diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-20 18:19:03 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-20 18:19:03 +0300 |
| commit | 14bd84b61276ef29b97d23642d698de769bacfd2 (patch) | |
| tree | f9eba90140c1bd874211dea17750a0d422c04080 /app/controllers | |
| parent | 891c388697b2db0d8ee0c8358a9bdbf6dc56d581 (diff) | |
Add latest changes from gitlab-org/gitlab@15-10-stable-eev15.10.0-rc42
Diffstat (limited to 'app/controllers')
133 files changed, 717 insertions, 619 deletions
diff --git a/app/controllers/admin/abuse_reports_controller.rb b/app/controllers/admin/abuse_reports_controller.rb index 5357558434e..49079461698 100644 --- a/app/controllers/admin/abuse_reports_controller.rb +++ b/app/controllers/admin/abuse_reports_controller.rb @@ -3,6 +3,8 @@ class Admin::AbuseReportsController < Admin::ApplicationController feature_category :insider_threat + before_action :set_status_param, only: :index, if: -> { Feature.enabled?(:abuse_reports_list) } + def index @abuse_reports = AbuseReportsFinder.new(params).execute end @@ -15,4 +17,10 @@ class Admin::AbuseReportsController < Admin::ApplicationController head :ok end + + private + + def set_status_param + params[:status] ||= 'open' + end end diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb index ade58ca0970..0bbfeae6656 100644 --- a/app/controllers/admin/application_settings_controller.rb +++ b/app/controllers/admin/application_settings_controller.rb @@ -13,6 +13,10 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController before_action :disable_query_limiting, only: [:usage_data] + before_action do + push_frontend_feature_flag(:ci_variables_pages, current_user) + end + feature_category :not_owned, [ # rubocop:todo Gitlab/AvoidFeatureCategoryNotOwned :general, :reporting, :metrics_and_profiling, :network, :preferences, :update, :reset_health_check_token @@ -101,8 +105,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController def reset_error_tracking_access_token @application_setting.reset_error_tracking_access_token! - redirect_to general_admin_application_settings_path, - notice: _('New error tracking access token has been generated!') + redirect_to general_admin_application_settings_path, notice: _('New error tracking access token has been generated!') end def clear_repository_check_states diff --git a/app/controllers/admin/applications_controller.rb b/app/controllers/admin/applications_controller.rb index d66b3cb4366..76564981c9b 100644 --- a/app/controllers/admin/applications_controller.rb +++ b/app/controllers/admin/applications_controller.rb @@ -3,19 +3,17 @@ class Admin::ApplicationsController < Admin::ApplicationController include OauthApplications - before_action :set_application, only: [:show, :edit, :update, :destroy] + before_action :set_application, only: [:show, :edit, :update, :renew, :destroy] before_action :load_scopes, only: [:new, :create, :edit, :update] - feature_category :authentication_and_authorization + feature_category :system_access def index applications = ApplicationsFinder.new.execute @applications = Kaminari.paginate_array(applications).page(params[:page]) end - def show - @created = get_created_session if Feature.disabled?('hash_oauth_secrets') - end + def show; end def new @application = Doorkeeper::Application.new @@ -30,14 +28,8 @@ class Admin::ApplicationsController < Admin::ApplicationController if @application.persisted? flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create]) - if Feature.enabled?('hash_oauth_secrets') - @created = true - render :show - else - set_created_session - - redirect_to admin_application_url(@application) - end + @created = true + render :show else render :new end @@ -51,6 +43,17 @@ class Admin::ApplicationsController < Admin::ApplicationController end end + def renew + @application.renew_secret + + if @application.save + flash.now[:notice] = s_('AuthorizedApplication|Application secret was successfully updated.') + render :show + else + redirect_to admin_application_url(@application) + end + end + def destroy @application.destroy redirect_to admin_applications_url, status: :found, notice: _('Application was successfully destroyed.') diff --git a/app/controllers/admin/broadcast_messages_controller.rb b/app/controllers/admin/broadcast_messages_controller.rb index d641a26c9fb..654b8309937 100644 --- a/app/controllers/admin/broadcast_messages_controller.rb +++ b/app/controllers/admin/broadcast_messages_controller.rb @@ -72,7 +72,7 @@ module Admin def preview @broadcast_message = BroadcastMessage.new(broadcast_message_params) - render partial: 'admin/broadcast_messages/preview' + render plain: render_broadcast_message(@broadcast_message), status: :ok end protected diff --git a/app/controllers/admin/ci/variables_controller.rb b/app/controllers/admin/ci/variables_controller.rb index ef50d7362c4..c811de12914 100644 --- a/app/controllers/admin/ci/variables_controller.rb +++ b/app/controllers/admin/ci/variables_controller.rb @@ -3,7 +3,7 @@ module Admin module Ci class VariablesController < ApplicationController - feature_category :pipeline_authoring + feature_category :pipeline_composition def show respond_to do |format| @@ -32,10 +32,7 @@ module Admin end def render_instance_variables - render status: :ok, - json: { - variables: ::Ci::InstanceVariableSerializer.new.represent(variables) - } + render status: :ok, json: { variables: ::Ci::InstanceVariableSerializer.new.represent(variables) } end def render_error(errors) diff --git a/app/controllers/admin/cohorts_controller.rb b/app/controllers/admin/cohorts_controller.rb index ce3d769f35e..3948d3635fe 100644 --- a/app/controllers/admin/cohorts_controller.rb +++ b/app/controllers/admin/cohorts_controller.rb @@ -7,7 +7,7 @@ class Admin::CohortsController < Admin::ApplicationController urgency :low - track_custom_event :index, + track_event :index, name: 'i_analytics_cohorts', action: 'perform_analytics_usage_action', label: 'redis_hll_counters.analytics.analytics_total_unique_counts_monthly', diff --git a/app/controllers/admin/dev_ops_report_controller.rb b/app/controllers/admin/dev_ops_report_controller.rb index 71ee19ddf39..2e47dfcb0db 100644 --- a/app/controllers/admin/dev_ops_report_controller.rb +++ b/app/controllers/admin/dev_ops_report_controller.rb @@ -5,7 +5,7 @@ class Admin::DevOpsReportController < Admin::ApplicationController helper_method :show_adoption? - track_custom_event :show, + track_event :show, name: 'i_analytics_dev_ops_score', action: 'perform_analytics_usage_action', label: 'redis_hll_counters.analytics.analytics_total_unique_counts_monthly', diff --git a/app/controllers/admin/groups_controller.rb b/app/controllers/admin/groups_controller.rb index e3a33bafb62..ef45eaac437 100644 --- a/app/controllers/admin/groups_controller.rb +++ b/app/controllers/admin/groups_controller.rb @@ -65,8 +65,8 @@ class Admin::GroupsController < Admin::ApplicationController Groups::DestroyService.new(@group, current_user).async_execute redirect_to admin_groups_path, - status: :found, - alert: format(_('Group %{group_name} was scheduled for deletion.'), group_name: @group.name) + status: :found, + alert: format(_('Group %{group_name} was scheduled for deletion.'), group_name: @group.name) end private diff --git a/app/controllers/admin/identities_controller.rb b/app/controllers/admin/identities_controller.rb index dcec50e882d..0745ba328c6 100644 --- a/app/controllers/admin/identities_controller.rb +++ b/app/controllers/admin/identities_controller.rb @@ -4,7 +4,7 @@ class Admin::IdentitiesController < Admin::ApplicationController before_action :user before_action :identity, except: [:index, :new, :create] - feature_category :authentication_and_authorization + feature_category :system_access def new @identity = Identity.new diff --git a/app/controllers/admin/impersonation_tokens_controller.rb b/app/controllers/admin/impersonation_tokens_controller.rb index ddc555add5c..dae3337d19b 100644 --- a/app/controllers/admin/impersonation_tokens_controller.rb +++ b/app/controllers/admin/impersonation_tokens_controller.rb @@ -4,7 +4,7 @@ class Admin::ImpersonationTokensController < Admin::ApplicationController before_action :user before_action :verify_impersonation_enabled! - feature_category :authentication_and_authorization + feature_category :user_management def index set_index_vars diff --git a/app/controllers/admin/impersonations_controller.rb b/app/controllers/admin/impersonations_controller.rb index 6c45b03455e..c1a6cb350ec 100644 --- a/app/controllers/admin/impersonations_controller.rb +++ b/app/controllers/admin/impersonations_controller.rb @@ -4,7 +4,7 @@ class Admin::ImpersonationsController < Admin::ApplicationController skip_before_action :authenticate_admin! before_action :authenticate_impersonator! - feature_category :authentication_and_authorization + feature_category :user_management def destroy original_user = stop_impersonation diff --git a/app/controllers/admin/keys_controller.rb b/app/controllers/admin/keys_controller.rb index 03383604e30..e4a756ec12d 100644 --- a/app/controllers/admin/keys_controller.rb +++ b/app/controllers/admin/keys_controller.rb @@ -3,7 +3,7 @@ class Admin::KeysController < Admin::ApplicationController before_action :user, only: [:show, :destroy] - feature_category :authentication_and_authorization + feature_category :user_management def show @key = user.keys.find(params[:id]) diff --git a/app/controllers/admin/projects_controller.rb b/app/controllers/admin/projects_controller.rb index 5d37bd27302..70c2d262b72 100644 --- a/app/controllers/admin/projects_controller.rb +++ b/app/controllers/admin/projects_controller.rb @@ -3,10 +3,10 @@ class Admin::ProjectsController < Admin::ApplicationController include MembersPresentation - before_action :project, only: [:show, :transfer, :repository_check, :destroy] + before_action :project, only: [:show, :transfer, :repository_check, :destroy, :edit, :update] before_action :group, only: [:show, :transfer] - feature_category :projects, [:index, :show, :transfer, :destroy] + feature_category :projects, [:index, :show, :transfer, :destroy, :edit, :update] feature_category :source_code_management, [:repository_check] def index @@ -62,6 +62,18 @@ class Admin::ProjectsController < Admin::ApplicationController end # rubocop: enable CodeReuse/ActiveRecord + def edit; end + + def update + result = ::Projects::UpdateService.new(@project, current_user, project_params).execute + + if result[:status] == :success + redirect_to [:admin, @project], notice: format(_("Project '%{project_name}' was successfully updated."), project_name: @project.name) + else + render "edit" + end + end + def repository_check RepositoryCheck::SingleRepositoryWorker.perform_async(@project.id) # rubocop:disable CodeReuse/Worker @@ -83,6 +95,17 @@ class Admin::ProjectsController < Admin::ApplicationController def group @group ||= @project.group end + + def project_params + params.require(:project).permit(allowed_project_params) + end + + def allowed_project_params + [ + :description, + :name + ] + end end Admin::ProjectsController.prepend_mod_with('Admin::ProjectsController') diff --git a/app/controllers/admin/runners_controller.rb b/app/controllers/admin/runners_controller.rb index 21a3a0aea0b..f63616a2bea 100644 --- a/app/controllers/admin/runners_controller.rb +++ b/app/controllers/admin/runners_controller.rb @@ -6,7 +6,7 @@ class Admin::RunnersController < Admin::ApplicationController before_action :runner, except: [:index, :new, :tag_list, :runner_setup_scripts] before_action only: [:index] do - push_frontend_feature_flag(:create_runner_workflow, current_user) + push_frontend_feature_flag(:create_runner_workflow_for_admin, current_user) end feature_category :runner @@ -23,7 +23,12 @@ class Admin::RunnersController < Admin::ApplicationController end def new - render_404 unless Feature.enabled?(:create_runner_workflow, current_user) + render_404 unless Feature.enabled?(:create_runner_workflow_for_admin, current_user) + end + + def register + render_404 unless Feature.enabled?(:create_runner_workflow_for_admin, current_user) && + runner.registration_available? end def update diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb index 63579421573..bb275532170 100644 --- a/app/controllers/admin/sessions_controller.rb +++ b/app/controllers/admin/sessions_controller.rb @@ -7,7 +7,7 @@ class Admin::SessionsController < ApplicationController before_action :user_is_admin! - feature_category :authentication_and_authorization + feature_category :system_access def new if current_user_mode.admin_mode? diff --git a/app/controllers/admin/spam_logs_controller.rb b/app/controllers/admin/spam_logs_controller.rb index 984ae736697..b27185a6add 100644 --- a/app/controllers/admin/spam_logs_controller.rb +++ b/app/controllers/admin/spam_logs_controller.rb @@ -5,7 +5,7 @@ class Admin::SpamLogsController < Admin::ApplicationController # rubocop: disable CodeReuse/ActiveRecord def index - @spam_logs = SpamLog.includes(:user).order(id: :desc).page(params[:page]) + @spam_logs = SpamLog.includes(:user).order(id: :desc).page(params[:page]).without_count end # rubocop: enable CodeReuse/ActiveRecord @@ -15,8 +15,8 @@ class Admin::SpamLogsController < Admin::ApplicationController if params[:remove_user] spam_log.remove_user(deleted_by: current_user) redirect_to admin_spam_logs_path, - status: :found, - notice: format(_('User %{username} was successfully removed.'), username: spam_log.user.username) + status: :found, + notice: format(_('User %{username} was successfully removed.'), username: spam_log.user.username) else spam_log.destroy head :ok diff --git a/app/controllers/admin/topics_controller.rb b/app/controllers/admin/topics_controller.rb index 345a778772d..94d084932ad 100644 --- a/app/controllers/admin/topics_controller.rb +++ b/app/controllers/admin/topics_controller.rb @@ -41,8 +41,8 @@ class Admin::TopicsController < Admin::ApplicationController @topic.destroy! redirect_to admin_topics_path, - status: :found, - notice: format(_('Topic %{topic_name} was successfully removed.'), topic_name: @topic.title_or_name) + status: :found, + notice: format(_('Topic %{topic_name} was successfully removed.'), topic_name: @topic.title_or_name) end def merge diff --git a/app/controllers/admin/usage_trends_controller.rb b/app/controllers/admin/usage_trends_controller.rb index 082b38ac3a8..f88028535c1 100644 --- a/app/controllers/admin/usage_trends_controller.rb +++ b/app/controllers/admin/usage_trends_controller.rb @@ -3,7 +3,7 @@ class Admin::UsageTrendsController < Admin::ApplicationController include ProductAnalyticsTracking - track_custom_event :index, + track_event :index, name: 'i_analytics_instance_statistics', action: 'perform_analytics_usage_action', label: 'redis_hll_counters.analytics.analytics_total_unique_counts_monthly', diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 353f9098b95..ff888cf9d72 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -33,7 +33,6 @@ class ApplicationController < ActionController::Base before_action :check_password_expiration, if: :html_request? before_action :ldap_security_check before_action :default_headers - before_action :default_cache_headers before_action :add_gon_variables, if: :html_request? before_action :configure_permitted_parameters, if: :devise_controller? before_action :require_email, unless: :devise_controller? @@ -260,10 +259,7 @@ class ApplicationController < ActionController::Base respond_to do |format| format.html do - render template, - layout: "errors", - status: status, - locals: { message: message } + render template, layout: "errors", status: status, locals: { message: message } end format.any { head status } end @@ -319,10 +315,6 @@ class ApplicationController < ActionController::Base headers['X-Content-Type-Options'] = 'nosniff' end - def default_cache_headers - headers['Pragma'] = 'no-cache' # HTTP 1.0 compatibility - end - def stream_csv_headers(csv_filename) no_cache_headers stream_headers diff --git a/app/controllers/chaos_controller.rb b/app/controllers/chaos_controller.rb index 6139168d29f..7328b793b09 100644 --- a/app/controllers/chaos_controller.rb +++ b/app/controllers/chaos_controller.rb @@ -52,13 +52,14 @@ class ChaosController < ActionController::Base def validate_chaos_secret unless chaos_secret_configured render plain: "chaos misconfigured: please configure GITLAB_CHAOS_SECRET", - status: :internal_server_error + status: :internal_server_error + return end unless Devise.secure_compare(chaos_secret_configured, chaos_secret_request) render plain: "To experience chaos, please set a valid `X-Chaos-Secret` header or `token` param", - status: :unauthorized + status: :unauthorized end end diff --git a/app/controllers/concerns/authenticates_with_two_factor.rb b/app/controllers/concerns/authenticates_with_two_factor.rb index b4a36b7db22..691b4f4e21f 100644 --- a/app/controllers/concerns/authenticates_with_two_factor.rb +++ b/app/controllers/concerns/authenticates_with_two_factor.rb @@ -25,13 +25,7 @@ module AuthenticatesWithTwoFactor session[:user_password_hash] = Digest::SHA256.hexdigest(user.encrypted_password) add_gon_variables - push_frontend_feature_flag(:webauthn) - - if Feature.enabled?