Merge branch 'master' into 'zj-wiki-page-versions'

# Conflicts: # Gemfile # Gemfile.lock
author: Douwe Maan <douwe@gitlab.com> 2018-02-06 19:08:06 +0300
committer: Douwe Maan <douwe@gitlab.com> 2018-02-06 19:08:06 +0300
commit: 5db5a9cbd1192d776874a92e0a253c605f3c4417 (patch)
tree: 67be95609ce038ec9c2fbdc45fb491bb223c7137 /lib/api
parent: a29f0c28fd07ba14f0d0e5fb9c878a2eb117e388 (diff)
parent: ba62493009c2360018709b660956a6173f3e1515 (diff)
25 files changed, 138 insertions, 56 deletions
diff --git a/lib/api/access_requests.rb b/lib/api/access_requests.rb
index 374b611f55e..60ae5e6b9a2 100644
--- a/lib/api/access_requests.rb
+++ b/lib/api/access_requests.rb
@@ -24,7 +24,7 @@ module API
           access_requesters = AccessRequestsFinder.new(source).execute!(current_user)
           access_requesters = paginate(access_requesters.includes(:user))
 
-          present access_requesters.map(&:user), with: Entities::AccessRequester, source: source
+          present access_requesters, with: Entities::AccessRequester
         end
 
         desc "Requests access for the authenticated user to a #{source_type}." do
@@ -36,7 +36,7 @@ module API
           access_requester = source.request_access(current_user)
 
           if access_requester.persisted?
-            present access_requester.user, with: Entities::AccessRequester, access_requester: access_requester
+            present access_requester, with: Entities::AccessRequester
           else
             render_validation_error!(access_requester)
           end
@@ -56,7 +56,7 @@ module API
           member = ::Members::ApproveAccessRequestService.new(source, current_user, declared_params).execute
 
           status :created
-          present member.user, with: Entities::Member, member: member
+          present member, with: Entities::Member
         end
 
         desc 'Denies an access request for the given user.' do
diff --git a/lib/api/api.rb b/lib/api/api.rb
index ae161efb358..f3f64244589 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -106,6 +106,7 @@ module API
 
     # Keep in alphabetical order
     mount ::API::AccessRequests
+    mount ::API::Applications
     mount ::API::AwardEmoji
     mount ::API::Boards
     mount ::API::Branches
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb
index 9aeebc34525..c2113551207 100644
--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -42,7 +42,7 @@ module API
       include Gitlab::Auth::UserAuthFinders
 
       def find_current_user!
-        user = find_user_from_access_token || find_user_from_warden
+        user = find_user_from_sources
         return unless user
 
         forbidden!('User is blocked') unless Gitlab::UserAccess.new(user).allowed? && user.can?(:access_api)
@@ -50,6 +50,10 @@ module API
         user
       end
 
+      def find_user_from_sources
+        find_user_from_access_token || find_user_from_warden
+      end
+
       private
 
       # An array of scopes that were registered (using `allow_access_with_scope`)
diff --git a/lib/api/applications.rb b/lib/api/applications.rb
new file mode 100644
index 00000000000..b122cdefe4e
--- /dev/null
+++ b/lib/api/applications.rb
@@ -0,0 +1,27 @@
+module API
+  # External applications API
+  class Applications < Grape::API
+    before { authenticated_as_admin! }
+
+    resource :applications do
+      desc 'Create a new application' do
+        detail 'This feature was introduced in GitLab 10.5'
+        success Entities::ApplicationWithSecret
+      end
+      params do
+        requires :name, type: String, desc: 'Application name'
+        requires :redirect_uri, type: String, desc: 'Application redirect URI'
+        requires :scopes, type: String, desc: 'Application scopes'
+      end
+      post do
+        application = Doorkeeper::Application.new(declared_params)
+
+        if application.save
+          present application, with: Entities::ApplicationWithSecret
+        else
+          render_validation_error! application
+        end
+      end
+    end
+  end
+end
diff --git a/lib/api/branches.rb b/lib/api/branches.rb
index 0791a110c39..1794207e29b 100644
--- a/lib/api/branches.rb
+++ b/lib/api/branches.rb
@@ -29,6 +29,8 @@ module API
         use :pagination
       end
       get ':id/repository/branches' do
+        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42329')
+
         repository = user_project.repository
         branches = ::Kaminari.paginate_array(repository.branches.sort_by(&:name))
         merged_branch_names = repository.merged_branch_names(branches.map(&:name))
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 3f4b62dc1b2..e13463ec66b 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -205,22 +205,15 @@ module API
       expose :build_artifacts_size, as: :job_artifacts_size
     end
 
