Merge branch 'master' of https://github.com/gitlabhq/gitlabhq

Conflicts:
	config/application.rb
	config/gitlab.yml.example
	config/unicorn.rb.example

8 files changed, 70 insertions, 24 deletions

diff --git a/config/application.rb b/config/application.rb
index d06d47c773a..ca80e9718ce 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -70,7 +70,7 @@ module Gitlab
     config.assets.version = '1.0'
 
     # Uncomment and customize the last line to run in a non-root path
-    # WARNING: This feature is known to work, but unsupported
+    # WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this.
     # Note that four settings need to be changed for this to work.
     # 1) In your application.rb file: config.relative_url_root = "/gitlab"
     # 2) In your gitlab.yml file: relative_url_root: /gitlab
@@ -80,7 +80,14 @@ module Gitlab
     #
     # config.relative_url_root = "/gitlab"
 
-    # Uncomment to enable rack attack middleware
-    # config.middleware.use Rack::Attack
+    config.middleware.use Rack::Attack
+
+    # Allow access to GitLab API from other domains
+    config.middleware.use Rack::Cors do
+      allow do
+        origins '*'
+        resource '/api/*', headers: :any, methods: [:get, :post, :options, :put]
+      end
+    end
   end
 end
diff --git a/config/database.yml.mysql b/config/database.yml.mysql
index e7a9227e41e..55ac088bc1d 100644
--- a/config/database.yml.mysql
+++ b/config/database.yml.mysql
@@ -7,7 +7,7 @@ production:
   reconnect: false
   database: gitlabhq_production
   pool: 10
-  username: gitlab
+  username: git
   password: "secure password"
   # host: localhost
   # socket: /tmp/mysql.sock
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index bea0b71fc1b..ba779d384c1 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -20,7 +20,7 @@ production: &base
     https: false
 
     # Uncomment and customize the last line to run in a non-root path
-    # WARNING: This feature is known to work, but unsupported
+    # WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this. 
     # Note that four settings need to be changed for this to work.
     # 1) In your application.rb file: config.relative_url_root = "/gitlab"
     # 2) In your gitlab.yml file: relative_url_root: /gitlab
@@ -57,11 +57,15 @@ production: &base
     # default: false - Account passwords are not sent via the email if signup is enabled. 
     # signup_enabled: true
 
+    # Restrict setting visibility levels for non-admin users.
+    # The default is to allow all levels.
+    #restricted_visibility_levels: [ "public" ]
+
     ## Automatic issue closing
     # If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
-    # This  happends when the commit is pushed or merged into the default branch of a project.
+    # This happens when the commit is pushed or merged into the default branch of a project.
     # When not specified the default issue_closing_pattern as specified below will be used.
-    # issue_closing_pattern: ([Cc]loses|[Ff]ixes) +#\d+
+    # issue_closing_pattern: ([Cc]lose[sd]|[Ff]ixe[sd]) +#\d+
 
     ## Default project features settings
     default_projects_features:
@@ -70,7 +74,7 @@ production: &base
       wiki: true
       wall: false
       snippets: false
-      public: false
+      visibility_level: "private"  # can be "private" | "internal" | "public"
 
   ## External issues trackers
   issues_tracker:
@@ -112,6 +116,8 @@ production: &base
   # ==========================
 
   ## LDAP settings
+  # You can inspect the first 100 LDAP users with login access by running:
+  #   bundle exec rake gitlab:ldap:check[100] RAILS_ENV=production
   ldap:
     enabled: false
     host: '_your_ldap_server'
@@ -138,7 +144,7 @@ production: &base
     ## Auth providers
     # Uncomment the following lines and fill in the data of the auth provider you want to use
     # If your favorite auth provider is not listed you can use others:
-    # see https://github.com/gitlabhq/gitlabhq/wiki/Using-Custom-Omniauth-Providers
+    # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Working-custom-omniauth-provider-configurations
     # The 'app_id' and 'app_secret' parameters are always passed as the first two
     # arguments, followed by optional 'args' which can be either a hash or an array.
     providers:
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 942b77ffd2e..2b13bb51e02 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -30,6 +30,29 @@ class Settings < Settingslogic
         gitlab.relative_url_root
       ].join('')
     end
+
+    # check that values in `current` (string or integer) is a contant in `modul`.
+    def verify_constant_array(modul, current, default)
+      values = default || []
+      if !current.nil?
+        values = []
+        current.each do |constant|
+          values.push(verify_constant(modul, constant, nil))
+        end
+        values.delete_if { |value| value.nil? }
+      end
+      values
+    end
+
+    # check that `current` (string or integer) is a contant in `modul`.
+    def verify_constant(modul, current, default)
+      constant = modul.constants.find{ |name| modul.const_get(name) == current }
+      value = constant.nil? ? default : modul.const_get(constant)
+      if current.is_a? String
+        value = modul.const_get(current.upcase) rescue default
+      end
+      value
+    end
   end
 end
 