(:webauthn) - setup_webauthn_authentication(user) - else - setup_u2f_authentication(user) - end + setup_webauthn_authentication(user) render 'devise/sessions/two_factor' end @@ -54,11 +48,7 @@ module AuthenticatesWithTwoFactor if user_params[:otp_attempt].present? && session[:otp_user_id] authenticate_with_two_factor_via_otp(user) elsif user_params[:device_response].present? && session[:otp_user_id] - if user.two_factor_webauthn_enabled? - authenticate_with_two_factor_via_webauthn(user) - else - authenticate_with_two_factor_via_u2f(user) - end + authenticate_with_two_factor_via_webauthn(user) elsif user && user.valid_password?(user_params[:password]) prompt_for_two_factor(user) end @@ -96,15 +86,6 @@ module AuthenticatesWithTwoFactor end end - # Authenticate using the response from a U2F (universal 2nd factor) device - def authenticate_with_two_factor_via_u2f(user) - if U2fRegistration.authenticate(user, u2f_app_id, user_params[:device_response], session[:challenge]) - handle_two_factor_success(user) - else - handle_two_factor_failure(user, 'U2F', _('Authentication via U2F device failed.')) - end - end - def authenticate_with_two_factor_via_webauthn(user) if Webauthn::AuthenticateService.new(user, user_params[:device_response], session[:challenge]).execute handle_two_factor_success(user) @@ -133,11 +114,11 @@ module AuthenticatesWithTwoFactor webauthn_registration_ids = user.webauthn_registrations.pluck(:credential_xid) - get_options = WebAuthn::Credential.options_for_get(allow: webauthn_registration_ids, - user_verification: 'discouraged', - extensions: { appid: WebAuthn.configuration.origin }) - - session[:credentialRequestOptions] = get_options + get_options = WebAuthn::Credential.options_for_get( + allow: webauthn_registration_ids, + user_verification: 'discouraged', + extensions: { appid: WebAuthn.configuration.origin } + ) session[:challenge] = get_options.challenge gon.push(webauthn: { options: Gitlab::Json.dump(get_options) }) end diff --git a/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb b/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb index 574fc6c0f37..045ccf1e5b8 100644 --- a/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb +++ b/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb @@ -11,13 +11,7 @@ module AuthenticatesWithTwoFactorForAdminMode return handle_locked_user(user) unless user.can?(:log_in) session[:otp_user_id] = user.id - push_frontend_feature_flag(:webauthn) - - if user.two_factor_webauthn_enabled? - setup_webauthn_authentication(user) - else - setup_u2f_authentication(user) - end + setup_webauthn_authentication(user) render 'admin/sessions/two_factor', layout: 'application' end @@ -30,11 +24,7 @@ module AuthenticatesWithTwoFactorForAdminMode if user_params[:otp_attempt].present? && session[:otp_user_id] admin_mode_authenticate_with_two_factor_via_otp(user) elsif user_params[:device_response].present? && session[:otp_user_id] - if user.two_factor_webauthn_enabled? - admin_mode_authenticate_with_two_factor_via_webauthn(user) - else - admin_mode_authenticate_with_two_factor_via_u2f(user) - end + admin_mode_authenticate_with_two_factor_via_webauthn(user) elsif user && user.valid_password?(user_params[:password]) admin_mode_prompt_for_two_factor(user) else @@ -56,14 +46,6 @@ module AuthenticatesWithTwoFactorForAdminMode end end - def admin_mode_authenticate_with_two_factor_via_u2f(user) - if U2fRegistration.authenticate(user, u2f_app_id, user_params[:device_response], session[:challenge]) - admin_handle_two_factor_success - else - admin_handle_two_factor_failure(user, 'U2F', _('Authentication via U2F device failed.')) - end - end - def admin_mode_authenticate_with_two_factor_via_webauthn(user) if Webauthn::AuthenticateService.new(user, user_params[:device_response], session[:challenge]).execute admin_handle_two_factor_success diff --git a/app/controllers/concerns/confirm_email_warning.rb b/app/controllers/concerns/confirm_email_warning.rb index ec5140bf223..8b7371cbc17 100644 --- a/app/controllers/concerns/confirm_email_warning.rb +++ b/app/controllers/concerns/confirm_email_warning.rb @@ -10,7 +10,7 @@ module ConfirmEmailWarning protected def show_confirm_warning? - html_request? && request.get? && Feature.enabled?(:soft_email_confirmation) + html_request? && request.get? && Gitlab::CurrentSettings.email_confirmation_setting_soft? end def set_confirm_warning diff --git a/app/controllers/concerns/cycle_analytics_params.rb b/app/controllers/concerns/cycle_analytics_params.rb index 5199d879595..8aac3874499 100644 --- a/app/controllers/concerns/cycle_analytics_params.rb +++ b/app/controllers/concerns/cycle_analytics_params.rb @@ -19,7 +19,6 @@ module CycleAnalyticsParams @options ||= {}.tap do |opts| opts[:current_user] = current_user opts[:projects] = params[:project_ids] if params[:project_ids] - opts[:group] = params[:group_id] if params[:group_id] opts[:from] = params[:from] || start_date(params) opts[:to] = params[:to] if params[:to] opts[:end_event_filter] = params[:end_event_filter] if params[:end_event_filter] @@ -78,5 +77,3 @@ module CycleAnalyticsParams end end end - -CycleAnalyticsParams.prepend_mod_with('CycleAnalyticsParams') diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb index cdef1a45a27..8068913eea2 100644 --- a/app/controllers/concerns/enforces_two_factor_authentication.rb +++ b/app/controllers/concerns/enforces_two_factor_authentication.rb @@ -27,7 +27,8 @@ module EnforcesTwoFactorAuthentication render_error( format( _("Authentication error: enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}"), - mfa_help_page: mfa_help_page_url), + mfa_help_page: mfa_help_page_url + ), status: :unauthorized ) else diff --git a/app/controllers/concerns/integrations/params.rb b/app/controllers/concerns/integrations/params.rb index 4d181ded071..7e1ba49d442 100644 --- a/app/controllers/concerns/integrations/params.rb +++ b/app/controllers/concerns/integrations/params.rb @@ -8,6 +8,7 @@ module Integrations :app_store_issuer_id, :app_store_key_id, :app_store_private_key, + :app_store_private_key_file_name, :active, :alert_events, :api_key, @@ -72,6 +73,8 @@ module Integrations :server, :server_host, :server_port, + :service_account_key, + :service_account_key_file_name, :sound, :subdomain, :teamcity_url, diff --git a/app/controllers/concerns/invisible_captcha_on_signup.rb b/app/controllers/concerns/invisible_captcha_on_signup.rb index b78869e02d0..a704ff251b3 100644 --- a/app/controllers/concerns/invisible_captcha_on_signup.rb +++ b/app/controllers/concerns/invisible_captcha_on_signup.rb @@ -26,15 +26,17 @@ module InvisibleCaptchaOnSignup end def invisible_captcha_honeypot_counter - @invisible_captcha_honeypot_counter ||= - Gitlab::Metrics.counter(:bot_blocked_by_invisible_captcha_honeypot, - 'Counter of blocked sign up attempts with filled honeypot') + @invisible_captcha_honeypot_counter ||= Gitlab::Metrics.counter( + :bot_blocked_by_invisible_captcha_honeypot, + 'Counter of blocked sign up attempts with filled honeypot' + ) end def invisible_captcha_timestamp_counter - @invisible_captcha_timestamp_counter ||= - Gitlab::Metrics.counter(:bot_blocked_by_invisible_captcha_timestamp, - 'Counter of blocked sign up attempts with invalid timestamp') + @invisible_captcha_timestamp_counter ||= Gitlab::Metrics.counter( + :bot_blocked_by_invisible_captcha_timestamp, + 'Counter of blocked sign up attempts with invalid timestamp' + ) end def log_request(message) diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb index e1381b4173f..d364daf93c3 100644 --- a/app/controllers/concerns/issuable_actions.rb +++ b/app/controllers/concerns/issuable_actions.rb @@ -151,9 +151,7 @@ module IssuableActions end case issuable - when MergeRequest - render_mr_discussions(discussion_notes, discussion_serializer, discussion_cache_context) - when Issue + when MergeRequest, Issue if stale?(etag: [discussion_cache_context, discussion_notes]) render json: discussion_serializer.represent(discussion_notes, context: self) end @@ -164,23 +162,6 @@ module IssuableActions private - def render_mr_discussions(discussions, serializer, cache_context) - return unless stale?(etag: [cache_context, discussions]) - - if Feature.enabled?(:disabled_mr_discussions_redis_cache, project) - render json: serializer.represent(discussions, context: self) - else - render_cached_discussions(discussions, serializer, cache_context) - end - end - - def render_cached_discussions(discussions, serializer, cache_context) - render_cached(discussions, - with: serializer, - cache_context: ->(_) { cache_context }, - context: self) - end - def notes_filter strong_memoize(:notes_filter) do notes_filter_param = params[:notes_filter]&.to_i diff --git a/app/controllers/concerns/kas_cookie.rb b/app/controllers/concerns/kas_cookie.rb new file mode 100644 index 00000000000..ef58ab1972b --- /dev/null +++ b/app/controllers/concerns/kas_cookie.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +module KasCookie + extend ActiveSupport::Concern + + def set_kas_cookie + return unless ::Gitlab::Kas::UserAccess.enabled? + + public_session_id = Gitlab::Session.current&.id&.public_id + return unless public_session_id + + cookie_data = ::Gitlab::Kas::UserAccess.cookie_data(public_session_id) + + cookies[::Gitlab::Kas::COOKIE_KEY] = cookie_data + end +end diff --git a/app/controllers/concerns/known_sign_in.rb b/app/controllers/concerns/known_sign_in.rb index cacc7e4628f..997f26fa959 100644 --- a/app/controllers/concerns/known_sign_in.rb +++ b/app/controllers/concerns/known_sign_in.rb @@ -26,8 +26,13 @@ module KnownSignIn end def update_cookie - set_secure_cookie(KNOWN_SIGN_IN_COOKIE, current_user.id, - type: COOKIE_TYPE_ENCRYPTED, httponly: true, expires: KNOWN_SIGN_IN_COOKIE_EXPIRY) + set_secure_cookie( + KNOWN_SIGN_IN_COOKIE, + current_user.id, + type: COOKIE_TYPE_ENCRYPTED, + httponly: true, + expires: KNOWN_SIGN_IN_COOKIE_EXPIRY + ) end def sessions diff --git a/app/controllers/concerns/membership_actions.rb b/app/controllers/concerns/membership_actions.rb index 773e4c15d6e..da2ed9d62e7 100644 --- a/app/controllers/concerns/membership_actions.rb +++ b/app/controllers/concerns/membership_actions.rb @@ -63,10 +63,10 @@ module MembershipActions if access_requester.persisted? redirect_to polymorphic_path(membershipable), - notice: _('Your request for access has been queued for review.') + notice: _('Your request for access has been queued for review.') else redirect_to polymorphic_path(membershipable), - alert: format(_("Your request for access could not be processed: %{error_message}"), error_message: access_requester.errors.full_messages.to_sentence) + alert: format(_("Your request for access could not be processed: %{error_message}"), error_message: access_requester.errors.full_messages.to_sentence) end end diff --git a/app/controllers/concerns/notes_actions.rb b/app/controllers/concerns/notes_actions.rb index 512dbf0de5d..06b9c901e4a 100644 --- a/app/controllers/concerns/notes_actions.rb +++ b/app/controllers/concerns/notes_actions.rb @@ -45,7 +45,8 @@ module NotesActions respond_to do |format| format.json do json = { - commands_changes: @note.commands_changes&.slice(:emoji_award, :time_estimate, :spend_time) + commands_changes: @note.commands_changes&.slice(:emoji_award, :time_estimate, :spend_time), + command_names: @note.command_names } if @note.persisted? && return_discussion? diff --git a/app/controllers/concerns/observability/content_security_policy.rb b/app/controllers/concerns/observability/content_security_policy.rb index 3865e3b606d..1e25dc492a0 100644 --- a/app/controllers/concerns/observability/content_security_policy.rb +++ b/app/controllers/concerns/observability/content_security_policy.rb @@ -12,17 +12,17 @@ module Observability defined?(project) ? project&.group : nil end - next if p.directives.blank? || !Gitlab::Observability.observability_enabled?(current_user, current_group) + next if p.directives.blank? || !Feature.enabled?(:observability_group_tab, current_group) default_frame_src = p.directives['frame-src'] || p.directives['default-src'] # When ObservabilityUI is not authenticated, it needs to be able # to redirect to the GL sign-in page, hence '/users/sign_in' and '/oauth/authorize' - frame_src_values = Array.wrap(default_frame_src) | [Gitlab::Observability.observability_url, - Gitlab::Utils.append_path(Gitlab.config.gitlab.url, -'/users/sign_in'), - Gitlab::Utils.append_path(Gitlab.config.gitlab.url, -'/oauth/authorize')] + frame_src_values = Array.wrap(default_frame_src) | [ + Gitlab::Observability.observability_url, + Gitlab::Utils.append_path(Gitlab.config.gitlab.url, '/users/sign_in'), + Gitlab::Utils.append_path(Gitlab.config.gitlab.url, '/oauth/authorize') + ] p.frame_src(*frame_src_values) end diff --git a/app/controllers/concerns/product_analytics_tracking.rb b/app/controllers/concerns/product_analytics_tracking.rb index 5696e441ad0..5ed2b2a82eb 100644 --- a/app/controllers/concerns/product_analytics_tracking.rb +++ b/app/controllers/concerns/product_analytics_tracking.rb @@ -5,48 +5,48 @@ module ProductAnalyticsTracking include RedisTracking extend ActiveSupport::Concern - MIGRATED_EVENTS = ['g_analytics_valuestream'].freeze + MIGRATED_EVENTS = %w[ + g_analytics_valuestream + i_search_paid + i_search_total + i_search_advanced + i_ecosystem_jira_service_list_issues + users_viewing_analytics_group_devops_adoption + i_analytics_dev_ops_adoption + i_analytics_dev_ops_score + p_analytics_merge_request + i_analytics_instance_statistics + g_analytics_contribution + p_analytics_pipelines + p_analytics_code_reviews + p_analytics_valuestream + p_analytics_insights + p_analytics_issues + p_analytics_repo + g_analytics_insights + g_analytics_issues + g_analytics_productivity + i_analytics_cohorts + ].freeze class_methods do - # TODO: Remove once all the events are migrated to #track_custom_event - # during https://gitlab.com/groups/gitlab-org/-/epics/8641 - def track_event(*controller_actions, name:, conditions: nil, destinations: [:redis_hll], &block) + def track_event(*controller_actions, name:, action: nil, label: nil, conditions: nil, destinations: [:redis_hll], &block) custom_conditions = [:trackable_html_request?, *conditions] after_action only: controller_actions, if: custom_conditions do - route_events_to(destinations, name, &block) - end - end - - def track_custom_event(*controller_actions, name:, action:, label:, conditions: nil, destinations: [:redis_hll], &block) - custom_conditions = [:trackable_html_request?, *conditions] - - after_action only: controller_actions, if: custom_conditions do - route_custom_events_to(destinations, name, action, label, &block) + route_events_to(destinations, name, action, label, &block) end end end private - def route_events_to(destinations, name, &block) - track_unique_redis_hll_event(name, &block) if destinations.include?(:redis_hll) - - return unless destinations.include?(:snowplow) && event_enabled?(name) - - Gitlab::Tracking.event( - self.class.to_s, - name, - namespace: tracking_namespace_source, - user: current_user, - context: [Gitlab::Tracking::ServicePingContext.new(data_source: :redis_hll, event: name).to_context] - ) - end - - def route_custom_events_to(destinations, name, action, label, &block) + def route_events_to(destinations, name, action, label, &block) track_unique_redis_hll_event(name, &block) if destinations.include?(:redis_hll) return unless destinations.include?(:snowplow) && event_enabled?(name) + raise "action is required when destination is snowplow" unless action + raise "label is required when destination is snowplow" unless label optional_arguments = { namespace: tracking_namespace_source, @@ -68,28 +68,11 @@ module ProductAnalyticsTracking return true if MIGRATED_EVENTS.include?(event) events_to_ff = { - i_search_paid: :_phase2, - i_search_total: :_phase2, - i_search_advanced: :_phase2, - i_ecosystem_jira_service_list_issues: :_phase2, - users_viewing_analytics_group_devops_adoption: :_phase2, - i_analytics_dev_ops_adoption: :_phase2, - i_analytics_dev_ops_score: :_phase2, - p_analytics_merge_request: :_phase2, - i_analytics_instance_statistics: :_phase2, - g_analytics_contribution: :_phase2, - p_analytics_pipelines: :_phase2, - p_analytics_code_reviews: :_phase2, - p_analytics_valuestream: :_phase2, - p_analytics_insights: :_phase2, - p_analytics_issues: :_phase2, - p_analytics_repo: :_phase2, - g_analytics_insights: :_phase2, - g_analytics_issues: :_phase2, - g_analytics_productivity: :_phase2, - i_analytics_cohorts: :_phase2, - - g_compliance_dashboard: :_phase4 + g_edit_by_sfe: :_phase4, + g_compliance_dashboard: :_phase4, + g_compliance_audit_events: :_phase4, + i_compliance_audit_events: :_phase4, + i_compliance_credential_inventory: :_phase4 } Feature.enabled?