Add latest changes from gitlab-org/gitlab@master

19 files changed, 144 insertions, 133 deletions

diff --git a/app/assets/stylesheets/framework/sidebar.scss b/app/assets/stylesheets/framework/sidebar.scss
index 9e453249a79..0eecf7bddc1 100644
--- a/app/assets/stylesheets/framework/sidebar.scss
+++ b/app/assets/stylesheets/framework/sidebar.scss
@@ -330,7 +330,7 @@
 .right-sidebar {
   &:not(.right-sidebar-merge-requests) {
     @include right-sidebar;
-    top: $calc-application-bars-height;
+    top: $calc-application-header-height;
 
     @include media-breakpoint-down(md) {
       z-index: 251;
@@ -490,6 +490,10 @@
       width: $right-sidebar-width;
     }
 
+    .issuable-sidebar-header {
+      @include gl-py-5;
+    }
+
     .value {
       line-height: 1;
     }
diff --git a/app/assets/stylesheets/page_bundles/issuable.scss b/app/assets/stylesheets/page_bundles/issuable.scss
index 05563f8e314..8b353b42f58 100644
--- a/app/assets/stylesheets/page_bundles/issuable.scss
+++ b/app/assets/stylesheets/page_bundles/issuable.scss
@@ -105,3 +105,8 @@
     @include gl-font-weight-normal;
   }
 }
+
+[data-page="projects:issues:show"] .top-bar-fixed,
+[data-page="groups:epics:show"] .top-bar-fixed {
+  width: 100%;
+}
diff --git a/app/assets/stylesheets/page_bundles/project.scss b/app/assets/stylesheets/page_bundles/project.scss
index c0fbd7f5d84..c2ecf3702f9 100644
--- a/app/assets/stylesheets/page_bundles/project.scss
+++ b/app/assets/stylesheets/page_bundles/project.scss
@@ -159,11 +159,9 @@
 
 // FF :project_overview_reorg enabled
 .project-page-indicator:not(.hidden) + .project-page-layout {
-  --project-overview-sidebar-width: 290px;
-
   @include media-breakpoint-up(lg) {
     display: grid;
-    grid-template-columns: auto var(--project-overview-sidebar-width);
+    grid-template-columns: auto $right-sidebar-width;
     gap: 2rem;
 
     .project-page-layout-content,
@@ -190,7 +188,7 @@
       -webkit-overflow-scrolling: touch;
 
       .project-page-sidebar-block {
-        width: calc(var(--project-overview-sidebar-width) - 1px);
+        width: $right-sidebar-width - 1px;
 
         &:first-of-type {
           padding-top: $gl-spacing-scale-1;
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 8156cf8e165..fca3bb3460f 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -297,7 +297,7 @@ class ApplicationController < BaseActionController
     return if current_user.nil?
 
     if current_user.password_expired? && current_user.allow_password_authentication?
-      redirect_to new_profile_password_path
+      redirect_to new_user_settings_password_path
     end
   end
 