-    class Member < UserBasic
-      expose :access_level do |user, options|
-        member = options[:member] || options[:source].members.find_by(user_id: user.id)
-        member.access_level
-      end
-      expose :expires_at do |user, options|
-        member = options[:member] || options[:source].members.find_by(user_id: user.id)
-        member.expires_at
-      end
+    class Member < Grape::Entity
+      expose :user, merge: true, using: UserBasic
+      expose :access_level
+      expose :expires_at
     end
 
-    class AccessRequester < UserBasic
-      expose :requested_at do |user, options|
-        access_requester = options[:access_requester] || options[:source].requesters.find_by(user_id: user.id)
-        access_requester.requested_at
-      end
+    class AccessRequester < Grape::Entity
+      expose :user, merge: true, using: UserBasic
+      expose :requested_at
     end
 
     class Group < Grape::Entity
@@ -507,7 +500,15 @@ module API
       expose :work_in_progress?, as: :work_in_progress
       expose :milestone, using: Entities::Milestone
       expose :merge_when_pipeline_succeeds
-      expose :merge_status
+
+      # Ideally we should deprecate `MergeRequest#merge_status` exposure and
+      # use `MergeRequest#mergeable?` instead (boolean).
+      # See https://gitlab.com/gitlab-org/gitlab-ce/issues/42344 for more
+      # information.
+      expose :merge_status do |merge_request|
+        merge_request.check_if_can_be_merged
+        merge_request.merge_status
+      end
       expose :diff_head_sha, as: :sha
       expose :merge_commit_sha
       expose :user_notes_count
@@ -1157,5 +1158,15 @@ module API
         pages_domain
       end
     end
+
+    class Application < Grape::Entity
+      expose :uid, as: :application_id
+      expose :redirect_uri, as: :callback_url
+    end
+
+    # Use with care, this exposes the secret
+    class ApplicationWithSecret < Application
+      expose :secret
+    end
   end
 end
diff --git a/lib/api/helpers/internal_helpers.rb b/lib/api/helpers/internal_helpers.rb
index eff1c5b70ea..eb67de81a0d 100644
--- a/lib/api/helpers/internal_helpers.rb
+++ b/lib/api/helpers/internal_helpers.rb
@@ -1,11 +1,6 @@
 module API
   module Helpers
     module InternalHelpers
-      SSH_GITALY_FEATURES = {
-        'git-receive-pack' => [:ssh_receive_pack, Gitlab::GitalyClient::MigrationStatus::OPT_IN],
-        'git-upload-pack' => [:ssh_upload_pack, Gitlab::GitalyClient::MigrationStatus::OPT_OUT]
-      }.freeze
-
       attr_reader :redirected_path
 
       def wiki?
@@ -102,8 +97,14 @@ module API
 
       # Return the Gitaly Address if it is enabled
       def gitaly_payload(action)
-        feature, status = SSH_GITALY_FEATURES[action]
-        return unless feature && Gitlab::GitalyClient.feature_enabled?(feature, status: status)
+        return unless %w[git-receive-pack git-upload-pack].include?(action)
+
+        if action == 'git-receive-pack'
+          return unless Gitlab::GitalyClient.feature_enabled?(
+            :ssh_receive_pack,
+            status: Gitlab::GitalyClient::MigrationStatus::OPT_OUT
+          )
+        end
 