("route_hll_to_snowplow#{events_to_ff[event.to_sym]}", tracking_namespace_source) diff --git a/app/controllers/concerns/registrations_tracking.rb b/app/controllers/concerns/registrations_tracking.rb index 14743349c1a..6c83c57d9dd 100644 --- a/app/controllers/concerns/registrations_tracking.rb +++ b/app/controllers/concerns/registrations_tracking.rb @@ -13,3 +13,5 @@ module RegistrationsTracking params.permit(:glm_source, :glm_content) end end + +RegistrationsTracking.prepend_mod diff --git a/app/controllers/concerns/renders_notes.rb b/app/controllers/concerns/renders_notes.rb index f8e3717acee..889d3f0a9d2 100644 --- a/app/controllers/concerns/renders_notes.rb +++ b/app/controllers/concerns/renders_notes.rb @@ -24,13 +24,13 @@ module RendersNotes # rubocop: disable CodeReuse/ActiveRecord def preload_noteable_for_regular_notes(notes) - ActiveRecord::Associations::Preloader.new.preload(notes.reject(&:for_commit?), :noteable) + ActiveRecord::Associations::Preloader.new(records: notes.reject(&:for_commit?), associations: :noteable).call end # rubocop: enable CodeReuse/ActiveRecord # rubocop: disable CodeReuse/ActiveRecord def preload_author_status(notes) - ActiveRecord::Associations::Preloader.new.preload(notes, { author: :status }) + ActiveRecord::Associations::Preloader.new(records: notes, associations: { author: :status }).call end # rubocop: enable CodeReuse/ActiveRecord end diff --git a/app/controllers/concerns/renders_projects_list.rb b/app/controllers/concerns/renders_projects_list.rb index 05bd9972ee7..739b2be3fe9 100644 --- a/app/controllers/concerns/renders_projects_list.rb +++ b/app/controllers/concerns/renders_projects_list.rb @@ -8,6 +8,7 @@ module RendersProjectsList # once when the entities are rendered projects.each(&:forks_count) projects.each(&:open_issues_count) + projects.each(&:open_merge_requests_count) projects end diff --git a/app/controllers/concerns/sorting_preference.rb b/app/controllers/concerns/sorting_preference.rb index 300c1d6d779..3dc1780d6fe 100644 --- a/app/controllers/concerns/sorting_preference.rb +++ b/app/controllers/concerns/sorting_preference.rb @@ -90,6 +90,10 @@ module SortingPreference return false unless sort_order return can_sort_by_issue_weight?(action_name == 'issues') if sort_order.include?('weight') + if sort_order.include?('merged_at') + return can_sort_by_merged_date?(controller_name == 'merge_requests' || action_name == 'merge_requests') + end + true end end diff --git a/app/controllers/concerns/uploads_actions.rb b/app/controllers/concerns/uploads_actions.rb index 308da018a42..e53d0bc65a0 100644 --- a/app/controllers/concerns/uploads_actions.rb +++ b/app/controllers/concerns/uploads_actions.rb @@ -9,7 +9,6 @@ module UploadsActions included do prepend_before_action :set_request_format_from_path_extension - skip_before_action :default_cache_headers, only: :show rescue_from FileUploader::InvalidSecret, with: :render_404 end diff --git a/app/controllers/concerns/wiki_actions.rb b/app/controllers/concerns/wiki_actions.rb index 2b781c528ad..ebcce635945 100644 --- a/app/controllers/concerns/wiki_actions.rb +++ b/app/controllers/concerns/wiki_actions.rb @@ -11,6 +11,15 @@ module WikiActions RESCUE_GIT_TIMEOUTS_IN = %w[show edit history diff pages].freeze included do + content_security_policy do |p| + next if p.directives.blank? + + default_frame_src = p.directives['frame-src'] || p.directives['default-src'] + frame_src_values = Array.wrap(default_frame_src) | ['https://embed.diagrams.net'].compact + + p.frame_src(*frame_src_values) + end + before_action { respond_to :html } before_action :authorize_read_wiki! @@ -37,9 +46,7 @@ module WikiActions end end - # NOTE: We want to include wiki page views in the same counter as the other - # Event-based wiki actions tracked through TrackUniqueEvents, so we use the same event name. - track_redis_hll_event :show, name: Gitlab::UsageDataCounters::TrackUniqueEvents::WIKI_ACTION.to_s + track_redis_hll_event :show, name: 'wiki_action' helper_method :view_file_button, :diff_file_html_data @@ -142,8 +149,7 @@ module WikiActions # rubocop:disable Gitlab/ModuleWithInstanceVariables def history if page - @commits = Kaminari.paginate_array(page.versions(page: params[:page].to_i), - total_count: page.count_versions) + @commits = Kaminari.paginate_array(page.versions(page: params[:page].to_i), total_count: page.count_versions) .page(params[:page]) render 'shared/wikis/history' @@ -178,8 +184,7 @@ module WikiActions if response.success? flash[:toast] = _("Wiki page was successfully deleted.") - redirect_to wiki_path(wiki), - status: :found + redirect_to wiki_path(wiki), status: :found else @error = response.message render 'shared/wikis/edit' diff --git a/app/controllers/confirmations_controller.rb b/app/controllers/confirmations_controller.rb index 6dd4d72bbc7..e94138c4d9b 100644 --- a/app/controllers/confirmations_controller.rb +++ b/app/controllers/confirmations_controller.rb @@ -10,7 +10,7 @@ class ConfirmationsController < Devise::ConfirmationsController prepend_before_action :check_recaptcha, only: :create before_action :load_recaptcha, only: :new - feature_category :authentication_and_authorization + feature_category :user_management def almost_there flash[:notice] = nil @@ -20,12 +20,12 @@ class ConfirmationsController < Devise::ConfirmationsController protected def after_resending_confirmation_instructions_path_for(resource) - return users_almost_there_path unless Feature.enabled?(:soft_email_confirmation) + return users_almost_there_path unless Gitlab::CurrentSettings.email_confirmation_setting_soft? stored_location_for(resource) || dashboard_projects_path end - def after_confirmation_path_for(resource_name, resource) + def after_confirmation_path_for(_resource_name, resource) accept_pending_invitations # incoming resource can either be a :user or an :email @@ -34,10 +34,14 @@ class ConfirmationsController < Devise::ConfirmationsController else Gitlab::AppLogger.info("Email Confirmed: username=#{resource.username} email=#{resource.email} ip=#{request.remote_ip}") flash[:notice] = flash[:notice] + _(" Please sign in.") - new_session_path(:user, anchor: 'login-pane', invite_email: resource.email) + sign_in_path(resource) end end + def sign_in_path(user) + new_session_path(:user, anchor: 'login-pane', invite_email: resource.email) + end + def check_recaptcha return unless resource_params[:email].present? diff --git a/app/controllers/dashboard/projects_controller.rb b/app/controllers/dashboard/projects_controller.rb index 89d362c88a4..645b3eb9eb5 100644 --- a/app/controllers/dashboard/projects_controller.rb +++ b/app/controllers/dashboard/projects_controller.rb @@ -66,8 +66,8 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController end def load_projects(finder_params) - @total_user_projects_count = ProjectsFinder.new(params: { non_public: true, not_aimed_for_deletion: true }, current_user: current_user).execute - @total_starred_projects_count = ProjectsFinder.new(params: { starred: true, not_aimed_for_deletion: true }, current_user: current_user).execute + @total_user_projects_count = ProjectsFinder.new(params: { non_public: true, archived: false, not_aimed_for_deletion: true }, current_user: current_user).execute + @total_starred_projects_count = ProjectsFinder.new(params: { starred: true, archived: false, not_aimed_for_deletion: true }, current_user: current_user).execute finder_params[:use_cte] = true if use_cte_for_finder? diff --git a/app/controllers/dashboard/todos_controller.rb b/app/controllers/dashboard/todos_controller.rb index 3005d19f8ed..a1b8dbcd304 100644 --- a/app/controllers/dashboard/todos_controller.rb +++ b/app/controllers/dashboard/todos_controller.rb @@ -29,9 +29,7 @@ class Dashboard::TodosController < Dashboard::ApplicationController respond_to do |format| format.html do - redirect_to dashboard_todos_path, - status: :found, - notice: _('To-do item successfully marked as done.') + redirect_to dashboard_todos_path, status: :found, notice: _('To-do item successfully marked as done.') end format.js { head :ok } format.json { render json: todos_counts } diff --git a/app/controllers/explore/groups_controller.rb b/app/controllers/explore/groups_controller.rb index ac355b861b3..96a7b5b144d 100644 --- a/app/controllers/explore/groups_controller.rb +++ b/app/controllers/explore/groups_controller.rb @@ -7,7 +7,12 @@ class Explore::GroupsController < Explore::ApplicationController urgency :low def index - user = Feature.enabled?(:generic_explore_groups, current_user, type: :experiment) ? nil : current_user + # For gitlab.com, including internal visibility groups here causes + # a major performance issue: https://gitlab.com/gitlab-org/gitlab/-/issues/358944 + # + # For self-hosted users, not including internal groups here causes + # a lack of visibility: https://gitlab.com/gitlab-org/gitlab/-/issues/389041 + user = Gitlab.com? ? nil : current_user render_group_tree GroupsFinder.new(user).execute end diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb index 2f01bdecd23..bf59a0a2400 100644 --- a/app/controllers/graphql_controller.rb +++ b/app/controllers/graphql_controller.rb @@ -102,6 +102,10 @@ class GraphqlController < ApplicationController private + def permitted_params + params.permit(_json: [:query, :operationName, { variables: {} }]) + end + def disallow_mutations_for_get return unless request.get? || request.head? return unless any_mutating_query? @@ -111,7 +115,7 @@ class GraphqlController < ApplicationController def limit_query_size total_size = if multiplex? - params[:_json].sum { _1[:query].size } + multiplex_param.sum { _1[:query].size } else query.size end @@ -178,8 +182,12 @@ class GraphqlController < ApplicationController params.fetch(:query, '') end + def multiplex_param + permitted_params[:_json] + end + def multiplex_queries - params[:_json].map do |single_query_info| + multiplex_param.map do |single_query_info| { query: single_query_info[:query], variables: build_variables(single_query_info[:variables]), @@ -207,7 +215,7 @@ class GraphqlController < ApplicationController end def multiplex? - params[:_json].present? + multiplex_param.present? end def authorize_access_api! diff --git a/app/controllers/groups/children_controller.rb b/app/controllers/groups/children_controller.rb index d10c52f0301..ca3be1542aa 100644 --- a/app/controllers/groups/children_controller.rb +++ b/app/controllers/groups/children_controller.rb @@ -5,6 +5,8 @@ module Groups extend ::Gitlab::Utils::Override before_action :group + before_action :validate_per_page + skip_cross_project_access_check :index feature_category :subgroups @@ -41,10 +43,11 @@ module Groups protected def setup_children(parent) - @children = GroupDescendantsFinder.new(current_user: current_user, - parent_group: parent, - params: params.to_unsafe_h).execute - @children = @children.page(params[:page]) + @children = GroupDescendantsFinder.new( + current_user: current_user, + parent_group: parent, + params: group_descendants_params + ).execute.page(params[:page]) end private @@ -53,5 +56,25 @@ module Groups def has_project_list? true end + + def group_descendants_params + @group_descendants_params ||= params.to_unsafe_h.compact + end + + def validate_per_page + return unless group_descendants_params.key?(:per_page) + + per_page = begin + Integer(group_descendants_params[:per_page]) + rescue ArgumentError, TypeError + 0 + end + + respond_to do |format| + format.json do + render status: :bad_request, json: { message: 'per_page does not have a valid value' } if per_page < 1 + end + end + end end end diff --git a/app/controllers/groups/dependency_proxy_for_containers_controller.rb b/app/controllers/groups/dependency_proxy_for_containers_controller.rb index 427df9a7129..1b1aed0ec2e 100644 --- a/app/controllers/groups/dependency_proxy_for_containers_controller.rb +++ b/app/controllers/groups/dependency_proxy_for_containers_controller.rb @@ -172,6 +172,6 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy end def manifest_header - token_header.merge(Accept: ::ContainerRegistry::Client::ACCEPTED_TYPES) + token_header.merge(Accept: ::DependencyProxy::Manifest::ACCEPTED_TYPES) end end diff --git a/app/controllers/groups/group_links_controller.rb b/app/controllers/groups/group_links_controller.rb index cc2ca728592..c74c48a960d 100644 --- a/app/controllers/groups/group_links_controller.rb +++ b/app/controllers/groups/group_links_controller.rb @@ -7,7 +7,7 @@ class Groups::GroupLinksController < Groups::ApplicationController feature_category :subgroups def update - Groups::GroupLinks::UpdateService.new(@group_link).execute(group_link_params) + Groups::GroupLinks::UpdateService.new(@group_link, current_user).execute(group_link_params) if @group_link.expires? render json: { diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb index f0b857ca4c9..685c8292787 100644 --- a/app/controllers/groups/group_members_controller.rb +++ b/app/controllers/groups/group_members_controller.rb @@ -18,8 +18,7 @@ class Groups::GroupMembersController < Groups::ApplicationController skip_before_action :check_two_factor_requirement, only: :leave skip_cross_project_access_check :index, :update, :destroy, :request_access, - :approve_access_request, :leave, :resend_invite, - :override + :approve_access_request, :leave, :resend_invite, :override feature_category :subgroups urgency :low @@ -73,7 +72,7 @@ class Groups::GroupMembersController < Groups::ApplicationController end def filter_params - params.permit(:two_factor, :search).merge(sort: @sort) + params.permit(:two_factor, :search, :user_type).merge(sort: @sort) end def membershipable_members diff --git a/app/controllers/groups/observability_controller.rb b/app/controllers/groups/observability_controller.rb index 726af00a10e..525407f5849 100644 --- a/app/controllers/groups/observability_controller.rb +++ b/app/controllers/groups/observability_controller.rb @@ -30,7 +30,7 @@ module Groups end def check_observability_allowed - render_404 unless Gitlab::Observability.observability_enabled?(current_user, group) + render_404 unless Gitlab::Observability.allowed_for_action?(current_user, group, params[:action]) end end end diff --git a/app/controllers/groups/settings/access_tokens_controller.rb b/app/controllers/groups/settings/access_tokens_controller.rb index d86ddcfe2d0..ff07e881bfa 100644 --- a/app/controllers/groups/settings/access_tokens_controller.rb +++ b/app/controllers/groups/settings/access_tokens_controller.rb @@ -7,7 +7,7 @@ module Groups include AccessTokensActions layout 'group_settings' - feature_category :authentication_and_authorization + feature_category :system_access alias_method :resource, :group diff --git a/app/controllers/groups/settings/applications_controller.rb b/app/controllers/groups/settings/applications_controller.rb index 3557d485422..2bf5c95937b 100644 --- a/app/controllers/groups/settings/applications_controller.rb +++ b/app/controllers/groups/settings/applications_controller.rb @@ -6,18 +6,16 @@ module Groups include OauthApplications prepend_before_action :authorize_admin_group! - before_action :set_application, only: [:show, :edit, :update, :destroy] + before_action :set_application, only: [:show, :edit, :update, :renew, :destroy] before_action :load_scopes, only: [:index, :create, :edit, :update] - feature_category :authentication_and_authorization + feature_category :system_access def index set_index_vars end - def show - @created = get_created_session if Feature.disabled?('hash_oauth_secrets') - end + def show; end def edit end @@ -28,15 +26,8 @@ module Groups if @application.persisted? flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create]) - if Feature.enabled?