diff --git a/app/controllers/profiles/passwords_controller.rb b/app/controllers/profiles/passwords_controller.rb
deleted file mode 100644
index 7a0dfbbba0d..00000000000
--- a/app/controllers/profiles/passwords_controller.rb
+++ /dev/null
@@ -1,102 +0,0 @@
-# frozen_string_literal: true
-
-class Profiles::PasswordsController < Profiles::ApplicationController
-  include Gitlab::Tracking::Helpers::WeakPasswordErrorEvent
-
-  skip_before_action :check_password_expiration, only: [:new, :create]
-  skip_before_action :check_two_factor_requirement, only: [:new, :create]
-
-  before_action :set_user
-  before_action :authorize_change_password!
-
-  layout :determine_layout
-
-  feature_category :system_access
-
-  def new
-  end
-
-  def create
-    unless @user.password_automatically_set || @user.valid_password?(user_params[:password])
-      redirect_to new_profile_password_path, alert: _('You must provide a valid current password')
-      return
-    end
-
-    result = Users::UpdateService.new(current_user, password_attributes.merge(user: @user)).execute
-
-    if result[:status] == :success
-      Users::UpdateService.new(current_user, user: @user, password_expires_at: nil).execute
-
-      redirect_to root_path, notice: _('Password successfully changed')
-    else
-      track_weak_password_error(@user, self.class.name, 'create')
-      render :new
-    end
-  end
-
-  def edit
-  end
-
-  def update
-    unless @user.password_automatically_set || @user.valid_password?(user_params[:password])
-      handle_invalid_current_password_attempt!
-
-      redirect_to edit_profile_password_path, alert: _('You must provide a valid current password')
-      return
-    end
-
-    result = Users::UpdateService.new(current_user, password_attributes.merge(user: @user)).execute
-
-    if result[:status] == :success
-      flash[:notice] = _('Password was successfully updated. Please sign in again.')
-      redirect_to new_user_session_path
-    else
-      track_weak_password_error(@user, self.class.name, 'update')
-      @user.reset
-      render 'edit'
-    end
-  end
-
-  def reset
-    current_user.send_reset_password_instructions
-    redirect_to edit_profile_password_path, notice: _('We sent you an email with reset password instructions')
-  end
-
-  private
-
-  def set_user
-    @user = current_user
-  end
-
-  def determine_layout
-    if [:new, :create].include?(action_name.to_sym)
-      'application'
-    else
-      'profile'
-    end
-  end
-
-  def authorize_change_password!
-    render_404 unless @user.allow_password_authentication?
-  end
-
-  def handle_invalid_current_password_attempt!
-    Gitlab::AppLogger.info(message: 'Invalid current password when attempting to update user password', username: @user.username, ip: request.remote_ip)
-
-    @user.increment_failed_attempts!
-  end
-
-  def user_params
-    params.require(:user).permit(:password, :new_password, :password_confirmation)
-  end
-
-  def password_attributes
-    {
-      password: user_params[:new_password],
-      password_confirmation: user_params[:password_confirmation],
-      password_automatically_set: false
-    }
-  end
-end
-
-Profiles::PasswordsController.prepend_mod
diff --git a/app/controllers/user_settings/passwords_controller.rb b/app/controllers/user_settings/passwords_controller.rb
new file mode 100644
index 00000000000..d68ddf90d49
--- /dev/null
+++ b/app/controllers/user_settings/passwords_controller.rb
@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+module UserSettings
+  class PasswordsController < ApplicationController
+    include Gitlab::Tracking::Helpers::WeakPasswordErrorEvent
+
+    skip_before_action :check_password_expiration, only: [:new, :create]
+    skip_before_action :check_two_factor_requirement, only: [:new, :create]
+
+    before_action :set_user
+    before_action :authorize_change_password!
+
+    layout :determine_layout
+
+    feature_category :system_access
+
+    def new; end
+
+    def create
+      unless @user.password_automatically_set || @user.valid_password?(user_params[:password])
+        redirect_to new_user_settings_password_path, alert: _('You must provide a valid current password')
+        return
+      end
+
+      result = Users::UpdateService.new(current_user, password_attributes.merge(user: @user)).execute
+
+      if result[:status] == :success
+        Users::UpdateService.new(current_user, user: @user, password_expires_at: nil).execute
+
+        redirect_to root_path, notice: _('Password successfully changed')
+      else
+        track_weak_password_error(@user, self.class.name, 'create')
+        render :new
+      end
+    end
+
+    def edit; end
+
+    def update
+      unless @user.password_automatically_set || @user.valid_password?(user_params[:password])
+        handle_invalid_current_password_attempt!
+
+        redirect_to edit_user_settings_password_path, alert: _('You must provide a valid current password')
+        return
+      end
+
+      result = Users::UpdateService.new(current_user, password_attributes.merge(user: @user)).execute
+
+      if result[:status] == :success
+        flash[:notice] = _('Password was successfully updated. Please sign in again.')
+        redirect_to new_user_session_path
+      else
+        track_weak_password_error(@user, self.class.name, 'update')
+        @user.reset
+        render 'edit'
+      end
+    end
+
+    def reset
+      current_user.send_reset_password_instructions
+      redirect_to edit_user_settings_password_path, notice: _('We sent you an email with reset password instructions')
+    end
+
+    private
+
+    def set_user
+      @user = current_user
+    end
+
+    def determine_layout
+      if [:new, :create].include?(action_name.to_sym)
+        'application'
+      else
+        'profile'
+      end
+    end
+
+    def authorize_change_password!
+      render_404 unless @user.allow_password_authentication?
+    end
+
+    def handle_invalid_current_password_attempt!
+      Gitlab::AppLogger.info(message: 'Invalid current password when attempting to update user password',
+        username: @user.username, ip: request.remote_ip)
+
+      @user.increment_failed_attempts!
+    end
+
+    def user_params
+      params.require(:user).permit(:password, :new_password, :password_confirmation)
+    end
+
+    def password_attributes
+      {
+        password: user_params[:new_password],
+        password_confirmation: user_params[:password_confirmation],
+        password_automatically_set: false
+      }
+    end
+  end
+end
+
+UserSettings::PasswordsController.prepend_mod
diff --git a/app/finders/milestones_finder.rb b/app/finders/milestones_finder.rb
index 38379f5bbbf..820fb6ea291 100644
--- a/app/finders/milestones_finder.rb
+++ b/app/finders/milestones_finder.rb
@@ -27,9 +27,8 @@ class MilestonesFinder
 
