Add latest changes from gitlab-org/gitlab@master

14 files changed, 90 insertions, 42 deletions

diff --git a/app/assets/javascripts/admin/abuse_report/components/report_actions.vue b/app/assets/javascripts/admin/abuse_report/components/report_actions.vue
index 560d733c10c..e005e183c9f 100644
--- a/app/assets/javascripts/admin/abuse_report/components/report_actions.vue
+++ b/app/assets/javascripts/admin/abuse_report/components/report_actions.vue
@@ -14,8 +14,10 @@ import { DRAWER_Z_INDEX } from '~/lib/utils/constants';
 import {
   ACTIONS_I18N,
   NO_ACTION,
+  TRUST_ACTION,
   USER_ACTION_OPTIONS,
   REASON_OPTIONS,
+  TRUST_REASON,
   STATUS_OPEN,
   SUCCESS_ALERT,
   FAILED_ALERT,
@@ -77,6 +79,16 @@ export default {
     userActionOptions() {
       return this.isNotCurrentUser ? USER_ACTION_OPTIONS : [NO_ACTION];
     },
+    reasonOptions() {
+      if (!this.isNotCurrentUser) {
+        return [];
+      }
+
+      if (this.form.user_action === TRUST_ACTION.value) {
+        return [TRUST_REASON];
+      }
+      return REASON_OPTIONS;
+    },
   },
   methods: {
     toggleActionsDrawer() {
@@ -120,7 +132,6 @@ export default {
     },
   },
   i18n: ACTIONS_I18N,
-  reasonOptions: REASON_OPTIONS,
   DRAWER_Z_INDEX,
 };
 </script>
@@ -173,7 +184,7 @@ export default {
               id="reason"
               v-model="form.reason"
               data-testid="reason-select"
-              :options="$options.reasonOptions"
+              :options="reasonOptions"
               :state="validationState.reason"
               @change="validateReason"
             />
diff --git a/app/assets/javascripts/admin/abuse_report/constants.js b/app/assets/javascripts/admin/abuse_report/constants.js
index 1ecef44ab8f..94ef911e853 100644
--- a/app/assets/javascripts/admin/abuse_report/constants.js
+++ b/app/assets/javascripts/admin/abuse_report/constants.js
@@ -25,11 +25,14 @@ export const ACTIONS_I18N = {
 };
 
 export const NO_ACTION = { value: '', text: s__('AbuseReport|No action') };
+export const TRUST_REASON = { value: 'trusted', text: s__(`AbuseReport|Confirmed trusted user`) };
+export const TRUST_ACTION = { value: 'trust_user', text: s__('AbuseReport|Trust user') };
 
 export const USER_ACTION_OPTIONS = [
   NO_ACTION,
   { value: 'block_user', text: s__('AbuseReport|Block user') },
   { value: 'ban_user', text: s__('AbuseReport|Ban user') },
+  TRUST_ACTION,
   { value: 'delete_user', text: s__('AbuseReport|Delete user') },
 ];
 