('hash_oauth_secrets') - - @created = true - render :show - else - set_created_session - - redirect_to group_settings_application_url(@group, @application) - end + @created = true + render :show else set_index_vars render :index @@ -51,6 +42,17 @@ module Groups end end + def renew + @application.renew_secret + + if @application.save + flash.now[:notice] = s_('AuthorizedApplication|Application secret was successfully updated.') + render :show + else + redirect_to group_settings_application_url(@group, @application) + end + end + def destroy @application.destroy redirect_to group_settings_applications_url(@group), status: :found, notice: _('Application was successfully destroyed.') diff --git a/app/controllers/groups/settings/ci_cd_controller.rb b/app/controllers/groups/settings/ci_cd_controller.rb index 78e3ffa4af9..4bbaf92b126 100644 --- a/app/controllers/groups/settings/ci_cd_controller.rb +++ b/app/controllers/groups/settings/ci_cd_controller.rb @@ -12,6 +12,11 @@ module Groups before_action :assign_variables_to_gon, only: [:show] feature_category :continuous_integration + + before_action do + push_frontend_feature_flag(:ci_variables_pages, current_user) + end + urgency :low def show diff --git a/app/controllers/groups/variables_controller.rb b/app/controllers/groups/variables_controller.rb index 9ddf6c80c70..7aea5e1a5c9 100644 --- a/app/controllers/groups/variables_controller.rb +++ b/app/controllers/groups/variables_controller.rb @@ -6,7 +6,7 @@ module Groups skip_cross_project_access_check :show, :update - feature_category :pipeline_authoring + feature_category :pipeline_composition urgency :low, [:show] diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 8f7a2c177b7..a0c82998108 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -46,8 +46,7 @@ class GroupsController < Groups::ApplicationController helper_method :captcha_required? - skip_cross_project_access_check :index, :new, :create, :edit, :update, - :destroy, :projects + skip_cross_project_access_check :index, :new, :create, :edit, :update, :destroy, :projects # When loading show as an atom feed, we render events that could leak cross # project information skip_cross_project_access_check :show, if: -> { request.format.html? } @@ -76,6 +75,7 @@ class GroupsController < Groups::ApplicationController end def new + @parent_group = Group.find_by_id(params[:parent_id]) @group = Group.new(params.permit(:parent_id)) @group.build_namespace_settings end @@ -201,7 +201,7 @@ class GroupsController < Groups::ApplicationController send_upload(@group.export_file, attachment: @group.export_file.filename) else redirect_to edit_group_path(@group), - alert: _('The file containing the export is not available yet; it may still be transferring. Please try again later.') + alert: _('The file containing the export is not available yet; it may still be transferring. Please try again later.') end else redirect_to edit_group_path(@group), diff --git a/app/controllers/ide_controller.rb b/app/controllers/ide_controller.rb index d0e14000d8e..18c6f0bb9d3 100644 --- a/app/controllers/ide_controller.rb +++ b/app/controllers/ide_controller.rb @@ -10,7 +10,6 @@ class IdeController < ApplicationController before_action do push_frontend_feature_flag(:build_service_proxy) push_frontend_feature_flag(:reject_unsigned_commits_by_gitlab) - define_index_vars end feature_category :web_ide @@ -20,9 +19,9 @@ class IdeController < ApplicationController def index Gitlab::UsageDataCounters::WebIdeCounter.increment_views_count - if project && Feature.enabled?(:route_hll_to_snowplow_phase2, project&.namespace) - Gitlab::Tracking.event(self.class.to_s, 'web_ide_views', - namespace: project&.namespace, user: current_user) + if project + Gitlab::Tracking.event(self.class.to_s, 'web_ide_views', namespace: project.namespace, user: current_user) + @fork_info = fork_info(project, params[:branch]) end render layout: 'fullscreen', locals: { minimal: helpers.use_new_web_ide? } @@ -34,15 +33,6 @@ class IdeController < ApplicationController render_404 unless can?(current_user, :read_project, project) end - def define_index_vars - return unless project - - @branch = params[:branch] - @path = params[:path] - @merge_request = params[:merge_request_id] - @fork_info = fork_info(project, @branch) - end - def fork_info(project, branch) return if can?(current_user, :push_code, project) diff --git a/app/controllers/import/bulk_imports_controller.rb b/app/controllers/import/bulk_imports_controller.rb index f4eea3abd32..d7d7ad84bc8 100644 --- a/app/controllers/import/bulk_imports_controller.rb +++ b/app/controllers/import/bulk_imports_controller.rb @@ -5,9 +5,6 @@ class Import::BulkImportsController < ApplicationController before_action :ensure_bulk_import_enabled before_action :verify_blocked_uri, only: :status - before_action only: :status do - push_frontend_feature_flag(:bulk_import_projects) - end feature_category :importers urgency :low diff --git a/app/controllers/import/fogbugz_controller.rb b/app/controllers/import/fogbugz_controller.rb index 77043e174b4..9ee8e59053f 100644 --- a/app/controllers/import/fogbugz_controller.rb +++ b/app/controllers/import/fogbugz_controller.rb @@ -19,7 +19,7 @@ class Import::FogbugzController < Import::BaseController # If the URI is invalid various errors can occur return redirect_to new_import_fogbugz_path(namespace_id: params[:namespace_id]), alert: _('Could not connect to FogBugz, check your URL') end - session[:fogbugz_token] = res.get_token + session[:fogbugz_token] = res.get_token.to_s session[:fogbugz_uri] = params[:uri] redirect_to new_user_map_import_fogbugz_path(namespace_id: params[:namespace_id]) diff --git a/app/controllers/import/gitea_controller.rb b/app/controllers/import/gitea_controller.rb index 61e32650db3..047c273969c 100644 --- a/app/controllers/import/gitea_controller.rb +++ b/app/controllers/import/gitea_controller.rb @@ -71,6 +71,11 @@ class Import::GiteaController < Import::GithubController end end + override :serialized_imported_projects + def serialized_imported_projects(projects = already_added_projects) + ProjectSerializer.new.represent(projects, serializer: :import, provider_url: provider_url) + end + override :client_repos def client_repos @client_repos ||= filtered(client.repos) diff --git a/app/controllers/import/github_controller.rb b/app/controllers/import/github_controller.rb index 0bee1faccf5..f0a80593926 100644 --- a/app/controllers/import/github_controller.rb +++ b/app/controllers/import/github_controller.rb @@ -53,7 +53,8 @@ class Import::GithubController < Import::BaseController render json: { imported_projects: serialized_imported_projects, provider_repos: serialized_provider_repos, incompatible_repos: serialized_incompatible_repos, - page_info: client_repos_response[:page_info] } + page_info: client_repos_response[:page_info], + provider_repo_count: client_repos_response[:count] } end format.html do @@ -110,6 +111,14 @@ class Import::GithubController < Import::BaseController render json: canceled end + def counts + render json: { + owned: client_proxy.count_repos_by('owned', current_user.id), + collaborated: client_proxy.count_repos_by('collaborated', current_user.id), + organization: client_proxy.count_repos_by('organization', current_user.id) + } + end + protected override :importable_repos @@ -145,7 +154,10 @@ class Import::GithubController < Import::BaseController end def serialized_imported_projects(projects = already_added_projects) - ProjectSerializer.new.represent(projects, serializer: :import, provider_url: provider_url) + ProjectSerializer.new.represent( + projects, + serializer: :import, provider_url: provider_url, client: client_proxy + ) end def expire_etag_cache @@ -245,11 +257,7 @@ class Import::GithubController < Import::BaseController { before: params[:before].presence, after: params[:after].presence, - first: PAGE_LENGTH, - # TODO: remove after rollout FF github_client_fetch_repos_via_graphql - # https://gitlab.com/gitlab-org/gitlab/-/issues/385649 - page: [1, params[:page].to_i].max, - per_page: PAGE_LENGTH + first: PAGE_LENGTH } end diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb index 2a7f2d42e2a..0a2c98af8ec 100644 --- a/app/controllers/invites_controller.rb +++ b/app/controllers/invites_controller.rb @@ -13,7 +13,7 @@ class InvitesController < ApplicationController respond_to :html - feature_category :authentication_and_authorization + feature_category :system_access def show accept if skip_invitation_prompt? diff --git a/app/controllers/jira_connect/public_keys_controller.rb b/app/controllers/jira_connect/public_keys_controller.rb index 4505ab16926..8cb932c087f 100644 --- a/app/controllers/jira_connect/public_keys_controller.rb +++ b/app/controllers/jira_connect/public_keys_controller.rb @@ -22,8 +22,6 @@ module JiraConnect end def public_key_storage_enabled? - return true if Gitlab.config.jira_connect.enable_public_keys_storage - Gitlab::CurrentSettings.jira_connect_public_key_storage_enabled? end end diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index 7211eebdb4b..d299613f498 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -8,7 +8,7 @@ class JwtController < ApplicationController # Add this before other actions, since we want to have the user or project prepend_before_action :auth_user, :authenticate_project_or_user - feature_category :authentication_and_authorization + feature_category :system_access # https://gitlab.com/gitlab-org/gitlab/-/issues/357037 urgency :low diff --git a/app/controllers/metrics_controller.rb b/app/controllers/metrics_controller.rb index bfd6181a940..3dfa8d7b11e 100644 --- a/app/controllers/metrics_controller.rb +++ b/app/controllers/metrics_controller.rb @@ -10,9 +10,10 @@ class MetricsController < ActionController::Base response = if Gitlab::Metrics.prometheus_metrics_enabled? metrics_service.metrics_text else - help_page = help_page_url('administration/monitoring/prometheus/gitlab_metrics', - anchor: 'gitlab-prometheus-metrics' - ) + help_page = help_page_url( + 'administration/monitoring/prometheus/gitlab_metrics', + anchor: 'gitlab-prometheus-metrics' + ) "# Metrics are disabled, see: #{help_page}\n" end diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb index 3b78b997da1..7a31738188a 100644 --- a/app/controllers/oauth/applications_controller.rb +++ b/app/controllers/oauth/applications_controller.rb @@ -23,9 +23,7 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController set_index_vars end - def show - @created = get_created_session if Feature.disabled?('hash_oauth_secrets') - end + def show; end def create @application = Applications::CreateService.new(current_user, application_params).execute(request) @@ -33,20 +31,27 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController if @application.persisted? flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create]) - if Feature.enabled?('hash_oauth_secrets') - @created = true - render :show - else - set_created_session - - redirect_to oauth_application_url(@application) - end + @created = true + render :show else set_index_vars render :index end end + def renew + set_application + + @application.renew_secret + + if @application.save + flash.now[:notice] = s_('AuthorizedApplication|Application secret was successfully updated.') + render :show + else + redirect_to oauth_application_url(@application) + end + end + private def verify_user_oauth_applications_enabled diff --git a/app/controllers/oauth/authorizations_controller.rb b/app/controllers/oauth/authorizations_controller.rb index 43bf895ea76..96a3fab7e1a 100644 --- a/app/controllers/oauth/authorizations_controller.rb +++ b/app/controllers/oauth/authorizations_controller.rb @@ -108,8 +108,10 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController end def dangerous_scopes? - doorkeeper_application&.includes_scope?(*::Gitlab::Auth::API_SCOPE, *::Gitlab::Auth::READ_API_SCOPE, - *::Gitlab::Auth::ADMIN_SCOPES, *::Gitlab::Auth::REPOSITORY_SCOPES, - *::Gitlab::Auth::REGISTRY_SCOPES) && !doorkeeper_application&.trusted? + doorkeeper_application&.includes_scope?( + *::Gitlab::Auth::API_SCOPE, *::Gitlab::Auth::READ_API_SCOPE, + *::Gitlab::Auth::ADMIN_SCOPES, *::Gitlab::Auth::REPOSITORY_SCOPES, + *::Gitlab::Auth::REGISTRY_SCOPES + ) && !doorkeeper_application&.trusted? end end diff --git a/app/controllers/oauth/authorized_applications_controller.rb b/app/controllers/oauth/authorized_applications_controller.rb index 3f476c0d717..6fc2eb6bc45 100644 --- a/app/controllers/oauth/authorized_applications_controller.rb +++ b/app/controllers/oauth/authorized_applications_controller.rb @@ -20,7 +20,7 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio end redirect_to applications_profile_url, - status: :found, - notice: I18n.t(:notice, scope: [:doorkeeper, :flash, :authorized_applications, :destroy]) + status: :found, + notice: I18n.t(:notice, scope: [:doorkeeper, :flash, :authorized_applications, :destroy]) end end diff --git a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb index 03921761f45..82a6784d2d1 100644 --- a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb +++ b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb @@ -16,10 +16,12 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController def new session[:redirect_uri] = params['redirect_uri'] - redirect_to oauth_authorization_path(client_id: params['client_id'], - response_type: 'code', - scope: normalize_scope(params['scope']), - redirect_uri: oauth_jira_dvcs_callback_url) + redirect_to oauth_authorization_path( + client_id: params['client_id'], + response_type: 'code', + scope: normalize_scope(params['scope']), + redirect_uri: oauth_jira_dvcs_callback_url + ) end # 2. Handle the callback call as we were a Github Enterprise instance client. diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index 4046433f8ea..daed4023d02 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -12,7 +12,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController protect_from_forgery except: [:cas3, :failure] + AuthHelper.saml_providers, with: :exception, prepend: true - feature_category :authentication_and_authorization + feature_category :system_access def handle_omniauth omniauth_flow(Gitlab::Auth::OAuth) @@ -22,6 +22,11 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController alias_method provider, :handle_omniauth end + # overridden in EE + def openid_connect + handle_omniauth + end + # Extend the standard implementation to also increment # the number of failed sign in attempts def failure diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 38cdb16c350..38839497fb6 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -12,7 +12,7 @@ class PasswordsController < Devise::PasswordsController before_action :check_password_authentication_available, only: [:create] before_action :throttle_reset, only: [:create] - feature_category :authentication_and_authorization + feature_category :system_access # rubocop: disable CodeReuse/ActiveRecord def edit diff --git a/app/controllers/profiles/accounts_controller.rb b/app/controllers/profiles/accounts_controller.rb index cb8b2783000..eb64016379d 100644 --- a/app/controllers/profiles/accounts_controller.rb +++ b/app/controllers/profiles/accounts_controller.rb @@ -3,7 +3,7 @@ class Profiles::AccountsController < Profiles::ApplicationController include AuthHelper - feature_category :authentication_and_authorization + feature_category :system_access urgency :low, [:show] def show diff --git a/app/controllers/profiles/active_sessions_controller.rb b/app/controllers/profiles/active_sessions_controller.rb index 2607ba7d404..5a86179b89f 100644 --- a/app/controllers/profiles/active_sessions_controller.rb +++ b/app/controllers/profiles/active_sessions_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class Profiles::ActiveSessionsController < Profiles::ApplicationController - feature_category :authentication_and_authorization + feature_category :system_access def index @sessions = ActiveSession.list(current_user).reject(&:is_impersonated) diff --git a/app/controllers/profiles/emails_controller.rb b/app/controllers/profiles/emails_controller.rb index c88616b6d6c..28a57ef19f6 100644 --- a/app/controllers/profiles/emails_controller.rb +++ b/app/controllers/profiles/emails_controller.rb @@ -3,9 +3,9 @@ class Profiles::EmailsController < Profiles::ApplicationController before_action :find_email, only: [:destroy, :resend_confirmation_instructions] before_action -> { check_rate_limit!(:profile_add_new_email, scope: current_user, redirect_back: true) }, - only: [:create] + only: [:create] before_action -> { check_rate_limit!(:profile_resend_email_confirmation, scope: current_user, redirect_back: true) }, - only: [:resend_confirmation_instructions] + only: [:resend_confirmation_instructions] feature_category :user_profile urgency :low, [:index] diff --git a/app/controllers/profiles/notifications_controller.rb b/app/controllers/profiles/notifications_controller.rb index 9323d266cd5..b663a75f04a 100644 --- a/app/controllers/profiles/notifications_controller.rb +++ b/app/controllers/profiles/notifications_controller.rb @@ -43,7 +43,10 @@ class Profiles::NotificationsController < Profiles::ApplicationController .preload_source_route projects = project_notifications.map(&:source) - ActiveRecord::Associations::Preloader.new.preload(projects, { namespace: [:route, :owner], group: [] }) + ActiveRecord::Associations::Preloader.new( + records: projects, + associations: { namespace: [:route, :owner], group: [] } + ).call Preloaders::UserMaxAccessLevelInProjectsPreloader.new(projects, current_user).execute project_notifications.select { |notification| current_user.can?