   def execute
     items = Milestone.all
-    items = by_ids(items)
+    items = by_ids_or_title(items)
     items = by_groups_and_projects(items)
-    items = by_title(items)
     items = by_search_title(items)
     items = by_search(items)
     items = by_state(items)
@@ -43,26 +42,18 @@ class MilestonesFinder
 
   private
 
-  def by_ids(items)
-    return items unless params[:ids].present?
+  def by_ids_or_title(items)
+    return items if params[:ids].blank? && params[:title].blank?
+    return items.id_in(params[:ids]) if params[:ids].present? && params[:title].blank?
+    return items.with_title(params[:title]) if params[:ids].blank? && params[:title].present?
 
-    items.id_in(params[:ids])
+    items.with_ids_or_title(ids: params[:ids], title: params[:title])
   end
 
   def by_groups_and_projects(items)
     items.for_projects_and_groups(params[:project_ids], params[:group_ids])
   end
 
-  # rubocop: disable CodeReuse/ActiveRecord
-  def by_title(items)
-    if params[:title]
-      items.where(title: params[:title])
-    else
-      items
-    end
-  end
-  # rubocop: enable CodeReuse/ActiveRecord
-
   def by_search_title(items)
     if params[:search_title].present?
       items.search_title(params[:search_title])
diff --git a/app/graphql/mutations/namespace/package_settings/update.rb b/app/graphql/mutations/namespace/package_settings/update.rb
index 97c16ee79fe..813c5687642 100644
--- a/app/graphql/mutations/namespace/package_settings/update.rb
+++ b/app/graphql/mutations/namespace/package_settings/update.rb
@@ -81,6 +81,11 @@ module Mutations
                 required: false,
                 description: copy_field_description(Types::Namespace::PackageSettingsType, :lock_pypi_package_requests_forwarding)
 
+        argument :nuget_symbol_server_enabled,
+                GraphQL::Types::Boolean,
+                required: false,
+                description: copy_field_description(Types::Namespace::PackageSettingsType, :nuget_symbol_server_enabled)
+
         field :package_settings,
               Types::Namespace::PackageSettingsType,
               null: true,
diff --git a/app/graphql/types/namespace/package_settings_type.rb b/app/graphql/types/namespace/package_settings_type.rb
index 6c6144f2357..7bf76ae7de5 100644
--- a/app/graphql/types/namespace/package_settings_type.rb
+++ b/app/graphql/types/namespace/package_settings_type.rb
@@ -31,7 +31,7 @@ module Types
       description: 'When nuget_duplicates_allowed is false, you can publish duplicate packages with names that match this regex. Otherwise, this setting has no effect. '
     field :nuget_duplicates_allowed, GraphQL::Types::Boolean,
       null: false,
-      description: 'Indicates whether duplicate NuGet packages are allowed for this namespace. '
+      description: 'Indicates whether duplicate NuGet packages are allowed for this namespace.'
     field :pypi_package_requests_forwarding, GraphQL::Types::Boolean,
       null: true,
       description: 'Indicates whether PyPI package forwarding is allowed for this namespace.'
@@ -58,5 +58,9 @@ module Types
       null: false,
       method: :pypi_package_requests_forwarding_locked?,
       description: 'Indicates whether PyPI package forwarding settings are locked by a parent namespace.'
+
+    field :nuget_symbol_server_enabled, GraphQL::Types::Boolean,
+      null: false,
+      description: 'Indicates wheather the NuGet symbol server is enabled for this namespace.'
   end
 end
diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index a821d014592..7663055d3b0 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -243,7 +243,7 @@ module ProjectsHelper
   def no_password_message
     push_pull_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_page_path('topics/git/terminology', anchor: 'pull-and-push') }
     clone_with_https_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: help_page_path('gitlab-basics/start-using-git', anchor: 'clone-with-https') }
-    set_password_link_start = '<a href="%{url}">'.html_safe % { url: edit_profile_password_path }
+    set_password_link_start = '<a href="%{url}">'.html_safe % { url: edit_user_settings_password_path }
     set_up_pat_link_start = '<a href="%{url}">'.html_safe % { url: user_settings_personal_access_tokens_path }
 