@@ -68,6 +91,7 @@ rescue ArgumentError # no user configured
   '/home/' + Settings.gitlab['user']
 end
 Settings.gitlab['signup_enabled'] ||= false
+Settings.gitlab['restricted_visibility_levels'] = Settings.send(:verify_constant_array, Gitlab::VisibilityLevel, Settings.gitlab['restricted_visibility_levels'], [])
 Settings.gitlab['username_changing_enabled'] = true if Settings.gitlab['username_changing_enabled'].nil?
 Settings.gitlab['issue_closing_pattern'] = '([Cc]loses|[Ff]ixes) #(\d+)' if Settings.gitlab['issue_closing_pattern'].nil?
 Settings.gitlab['default_projects_features'] ||= {}
@@ -76,7 +100,7 @@ Settings.gitlab.default_projects_features['merge_requests'] = true if Settings.g
 Settings.gitlab.default_projects_features['wiki']           = true if Settings.gitlab.default_projects_features['wiki'].nil?
 Settings.gitlab.default_projects_features['wall']           = false if Settings.gitlab.default_projects_features['wall'].nil?
 Settings.gitlab.default_projects_features['snippets']       = false if Settings.gitlab.default_projects_features['snippets'].nil?
-Settings.gitlab.default_projects_features['public']         = false if Settings.gitlab.default_projects_features['public'].nil?
+Settings.gitlab.default_projects_features['visibility_level']    = Settings.send(:verify_constant, Gitlab::VisibilityLevel, Settings.gitlab.default_projects_features['visibility_level'], Gitlab::VisibilityLevel::PRIVATE)
 
 #
 # Gravatar
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index b7cb808d2e5..5da8932a651 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -74,8 +74,8 @@ Devise.setup do |config|
   # config.pepper = "2ef62d549c4ff98a5d3e0ba211e72cff592060247e3bbbb9f499af1222f876f53d39b39b823132affb32858168c79c1d7741d26499901b63c6030a42129924ef"
 
   # ==> Configuration for :confirmable
-  # The time you want to give your user to confirm his account. During this time
-  # he will be able to access your application without confirming. Default is 0.days
+  # The time you want to give a user to confirm their account. During this time
+  # they will be able to access your application without confirming. Default is 0.days
   # When confirm_within is zero, the user won't be able to sign in without confirming.
   # You can use this to let your user access some features of your application
   # without confirming the account, but blocking it after a certain period
@@ -101,7 +101,7 @@ Devise.setup do |config|
 
   # ==> Configuration for :validatable
   # Range for password length. Default is 6..128.
-  config.password_length = 6..128
+  config.password_length = 8..128
 
   # Email regex used to validate email formats. It simply asserts that
   # an one (and only one) @ exists in the given string. This is mainly
diff --git a/config/initializers/rack_attack.rb.example b/config/initializers/rack_attack.rb.example
index 76fa7ad282e..1d10a53d505 100644
--- a/config/initializers/rack_attack.rb.example
+++ b/config/initializers/rack_attack.rb.example
@@ -1,16 +1,17 @@
-# To enable rack-attack for your GitLab instance do the following:
-# 1. In config/application.rb find and uncomment the following line:
-# config.middleware.use Rack::Attack
-# 2. Rename this file to rack_attack.rb
-# 3. Review the paths_to_be_protected and add any other path you need protecting
-# 4. Restart GitLab instance
+# 1. Rename this file to rack_attack.rb
+# 2. Review the paths_to_be_protected and add any other path you need protecting
 #
 
 paths_to_be_protected = [
   "#{Rails.application.config.relative_url_root}/users/password",
   "#{Rails.application.config.relative_url_root}/users/sign_in",
+  "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json",
+  "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session",
   "#{Rails.application.config.relative_url_root}/users"
 ]
-Rack::Attack.throttle('protected paths', limit: 6, period: 60.seconds) do |req|
-  req.ip if paths_to_be_protected.include?(req.path) && req.post?
+
+unless Rails.env.test?
+  Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req|
+    req.ip if paths_to_be_protected.include?(req.path) && req.post?
+  end
 end
diff --git a/config/routes.rb b/config/routes.rb
index 58bbd2b650e..35143a4268c 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -86,9 +86,16 @@ Gitlab::Application.routes.draw do
       get :test
     end
 
+    resources :broadcast_messages, only: [:index, :create, :destroy]
     resource :logs, only: [:show]
     resource :background_jobs, controller: 'background_jobs', only: [:show]
-    resources :projects, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ }, only: [:index, :show]
+
+    resources :projects, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ }, only: [:index, :show] do
+      member do
+        put :transfer
+      end
+    end
+
     root to: "dashboard#index"
   end
 
@@ -120,6 +127,7 @@ Gitlab::Application.routes.draw do
           delete :leave
         end
       end
+      resource :avatar, only: [:destroy]
     end
   end
 
@@ -166,7 +174,7 @@ Gitlab::Application.routes.draw do
     end
 
     scope module: :projects do
-      resources :blob,      only: [:show], constraints: {id: /.+/}
+      resources :blob,      only: [:show, :destroy], constraints: {id: /.+/}
       resources :raw,       only: [:show], constraints: {id: /.+/}
       resources :tree,      only: [:show], constraints: {id: /.+/, format: /(html|js)/ }
       resources :edit_tree, only: [:show, :update], constraints: {id: /.+/}, path: 'edit'
diff --git a/config/unicorn.rb.example b/config/unicorn.rb.example
index 911c93b53f4..ba5e5cdde0b 100644
--- a/config/unicorn.rb.example
+++ b/config/unicorn.rb.example
@@ -9,7 +9,7 @@
 # documentation.
 
 # Uncomment and customize the last line to run in a non-root path
-# WARNING: This feature is known to work, but unsupported
+# WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this.
 # Note that four settings need to be changed for this to work.
 # 1) In your application.rb file: config.relative_url_root = "/gitlab"
 # 2) In your gitlab.yml file: relative_url_root: /gitlab