diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-06 12:07:14 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-06 12:07:14 +0300 |
commit | 5bc6fcec0edaa4032afacce1aa5e5289e9ae07ac (patch) | |
tree | 85291d07572ef0761dfd214d6d2458dd64150b71 /app | |
parent | f713e4eb11cae4593cfe70554a4a23536ab91357 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/concerns/page_limiter.rb | 9 | ||||
-rw-r--r-- | app/controllers/concerns/product_analytics_tracking.rb | 18 | ||||
-rw-r--r-- | app/controllers/concerns/record_user_last_activity.rb | 6 | ||||
-rw-r--r-- | app/controllers/concerns/routable_actions.rb | 10 | ||||
-rw-r--r-- | app/controllers/concerns/snippets/blobs_actions.rb | 8 | ||||
-rw-r--r-- | app/controllers/concerns/uploads_actions.rb | 8 | ||||
-rw-r--r-- | app/controllers/dashboard/todos_controller.rb | 16 | ||||
-rw-r--r-- | app/controllers/jira_connect/events_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/jira_connect/public_keys_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/jira_connect/subscriptions_controller.rb | 3 | ||||
-rw-r--r-- | app/models/ci/pipeline_schedule.rb | 2 | ||||
-rw-r--r-- | app/models/ci/pipeline_schedule_variable.rb | 2 | ||||
-rw-r--r-- | app/services/clusters/agents/filter_authorizations_service.rb | 50 | ||||
-rw-r--r-- | app/views/layouts/jira_connect.html.haml | 2 | ||||
-rw-r--r-- | app/views/projects/pipelines/_info.html.haml | 5 |
15 files changed, 100 insertions, 45 deletions
diff --git a/app/controllers/concerns/page_limiter.rb b/app/controllers/concerns/page_limiter.rb index 362b02e5856..1d044a41899 100644 --- a/app/controllers/concerns/page_limiter.rb +++ b/app/controllers/concerns/page_limiter.rb @@ -44,10 +44,11 @@ module PageLimiter raise PageLimitNotANumberError unless max_page_number.is_a?(Integer) raise PageLimitNotSensibleError unless max_page_number > 0 - if params[:page].present? && params[:page].to_i > max_page_number - record_page_limit_interception - raise PageOutOfBoundsError, max_page_number - end + return if params[:page].blank? + return if params[:page].to_i <= max_page_number + + record_page_limit_interception + raise PageOutOfBoundsError, max_page_number end # By default just return a HTTP status code and an empty response diff --git a/app/controllers/concerns/product_analytics_tracking.rb b/app/controllers/concerns/product_analytics_tracking.rb index 5bfbc4b7529..42edc328fa1 100644 --- a/app/controllers/concerns/product_analytics_tracking.rb +++ b/app/controllers/concerns/product_analytics_tracking.rb @@ -30,15 +30,15 @@ module ProductAnalyticsTracking def route_events_to(destinations, name, &block) track_unique_redis_hll_event(name, &block) if destinations.include?(:redis_hll) - if destinations.include?(:snowplow) && event_enabled?(name) - Gitlab::Tracking.event( - self.class.to_s, - name, - namespace: tracking_namespace_source, - user: current_user, - context: [Gitlab::Tracking::ServicePingContext.new(data_source: :redis_hll, event: name).to_context] - ) - end + return unless destinations.include?(:snowplow) && event_enabled?(name) + + Gitlab::Tracking.event( + self.class.to_s, + name, + namespace: tracking_namespace_source, + user: current_user, + context: [Gitlab::Tracking::ServicePingContext.new(data_source: :redis_hll, event: name).to_context] + ) end def route_custom_events_to(destinations, name, action, label, &block) diff --git a/app/controllers/concerns/record_user_last_activity.rb b/app/controllers/concerns/record_user_last_activity.rb index 29164df4516..a189d4a5c79 100644 --- a/app/controllers/concerns/record_user_last_activity.rb +++ b/app/controllers/concerns/record_user_last_activity.rb @@ -19,8 +19,8 @@ module RecordUserLastActivity return unless request.get? return if Gitlab::Database.read_only? - if current_user && current_user.last_activity_on != Date.today - Users::ActivityService.new(current_user).execute - end + return unless current_user && current_user.last_activity_on != Date.today + + Users::ActivityService.new(current_user).execute end end diff --git a/app/controllers/concerns/routable_actions.rb b/app/controllers/concerns/routable_actions.rb index e34d6b09c24..28e1fa473b3 100644 --- a/app/controllers/concerns/routable_actions.rb +++ b/app/controllers/concerns/routable_actions.rb @@ -46,13 +46,13 @@ module RoutableActions return unless request.get? canonical_path = routable.full_path - if canonical_path != routable_full_path - if !request.xhr? && request.format.html? && canonical_path.casecmp(routable_full_path) != 0 - flash[:notice] = "#{routable.class.to_s.titleize} '#{routable_full_path}' was moved to '#{canonical_path}'. Please update any links and bookmarks that may still have the old path." - end + return unless canonical_path != routable_full_path - redirect_to build_canonical_path(routable), status: :moved_permanently + if !request.xhr? && request.format.html? && canonical_path.casecmp(routable_full_path) != 0 + flash[:notice] = "#{routable.class.to_s.titleize} '#{routable_full_path}' was moved to '#{canonical_path}'. Please update any links and bookmarks that may still have the old path." end + + redirect_to build_canonical_path(routable), status: :moved_permanently end end diff --git a/app/controllers/concerns/snippets/blobs_actions.rb b/app/controllers/concerns/snippets/blobs_actions.rb index c711d2ca85b..2a0491b4df8 100644 --- a/app/controllers/concerns/snippets/blobs_actions.rb +++ b/app/controllers/concerns/snippets/blobs_actions.rb @@ -39,11 +39,11 @@ module Snippets::BlobsActions end def ensure_repository - unless snippet.repo_exists? - Gitlab::AppLogger.error(message: "Snippet raw blob attempt with no repo", snippet: snippet.id) + return if snippet.repo_exists? - respond_422 - end + Gitlab::AppLogger.error(message: "Snippet raw blob attempt with no repo", snippet: snippet.id) + + respond_422 end def snippet_id diff --git a/app/controllers/concerns/uploads_actions.rb b/app/controllers/concerns/uploads_actions.rb index 6ad1b63db59..0ba13896631 100644 --- a/app/controllers/concerns/uploads_actions.rb +++ b/app/controllers/concerns/uploads_actions.rb @@ -73,11 +73,11 @@ module UploadsActions def set_request_format_from_path_extension path = request.headers['action_dispatch.original_path'] || request.headers['PATH_INFO'] - if match = path&.match(/\.(\w+)\z/) - format = Mime[match.captures.first] + return unless match = path&.match(/\.(\w+)\z/) - request.format = format.symbol if format - end + format = Mime[match.captures.first] + + request.format = format.symbol if format end def content_disposition diff --git a/app/controllers/dashboard/todos_controller.rb b/app/controllers/dashboard/todos_controller.rb index d2434d4b0ba..c904f09d1bb 100644 --- a/app/controllers/dashboard/todos_controller.rb +++ b/app/controllers/dashboard/todos_controller.rb @@ -64,19 +64,19 @@ class Dashboard::TodosController < Dashboard::ApplicationController def authorize_read_project! project_id = params[:project_id] - if project_id.present? - project = Project.find(project_id) - render_404 unless can?(current_user, :read_project, project) - end + return unless project_id.present? + + project = Project.find(project_id) + render_404 unless can?(current_user, :read_project, project) end def authorize_read_group! group_id = params[:group_id] - if group_id.present? - group = Group.find(group_id) - render_404 unless can?(current_user, :read_group, group) - end + return unless group_id.present? + + group = Group.find(group_id) + render_404 unless can?(current_user, :read_group, group) end def find_todos diff --git a/app/controllers/jira_connect/events_controller.rb b/app/controllers/jira_connect/events_controller.rb index 394fdc9b2f6..3569b233393 100644 --- a/app/controllers/jira_connect/events_controller.rb +++ b/app/controllers/jira_connect/events_controller.rb @@ -56,7 +56,7 @@ class JiraConnect::EventsController < JiraConnect::ApplicationController def jwt_verification_claims { - aud: jira_connect_base_url(protocol: 'https'), + aud: Gitlab.config.jira_connect.enforce_jira_base_url_https ? jira_connect_base_url(protocol: 'https') : jira_connect_base_url, iss: transformed_params[:client_key], qsh: Atlassian::Jwt.create_query_string_hash(request.url, request.method, jira_connect_base_url) } diff --git a/app/controllers/jira_connect/public_keys_controller.rb b/app/controllers/jira_connect/public_keys_controller.rb index b3144993edb..09003f8478f 100644 --- a/app/controllers/jira_connect/public_keys_controller.rb +++ b/app/controllers/jira_connect/public_keys_controller.rb @@ -10,7 +10,9 @@ module JiraConnect skip_before_action :authenticate_user! def show - return render_404 if Feature.disabled?(:jira_connect_oauth_self_managed) || !Gitlab.com? + if Feature.disabled?