     message = if current_user.require_password_creation_for_git?
diff --git a/app/mailers/emails/identity_verification.rb b/app/mailers/emails/identity_verification.rb
index f3fe609e7d1..7a20b66d439 100644
--- a/app/mailers/emails/identity_verification.rb
+++ b/app/mailers/emails/identity_verification.rb
@@ -5,7 +5,7 @@ module Emails
     def verification_instructions_email(email, token:)
       @token = token
       @expires_in_minutes = Users::EmailVerification::ValidateTokenService::TOKEN_VALID_FOR_MINUTES
-      @password_link = edit_profile_password_url
+      @password_link = edit_user_settings_password_url
       @two_fa_link = help_page_url('user/profile/account/two_factor_authentication')
 
       headers = {
diff --git a/app/mailers/emails/profile.rb b/app/mailers/emails/profile.rb
index 9fc3332293c..cf46257f7d4 100644
--- a/app/mailers/emails/profile.rb
+++ b/app/mailers/emails/profile.rb
@@ -150,7 +150,7 @@ module Emails
       @user = user
       @ip = ip
       @time = time
-      @target_url = edit_profile_password_url
+      @target_url = edit_user_settings_password_url
 
       email_with_layout(
         to: @user.notification_email_or_default,
diff --git a/app/models/milestone.rb b/app/models/milestone.rb
index d5b9a4dc30f..c23921f28bd 100644
--- a/app/models/milestone.rb
+++ b/app/models/milestone.rb
@@ -56,6 +56,7 @@ class Milestone < ApplicationRecord
   scope :with_api_entity_associations, -> { preload(project: [:project_feature, :route, namespace: :route]) }
   scope :preload_for_indexing, -> { includes(project: [:project_feature]) }
   scope :order_by_dates_and_title, -> { order(due_date: :asc, start_date: :asc, title: :asc) }
+  scope :with_ids_or_title, ->(ids:, title:) { id_in(ids).or(with_title(title)) }
 
   validates :group, presence: true, unless: :project
   validates :project, presence: true, unless: :group
diff --git a/app/models/namespace/package_setting.rb b/app/models/namespace/package_setting.rb
index a249bb144f9..a5a393ad8a2 100644
--- a/app/models/namespace/package_setting.rb
+++ b/app/models/namespace/package_setting.rb
@@ -23,6 +23,7 @@ class Namespace::PackageSetting < ApplicationRecord
   validates :generic_duplicate_exception_regex, untrusted_regexp: true, length: { maximum: 255 }
   validates :nuget_duplicates_allowed, inclusion: { in: [true, false] }
   validates :nuget_duplicate_exception_regex, untrusted_regexp: true, length: { maximum: 255 }
+  validates :nuget_symbol_server_enabled, inclusion: { in: [true, false] }
 
   class << self
     def duplicates_allowed?(package)
diff --git a/app/services/namespaces/package_settings/update_service.rb b/app/services/namespaces/package_settings/update_service.rb
index cd5745cfec6..d7ab6828346 100644
--- a/app/services/namespaces/package_settings/update_service.rb
+++ b/app/services/namespaces/package_settings/update_service.rb
@@ -16,7 +16,8 @@ module Namespaces
                               pypi_package_requests_forwarding
                               lock_maven_package_requests_forwarding
                               lock_npm_package_requests_forwarding
-                              lock_pypi_package_requests_forwarding].freeze
+                              lock_pypi_package_requests_forwarding
+                              nuget_symbol_server_enabled].freeze
 