         {
           repository: repository.gitaly_repository,
diff --git a/lib/api/helpers/runner.rb b/lib/api/helpers/runner.rb
index 2cae53dba53..3d0d1287407 100644
--- a/lib/api/helpers/runner.rb
+++ b/lib/api/helpers/runner.rb
@@ -1,15 +1,13 @@
 module API
   module Helpers
     module Runner
-      include Gitlab::CurrentSettings
-
       JOB_TOKEN_HEADER = 'HTTP_JOB_TOKEN'.freeze
       JOB_TOKEN_PARAM = :token
       UPDATE_RUNNER_EVERY = 10 * 60
 
       def runner_registration_token_valid?
         ActiveSupport::SecurityUtils.variable_size_secure_compare(params[:token],
-                                                                  current_application_settings.runners_registration_token)
+                                                                  Gitlab::CurrentSettings.runners_registration_token)
       end
 
       def get_runner_version_from_params
@@ -70,7 +68,7 @@ module API
       end
 
       def max_artifacts_size
-        current_application_settings.max_artifacts_size.megabytes.to_i
+        Gitlab::CurrentSettings.max_artifacts_size.megabytes.to_i
       end
     end
   end
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index c99fe3ab5b3..b6c278c89d0 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -161,6 +161,8 @@ module API
         use :issue_params
       end
       post ':id/issues' do
+        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42320')
+
         authorize! :create_issue, user_project
 
         # Setting created_at time only allowed for admins and project owners
@@ -201,6 +203,8 @@ module API
                         :labels, :created_at, :due_date, :confidential, :state_event
       end
       put ':id/issues/:issue_iid' do
+        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42322')
+
         issue = user_project.issues.find_by!(iid: params.delete(:issue_iid))
         authorize! :update_issue, issue
 
@@ -234,6 +238,8 @@ module API
         requires :to_project_id, type: Integer, desc: 'The ID of the new project'
       end
       post ':id/issues/:issue_iid/move' do
+        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42323')
+
         issue = user_project.issues.find_by(iid: params[:issue_iid])
         not_found!('Issue') unless issue
 
diff --git a/lib/api/members.rb b/lib/api/members.rb
index 5446f6b54b1..bc1de37284a 100644
--- a/lib/api/members.rb
+++ b/lib/api/members.rb
@@ -21,10 +21,11 @@ module API
         get ":id/members" do
           source = find_source(source_type, params[:id])
 
-          users = source.users
-          users = users.merge(User.search(params[:query])) if params[:query]
+          members = source.members.where.not(user_id: nil).includes(:user)
+          members = members.joins(:user).merge(User.search(params[:query])) if params[:query].present?
+          members = paginate(members)
 
-          present paginate(users), with: Entities::Member, source: source
+          present members, with: Entities::Member
         end
 
         desc 'Gets a member of a group or project.' do
@@ -39,7 +40,7 @@ module API
           members = source.members
           member = members.find_by!(user_id: params[:user_id])
 
-          present member.user, with: Entities::Member, member: member
+          present member, with: Entities::Member
         end
 
         desc 'Adds a member to a group or project.' do
@@ -62,7 +63,7 @@ module API
           if !member
             not_allowed! # This currently can only be reached in EE
           elsif member.persisted? && member.valid?
-            present member.user, with: Entities::Member, member: member
+            present member, with: Entities::Member
           else
             render_validation_error!(member)
           end
@@ -83,7 +84,7 @@ module API
           member = source.members.find_by!(user_id: params.delete(:user_id))
 
           if member.update_attributes(declared_params(include_missing: false))
-            present member.user, with: Entities::Member, member: member
+            present member, with: Entities::Member
           else
             render_validation_error!(member)
           end
diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb
index 420aaf1c964..719afa09295 100644
--- a/lib/api/merge_requests.rb
+++ b/lib/api/merge_requests.rb
@@ -152,6 +152,8 @@ module API
         use :optional_params
       end
       post ":id/merge_requests" do
+        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42316')
+
         authorize! :create_merge_request, user_project
 
         mr_params = declared_params(include_missing: false)
@@ -256,6 +258,8 @@ module API
         at_least_one_of(*at_least_one_of_ce)
       end
       put ':id/merge_requests/:merge_request_iid' do
+        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42318')
+
         merge_request = find_merge_request_with_access(params.delete(:merge_request_iid), :update_merge_request)
 