(:read_project, notification.source) } diff --git a/app/controllers/profiles/passwords_controller.rb b/app/controllers/profiles/passwords_controller.rb index 738c41207d5..7a0dfbbba0d 100644 --- a/app/controllers/profiles/passwords_controller.rb +++ b/app/controllers/profiles/passwords_controller.rb @@ -11,7 +11,7 @@ class Profiles::PasswordsController < Profiles::ApplicationController layout :determine_layout - feature_category :authentication_and_authorization + feature_category :system_access def new end diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb index 1663aa61f62..4b6e2f768fa 100644 --- a/app/controllers/profiles/personal_access_tokens_controller.rb +++ b/app/controllers/profiles/personal_access_tokens_controller.rb @@ -3,7 +3,7 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController include RenderAccessTokens - feature_category :authentication_and_authorization + feature_category :system_access before_action :check_personal_access_tokens_enabled @@ -25,7 +25,10 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController def create result = ::PersonalAccessTokens::CreateService.new( - current_user: current_user, target_user: current_user, params: personal_access_token_params + current_user: current_user, + target_user: current_user, + params: personal_access_token_params, + concatenate_errors: false ).execute @personal_access_token = result.payload[:personal_access_token] diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb index aded295bfab..8f482cf6e2f 100644 --- a/app/controllers/profiles/two_factor_auths_controller.rb +++ b/app/controllers/profiles/two_factor_auths_controller.rb @@ -8,11 +8,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController helper_method :current_password_required? - before_action do - push_frontend_feature_flag(:webauthn) - end - - feature_category :authentication_and_authorization + feature_category :system_access def show setup_show_page @@ -41,32 +37,12 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController @error = { message: _('Invalid pin code.') } @qr_code = build_qr_code @account_string = account_string - - if Feature.enabled?(:webauthn) - setup_webauthn_registration - else - setup_u2f_registration - end + setup_webauthn_registration render 'show' end end - # A U2F (universal 2nd factor) device's information is stored after successful - # registration, which is then used while 2FA authentication is taking place. - def create_u2f - @u2f_registration = U2fRegistration.register(current_user, u2f_app_id, device_registration_params, session[:challenges]) - - if @u2f_registration.persisted? - session.delete(:challenges) - redirect_to profile_two_factor_auth_path, notice: s_("Your U2F device was registered!") - else - @qr_code = build_qr_code - setup_u2f_registration - render :show - end - end - def create_webauthn @webauthn_registration = Webauthn::RegisterService.new(current_user, device_registration_params, session[:challenge]).execute @@ -175,22 +151,6 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController Gitlab.config.gitlab.host end - # Setup in preparation of communication with a U2F (universal 2nd factor) device - # Actual communication is performed using a Javascript API - def setup_u2f_registration - @u2f_registration ||= U2fRegistration.new - @registrations = u2f_registrations - u2f = U2F::U2F.new(u2f_app_id) - - registration_requests = u2f.registration_requests - sign_requests = u2f.authentication_requests(current_user.u2f_registrations.map(&:key_handle)) - session[:challenges] = registration_requests.map(&:challenge) - - gon.push(u2f: { challenges: session[:challenges], app_id: u2f_app_id, - register_requests: registration_requests, - sign_requests: sign_requests }) - end - def device_registration_params params.require(:device_registration).permit(:device_response, :name) end diff --git a/app/controllers/profiles/u2f_registrations_controller.rb b/app/controllers/profiles/u2f_registrations_controller.rb deleted file mode 100644 index 32ca303e722..00000000000 --- a/app/controllers/profiles/u2f_registrations_controller.rb +++ /dev/null @@ -1,11 +0,0 @@ -# frozen_string_literal: true - -class Profiles::U2fRegistrationsController < Profiles::ApplicationController - feature_category :authentication_and_authorization - - def destroy - u2f_registration = current_user.u2f_registrations.find(params[:id]) - u2f_registration.destroy - redirect_to profile_two_factor_auth_path, status: :found, notice: _("Successfully deleted U2F device.") - end -end diff --git a/app/controllers/profiles/webauthn_registrations_controller.rb b/app/controllers/profiles/webauthn_registrations_controller.rb index a4a6d84f1ae..345d7bdbca8 100644 --- a/app/controllers/profiles/webauthn_registrations_controller.rb +++ b/app/controllers/profiles/webauthn_registrations_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class Profiles::WebauthnRegistrationsController < Profiles::ApplicationController - feature_category :authentication_and_authorization + feature_category :system_access def destroy webauthn_registration = current_user.webauthn_registrations.find(params[:id]) diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb index 45b274fc920..70487915707 100644 --- a/app/controllers/profiles_controller.rb +++ b/app/controllers/profiles_controller.rb @@ -17,7 +17,7 @@ class ProfilesController < Profiles::ApplicationController feature_category :user_profile, [:show, :update, :reset_incoming_email_token, :reset_feed_token, :reset_static_object_token, :update_username] - feature_category :authentication_and_authorization, [:audit_log] + feature_category :system_access, [:audit_log] urgency :low, [:show, :update] def show diff --git a/app/controllers/projects/airflow/dags_controller.rb b/app/controllers/projects/airflow/dags_controller.rb deleted file mode 100644 index 9d1f0b0d63b..00000000000 --- a/app/controllers/projects/airflow/dags_controller.rb +++ /dev/null @@ -1,38 +0,0 @@ -# frozen_string_literal: true - -module Projects - module Airflow - class DagsController < ::Projects::ApplicationController - before_action :check_feature_flag - before_action :authorize_read_airflow_dags! - - feature_category :dataops - - MAX_DAGS_PER_PAGE = 15 - def index - page = params[:page].to_i - page = 1 if page <= 0 - - @dags = ::Airflow::Dags.by_project_id(@project.id) - - return unless @dags.any? - - @dags = @dags.page(page).per(MAX_DAGS_PER_PAGE) - return redirect_to(url_for(page: @dags.total_pages)) if @dags.out_of_range? - - @pagination = { - page: page, - is_last_page: @dags.last_page?, - per_page: MAX_DAGS_PER_PAGE, - total_items: @dags.total_count - } - end - - private - - def check_feature_flag - render_404 unless Feature.enabled?(:airflow_dags, @project) - end - end - end -end diff --git a/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb b/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb index a61b774f9c8..e9477ee3221 100644 --- a/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb +++ b/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb @@ -20,6 +20,11 @@ class Projects::Analytics::CycleAnalytics::StagesController < Projects::Applicat @project.project_namespace end + override :all_cycle_analytics_params + def all_cycle_analytics_params + super.merge({ namespace: @project.project_namespace }) + end + override :cycle_analytics_configuration def cycle_analytics_configuration(stages) super(stages.select { |stage| permitted_stage?(stage) }) diff --git a/app/controllers/projects/analytics/cycle_analytics/summary_controller.rb b/app/controllers/projects/analytics/cycle_analytics/summary_controller.rb index 69327feeb02..96d7ad79e88 100644 --- a/app/controllers/projects/analytics/cycle_analytics/summary_controller.rb +++ b/app/controllers/projects/analytics/cycle_analytics/summary_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true class Projects::Analytics::CycleAnalytics::SummaryController < Projects::ApplicationController + extend ::Gitlab::Utils::Override include CycleAnalyticsParams respond_to :json @@ -17,6 +18,11 @@ class Projects::Analytics::CycleAnalytics::SummaryController < Projects::Applica private + override :all_cycle_analytics_params + def all_cycle_analytics_params + super.merge({ namespace: @project.project_namespace }) + end + def project_level @project_level ||= Analytics::CycleAnalytics::ProjectLevel.new(project: @project, options: options(allowed_params)) end diff --git a/app/controllers/projects/artifacts_controller.rb b/app/controllers/projects/artifacts_controller.rb index 5f8060ad756..65576bcade6 100644 --- a/app/controllers/projects/artifacts_controller.rb +++ b/app/controllers/projects/artifacts_controller.rb @@ -19,6 +19,10 @@ class Projects::ArtifactsController < Projects::ApplicationController before_action :validate_artifacts!, except: [:index, :download, :raw, :destroy] before_action :entry, only: [:external_file, :file] + before_action only: :index do + push_frontend_feature_flag(:ci_job_artifact_bulk_destroy, @project) + end + MAX_PER_PAGE = 20 feature_category :build_artifacts diff --git a/app/controllers/projects/avatars_controller.rb b/app/controllers/projects/avatars_controller.rb index 70d9b524e4d..5db7609e07a 100644 --- a/app/controllers/projects/avatars_controller.rb +++ b/app/controllers/projects/avatars_controller.rb @@ -3,8 +3,6 @@ class Projects::AvatarsController < Projects::ApplicationController include SendsBlob - skip_before_action :default_cache_headers, only: :show - before_action :authorize_admin_project!, only: [:destroy] feature_category :projects diff --git a/app/controllers/projects/badges_controller.rb b/app/controllers/projects/badges_controller.rb index dbbffc4c283..372da64cdfa 100644 --- a/app/controllers/projects/badges_controller.rb +++ b/app/controllers/projects/badges_controller.rb @@ -40,6 +40,7 @@ class Projects::BadgesController < Projects::ApplicationController .new(project, current_user, opts: { key_text: params[:key_text], key_width: params[:key_width], + value_width: params[:value_width], order_by: params[:order_by] }) diff --git a/app/controllers/projects/blame_controller.rb b/app/controllers/projects/blame_controller.rb index cfff281604e..d41b347dc5a 100644 --- a/app/controllers/projects/blame_controller.rb +++ b/app/controllers/projects/blame_controller.rb @@ -23,13 +23,47 @@ class Projects::BlameController < Projects::ApplicationController environment_params[:find_latest] = true @environment = ::Environments::EnvironmentsByDeploymentsFinder.new(@project, current_user, environment_params).execute.last - blame_service = Projects::BlameService.new(@blob, @commit, params.permit(:page, :no_pagination)) + permitted_params = params.permit(:page, :no_pagination, :streaming) + blame_service = Projects::BlameService.new(@blob, @commit, permitted_params) @blame = Gitlab::View::Presenter::Factory.new(blame_service.blame, project: @project, path: @path, page: blame_service.page).fabricate! - @blame_pagination = blame_service.pagination + @entire_blame_path = full_blame_path(no_pagination: true) + @blame_pages_url = blame_pages_url(permitted_params) + if blame_service.streaming_possible + @entire_blame_path = full_blame_path(streaming: true) + end + + @streaming_enabled = blame_service.streaming_enabled + @blame_pagination = blame_service.pagination unless @streaming_enabled @blame_per_page = blame_service.per_page + + render locals: { total_extra_pages: blame_service.total_extra_pages } + end + + def page + @blob = @repository.blob_at(@commit.id, @path) + + environment_params = @repository.branch_exists?(@ref) ? { ref: @ref } : { commit: @commit } + environment_params[:find_latest] = true + @environment = ::Environments::EnvironmentsByDeploymentsFinder.new(@project, current_user, environment_params).execute.last + + blame_service = Projects::BlameService.new(@blob, @commit, params.permit(:page, :streaming)) + + @blame = Gitlab::View::Presenter::Factory.new(blame_service.blame, project: @project, path: @path, page: blame_service.page).fabricate! + + render partial: 'page' + end + + private + + def full_blame_path(params) + namespace_project_blame_path(namespace_id: @project.namespace, project_id: @project, id: @id, **params) + end + + def blame_pages_url(params) + namespace_project_blame_page_url(namespace_id: @project.namespace, project_id: @project, id: @id, **params) end end diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb index 59cea00e26b..3413aeb6f8a 100644 --- a/app/controllers/projects/blob_controller.rb +++ b/app/controllers/projects/blob_controller.rb @@ -10,7 +10,7 @@ class Projects::BlobController < Projects::ApplicationController include RedirectsForMissingPathOnTree include SourcegraphDecorator include DiffHelper - include RedisTracking + include ProductAnalyticsTracking extend ::Gitlab::Utils::Override prepend_before_action :authenticate_user!, only: [:edit] @@ -37,7 +37,11 @@ class Projects::BlobController < Projects::ApplicationController before_action :validate_diff_params, only: :diff before_action :set_last_commit_sha, only: [:edit, :update] - track_redis_hll_event :create, :update, name: 'g_edit_by_sfe' + track_event :create, :update, + name: 'g_edit_by_sfe', + action: 'perform_sfe_action', + label: 'usage_activity_by_stage_monthly.create.action_monthly_active_users_sfe_edit', + destinations: [:redis_hll, :snowplow] feature_category :source_code_management urgency :low, [:create, :show, :edit, :update, :diff] @@ -53,10 +57,13 @@ class Projects::BlobController < Projects::ApplicationController end def create - create_commit(Files::CreateService, success_notice: _("The file has been successfully created."), - success_path: -> { project_blob_path(@project, File.join(@branch_name, @file_path)) }, - failure_view: :new, - failure_path: project_new_blob_path(@project, @ref)) + create_commit( + Files::CreateService, + success_notice: _("The file has been successfully created."), + success_path: -> { project_blob_path(@project, File.join(@branch_name, @file_path)) }, + failure_view: :new, + failure_path: project_new_blob_path(@project, @ref) + ) end def show @@ -86,9 +93,11 @@ class Projects::BlobController < Projects::ApplicationController def update @path = params[:file_path] if params[:file_path].present? - create_commit(Files::UpdateService, success_path: -> { after_edit_path }, - failure_view: :edit, - failure_path: project_blob_path(@project, @id)) + create_commit( + Files::UpdateService, success_path: -> { after_edit_path }, + failure_view: :edit, + failure_path: project_blob_path(@project, @id) + ) rescue Files::UpdateService::FileChangedError @conflict = true render :edit @@ -106,9 +115,12 @@ class Projects::BlobController < Projects::ApplicationController end def destroy - create_commit(Files::DeleteService, success_notice: _("The file has been successfully deleted."), - success_path: -> { after_delete_path }, - failure_path: project_blob_path(@project, @id)) + create_commit( + Files::DeleteService, + success_notice: _("The file has been successfully deleted."), + success_path: -> { after_delete_path }, + failure_path: project_blob_path(@project, @id) + ) end def diff @@ -308,6 +320,12 @@ class Projects::BlobController < Projects::ApplicationController file = file.cdn_enabled_url(request.remote_ip) if file.respond_to?