diff --git a/app/assets/javascripts/graphql_shared/possible_types.json b/app/assets/javascripts/graphql_shared/possible_types.json
index 37c1674cc5a..4e0b1413f71 100644
--- a/app/assets/javascripts/graphql_shared/possible_types.json
+++ b/app/assets/javascripts/graphql_shared/possible_types.json
@@ -3,6 +3,9 @@
     "AlertManagementHttpIntegration",
     "AlertManagementPrometheusIntegration"
   ],
+  "AmazonS3ConfigurationInterface": [
+    "AmazonS3ConfigurationType"
+  ],
   "BaseHeaderInterface": [
     "AuditEventStreamingHeader",
     "AuditEventsStreamingInstanceHeader"
diff --git a/app/helpers/resource_events/abuse_report_events_helper.rb b/app/helpers/resource_events/abuse_report_events_helper.rb
index 8adbc891184..207ec73454b 100644
--- a/app/helpers/resource_events/abuse_report_events_helper.rb
+++ b/app/helpers/resource_events/abuse_report_events_helper.rb
@@ -10,6 +10,8 @@ module ResourceEvents
         s_('AbuseReportEvent|Successfully blocked the user')
       when 'delete_user'
         s_('AbuseReportEvent|Successfully scheduled the user for deletion')
+      when 'trust_user'
+        s_('AbuseReportEvent|Successfully trusted the user')
       when 'close_report'
         s_('AbuseReportEvent|Successfully closed the report')
       when 'ban_user_and_close_report'
@@ -18,6 +20,8 @@ module ResourceEvents
         s_('AbuseReportEvent|Successfully blocked the user and closed the report')
       when 'delete_user_and_close_report'
         s_('AbuseReportEvent|Successfully scheduled the user for deletion and closed the report')
+      when 'trust_user_and_close_report'
+        s_('AbuseReportEvent|Successfully trusted the user and closed the report')
       end
     end
   end
diff --git a/app/models/integrations/bamboo.rb b/app/models/integrations/bamboo.rb
index 4b98014e0cc..9f15532a0b0 100644
--- a/app/models/integrations/bamboo.rb
+++ b/app/models/integrations/bamboo.rb
@@ -28,14 +28,13 @@ module Integrations
       non_empty_password_title: -> { s_('ProjectService|Enter new password') },
       non_empty_password_help: -> { s_('ProjectService|Leave blank to use your current password') }
 
-    validates :bamboo_url, presence: true, public_url: true, if: :activated?
-    validates :build_key, presence: true, if: :activated?
-    validates :username,
-      presence: true,
-      if: ->(service) { service.activated? && service.password }
-    validates :password,
-      presence: true,
-      if: ->(service) { service.activated? && service.username }
+    with_options if: :activated? do
+      validates :bamboo_url, presence: true, public_url: true
+      validates :build_key, presence: true
+    end
+
+    validates :username, presence: true, if: ->(integration) { integration.activated? && integration.password }
+    validates :password, presence: true, if: ->(integration) { integration.activated? && integration.username }
 
     attr_accessor :response
 
@@ -48,8 +47,16 @@ module Integrations
     end
 
     def help
-      docs_link = ActionController::Base.helpers.link_to _('Learn more.'), Rails.application.routes.url_helpers.help_page_url('user/project/integrations/bamboo'), target: '_blank', rel: 'noopener noreferrer'
-      s_('BambooService|Run CI/CD pipelines with Atlassian Bamboo. You must set up automatic revision labeling and a repository trigger in Bamboo. %{docs_link}').html_safe % { docs_link: docs_link.html_safe }
+      docs_link = ActionController::Base.helpers.link_to(
+        _('Learn more.'),
+        Rails.application.routes.url_helpers.help_page_url('user/project/integrations/bamboo'),
+        target: '_blank',
+        rel: 'noopener noreferrer'
+      )
+      format(
+        s_('BambooService|Run CI/CD pipelines with Atlassian Bamboo. You must set up automatic revision labeling and ' \
+           'a repository trigger in Bamboo. %{docs_link}').html_safe,
+        docs_link: docs_link.html_safe)
     end
 
     def self.to_param
@@ -70,14 +77,16 @@ module Integrations
       get_path("updateAndBuild.action", { buildKey: build_key })
     end
 
-    def calculate_reactive_cache(sha, ref)
+    def calculate_reactive_cache(sha, _ref)
       response = try_get_path("rest/api/latest/result/byChangeset/#{sha}")
 
       { build_page: read_build_page(response), commit_status: read_commit_status(response) }
     end
 
     def avatar_url
-      ActionController::Base.helpers.image_path('illustrations/third-party-logos/integrations-logos/atlassian-bamboo.svg')
+      ActionController::Base.helpers.image_path(
+        'illustrations/third-party-logos/integrations-logos/atlassian-bamboo.svg'
+      )
     end
 
     private
@@ -116,7 +125,7 @@ module Integrations
         if result.blank?
           'Pending'
         else
-          result.dig('buildState')
+          result['buildState']
         end
 