         mr_params = declared_params(include_missing: false)
@@ -283,6 +287,8 @@ module API
         optional :sha, type: String, desc: 'When present, must have the HEAD SHA of the source branch'
       end
       put ':id/merge_requests/:merge_request_iid/merge' do
+        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42317')
+
         merge_request = find_project_merge_request(params[:merge_request_iid])
         merge_when_pipeline_succeeds = to_boolean(params[:merge_when_pipeline_succeeds])
 
diff --git a/lib/api/pipelines.rb b/lib/api/pipelines.rb
index 675c963bae2..d2b8b832e4e 100644
--- a/lib/api/pipelines.rb
+++ b/lib/api/pipelines.rb
@@ -42,6 +42,8 @@ module API
         requires :ref, type: String,  desc: 'Reference'
       end
       post ':id/pipeline' do
+        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42124')
+
         authorize! :create_pipeline, user_project
 
         new_pipeline = Ci::CreatePipelineService.new(user_project,
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 8b5e4f8edcc..5b481121a10 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -210,6 +210,8 @@ module API
         optional :namespace, type: String, desc: 'The ID or name of the namespace that the project will be forked into'
       end
       post ':id/fork' do
+        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42284')
+
         fork_params = declared_params(include_missing: false)
         namespace_id = fork_params[:namespace]
 
diff --git a/lib/api/runner.rb b/lib/api/runner.rb
index 80feb629d54..1f80646a2ea 100644
--- a/lib/api/runner.rb
+++ b/lib/api/runner.rb
@@ -215,9 +215,9 @@ module API
         job = authenticate_job!
         forbidden!('Job is not running!') unless job.running?
 
-        artifacts_upload_path = JobArtifactUploader.artifacts_upload_path
-        artifacts = uploaded_file(:file, artifacts_upload_path)
-        metadata = uploaded_file(:metadata, artifacts_upload_path)
+        workhorse_upload_path = JobArtifactUploader.workhorse_upload_path
+        artifacts = uploaded_file(:file, workhorse_upload_path)
+        metadata = uploaded_file(:metadata, workhorse_upload_path)
 
         bad_request!('Missing artifacts file!') unless artifacts
         file_to_large! unless artifacts.size < max_artifacts_size
diff --git a/lib/api/templates.rb b/lib/api/templates.rb
index 6550b331fb8..41862768a3f 100644
--- a/lib/api/templates.rb
+++ b/lib/api/templates.rb
@@ -17,15 +17,15 @@ module API
       }
     }.freeze
     PROJECT_TEMPLATE_REGEX =
-      /[\<\{\[]
+      %r{[\<\{\[]
         (project|description|
         one\sline\s.+\swhat\sit\sdoes\.) # matching the start and end is enough here
-      [\>\}\]]/xi.freeze
+      [\>\}\]]}xi.freeze
     YEAR_TEMPLATE_REGEX = /[<{\[](year|yyyy)[>}\]]/i.freeze
     FULLNAME_TEMPLATE_REGEX =
-      /[\<\{\[]
+      %r{[\<\{\[]
         (fullname|name\sof\s(author|copyright\sowner))
-      [\>\}\]]/xi.freeze
+      [\>\}\]]}xi.freeze
 
     helpers do
       def parsed_license_template
diff --git a/lib/api/triggers.rb b/lib/api/triggers.rb
index dd6801664b1..b3709455bc3 100644
--- a/lib/api/triggers.rb
+++ b/lib/api/triggers.rb
@@ -15,6 +15,8 @@ module API
         optional :variables, type: Hash, desc: 'The list of variables to be injected into build'
       end
       post ":id/(ref/:ref/)trigger/pipeline", requirements: { ref: /.+/ } do
+        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42283')
+
         # validate variables
         params[:variables] = params[:variables].to_h
         unless params[:variables].all? { |key, value| key.is_a?(String) && value.is_a?(String) }
diff --git a/lib/api/users.rb b/lib/api/users.rb
index e5de31ad51b..c7c2aa280d5 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -383,6 +383,8 @@ module API
         optional :hard_delete, type: Boolean, desc: "Whether to remove a user's contributions"
       end
       delete ":id" do
+        Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42279')
+
         authenticated_as_admin!
 