(:cdn_enabled_url) file.url end + + alias_method :tracking_project_source, :project + + def tracking_namespace_source + project&.namespace + end end Projects::BlobController.prepend_mod diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb index f19f143816f..1e17dd586c7 100644 --- a/app/controllers/projects/branches_controller.rb +++ b/app/controllers/projects/branches_controller.rb @@ -98,7 +98,7 @@ class Projects::BranchesController < Projects::ApplicationController if success render json: { name: branch_name, url: project_tree_url(@project, branch_name) } else - render json: result[:messsage], status: :unprocessable_entity + render json: result[:message], status: :unprocessable_entity end end end diff --git a/app/controllers/projects/ci/lints_controller.rb b/app/controllers/projects/ci/lints_controller.rb index 7ef5016ac00..6762f1c7110 100644 --- a/app/controllers/projects/ci/lints_controller.rb +++ b/app/controllers/projects/ci/lints_controller.rb @@ -3,7 +3,7 @@ class Projects::Ci::LintsController < Projects::ApplicationController before_action :authorize_create_pipeline! - feature_category :pipeline_authoring + feature_category :pipeline_composition respond_to :json, only: [:create] urgency :low, [:create] diff --git a/app/controllers/projects/ci/pipeline_editor_controller.rb b/app/controllers/projects/ci/pipeline_editor_controller.rb index 3a2bc445737..45584f3048a 100644 --- a/app/controllers/projects/ci/pipeline_editor_controller.rb +++ b/app/controllers/projects/ci/pipeline_editor_controller.rb @@ -6,7 +6,7 @@ class Projects::Ci::PipelineEditorController < Projects::ApplicationController push_frontend_feature_flag(:ci_job_assistant_drawer, @project) end - feature_category :pipeline_authoring + feature_category :pipeline_composition urgency :low, [:show] diff --git a/app/controllers/projects/ci/prometheus_metrics/histograms_controller.rb b/app/controllers/projects/ci/prometheus_metrics/histograms_controller.rb index 003441d4b91..72a07269d79 100644 --- a/app/controllers/projects/ci/prometheus_metrics/histograms_controller.rb +++ b/app/controllers/projects/ci/prometheus_metrics/histograms_controller.rb @@ -4,7 +4,7 @@ module Projects module Ci module PrometheusMetrics class HistogramsController < Projects::ApplicationController - feature_category :pipeline_authoring + feature_category :pipeline_composition respond_to :json, only: [:create] diff --git a/app/controllers/projects/cluster_agents_controller.rb b/app/controllers/projects/cluster_agents_controller.rb index 3f759e5c18c..e0c9763abb6 100644 --- a/app/controllers/projects/cluster_agents_controller.rb +++ b/app/controllers/projects/cluster_agents_controller.rb @@ -1,7 +1,10 @@ # frozen_string_literal: true class Projects::ClusterAgentsController < Projects::ApplicationController + include KasCookie + before_action :authorize_can_read_cluster_agent! + before_action :set_kas_cookie, only: [:show], if: -> { current_user } feature_category :kubernetes_management urgency :low diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb index 252b203b38a..a86a0fb3bd2 100644 --- a/app/controllers/projects/commit_controller.rb +++ b/app/controllers/projects/commit_controller.rb @@ -115,8 +115,12 @@ class Projects::CommitController < Projects::ApplicationController @branch_name = create_new_branch? ? @commit.revert_branch_name : @start_branch - create_commit(Commits::RevertService, success_notice: "The #{@commit.change_type_title(current_user)} has been successfully reverted.", - success_path: -> { successful_change_path(@project) }, failure_path: failed_change_path) + create_commit( + Commits::RevertService, + success_notice: "The #{@commit.change_type_title(current_user)} has been successfully reverted.", + success_path: -> { successful_change_path(@project) }, + failure_path: failed_change_path + ) end def cherry_pick @@ -131,10 +135,13 @@ class Projects::CommitController < Projects::ApplicationController @branch_name = create_new_branch? ? @commit.cherry_pick_branch_name : @start_branch - create_commit(Commits::CherryPickService, success_notice: "The #{@commit.change_type_title(current_user)} has been successfully cherry-picked into #{@branch_name}.", - success_path: -> { successful_change_path(target_project) }, - failure_path: failed_change_path, - target_project: target_project) + create_commit( + Commits::CherryPickService, + success_notice: "The #{@commit.change_type_title(current_user)} has been successfully cherry-picked into #{@branch_name}.", + success_path: -> { successful_change_path(target_project) }, + failure_path: failed_change_path, + target_project: target_project + ) end private diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb index 3acc71d5dd3..c2f1d1ed362 100644 --- a/app/controllers/projects/commits_controller.rb +++ b/app/controllers/projects/commits_controller.rb @@ -7,7 +7,6 @@ class Projects::CommitsController < Projects::ApplicationController include RendersCommits COMMITS_DEFAULT_LIMIT = 40 - prepend_before_action(only: [:show]) { authenticate_sessionless_user!(:rss) } around_action :allow_gitaly_ref_name_caching before_action :require_non_empty_project @@ -77,15 +76,22 @@ class Projects::CommitsController < Projects::ApplicationController # fully_qualified_ref is available in some situations from ExtractsRef ref = @fully_qualified_ref || @ref + @commits = if search.present? @repository.find_commits_by_message(search, ref, @path, @limit, @offset) - elsif author.present? - @repository.commits(ref, author: author, path: @path, limit: @limit, offset: @offset) else - @repository.commits(ref, path: @path, limit: @limit, offset: @offset) + options = { + path: @path, + limit: @limit, + offset: @offset + } + options[:author] = author if author.present? + + @repository.commits(ref, **options) end + @commits.load_tags if Feature.enabled?(:show_tags_on_commits_view, @project) @commits.each(&:lazy_author) # preload authors @commits = @commits.with_markdown_cache.with_latest_pipeline(ref) diff --git a/app/controllers/projects/cycle_analytics_controller.rb b/app/controllers/projects/cycle_analytics_controller.rb index 9fe44659250..dbed5adf2e8 100644 --- a/app/controllers/projects/cycle_analytics_controller.rb +++ b/app/controllers/projects/cycle_analytics_controller.rb @@ -11,7 +11,7 @@ class Projects::CycleAnalyticsController < Projects::ApplicationController before_action :authorize_read_cycle_analytics! before_action :load_value_stream, only: :show - track_custom_event :show, + track_event :show, name: 'p_analytics_valuestream', action: 'perform_analytics_usage_action', label: 'redis_hll_counters.analytics.analytics_total_unique_counts_monthly', @@ -22,6 +22,8 @@ class Projects::CycleAnalyticsController < Projects::ApplicationController before_action do push_licensed_feature(:cycle_analytics_for_groups) if project.licensed_feature_available?(:cycle_analytics_for_groups) + push_licensed_feature(:group_level_analytics_dashboard) if project.licensed_feature_available?(:group_level_analytics_dashboard) + push_frontend_feature_flag(:group_analytics_dashboards_page, @project.namespace) end def show @@ -44,7 +46,7 @@ class Projects::CycleAnalyticsController < Projects::ApplicationController override :all_cycle_analytics_params def all_cycle_analytics_params - super.merge({ project: @project, value_stream: @value_stream }) + super.merge({ namespace: @project.project_namespace, value_stream: @value_stream }) end def load_value_stream diff --git a/app/controllers/projects/design_management/designs/raw_images_controller.rb b/app/controllers/projects/design_management/designs/raw_images_controller.rb index beb7e9d294b..ea406d2f2ef 100644 --- a/app/controllers/projects/design_management/designs/raw_images_controller.rb +++ b/app/controllers/projects/design_management/designs/raw_images_controller.rb @@ -7,8 +7,6 @@ module Projects class RawImagesController < Projects::DesignManagement::DesignsController include SendsBlob - skip_before_action :default_cache_headers, only: :show - def show blob = design_repository.blob_at(ref, design.full_path) diff --git a/app/controllers/projects/design_management/designs/resized_image_controller.rb b/app/controllers/projects/design_management/designs/resized_image_controller.rb index 6bf304419e1..a09d8a73892 100644 --- a/app/controllers/projects/design_management/designs/resized_image_controller.rb +++ b/app/controllers/projects/design_management/designs/resized_image_controller.rb @@ -10,8 +10,6 @@ module Projects before_action :validate_size! before_action :validate_sha! - skip_before_action :default_cache_headers, only: :show - def show relation = design.actions relation = relation.up_to_version(version) if version diff --git a/app/controllers/projects/environments_controller.rb b/app/controllers/projects/environments_controller.rb index 9a88a8160b6..ad498a4ac86 100644 --- a/app/controllers/projects/environments_controller.rb +++ b/app/controllers/projects/environments_controller.rb @@ -20,6 +20,10 @@ class Projects::EnvironmentsController < Projects::ApplicationController push_frontend_feature_flag(:environment_details_vue, @project) end + before_action only: [:index] do + push_frontend_feature_flag(:kas_user_access_project, @project) + end + before_action :authorize_read_environment!, except: [:metrics, :additional_metrics, :metrics_dashboard, :metrics_redirect] before_action :authorize_create_environment!, only: [:new, :create] before_action :authorize_stop_environment!, only: [:stop] @@ -30,17 +34,8 @@ class Projects::EnvironmentsController < Projects::ApplicationController before_action :expire_etag_cache, only: [:index], unless: -> { request.format.json? } after_action :expire_etag_cache, only: [:cancel_auto_stop] - track_event :index, - :folder, - :show, - :new, - :edit, - :create, - :update, - :stop, - :cancel_auto_stop, - :terminal, - name: 'users_visiting_environments_pages' + track_event :index, :folder, :show, :new, :edit, :create, :update, :stop, :cancel_auto_stop, :terminal, + name: 'users_visiting_environments_pages' feature_category :continuous_delivery urgency :low @@ -255,11 +250,7 @@ class Projects::EnvironmentsController < Projects::ApplicationController def search_environments(type: nil) search = params[:search] if params[:search] && params[:search].length >= MIN_SEARCH_LENGTH - @search_environments ||= - Environments::EnvironmentsFinder.new(project, - current_user, - type: type, - search: search).execute + @search_environments ||= Environments::EnvironmentsFinder.new(project, current_user, type: type, search: search).execute end def metrics_params @@ -301,16 +292,6 @@ class Projects::EnvironmentsController < Projects::ApplicationController def authorize_update_environment! access_denied! unless can?(current_user, :update_environment, environment) end - - def append_info_to_payload(payload) - super - - return unless Feature.enabled?(:environments_search_logging) && params[:search].present? - - # Merging to :metadata will ensure these are logged as top level keys - payload[:metadata] ||= {} - payload[:metadata]['meta.environment.search'] = params[:search] - end end Projects::EnvironmentsController.prepend_mod_with('Projects::EnvironmentsController') diff --git a/app/controllers/projects/error_tracking_controller.rb b/app/controllers/projects/error_tracking_controller.rb index d2e36ef5496..d70ee0fabea 100644 --- a/app/controllers/projects/error_tracking_controller.rb +++ b/app/controllers/projects/error_tracking_controller.rb @@ -74,8 +74,7 @@ class Projects::ErrorTrackingController < Projects::ErrorTracking::BaseControlle def render_errors(result) unless result[:status] == :success - render json: { message: result[:message] }, - status: result[:http_status] || :bad_request + render json: { message: result[:message] }, status: result[:http_status] || :bad_request end end diff --git a/app/controllers/projects/feature_flags_controller.rb b/app/controllers/projects/feature_flags_controller.rb index 16392775c09..83923965a45 100644 --- a/app/controllers/projects/feature_flags_controller.rb +++ b/app/controllers/projects/feature_flags_controller.rb @@ -97,23 +97,45 @@ class Projects::FeatureFlagsController < Projects::ApplicationController end def create_params - params.require(:operations_feature_flag) - .permit(:name, :description, :active, :version, - scopes_attributes: [:environment_scope, :active, - strategies: [:name, parameters: [:groupId, :percentage, :userIds]]], - strategies_attributes: [:name, :user_list_id, - parameters: [:groupId, :percentage, :userIds, :rollout, :stickiness], - scopes_attributes: [:environment_scope]]) + params.require(:operations_feature_flag).permit( + :name, + :description, + :active, + :version, + scopes_attributes: [ + :environment_scope, :active, + strategies: [:name, parameters: [:groupId, :percentage, :userIds]] + ], + strategies_attributes: [ + :name, + :user_list_id, + parameters: [:groupId, :percentage, :userIds, :rollout, :stickiness], + scopes_attributes: [:environment_scope] + ] + ) end def update_params - params.require(:operations_feature_flag) - .permit(:name, :description, :active, - scopes_attributes: [:id, :environment_scope, :active, :_destroy, - strategies: [:name, parameters: [:groupId, :percentage, :userIds]]], - strategies_attributes: [:id, :name, :user_list_id, :_destroy, - parameters: [:groupId, :percentage, :userIds, :rollout, :stickiness], - scopes_attributes: [:id, :environment_scope, :_destroy]]) + params.require(:operations_feature_flag).permit( + :name, + :description, + :active, + scopes_attributes: [ + :id, + :environment_scope, + :active, + :_destroy, + strategies: [:name, parameters: [:groupId, :percentage, :userIds]] + ], + strategies_attributes: [ + :id, + :name, + :user_list_id, + :_destroy, + parameters: [:groupId, :percentage, :userIds, :rollout, :stickiness], + scopes_attributes: [:id, :environment_scope, :_destroy] + ] + ) end def feature_flag_json(feature_flag) @@ -144,7 +166,6 @@ class Projects::FeatureFlagsController < Projects::ApplicationController end def render_error_json(messages, status = :bad_request) - render json: { message: messages }, - status: status + render json: { message: messages }, status: status end end diff --git a/app/controllers/projects/google_cloud/base_controller.rb b/app/controllers/projects/google_cloud/base_controller.rb index dfb73821b0f..7eccc0c1c77 100644 --- a/app/controllers/projects/google_cloud/base_controller.rb +++ b/app/controllers/projects/google_cloud/base_controller.rb @@ -45,8 +45,8 @@ class Projects::GoogleCloud::BaseController < Projects::ApplicationController return_url = project_google_cloud_configuration_path(project) state = generate_session_key_redirect(request.url, return_url) @authorize_url = GoogleApi::CloudPlatform::Client.new(nil, - callback_google_api_auth_url, - state: state).authorize_url + callback_google_api_auth_url, + state: state).authorize_url redirect_to @authorize_url end diff --git a/app/controllers/projects/graphs_controller.rb b/app/controllers/projects/graphs_controller.rb index d072381933a..e73e2a38149 100644 --- a/app/controllers/projects/graphs_controller.rb +++ b/app/controllers/projects/graphs_controller.rb @@ -9,7 +9,7 @@ class Projects::GraphsController < Projects::ApplicationController before_action :assign_ref_vars before_action :authorize_read_repository_graphs! - track_custom_event :charts, + track_event :charts, name: 'p_analytics_repo', action: 'perform_analytics_usage_action', label: 'redis_hll_counters.analytics.analytics_total_unique_counts_monthly', diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb index 22b6bf6faf0..4dcc9a3a43f 100644 --- a/app/controllers/projects/hooks_controller.rb +++ b/app/controllers/projects/hooks_controller.rb @@ -4,7 +4,8 @@ class Projects::HooksController < Projects::ApplicationController include ::WebHooks::HookActions # Authorize - before_action :authorize_admin_project! + before_action :authorize_admin_project!, except: :destroy + before_action :authorize_destroy_project_hook!, only: :destroy before_action :hook_logs, only: :edit before_action -> { check_rate_limit!(:project_testing_hook, scope: [@project, current_user]) }, only: :test @@ -41,4 +42,8 @@ class Projects::HooksController < Projects::ApplicationController def trigger_values ProjectHook.triggers.values end + + def authorize_destroy_project_hook! + render_404 unless can?(current_user, :destroy_web_hook, hook) + end end diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index 21227d62023..6e38de8b0ea 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -21,6 +21,7 @@ class Projects::IssuesController < Projects::ApplicationController before_action :check_issues_available! before_action :issue, unless: ->(c) { ISSUES_EXCEPT_ACTIONS.include?(c.action_name.to_sym) } before_action :redirect_if_work_item, unless: ->(c) { ISSUES_EXCEPT_ACTIONS.include?(c.action_name.to_sym) } + before_action :require_incident_for_incident_routes, only: :show after_action :log_issue_show, only: :show @@ -47,6 +48,7 @@ class Projects::IssuesController < Projects::ApplicationController push_frontend_feature_flag(:preserve_unchanged_markdown, project) push_frontend_feature_flag(:content_editor_on_issues, project) push_frontend_feature_flag(:service_desk_new_note_email_native_attachments, project) + push_frontend_feature_flag(:saved_replies, current_user) end before_action only: [:index, :show] do @@ -64,7 +66,6 @@ class Projects::IssuesController < Projects::ApplicationController push_force_frontend_feature_flag(:work_items_mvc, project&.work_items_mvc_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc_2, project&.work_items_mvc_2_feature_flag_enabled?) push_frontend_feature_flag(:epic_widget_edit_confirmation, project) - push_frontend_feature_flag(:use_iid_in_work_items_path, project&.group) push_frontend_feature_flag(:incident_event_tags, project) end @@ -443,11 +444,16 @@ class Projects::IssuesController < Projects::ApplicationController def redirect_if_work_item return unless use_work_items_path?(issue) - if Feature.enabled?