       def execute
         return ServiceResponse.error(message: 'Access Denied', http_status: 403) unless allowed?
diff --git a/app/views/profiles/accounts/show.html.haml b/app/views/profiles/accounts/show.html.haml
index 75dba925328..6da1121fe7b 100644
--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -93,7 +93,7 @@
           = s_('Profiles|You must transfer ownership or delete these groups before you can delete your account.')
       - elsif !current_user.can_remove_self?
         %p
-          = s_('Profiles|GitLab is unable to verify your identity automatically. For security purposes, you must set a password by %{openingTag}resetting your password%{closingTag} to delete your account.').html_safe % { openingTag: "<a href='#{reset_profile_password_path}' rel=\"nofollow\" data-method=\"put\">".html_safe, closingTag: '</a>'.html_safe}
+          = s_('Profiles|GitLab is unable to verify your identity automatically. For security purposes, you must set a password by %{openingTag}resetting your password%{closingTag} to delete your account.').html_safe % { openingTag: "<a href='#{reset_user_settings_password_path}' rel=\"nofollow\" data-method=\"put\">".html_safe, closingTag: '</a>'.html_safe}
         %p
           = s_('Profiles|If after setting a password, the option to delete your account is still not available, please %{link_start}submit a request%{link_end} to begin the account deletion process.').html_safe % { link_start: '<a href="https://support.gitlab.io/account-deletion/" rel="nofollow noreferrer noopener" target="_blank">'.html_safe, link_end: '</a>'.html_safe}
       - else
diff --git a/app/views/shared/issuable/_sidebar.html.haml b/app/views/shared/issuable/_sidebar.html.haml
index f018e4f122e..efb6d59a66d 100644
--- a/app/views/shared/issuable/_sidebar.html.haml
+++ b/app/views/shared/issuable/_sidebar.html.haml
@@ -15,7 +15,7 @@
 
 %aside.right-sidebar.js-right-sidebar.js-issuable-sidebar{ data: { always_show_toggle: true, signed: { in: signed_in }, issuable_type: issuable_type }, class: "#{sidebar_gutter_collapsed_class(is_merge_request_with_flag)} #{'right-sidebar-merge-requests' if is_merge_request_with_flag}", 'aria-live' => 'polite', 'aria-label': issuable_type }
   .issuable-sidebar{ class: "#{'is-merge-request' if is_merge_request_with_flag}" }
-    .issuable-sidebar-header{ class: "gl-pb-4! #{'gl-pb-2! gl-md-display-flex gl-justify-content-end gl-lg-display-none!' if is_merge_request_with_flag}" }
+    .issuable-sidebar-header{ class: "#{'gl-pb-2! gl-md-display-flex gl-justify-content-end gl-lg-display-none!' if is_merge_request_with_flag}" }
       = render Pajamas::ButtonComponent.new(button_options: { class: "gutter-toggle float-right js-sidebar-toggle has-tooltip gl-shadow-none! #{'gl-display-block' if moved_sidebar_enabled} #{'gl-mt-2' if notifications_todos_buttons_enabled?}" , type: 'button', 'aria-label' => _('Toggle sidebar'), title: sidebar_gutter_tooltip_text, data: { container: 'body', placement: 'left', boundary: 'viewport' } }) do
         = sidebar_gutter_toggle_icon
       - if signed_in
diff --git a/app/views/profiles/passwords/edit.html.haml b/app/views/user_settings/passwords/edit.html.haml
index 4848a9dc595..afe6ee2c0b3 100644
--- a/app/views/profiles/passwords/edit.html.haml
+++ b/app/views/user_settings/passwords/edit.html.haml
@@ -12,7 +12,7 @@
       = _('Change your password.')
     - else
       = _('Change your password or recover your current one.')
-  = gitlab_ui_form_for @user, url: profile_password_path, method: :put, html: {class: "update-password"} do |f|
+  = gitlab_ui_form_for @user, url: user_settings_password_path, method: :put, html: {class: "update-password"} do |f|
     = form_errors(@user)
 
     - unless @user.password_automatically_set?
@@ -31,5 +31,5 @@
     .gl-mt-3.gl-mb-3
       = f.submit _('Save password'), class: "gl-mr-3", data: { qa_selector: 'save_password_button' }, pajamas_button: true
       - unless @user.password_automatically_set?
-        = render Pajamas::ButtonComponent.new(href: reset_profile_password_path, variant: :link, method: :put) do
+        = render Pajamas::ButtonComponent.new(href: reset_user_settings_password_path, variant: :link, method: :put) do
           = _('I forgot my password')
diff --git a/app/views/profiles/passwords/new.html.haml b/app/views/user_settings/passwords/new.html.haml
index a0a9077afe4..3616c9ec252 100644
--- a/app/views/profiles/passwords/new.html.haml
+++ b/app/views/user_settings/passwords/new.html.haml
@@ -3,7 +3,7 @@
 
 %h1.page-title.gl-font-size-h-display= _('Set up new password')
 %hr
-= gitlab_ui_form_for @user, url: profile_password_path, method: :post do |f|
+= gitlab_ui_form_for @user, url: user_settings_password_path, method: :post do |f|
   %p.slead
     = _('Please set a new password before proceeding.')
     %br