         user = User.find_by(id: params[:id])
diff --git a/lib/api/v3/branches.rb b/lib/api/v3/branches.rb
index b201bf77667..25176c5b38e 100644
--- a/lib/api/v3/branches.rb
+++ b/lib/api/v3/branches.rb
@@ -14,6 +14,8 @@ module API
           success ::API::Entities::Branch
         end
         get ":id/repository/branches" do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42276')
+
           repository = user_project.repository
           branches = repository.branches.sort_by(&:name)
           merged_branch_names = repository.merged_branch_names(branches.map(&:name))
diff --git a/lib/api/v3/issues.rb b/lib/api/v3/issues.rb
index cb371fdbab8..b59947d81d9 100644
--- a/lib/api/v3/issues.rb
+++ b/lib/api/v3/issues.rb
@@ -134,6 +134,8 @@ module API
           use :issue_params
         end
         post ':id/issues' do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42131')
+
           # Setting created_at time only allowed for admins and project owners
           unless current_user.admin? || user_project.owner == current_user
             params.delete(:created_at)
@@ -169,6 +171,8 @@ module API
                           :labels, :created_at, :due_date, :confidential, :state_event
         end
         put ':id/issues/:issue_id' do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42132')
+
           issue = user_project.issues.find(params.delete(:issue_id))
           authorize! :update_issue, issue
 
@@ -201,6 +205,8 @@ module API
           requires :to_project_id, type: Integer, desc: 'The ID of the new project'
         end
         post ':id/issues/:issue_id/move' do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42133')
+
           issue = user_project.issues.find_by(id: params[:issue_id])
           not_found!('Issue') unless issue
 
diff --git a/lib/api/v3/members.rb b/lib/api/v3/members.rb
index de226e4e573..d7bde8ceb89 100644
--- a/lib/api/v3/members.rb
+++ b/lib/api/v3/members.rb
@@ -22,10 +22,11 @@ module API
           get ":id/members" do
             source = find_source(source_type, params[:id])
 
-            users = source.users
-            users = users.merge(User.search(params[:query])) if params[:query]
+            members = source.members.where.not(user_id: nil).includes(:user)
+            members = members.joins(:user).merge(User.search(params[:query])) if params[:query].present?
+            members = paginate(members)
 
-            present paginate(users), with: ::API::Entities::Member, source: source
+            present members, with: ::API::Entities::Member
           end
 
           desc 'Gets a member of a group or project.' do
@@ -40,7 +41,7 @@ module API
             members = source.members
             member = members.find_by!(user_id: params[:user_id])
 
-            present member.user, with: ::API::Entities::Member, member: member
+            present member, with: ::API::Entities::Member
           end
 
           desc 'Adds a member to a group or project.' do
@@ -69,7 +70,7 @@ module API
             end
 
             if member.persisted? && member.valid?
-              present member.user, with: ::API::Entities::Member, member: member
+              present member, with: ::API::Entities::Member
             else
               # This is to ensure back-compatibility but 400 behavior should be used
               # for all validation errors in 9.0!
@@ -93,7 +94,7 @@ module API
             member = source.members.find_by!(user_id: params.delete(:user_id))
 
             if member.update_attributes(declared_params(include_missing: false))
-              present member.user, with: ::API::Entities::Member, member: member
+              present member, with: ::API::Entities::Member
             else
               # This is to ensure back-compatibility but 400 behavior should be used
               # for all validation errors in 9.0!
@@ -125,7 +126,7 @@ module API
             else
               ::Members::DestroyService.new(source, current_user, declared_params).execute
 
