Add latest changes from gitlab-org/gitlab@master

6 files changed, 31 insertions, 17 deletions

diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb
index 67cfed0b015..f50b3297e7e 100644
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -198,6 +198,7 @@ module ApplicationSettingsHelper
       :default_project_visibility,
       :default_projects_limit,
       :default_snippet_visibility,
+      :disable_feed_token,
       :disabled_oauth_sign_in_sources,
       :domain_denylist,
       :domain_denylist_enabled,
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index dac68df1c80..fb5b49711d9 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -426,6 +426,9 @@ class ApplicationSetting < ApplicationRecord
   attr_encrypted :secret_detection_token_revocation_token, encryption_options_base_truncated_aes_256_gcm
   attr_encrypted :cloud_license_auth_token, encryption_options_base_truncated_aes_256_gcm
 
+  validates :disable_feed_token,
+            inclusion: { in: [true, false], message: 'must be a boolean value' }
+
   before_validation :ensure_uuid!
 
   before_save :ensure_runners_registration_token
diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb
index 1229ad57b4b..9c6f25d1986 100644
--- a/app/models/application_setting_implementation.rb
+++ b/app/models/application_setting_implementation.rb
@@ -58,6 +58,7 @@ module ApplicationSettingImplementation
         default_projects_limit: Settings.gitlab['default_projects_limit'],
         default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],
         diff_max_patch_bytes: Gitlab::Git::Diff::DEFAULT_MAX_PATCH_BYTES,
+        disable_feed_token: false,
         disabled_oauth_sign_in_sources: [],
         dns_rebinding_protection_enabled: true,
         domain_allowlist: Settings.gitlab['domain_allowlist'],
diff --git a/app/models/user.rb b/app/models/user.rb
index f602b771d84..6e01badf506 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1659,7 +1659,7 @@ class User < ApplicationRecord
   # we do this on read since migrating all existing users is not a feasible
   # solution.
   def feed_token
-    ensure_feed_token!
+    Gitlab::CurrentSettings.disable_feed_token ? nil : ensure_feed_token!
   end
 
   # Each existing user needs to have a `static_object_token`.
diff --git a/app/views/admin/application_settings/_visibility_and_access.html.haml b/app/views/admin/application_settings/_visibility_and_access.html.haml
index 46d8a8ac9c7..709ce497132 100644
--- a/app/views/admin/application_settings/_visibility_and_access.html.haml
+++ b/app/views/admin/application_settings/_visibility_and_access.html.haml
@@ -66,4 +66,12 @@
       .form-group
         = f.label field_name, "#{type.upcase} SSH keys", class: 'label-bold'
         = f.select field_name, key_restriction_options_for_select(type), {}, class: 'form-control'
+
+    .form-group
+      %label.label-bold= s_('AdminSettings|Feed token')
+      .form-check
+        = f.check_box :disable_feed_token, class: 'form-check-input'
+        = f.label :disable_feed_token, class: 'form-check-label' do
+          = s_('AdminSettings|Disable feed token')
+
   = f.submit _('Save changes'), class: "gl-button btn btn-success"
diff --git a/app/views/profiles/personal_access_tokens/index.html.haml b/app/views/profiles/personal_access_tokens/index.html.haml
index 11750f2a6d5..577b64ba17a 100644
--- a/app/views/profiles/personal_access_tokens/index.html.haml
+++ b/app/views/profiles/personal_access_tokens/index.html.haml
@@ -32,22 +32,23 @@
         active_tokens: @active_personal_access_tokens,
         revoke_route_helper: ->(token) { revoke_profile_personal_access_token_path(token) }
 
-%hr
-.row.gl-mt-3
-  .col-lg-4.profile-settings-sidebar
-    %h4.gl-mt-0
-      = s_('AccessTokens|Feed token')
-    %p
-      = s_('AccessTokens|Your feed token is used to authenticate you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar, and is included in those feed URLs.')
-    %p
-      = s_('AccessTokens|It cannot be used to access any other data.')
-  .col-lg-8.feed-token-reset
-    = label_tag :feed_token, s_('AccessTokens|Feed token'), class: 'label-bold'
-    = text_field_tag :feed_token, current_user.feed_token, class: 'form-control js-select-on-focus', readonly: true
-    %p.form-text.text-muted
-      - reset_link = link_to s_('AccessTokens|reset it'), [:reset, :feed_token, :profile], method: :put, data: { confirm: s_('AccessTokens|Are you sure? Any RSS or calendar URLs currently in use will stop working.') }
-      - reset_message = s_('AccessTokens|Keep this token secret. Anyone who gets ahold of it can read activity and issue RSS feeds or your calendar feed as if they were you. You should %{link_reset_it} if that ever happens.') % { link_reset_it: reset_link }
-      = reset_message.html_safe
+- unless Gitlab::CurrentSettings.disable_feed_token
+  %hr
+  .row.gl-mt-3
+    .col-lg-4.profile-settings-sidebar
+      %h4.gl-mt-0
+        = s_('AccessTokens|Feed token')
+      %p
+        = s_('AccessTokens|Your feed token is used to authenticate you when your RSS reader loads a personalized RSS feed or when your calendar application loads a personalized calendar, and is included in those feed URLs.')
+      %p
+        = s_('AccessTokens|It cannot be used to access any other data.')
+    .col-lg-8.feed-token-reset
+      = label_tag :feed_token, s_('AccessTokens|Feed token'), class: 'label-bold'
+      = text_field_tag :feed_token, current_user.feed_token, class: 'form-control js-select-on-focus', readonly: true
+      %p.form-text.text-muted
+        - reset_link = link_to s_('AccessTokens|reset it'), [:reset, :feed_token, :profile], method: :put, data: { confirm: s_('AccessTokens|Are you sure? Any RSS or calendar URLs currently in use will stop working.') }
+        - reset_message = s_('AccessTokens|Keep this token secret. Anyone who gets ahold of it can read activity and issue RSS feeds or your calendar feed as if they were you. You should %{link_reset_it} if that ever happens.') % { link_reset_it: reset_link }
+        = reset_message.html_safe
 
 - if incoming_email_token_enabled?
   %hr