       return :error unless status.present?
diff --git a/app/models/resource_events/abuse_report_event.rb b/app/models/resource_events/abuse_report_event.rb
index 59f88a63998..5881f87241d 100644
--- a/app/models/resource_events/abuse_report_event.rb
+++ b/app/models/resource_events/abuse_report_event.rb
@@ -16,7 +16,9 @@ module ResourceEvents
       close_report: 4,
       ban_user_and_close_report: 5,
       block_user_and_close_report: 6,
-      delete_user_and_close_report: 7
+      delete_user_and_close_report: 7,
+      trust_user: 8,
+      trust_user_and_close_report: 9
     }
 
     enum reason: {
@@ -28,7 +30,8 @@ module ResourceEvents
       copyright: 6,
       malware: 7,
       other: 8,
-      unconfirmed: 9
+      unconfirmed: 9,
+      trusted: 10
     }
 
     def success_message
diff --git a/app/models/user.rb b/app/models/user.rb
index e17803af135..b76d19240f8 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -271,6 +271,7 @@ class User < MainClusterwide::ApplicationRecord
   has_many :bulk_imports
 
   has_many :custom_attributes, class_name: 'UserCustomAttribute'
+  has_one  :trusted_with_spam_attribute, -> { UserCustomAttribute.trusted_with_spam }, class_name: 'UserCustomAttribute'
   has_many :callouts, class_name: 'Users::Callout'
   has_many :group_callouts, class_name: 'Users::GroupCallout'
   has_many :project_callouts, class_name: 'Users::ProjectCallout'
@@ -2223,8 +2224,8 @@ class User < MainClusterwide::ApplicationRecord
     }
   end
 
-  def allow_possible_spam?
-    custom_attributes.by_key(UserCustomAttribute::ALLOW_POSSIBLE_SPAM).exists?
+  def trusted?
+    trusted_with_spam_attribute.present?
   end
 
   def namespace_commit_email_for_namespace(namespace)
diff --git a/app/models/user_custom_attribute.rb b/app/models/user_custom_attribute.rb
index 15d50071bf6..b2674cb4e88 100644
--- a/app/models/user_custom_attribute.rb
+++ b/app/models/user_custom_attribute.rb
@@ -10,13 +10,14 @@ class UserCustomAttribute < ApplicationRecord
   scope :by_user_id, ->(user_id) { where(user_id: user_id) }
   scope :by_updated_at, ->(updated_at) { where(updated_at: updated_at) }
   scope :arkose_sessions, -> { by_key('arkose_session') }
+  scope :trusted_with_spam, -> { by_key(TRUSTED_BY) }
 
   BLOCKED_BY = 'blocked_by'
   UNBLOCKED_BY = 'unblocked_by'
   ARKOSE_RISK_BAND = 'arkose_risk_band'
   AUTO_BANNED_BY_ABUSE_REPORT_ID = 'auto_banned_by_abuse_report_id'
   AUTO_BANNED_BY_SPAM_LOG_ID = 'auto_banned_by_spam_log_id'
-  ALLOW_POSSIBLE_SPAM = 'allow_possible_spam'
+  TRUSTED_BY = 'trusted_by'
   IDENTITY_VERIFICATION_PHONE_EXEMPT = 'identity_verification_phone_exempt'
 
   class << self
@@ -50,6 +51,17 @@ class UserCustomAttribute < ApplicationRecord
       return unless spam_log
 
       custom_attribute = { user_id: spam_log.user_id, key: AUTO_BANNED_BY_SPAM_LOG_ID, value: spam_log.id }
+      upsert_custom_attributes([custom_attribute])
+    end
+
+    def set_trusted_by(user:, trusted_by:)
+      return unless user && trusted_by
+
+      custom_attribute = {
+        user_id: user.id,
+        key: UserCustomAttribute::TRUSTED_BY,
+        value: "#{trusted_by.username}/#{trusted_by.id}+#{Time.current}"
+      }
 
       upsert_custom_attributes([custom_attribute])
     end
diff --git a/app/services/admin/abuse_reports/moderate_user_service.rb b/app/services/admin/abuse_reports/moderate_user_service.rb
index 823568d9db8..1e14806c694 100644
--- a/app/services/admin/abuse_reports/moderate_user_service.rb
+++ b/app/services/admin/abuse_reports/moderate_user_service.rb
@@ -42,6 +42,7 @@ module Admin
         when :block_user then block_user
         when :delete_user then delete_user
         when :close_report then close_report
+        when :trust_user then trust_user
         end
       end
 