-              present member.user, with: ::API::Entities::Member, member: member
+              present member, with: ::API::Entities::Member
             end
           end
         end
diff --git a/lib/api/v3/merge_requests.rb b/lib/api/v3/merge_requests.rb
index 0a24fea52a3..ce216497996 100644
--- a/lib/api/v3/merge_requests.rb
+++ b/lib/api/v3/merge_requests.rb
@@ -91,6 +91,8 @@ module API
           use :optional_params
         end
         post ":id/merge_requests" do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42126')
+
           authorize! :create_merge_request, user_project
 
           mr_params = declared_params(include_missing: false)
@@ -167,6 +169,8 @@ module API
                             :remove_source_branch
           end
           put path do
+            Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42127')
+
             merge_request = find_merge_request_with_access(params.delete(:merge_request_id), :update_merge_request)
 
             mr_params = declared_params(include_missing: false)
diff --git a/lib/api/v3/pipelines.rb b/lib/api/v3/pipelines.rb
index c48cbd2b765..6d31c12f572 100644
--- a/lib/api/v3/pipelines.rb
+++ b/lib/api/v3/pipelines.rb
@@ -19,6 +19,8 @@ module API
                               desc: 'Either running, branches, or tags'
         end
         get ':id/pipelines' do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42123')
+
           authorize! :read_pipeline, user_project
 
           pipelines = PipelinesFinder.new(user_project, scope: params[:scope]).execute
diff --git a/lib/api/v3/projects.rb b/lib/api/v3/projects.rb
index 446f804124b..c856ba99f09 100644
--- a/lib/api/v3/projects.rb
+++ b/lib/api/v3/projects.rb
@@ -173,9 +173,9 @@ module API
           use :sort_params
           use :pagination
         end
-        get "/search/:query", requirements: { query: /[^\/]+/ } do
+        get "/search/:query", requirements: { query: %r{[^/]+} } do
           search_service = Search::GlobalService.new(current_user, search: params[:query]).execute
-          projects = search_service.objects('projects', params[:page])
+          projects = search_service.objects('projects', params[:page], false)
           projects = projects.reorder(params[:order_by] => params[:sort])
 
           present paginate(projects), with: ::API::V3::Entities::Project
diff --git a/lib/api/v3/templates.rb b/lib/api/v3/templates.rb
index 7298203df10..b82b02b5f49 100644
--- a/lib/api/v3/templates.rb
+++ b/lib/api/v3/templates.rb
@@ -16,15 +16,15 @@ module API
         }
       }.freeze
       PROJECT_TEMPLATE_REGEX =
-        /[\<\{\[]
+        %r{[\<\{\[]
           (project|description|
           one\sline\s.+\swhat\sit\sdoes\.) # matching the start and end is enough here
-        [\>\}\]]/xi.freeze
+        [\>\}\]]}xi.freeze
       YEAR_TEMPLATE_REGEX = /[<{\[](year|yyyy)[>}\]]/i.freeze
       FULLNAME_TEMPLATE_REGEX =
-        /[\<\{\[]
+        %r{[\<\{\[]
           (fullname|name\sof\s(author|copyright\sowner))
-        [\>\}\]]/xi.freeze
+        [\>\}\]]}xi.freeze
       DEPRECATION_MESSAGE = ' This endpoint is deprecated and has been removed in V4.'.freeze
 
       helpers do
diff --git a/lib/api/v3/triggers.rb b/lib/api/v3/triggers.rb
index 534911fde5c..34f07dfb486 100644
--- a/lib/api/v3/triggers.rb
+++ b/lib/api/v3/triggers.rb
@@ -16,6 +16,8 @@ module API
           optional :variables, type: Hash, desc: 'The list of variables to be injected into build'
         end
         post ":id/(ref/:ref/)trigger/builds", requirements: { ref: /.+/ } do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42121')
+
           # validate variables
           params[:variables] = params[:variables].to_h
           unless params[:variables].all? { |key, value| key.is_a?(String) && value.is_a?(String) }
author	Douwe Maan <douwe@gitlab.com>	2018-02-06 19:08:06 +0300
committer	Douwe Maan <douwe@gitlab.com>	2018-02-06 19:08:06 +0300
commit	5db5a9cbd1192d776874a92e0a253c605f3c4417 (patch)
tree	67be95609ce038ec9c2fbdc45fb491bb223c7137 /lib/api
parent	a29f0c28fd07ba14f0d0e5fb9c878a2eb117e388 (diff)
parent	ba62493009c2360018709b660956a6173f3e1515 (diff)