(:use_iid_in_work_items_path, project.group) - redirect_to project_work_items_path(project, issue.iid, params: request.query_parameters.merge(iid_path: true)) - else - redirect_to project_work_items_path(project, issue.id, params: request.query_parameters) - end + redirect_to project_work_items_path(project, issue.iid, params: request.query_parameters.merge(iid_path: true)) + end + + def require_incident_for_incident_routes + return unless params[:incident_tab].present? + return if issue.incident? + + # Redirect instead of 404 to gracefully handle + # issue type changes + redirect_to project_issue_path(project, issue) end end diff --git a/app/controllers/projects/jobs_controller.rb b/app/controllers/projects/jobs_controller.rb index 3fea5c694f7..36fa1fab68f 100644 --- a/app/controllers/projects/jobs_controller.rb +++ b/app/controllers/projects/jobs_controller.rb @@ -128,8 +128,7 @@ class Projects::JobsController < Projects::ApplicationController service_response = Ci::BuildEraseService.new(@build, current_user).execute if service_response.success? - redirect_to project_job_path(project, @build), - notice: _("Job has been successfully erased!") + redirect_to project_job_path(project, @build), notice: _("Job has been successfully erased!") else head service_response.http_status end @@ -138,9 +137,7 @@ class Projects::JobsController < Projects::ApplicationController def raw if @build.trace.archived? workhorse_set_content_type! - send_upload(@build.job_artifacts_trace.file, - send_params: raw_send_params, - redirect_params: raw_redirect_params) + send_upload(@build.job_artifacts_trace.file, send_params: raw_send_params, redirect_params: raw_redirect_params) else @build.trace.read do |stream| if stream.file? @@ -234,10 +231,12 @@ class Projects::JobsController < Projects::ApplicationController end def build_service_specification - @build.service_specification(service: params['service'], - port: params['port'], - path: params['path'], - subprotocols: proxy_subprotocol) + @build.service_specification( + service: params['service'], + port: params['port'], + path: params['path'], + subprotocols: proxy_subprotocol + ) end def proxy_subprotocol diff --git a/app/controllers/projects/labels_controller.rb b/app/controllers/projects/labels_controller.rb index 14f2e372bc5..649bead0b6d 100644 --- a/app/controllers/projects/labels_controller.rb +++ b/app/controllers/projects/labels_controller.rb @@ -82,9 +82,7 @@ class Projects::LabelsController < Projects::ApplicationController @label.destroy @labels = find_labels - redirect_to project_labels_path(@project), - status: :found, - notice: 'Label was removed' + redirect_to project_labels_path(@project), status: :found, notice: 'Label was removed' end def remove_priority @@ -138,8 +136,9 @@ class Projects::LabelsController < Projects::ApplicationController respond_to do |format| format.html do - redirect_to(project_labels_path(@project), - notice: _('Failed to promote label due to internal error. Please contact administrators.')) + redirect_to( + project_labels_path(@project), + notice: _('Failed to promote label due to internal error. Please contact administrators.')) end format.js end @@ -165,13 +164,14 @@ class Projects::LabelsController < Projects::ApplicationController end def find_labels - @available_labels ||= - LabelsFinder.new(current_user, - project_id: @project.id, - include_ancestor_groups: true, - search: params[:search], - subscribed: params[:subscribed], - sort: sort).execute + @available_labels ||= LabelsFinder.new( + current_user, + project_id: @project.id, + include_ancestor_groups: true, + search: params[:search], + subscribed: params[:subscribed], + sort: sort + ).execute end def sort diff --git a/app/controllers/projects/merge_requests/creations_controller.rb b/app/controllers/projects/merge_requests/creations_controller.rb index 3b399e3294e..3a03831ab88 100644 --- a/app/controllers/projects/merge_requests/creations_controller.rb +++ b/app/controllers/projects/merge_requests/creations_controller.rb @@ -114,11 +114,10 @@ class Projects::MergeRequests::CreationsController < Projects::MergeRequests::Ap @target_project = @merge_request.target_project @source_project = @merge_request.source_project - @commits = - set_commits_for_rendering( - @merge_request.recent_commits.with_latest_pipeline(@merge_request.source_branch), - commits_count: @merge_request.commits_count - ) + @commits = set_commits_for_rendering( + @merge_request.recent_commits.with_latest_pipeline(@merge_request.source_branch), + commits_count: @merge_request.commits_count + ) @commit = @merge_request.diff_head_commit diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb index d92ef3de6d9..a204023e34d 100644 --- a/app/controllers/projects/merge_requests_controller.rb +++ b/app/controllers/projects/merge_requests_controller.rb @@ -33,6 +33,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo before_action :check_user_can_push_to_source_branch!, only: [:rebase] before_action only: [:show, :diffs] do + push_frontend_feature_flag(:content_editor_on_issues, project) push_frontend_feature_flag(:core_security_mr_widget_counts, project) push_frontend_feature_flag(:issue_assignees_widget, @project) push_frontend_feature_flag(:refactor_security_extension, @project) @@ -40,10 +41,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo push_frontend_feature_flag(:moved_mr_sidebar, project) push_frontend_feature_flag(:mr_experience_survey, project) push_frontend_feature_flag(:realtime_mr_status_change, project) - end - - before_action do - push_frontend_feature_flag(:permit_all_shared_groups_for_approval, @project) + push_frontend_feature_flag(:saved_replies, current_user) end around_action :allow_gitaly_ref_name_caching, only: [:index, :show, :diffs, :discussions] @@ -383,10 +381,12 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo @merge_request.merge_request_reviewers.map(&:cache_key) ] - render_cached(@merge_request, - with: serializer, - cache_context: ->(_) { [Digest::SHA256.hexdigest(cache_context.to_s)] }, - serializer: params[:serializer]) + render_cached( + @merge_request, + with: serializer, + cache_context: ->(_) { [Digest::SHA256.hexdigest(cache_context.to_s)] }, + serializer: params[:serializer] + ) else render json: serializer.represent(@merge_request, serializer: params[:serializer]) end @@ -485,8 +485,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo AutoMergeService.new(project, current_user, merge_params).update(merge_request) else AutoMergeService.new(project, current_user, merge_params) - .execute(merge_request, - params[:auto_merge_strategy] || AutoMergeService::STRATEGY_MERGE_WHEN_PIPELINE_SUCCEEDS) + .execute(merge_request, params[:auto_merge_strategy] || AutoMergeService::STRATEGY_MERGE_WHEN_PIPELINE_SUCCEEDS) end else @merge_request.merge_async(current_user.id, merge_params) diff --git a/app/controllers/projects/pages_controller.rb b/app/controllers/projects/pages_controller.rb index db0762a6cff..13c2a3ab750 100644 --- a/app/controllers/projects/pages_controller.rb +++ b/app/controllers/projects/pages_controller.rb @@ -43,9 +43,7 @@ class Projects::PagesController < Projects::ApplicationController respond_to do |format| format.html do - redirect_to project_pages_path(@project), - status: :found, - notice: 'Pages were scheduled for removal' + redirect_to project_pages_path(@project), status: :found, notice: 'Pages were scheduled for removal' end end end @@ -77,7 +75,15 @@ class Projects::PagesController < Projects::ApplicationController end def project_params_attributes - %i[pages_https_only] + attributes = %i[pages_https_only] + + return attributes unless Feature.enabled?(:pages_unique_domain) + + attributes + [ + project_setting_attributes: [ + :pages_unique_domain_enabled + ] + ] end end diff --git a/app/controllers/projects/pages_domains_controller.rb b/app/controllers/projects/pages_domains_controller.rb index 43952a2efe4..5cb69e8bf99 100644 --- a/app/controllers/projects/pages_domains_controller.rb +++ b/app/controllers/projects/pages_domains_controller.rb @@ -69,9 +69,7 @@ class Projects::PagesDomainsController < Projects::ApplicationController respond_to do |format| format.html do - redirect_to project_pages_path(@project), - status: :found, - notice: 'Domain was removed' + redirect_to project_pages_path(@project), status: :found, notice: 'Domain was removed' end format.js end diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb index 19d031bd59b..fb332fec3b5 100644 --- a/app/controllers/projects/pipeline_schedules_controller.rb +++ b/app/controllers/projects/pipeline_schedules_controller.rb @@ -8,8 +8,7 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController before_action :authorize_read_pipeline_schedule! before_action :authorize_create_pipeline_schedule!, only: [:new, :create] before_action :authorize_update_pipeline_schedule!, only: [:edit, :update] - before_action :authorize_take_ownership_pipeline_schedule!, only: [:take_ownership] - before_action :authorize_admin_pipeline_schedule!, only: [:destroy] + before_action :authorize_admin_pipeline_schedule!, only: [:take_ownership, :destroy] before_action :push_schedule_feature_flag, only: [:index, :new, :edit] feature_category :continuous_integration @@ -78,9 +77,7 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController if schedule.destroy redirect_to pipeline_schedules_path(@project), status: :found else - redirect_to pipeline_schedules_path(@project), - status: :forbidden, - alert: _("Failed to remove the pipeline schedule") + redirect_to pipeline_schedules_path(@project), status: :forbidden, alert: _("Failed to remove the pipeline schedule") end end @@ -113,10 +110,6 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController return access_denied! unless can?(current_user, :update_pipeline_schedule, schedule) end - def authorize_take_ownership_pipeline_schedule! - return access_denied! unless can?(current_user, :take_ownership_pipeline_schedule, schedule) - end - def authorize_admin_pipeline_schedule! return access_denied! unless can?(current_user, :admin_pipeline_schedule, schedule) end diff --git a/app/controllers/projects/pipelines_controller.rb b/app/controllers/projects/pipelines_controller.rb index 10f58a9f479..6fdd4906613 100644 --- a/app/controllers/projects/pipelines_controller.rb +++ b/app/controllers/projects/pipelines_controller.rb @@ -22,13 +22,14 @@ class Projects::PipelinesController < Projects::ApplicationController before_action :authorize_update_pipeline!, only: [:retry, :cancel] before_action :ensure_pipeline, only: [:show, :downloadable_artifacts] before_action :reject_if_build_artifacts_size_refreshing!, only: [:destroy] + before_action :push_frontend_feature_flags, only: [:show] # Will be removed with https://gitlab.com/gitlab-org/gitlab/-/issues/225596 before_action :redirect_for_legacy_scope_filter, only: [:index], if: -> { request.format.html? } around_action :allow_gitaly_ref_name_caching, only: [:index, :show] - track_custom_event :charts, + track_event :charts, name: 'p_analytics_pipelines', action: 'perform_analytics_usage_action', label: 'redis_hll_counters.analytics.analytics_total_unique_counts_monthly', @@ -98,15 +99,15 @@ class Projects::PipelinesController < Projects::ApplicationController end format.json do if service_response.success? - render json: PipelineSerializer - .new(project: project, current_user: current_user) - .represent(@pipeline), - status: :created + render json: PipelineSerializer.new(project: project, current_user: current_user).represent(@pipeline), + status: :created else - render json: { errors: @pipeline.error_messages.map(&:content), - warnings: @pipeline.warning_messages(limit: ::Gitlab::Ci::Warnings::MAX_LIMIT).map(&:content), - total_warnings: @pipeline.warning_messages.length }, - status: :bad_request + bad_request_json = { + errors: @pipeline.error_messages.map(&:content), + warnings: @pipeline.warning_messages(limit: ::Gitlab::Ci::Warnings::MAX_LIMIT).map(&:content), + total_warnings: @pipeline.warning_messages.length + } + render json: bad_request_json, status: :bad_request end end end @@ -241,7 +242,12 @@ class Projects::PipelinesController < Projects::ApplicationController PipelineSerializer .new(project: @project, current_user: @current_user) .with_pagination(request, response) - .represent(@pipelines, disable_coverage: true, preload: true) + .represent( + @pipelines, + disable_coverage: true, + preload: true, + disable_manual_and_scheduled_actions: Feature.enabled?(:lazy_load_pipeline_dropdown_actions, @project) + ) end def render_show @@ -364,6 +370,10 @@ class Projects::PipelinesController < Projects::ApplicationController def tracking_project_source project end + + def push_frontend_feature_flags + push_frontend_feature_flag(:refactor_ci_minutes_consumption, @project) + end end Projects::PipelinesController.prepend_mod_with('Projects::PipelinesController') diff --git a/app/controllers/projects/prometheus/metrics_controller.rb b/app/controllers/projects/prometheus/metrics_controller.rb index db5471ea322..c20c80ba334 100644 --- a/app/controllers/projects/prometheus/metrics_controller.rb +++ b/app/controllers/projects/prometheus/metrics_controller.rb @@ -68,7 +68,7 @@ module Projects if @metric.persisted? redirect_to edit_project_settings_integration_path(project, ::Integrations::Prometheus), - notice: _('Metric was successfully added.') + notice: _('Metric was successfully added.') else render 'new' end @@ -79,7 +79,7 @@ module Projects if @metric.update(metrics_params) redirect_to edit_project_settings_integration_path(project, ::Integrations::Prometheus), - notice: _('Metric was successfully updated.') + notice: _('Metric was successfully updated.') else render 'edit' end diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb index 895a9a00624..79b5990abba 100644 --- a/app/controllers/projects/raw_controller.rb +++ b/app/controllers/projects/raw_controller.rb @@ -6,8 +6,6 @@ class Projects::RawController < Projects::ApplicationController include SendsBlob include StaticObjectExternalStorage - skip_before_action :default_cache_headers, only: :show - prepend_before_action(only: [:show]) { authenticate_sessionless_user!(:blob) } before_action :assign_ref_vars diff --git a/app/controllers/projects/repositories_controller.rb b/app/controllers/projects/repositories_controller.rb index 1cd4c5b6137..80bc92c0b69 100644 --- a/app/controllers/projects/repositories_controller.rb +++ b/app/controllers/projects/repositories_controller.rb @@ -8,8 +8,6 @@ class Projects::RepositoriesController < Projects::ApplicationController prepend_before_action(only: [:archive]) { authenticate_sessionless_user!(:archive) } - skip_before_action :default_cache_headers, only: :archive - # Authorize before_action :check_archive_rate_limiting!, only: :archive before_action :require_non_empty_project, except: :create @@ -49,9 +47,14 @@ class Projects::RepositoriesController < Projects::ApplicationController def set_cache_headers commit_id = archive_metadata['CommitId'] - expires_in(cache_max_age(commit_id), - public: Guest.can?(:download_code, project), must_revalidate: true, stale_if_error: 5.minutes, - stale_while_revalidate: 1.minute, 's-maxage': 1.minute) + expires_in( + cache_max_age(commit_id), + public: Guest.can?