@@ -66,6 +67,10 @@ module Admin
         success
       end
 
+      def trust_user
+        Users::TrustService.new(current_user).execute(abuse_report.user)
+      end
+
       def close_similar_open_reports
         # admins see the abuse report and other open reports for the same user in one page
         # hence, if the request is to close the report, close other open reports for the same user too
diff --git a/app/services/spam/spam_verdict_service.rb b/app/services/spam/spam_verdict_service.rb
index 9efe51b43b8..2d4bebc8b2b 100644
--- a/app/services/spam/spam_verdict_service.rb
+++ b/app/services/spam/spam_verdict_service.rb
@@ -90,7 +90,7 @@ module Spam
     end
 
     def allow_possible_spam?
-      target.allow_possible_spam?(user) || user.allow_possible_spam?
+      target.allow_possible_spam?(user) || user.trusted?
     end
 
     def spamcheck_client
diff --git a/app/services/users/allow_possible_spam_service.rb b/app/services/users/allow_possible_spam_service.rb
deleted file mode 100644
index d9273fe0fc1..00000000000
--- a/app/services/users/allow_possible_spam_service.rb
+++ /dev/null
@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-module Users
-  class AllowPossibleSpamService < BaseService
-    def initialize(current_user)
-      @current_user = current_user
-    end
-
-    def execute(user)
-      custom_attribute = {
-        user_id: user.id,
-        key: UserCustomAttribute::ALLOW_POSSIBLE_SPAM,
-        value: "#{current_user.username}/#{current_user.id}+#{Time.current}"
-      }
-      UserCustomAttribute.upsert_custom_attributes([custom_attribute])
-    end
-  end
-end
diff --git a/app/services/users/disallow_possible_spam_service.rb b/app/services/users/trust_service.rb
index e31ba7ddff0..faf0b9c40ea 100644
--- a/app/services/users/disallow_possible_spam_service.rb
+++ b/app/services/users/trust_service.rb
@@ -1,13 +1,14 @@
 # frozen_string_literal: true
 
 module Users
-  class DisallowPossibleSpamService < BaseService
+  class TrustService < BaseService
     def initialize(current_user)
       @current_user = current_user
     end
 
     def execute(user)
-      user.custom_attributes.by_key(UserCustomAttribute::ALLOW_POSSIBLE_SPAM).delete_all
+      UserCustomAttribute.set_trusted_by(user: user, trusted_by: @current_user)
+      success
     end
   end
 end
diff --git a/app/services/users/untrust_service.rb b/app/services/users/untrust_service.rb
new file mode 100644
index 00000000000..aa5de71b97f
--- /dev/null
+++ b/app/services/users/untrust_service.rb
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Users
+  class UntrustService < BaseService
+    def initialize(current_user)
+      @current_user = current_user
+    end
+
+    def execute(user)
+      user.trusted_with_spam_attribute.delete
+      success
+    end
+  end
+end
diff --git a/app/views/admin/application_settings/_localization.html.haml b/app/views/admin/application_settings/_localization.html.haml
index 4002aa076f7..25038e6f221 100644
--- a/app/views/admin/application_settings/_localization.html.haml
+++ b/app/views/admin/application_settings/_localization.html.haml
@@ -7,7 +7,7 @@
       = f.select :first_day_of_week, first_day_of_week_choices, {}, class: 'form-control'
       .form-text.text-muted
         = _('Default first day of the week in calendars and date pickers.')
-        = link_to _('Learn more.'), help_page_path('administration/settings/index.md', anchor: 'change-the-default-first-day-of-the-week'), target: '_blank', rel: 'noopener noreferrer'
+        = link_to _('Learn more.'), help_page_path('administration/settings/localization.md', anchor: 'change-the-default-first-day-of-the-week'), target: '_blank', rel: 'noopener noreferrer'
 
     .form-group
       = f.label :time_tracking, _('Time tracking'), class: 'label-bold'