' do + # Already have the admin accept terms, so they don't need to accept in this spec. + _existing_terms = create(:term) + accept_terms(admin) + page.within('.as-terms') do check 'Require all users to accept Terms of Service when they access GitLab.' fill_in 'Terms of Service Agreement', with: 'Be nice!' diff --git a/spec/features/users/login_spec.rb b/spec/features/users/login_spec.rb index 9e10bfb2adc..94a2b289e64 100644 --- a/spec/features/users/login_spec.rb +++ b/spec/features/users/login_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' feature 'Login' do + include TermsHelper + scenario 'Successful user signin invalidates password reset token' do user = create(:user) @@ -399,4 +401,41 @@ feature 'Login' do expect(page).to have_selector('.tab-pane.active', count: 1) end end + + context 'when terms are enforced' do + let(:user) { create(:user) } + + before do + enforce_terms + end + + it 'asks to accept the terms on first login' do + visit new_user_session_path + + fill_in 'user_login', with: user.email + fill_in 'user_password', with: '12345678' + + click_button 'Sign in' + + expect_to_be_on_terms_page + + click_button 'Accept terms' + + expect(current_path).to eq(root_path) + expect(page).not_to have_content('You are already signed in.') + end + + it 'does not ask for terms when the user already accepted them' do + accept_terms(user) + + visit new_user_session_path + + fill_in 'user_login', with: user.email + fill_in 'user_password', with: '12345678' + + click_button 'Sign in' + + expect(current_path).to eq(root_path) + end + end end diff --git a/spec/features/users/signup_spec.rb b/spec/features/users/signup_spec.rb index 5d539f0ccbe..b5bd5c505f2 100644 --- a/spec/features/users/signup_spec.rb +++ b/spec/features/users/signup_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe 'Signup' do + include TermsHelper + let(:new_user) { build_stubbed(:user) } describe 'username validation', :js do @@ -132,4 +134,27 @@ describe 'Signup' do expect(page.body).not_to match(/#{new_user.password}/) end end + + context 'when terms are enforced' do + before do + enforce_terms + end + + it 'asks the user to accept terms before going to the dashboard' do + visit root_path + + fill_in 'new_user_name', with: new_user.name + fill_in 'new_user_username', with: new_user.username + fill_in 'new_user_email', with: new_user.email + fill_in 'new_user_email_confirmation', with: new_user.email + fill_in 'new_user_password', with: new_user.password + click_button "Register" + + expect_to_be_on_terms_page + + click_button 'Accept terms' + + expect(current_path).to eq dashboard_projects_path + end + end end diff --git a/spec/features/users/terms_spec.rb b/spec/features/users/terms_spec.rb index a33f0937fab..bf6b5fa3d6a 100644 --- a/spec/features/users/terms_spec.rb +++ b/spec/features/users/terms_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe 'Users > Terms' do + include TermsHelper + let(:user) { create(:user) } let!(:term) { create(:term, terms: 'By accepting, you promise to be nice!') } @@ -36,4 +38,47 @@ describe 'Users > Terms' do expect(user.reload.terms_accepted?).to be(true) end end + + context 'terms were enforced while session is active', :js do + let(:project) { create(:project) } + + before do + project.add_developer(user) + end + + it 'redirects to terms and back to where the user was going' do + visit project_path(project) + + enforce_terms + + within('.nav-sidebar') do + click_link 'Issues' + end + + expect_to_be_on_terms_page + + click_button('Accept terms') + + expect(current_path).to eq(project_issues_path(project)) + end + + it 'redirects back to the page the user was trying to save' do + visit new_project_issue_path(project) + + fill_in :issue_title, with: 'Hello world, a new issue' + fill_in :issue_description, with: "We don't want to lose what the user typed" + + enforce_terms + + click_button 'Submit issue' + + expect(current_path).to eq(terms_path) + + click_button('Accept terms') + + expect(current_path).to eq(new_project_issue_path(project)) + expect(find_field('issue_title').value).to eq('Hello world, a new issue') + expect(find_field('issue_description').value).to eq("We don't want to lose what the user typed") + end + end end diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb index 5b8cf2e6ab5..ec26810e371 100644 --- a/spec/policies/global_policy_spec.rb +++ b/spec/policies/global_policy_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe GlobalPolicy do + include TermsHelper + let(:current_user) { create(:user) } let(:user) { create(:user) } diff --git a/spec/support/helpers/terms_helper.rb b/spec/support/helpers/terms_helper.rb new file mode 100644 index 00000000000..a00ec14138b --- /dev/null +++ b/spec/support/helpers/terms_helper.rb @@ -0,0 +1,19 @@ +module TermsHelper + def enforce_terms + stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false') + settings = Gitlab::CurrentSettings.current_application_settings + ApplicationSettings::UpdateService.new( + settings, nil, terms: 'These are the terms', enforce_terms: true + ).execute + end + + def accept_terms(user) + terms = Gitlab::CurrentSettings.current_application_settings.latest_terms + Users::RespondToTermsService.new(user, terms).execute(accepted: true) + end + + def expect_to_be_on_terms_page + expect(current_path).to eq terms_path + expect(page).to have_content('Please accept the Terms of Service before continuing.') + end +end |