(:download_code, project), + must_revalidate: true, + stale_if_error: 5.minutes, + stale_while_revalidate: 1.minute, + 's-maxage': 1.minute + ) fresh_when(strong_etag: [commit_id, archive_metadata['ArchivePath']]) end diff --git a/app/controllers/projects/security/configuration_controller.rb b/app/controllers/projects/security/configuration_controller.rb index 00a2a5d1193..ee2e60b5a1a 100644 --- a/app/controllers/projects/security/configuration_controller.rb +++ b/app/controllers/projects/security/configuration_controller.rb @@ -32,9 +32,7 @@ module Projects end def configuration_presenter - ::Projects::Security::ConfigurationPresenter.new(project, - **presenter_attributes, - current_user: current_user) + ::Projects::Security::ConfigurationPresenter.new(project, **presenter_attributes, current_user: current_user) end def presenter_attributes diff --git a/app/controllers/projects/settings/access_tokens_controller.rb b/app/controllers/projects/settings/access_tokens_controller.rb index 0884816ef62..af1527ba6a3 100644 --- a/app/controllers/projects/settings/access_tokens_controller.rb +++ b/app/controllers/projects/settings/access_tokens_controller.rb @@ -7,7 +7,7 @@ module Projects include AccessTokensActions layout 'project_settings' - feature_category :authentication_and_authorization + feature_category :system_access alias_method :resource, :project diff --git a/app/controllers/projects/settings/ci_cd_controller.rb b/app/controllers/projects/settings/ci_cd_controller.rb index 4ca665679c0..f5588a35ad5 100644 --- a/app/controllers/projects/settings/ci_cd_controller.rb +++ b/app/controllers/projects/settings/ci_cd_controller.rb @@ -13,7 +13,7 @@ module Projects before_action :define_variables before_action do - push_frontend_feature_flag(:ci_inbound_job_token_scope, @project) + push_frontend_feature_flag(:ci_variables_pages, current_user) end helper_method :highlight_badge diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb index 737a6290431..ba18a2e0dce 100644 --- a/app/controllers/projects/tree_controller.rb +++ b/app/controllers/projects/tree_controller.rb @@ -40,9 +40,12 @@ class Projects::TreeController < Projects::ApplicationController def create_dir return render_404 unless @commit_params.values.all? - create_commit(Files::CreateDirService, success_notice: _("The directory has been successfully created."), - success_path: project_tree_path(@project, File.join(@branch_name, @dir_name)), - failure_path: project_tree_path(@project, @ref)) + create_commit( + Files::CreateDirService, + success_notice: _("The directory has been successfully created."), + success_path: project_tree_path(@project, File.join(@branch_name, @dir_name)), + failure_path: project_tree_path(@project, @ref) + ) end private diff --git a/app/controllers/projects/variables_controller.rb b/app/controllers/projects/variables_controller.rb index a83ccccbeae..e50ddf75183 100644 --- a/app/controllers/projects/variables_controller.rb +++ b/app/controllers/projects/variables_controller.rb @@ -3,7 +3,7 @@ class Projects::VariablesController < Projects::ApplicationController before_action :authorize_admin_build! - feature_category :pipeline_authoring + feature_category :pipeline_composition urgency :low, [:show, :update] diff --git a/app/controllers/projects/web_ide_terminals_controller.rb b/app/controllers/projects/web_ide_terminals_controller.rb index cfccc949244..be7423e3919 100644 --- a/app/controllers/projects/web_ide_terminals_controller.rb +++ b/app/controllers/projects/web_ide_terminals_controller.rb @@ -29,10 +29,7 @@ class Projects::WebIdeTerminalsController < Projects::ApplicationController end def create - result = ::Ci::CreateWebIdeTerminalService.new(project, - current_user, - ref: params[:branch]) - .execute + result = ::Ci::CreateWebIdeTerminalService.new(project, current_user, ref: params[:branch]).execute if result[:status] == :error render status: :bad_request, json: result[:message] diff --git a/app/controllers/projects/work_items_controller.rb b/app/controllers/projects/work_items_controller.rb index db9dca14aab..34a71dbbb91 100644 --- a/app/controllers/projects/work_items_controller.rb +++ b/app/controllers/projects/work_items_controller.rb @@ -5,7 +5,7 @@ class Projects::WorkItemsController < Projects::ApplicationController push_force_frontend_feature_flag(:work_items, project&.work_items_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc, project&.work_items_mvc_feature_flag_enabled?) push_force_frontend_feature_flag(:work_items_mvc_2, project&.work_items_mvc_2_feature_flag_enabled?) - push_frontend_feature_flag(:use_iid_in_work_items_path, project&.group) + push_force_frontend_feature_flag(:saved_replies, current_user) end feature_category :team_planning diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 71ad747b6b1..f18055f80b7 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -39,7 +39,7 @@ class ProjectsController < Projects::ApplicationController before_action do push_frontend_feature_flag(:highlight_js, @project) push_frontend_feature_flag(:file_line_blame, @project) - push_frontend_feature_flag(:increase_page_size_exponentially, @project) + push_frontend_feature_flag(:synchronize_fork, @project) push_licensed_feature(:file_locks) if @project.present? && @project.licensed_feature_available?(:file_locks) push_licensed_feature(:security_orchestration_policies) if @project.present? && @project.licensed_feature_available?(:security_orchestration_policies) push_force_frontend_feature_flag(:work_items, @project&.work_items_feature_flag_enabled?) @@ -78,6 +78,8 @@ class ProjectsController < Projects::ApplicationController @namespace = Namespace.find_by(id: params[:namespace_id]) if params[:namespace_id] return access_denied! if @namespace && !can?(current_user, :create_projects, @namespace) + @parent_group = Group.find_by(id: params[:namespace_id]) + @current_user_group = if current_user.manageable_groups(include_groups_with_developer_maintainer_access: true).count == 1 current_user.manageable_groups(include_groups_with_developer_maintainer_access: true).first diff --git a/app/controllers/registrations/welcome_controller.rb b/app/controllers/registrations/welcome_controller.rb index cfb4e939b35..87fcb499d21 100644 --- a/app/controllers/registrations/welcome_controller.rb +++ b/app/controllers/registrations/welcome_controller.rb @@ -10,7 +10,7 @@ module Registrations skip_before_action :authenticate_user!, :required_signup_info, :check_two_factor_requirement, only: [:show, :update] before_action :require_current_user - feature_category :authentication_and_authorization + feature_category :user_management def show return redirect_to path_for_signed_in_user(current_user) if completed_welcome_step? @@ -50,7 +50,7 @@ module Registrations def requires_confirmation?(user) return false if user.confirmed? - return false if Feature.enabled?(:soft_email_confirmation) + return false unless Gitlab::CurrentSettings.email_confirmation_setting_hard? true end diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index ed0e019d02b..b4eee3549a0 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -25,10 +25,11 @@ class RegistrationsController < Devise::RegistrationsController before_action only: [:new] do push_frontend_feature_flag(:gitlab_gtm_datalayer, type: :ops) - push_frontend_feature_flag(:trial_email_validation, type: :development) end - feature_category :authentication_and_authorization + feature_category :user_management + + helper_method :arkose_labs_enabled? def new @resource = build_resource @@ -128,13 +129,16 @@ class RegistrationsController < Devise::RegistrationsController def after_inactive_sign_up_path_for(resource) Gitlab::AppLogger.info(user_created_message) return new_user_session_path(anchor: 'login-pane') if resource.blocked_pending_approval? - return dashboard_projects_path if Feature.enabled?(:soft_email_confirmation) + return dashboard_projects_path if Gitlab::CurrentSettings.email_confirmation_setting_soft? - # when email confirmation is enabled, path to redirect is saved + # when email_confirmation_setting is set to `hard`, path to redirect is saved # after user confirms and comes back, he will be redirected store_location_for(:redirect, after_sign_up_path) - return identity_verification_redirect_path if custom_confirmation_enabled? + if custom_confirmation_enabled? + session[:verification_user_id] = resource.id # This is needed to find the user on the identity verification page + return identity_verification_redirect_path + end Gitlab::Tracking.event(self.class.name, 'render', user: resource) users_almost_there_path(email: resource.email) @@ -221,7 +225,7 @@ class RegistrationsController < Devise::RegistrationsController def resource @resource ||= Users::RegistrationsBuildService - .new(current_user, sign_up_params.merge({ skip_confirmation: registered_with_invite_email?, + .new(current_user, sign_up_params.merge({ skip_confirmation: skip_confirmation?, preferred_language: preferred_language })) .execute end @@ -230,6 +234,10 @@ class RegistrationsController < Devise::RegistrationsController @devise_mapping ||= Devise.mappings[:user] end + def skip_confirmation? + registered_with_invite_email? + end + def registered_with_invite_email? invite_email = session.delete(:invite_email) @@ -293,6 +301,10 @@ class RegistrationsController < Devise::RegistrationsController def send_custom_confirmation_instructions # overridden by EE module end + + def arkose_labs_enabled? + false + end end RegistrationsController.prepend_mod_with('RegistrationsController') diff --git a/app/controllers/repositories/git_http_controller.rb b/app/controllers/repositories/git_http_controller.rb index bd3461d8331..4f228ced542 100644 --- a/app/controllers/repositories/git_http_controller.rb +++ b/app/controllers/repositories/git_http_controller.rb @@ -8,6 +8,7 @@ module Repositories prepend_before_action :deny_head_requests, only: [:info_refs] rescue_from Gitlab::GitAccess::ForbiddenError, with: :render_403_with_exception + rescue_from JWT::DecodeError, with: :render_403_with_exception rescue_from Gitlab::GitAccess::NotFoundError, with: :render_404_with_exception rescue_from Gitlab::GitAccessProject::CreationError, with: :render_422_with_exception rescue_from Gitlab::GitAccess::TimeoutError, with: :render_503_with_exception @@ -19,6 +20,7 @@ module Repositories # GET /foo/bar.git/info/refs?service=git-receive-pack (git push) def info_refs log_user_activity if upload_pack? + log_user_activity if receive_pack? && Feature.enabled?(:log_user_git_push_activity) render_ok end @@ -49,6 +51,10 @@ module Repositories git_command == 'git-upload-pack' end + def receive_pack? + git_command == 'git-receive-pack' + end + def git_command if action_name == 'info_refs' params[:service] diff --git a/app/controllers/repositories/lfs_api_controller.rb b/app/controllers/repositories/lfs_api_controller.rb index 83973d07a17..d52ae723eee 100644 --- a/app/controllers/repositories/lfs_api_controller.rb +++ b/app/controllers/repositories/lfs_api_controller.rb @@ -172,13 +172,15 @@ module Repositories LfsObjectsProject.link_to_project!(lfs_object, project) - Gitlab::AppJsonLogger.info(message: "LFS object auto-linked to forked project", - lfs_object_oid: lfs_object.oid, - lfs_object_size: lfs_object.size, - source_project_id: project.fork_source.id, - source_project_path: project.fork_source.full_path, - target_project_id: project.project_id, - target_project_path: project.full_path) + Gitlab::AppJsonLogger.info( + message: "LFS object auto-linked to forked project", + lfs_object_oid: lfs_object.oid, + lfs_object_size: lfs_object.size, + source_project_id: project.fork_source.id, + source_project_path: project.fork_source.full_path, + target_project_id: project.project_id, + target_project_path: project.full_path + ) end end end diff --git a/app/controllers/repositories/lfs_locks_api_controller.rb b/app/controllers/repositories/lfs_locks_api_controller.rb index ea858d63236..52ae9068c75 100644 --- a/app/controllers/repositories/lfs_locks_api_controller.rb +++ b/app/controllers/repositories/lfs_locks_api_controller.rb @@ -37,9 +37,7 @@ module Repositories private def render_json(data, process = true) - render json: build_payload(data, process), - content_type: LfsRequest::CONTENT_TYPE, - status: @result[:http_status] + render json: build_payload(data, process), content_type: LfsRequest::CONTENT_TYPE, status: @result[:http_status] end def build_payload(data, process) diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index 1ca34dee3d6..688c56e56e0 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb @@ -10,11 +10,11 @@ class SearchController < ApplicationController RESCUE_FROM_TIMEOUT_ACTIONS = [:count, :show, :autocomplete, :aggregations].freeze CODE_SEARCH_LITERALS = %w[blob: extension: path: filename:].freeze - track_custom_event :show, - name: 'i_search_total', - label: 'redis_hll_counters.search.search_total_unique_counts_monthly', - action: 'executed', - destinations: [:redis_hll, :snowplow] + track_event :show, + name: 'i_search_total', + label: 'redis_hll_counters.search.search_total_unique_counts_monthly', + action: 'executed', + destinations: [:redis_hll, :snowplow] def self.search_rate_limited_endpoints %i[show count autocomplete] @@ -24,7 +24,6 @@ class SearchController < ApplicationController before_action :block_anonymous_global_searches, :check_scope_global_search_enabled, except: :opensearch skip_before_action :authenticate_user! - skip_before_action :default_cache_headers, only: :count requires_cross_project_access if: -> do search_term_present = params[:search].present? || params[:term].present? @@ -33,9 +32,6 @@ class SearchController < ApplicationController before_action :check_search_rate_limit!, only: search_rate_limited_endpoints before_action only: :show do - push_frontend_feature_flag(:search_blobs_language_aggregation, current_user) - end - before_action only: :show do update_scope_for_code_search end rescue_from ActiveRecord::QueryCanceled, with: :render_timeout @@ -116,6 +112,9 @@ class SearchController < ApplicationController @ref = params[:project_ref] if params[:project_ref].present? @filter = params[:filter] + # Cache the response on the frontend + expires_in 1.minute + render json: Gitlab::Json.dump(search_autocomplete_opts(term, filter: @filter)) end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index b6aba04c877..8a79353f490 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -36,9 +36,6 @@ class SessionsController < Devise::SessionsController before_action :save_failed_login, if: :action_new_and_failed_login? before_action :load_recaptcha before_action :set_invite_params, only: [:new] - before_action do - push_frontend_feature_flag(:webauthn) - end after_action :log_failed_login, if: :action_new_and_failed_login? after_action :verify_known_sign_in, only: [:create] @@ -56,7 +53,7 @@ class SessionsController < Devise::SessionsController # token mismatch. protect_from_forgery with: :exception, prepend: true, except: :destroy - feature_category :authentication_and_authorization + feature_category :system_access urgency :low CAPTCHA_HEADER = 'X-GitLab-Show-Login-Captcha' @@ -72,8 +69,7 @@ class SessionsController < Devise::SessionsController super do |resource| # User has successfully signed in, so clear any unused reset token if resource.reset_password_token.present? - resource.update(reset_password_token: nil, - reset_password_sent_at: nil) + resource.update(reset_password_token: nil, reset_password_sent_at: nil) end if resource.deactivated? @@ -311,10 +307,8 @@ class SessionsController < Devise::SessionsController def authentication_method if user_params[:otp_attempt] AuthenticationEvent::TWO_FACTOR - elsif user_params[:device_response] && Feature.enabled?(:webauthn) + elsif user_params[:device_response] AuthenticationEvent::TWO_FACTOR_WEBAUTHN - elsif user_params[:device_response] && !Feature.enabled?(:webauthn) - AuthenticationEvent::TWO_FACTOR_U2F else AuthenticationEvent::STANDARD end diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb index e81868faa6e..3f20e1c0e86 100644 --- a/app/controllers/snippets_controller.rb +++ b/app/controllers/snippets_controller.rb @@ -14,7 +14,7 @@ class SnippetsController < Snippets::ApplicationController skip_before_action :authenticate_user!, only: [:index, :show, :raw] - layout 'snippets' + layout :determine_layout def index if params[:username].present? @@ -48,4 +48,12 @@ class SnippetsController < Snippets::ApplicationController def spammable_path snippet_path(@snippet) end + + def determine_layout + if action_name == 'show' && @snippet.author != current_user + 'explore' + else + 'snippets' + end + end end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 9546f71cd37..e4354eaa452 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -9,20 +9,21 @@ class UsersController < ApplicationController include Gitlab::NoteableMetadata requires_cross_project_access show: false, - groups: false, - projects: false, - contributed: false, - snippets: true, - calendar: false, - followers: false, - following: false, - calendar_activities: true + groups: false, + projects: false, + contributed: false, + snippets: true, + calendar: false, + followers: false, + following: false, + calendar_activities: true skip_before_action :authenticate_user! prepend_before_action(only: [:show]) { authenticate_sessionless_user!(:rss) } before_action :user, except: [:exists] - before_action :authorize_read_user_profile!, - only: [:calendar, :calendar_activities, :groups, :projects, :contributed, :starred, :snippets, :followers, :following] + before_action :authorize_read_user_profile!, only: [ + :calendar, :calendar_activities, :groups, :projects, :contributed, :starred, :snippets, :followers, :following + ] before_action only: [:exists] do check_rate_limit!(:username_exists, scope: request.ip) end @@ -71,7 +72,19 @@ class UsersController < ApplicationController format.json do load_events - pager_json("events/_events", @events.count, events: @events) + + if Feature.enabled?(:profile_tabs_vue, current_user) + @events = if user.include_private_contributions? + @events + else + @events.select { |event| event.visible_to_user?(current_user) } + end + + render json: ::Profile::EventSerializer.new(current_user: current_user, target_user: user) + .represent(@events) + else + pager_json("events/_events", @events.count, events: @events) + end end end end |