(:jira_connect_oauth_self_managed) || !Gitlab.config.jira_connect.enable_public_keys_storage + return render_404 + end render plain: public_key.key end diff --git a/app/controllers/jira_connect/subscriptions_controller.rb b/app/controllers/jira_connect/subscriptions_controller.rb index 33d77c5b536..ff7477a94d6 100644 --- a/app/controllers/jira_connect/subscriptions_controller.rb +++ b/app/controllers/jira_connect/subscriptions_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true class JiraConnect::SubscriptionsController < JiraConnect::ApplicationController + ALLOWED_IFRAME_ANCESTORS = [:self, 'https://*.atlassian.net', 'https://*.jira.com'].freeze layout 'jira_connect' content_security_policy do |p| @@ -13,7 +14,7 @@ class JiraConnect::SubscriptionsController < JiraConnect::ApplicationController # *.jira.com is needed for some legacy Jira Cloud instances, new ones will use *.atlassian.net # https://support.atlassian.com/organization-administration/docs/ip-addresses-and-domains-for-atlassian-cloud-products/ - p.frame_ancestors :self, 'https://*.atlassian.net', 'https://*.jira.com' + p.frame_ancestors(*(ALLOWED_IFRAME_ANCESTORS + Gitlab.config.jira_connect.additional_iframe_ancestors)) p.script_src(*script_src_values) p.style_src(*style_src_values) end diff --git a/app/models/ci/pipeline_schedule.rb b/app/models/ci/pipeline_schedule.rb index 96e5567e85e..499db3a8dd3 100644 --- a/app/models/ci/pipeline_schedule.rb +++ b/app/models/ci/pipeline_schedule.rb @@ -16,7 +16,7 @@ module Ci belongs_to :owner, class_name: 'User' has_one :last_pipeline, -> { order(id: :desc) }, class_name: 'Ci::Pipeline' has_many :pipelines - has_many :variables, class_name: 'Ci::PipelineScheduleVariable', validate: false + has_many :variables, class_name: 'Ci::PipelineScheduleVariable' validates :cron, unless: :importing?, cron: true, presence: { unless: :importing? } validates :cron_timezone, cron_timezone: true, presence: { unless: :importing? } diff --git a/app/models/ci/pipeline_schedule_variable.rb b/app/models/ci/pipeline_schedule_variable.rb index 718ed14edeb..00251ea06fd 100644 --- a/app/models/ci/pipeline_schedule_variable.rb +++ b/app/models/ci/pipeline_schedule_variable.rb @@ -9,6 +9,6 @@ module Ci alias_attribute :secret_value, :value - validates :key, uniqueness: { scope: :pipeline_schedule_id } + validates :key, presence: true, uniqueness: { scope: :pipeline_schedule_id } end end diff --git a/app/services/clusters/agents/filter_authorizations_service.rb b/app/services/clusters/agents/filter_authorizations_service.rb new file mode 100644 index 00000000000..68517ceec04 --- /dev/null +++ b/app/services/clusters/agents/filter_authorizations_service.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +module Clusters + module Agents + class FilterAuthorizationsService + def initialize(authorizations, filter_params) + @authorizations = authorizations + @filter_params = filter_params + + @environments_matcher = {} + end + + def execute + filter_by_environment(authorizations) + end + + private + + attr_reader :authorizations, :filter_params + + def filter_by_environment(auths) + return auths unless filter_by_environment? + + auths.select do |auth| + next true if auth.config['environments'].blank? + + auth.config['environments'].any? { |environment_pattern| matches_environment?(environment_pattern) } + end + end + + def filter_by_environment? + filter_params.has_key?(:environment) + end + + def environment_filter + @environment_filter ||= filter_params[:environment] + end + + def matches_environment?(environment_pattern) + return false if environment_filter.nil? + + environments_matcher(environment_pattern).match?(environment_filter) + end + + def environments_matcher(environment_pattern) + @environments_matcher[environment_pattern] ||= ::Gitlab::Ci::EnvironmentMatcher.new(environment_pattern) + end + end + end +end diff --git a/app/views/layouts/jira_connect.html.haml b/app/views/layouts/jira_connect.html.haml index 6acd7799875..80bbe578510 100644 --- a/app/views/layouts/jira_connect.html.haml +++ b/app/views/layouts/jira_connect.html.haml @@ -5,7 +5,7 @@ GitLab = yield :page_specific_styles - = javascript_include_tag 'https://connect-cdn.atl-paas.net/all.js' + = javascript_include_tag Gitlab.config.jira_connect.atlassian_js_url = Gon::Base.render_data(nonce: content_security_policy_nonce) = yield :head %body diff --git a/app/views/projects/pipelines/_info.html.haml b/app/views/projects/pipelines/_info.html.haml index 30cc7f94311..a5f133807b6 100644 --- a/app/views/projects/pipelines/_info.html.haml +++ b/app/views/projects/pipelines/_info.html.haml @@ -1,6 +1,7 @@ - if Feature.enabled?(:pipeline_name, @pipeline.project) && @pipeline.name - %h3 - = @pipeline.name + .gl-border-t.gl-p-5.gl-px-0 + %h3.gl-m-0.gl-text-body + = @pipeline.name - else .commit-box %h3.commit-title |