Add latest changes from gitlab-org/gitlab@master

9 files changed, 90 insertions, 10 deletions

diff --git a/lib/api/internal/base.rb b/lib/api/internal/base.rb
index 7963adfd7f4..1fe884eea13 100644
--- a/lib/api/internal/base.rb
+++ b/lib/api/internal/base.rb
@@ -129,20 +129,15 @@ module API
         #
         # Discover user by ssh key, user id or username
         #
-        # rubocop: disable CodeReuse/ActiveRecord
-        get "/discover" do
+        get '/discover' do
           if params[:key_id]
-            key = Key.find(params[:key_id])
-            user = key.user
-          elsif params[:user_id]
-            user = User.find_by(id: params[:user_id])
+            user = UserFinder.new(params[:key_id]).find_by_ssh_key_id
           elsif params[:username]
             user = UserFinder.new(params[:username]).find_by_username
           end
 
           present user, with: Entities::UserSafe
         end
-        # rubocop: enable CodeReuse/ActiveRecord
 
         get "/check" do
           {
diff --git a/lib/api/users.rb b/lib/api/users.rb
index ff8b82e1898..ff0b1e87b03 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -459,6 +459,42 @@ module API
       end
       # rubocop: enable CodeReuse/ActiveRecord
 
+      desc 'Activate a deactivated user. Available only for admins.'
+      params do
+        requires :id, type: Integer, desc: 'The ID of the user'
+      end
+      # rubocop: disable CodeReuse/ActiveRecord
+      post ':id/activate' do
+        authenticated_as_admin!
+
+        user = User.find_by(id: params[:id])
+        not_found!('User') unless user
+        forbidden!('A blocked user must be unblocked to be activated') if user.blocked?
+
+        user.activate
+      end
+      # rubocop: enable CodeReuse/ActiveRecord
+      desc 'Deactivate an active user. Available only for admins.'
+      params do
+        requires :id, type: Integer, desc: 'The ID of the user'
+      end
+      # rubocop: disable CodeReuse/ActiveRecord
+      post ':id/deactivate' do
+        authenticated_as_admin!
+        user = User.find_by(id: params[:id])
+        not_found!('User') unless user
+
+        break if user.deactivated?
+
+        unless user.can_be_deactivated?
+          forbidden!('A blocked user cannot be deactivated by the API') if user.blocked?
+          forbidden!("The user you are trying to deactivate has been active in the past #{::User::MINIMUM_INACTIVE_DAYS} days and cannot be deactivated")
+        end
+
+        user.deactivate
+      end
+      # rubocop: enable CodeReuse/ActiveRecord
+
       desc 'Block a user. Available only for admins.'
       params do
         requires :id, type: Integer, desc: 'The ID of the user'
@@ -489,6 +525,8 @@ module API
 
         if user.ldap_blocked?
           forbidden!('LDAP blocked users cannot be unblocked by the API')
+        elsif user.deactivated?
+          forbidden!('Deactivated users cannot be unblocked by the API')
         else
           user.activate
         end
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index ecba0ffbc46..4217859f9fb 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -69,7 +69,7 @@ module Gitlab
         Gitlab::Auth::UniqueIpsLimiter.limit_user! do
           user = User.by_login(login)
 
-          break if user && !user.active?
+          break if user && !user.can?(:log_in)
 
           authenticators = []
 
diff --git a/lib/gitlab/auth/user_access_denied_reason.rb b/lib/gitlab/auth/user_access_denied_reason.rb
index fd09fe76c02..e73f6ca808c 100644
--- a/lib/gitlab/auth/user_access_denied_reason.rb
+++ b/lib/gitlab/auth/user_access_denied_reason.rb
@@ -14,6 +14,9 @@ module Gitlab
         when :terms_not_accepted
           "You (#{@user.to_reference}) must accept the Terms of Service in order to perform this action. "\
           "Please access GitLab from a web browser to accept these terms."
+        when :deactivated
+          "Your account has been deactivated by your administrator. "\
+          "Please log back in from a web browser to reactivate your account at #{Gitlab.config.gitlab.url}"
         else
           "Your account has been blocked."
         end
@@ -26,6 +29,8 @@ module Gitlab
           :internal
         elsif @user.required_terms_not_accepted?
           :terms_not_accepted
+        elsif @user.deactivated?
+          :deactivated
         else
           :blocked
         end
diff --git a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
index 7f9a7df2f31..f058468ed8e 100644
--- a/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml
@@ -1,9 +1,12 @@
 # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/container_scanning/
 
+variables:
+  CS_MAJOR_VERSION: 1
+
 container_scanning:
   stage: test
   image:
-    name: registry.gitlab.com/gitlab-org/security-products/analyzers/klar:$CI_SERVER_VERSION_MAJOR-$CI_SERVER_VERSION_MINOR-stable
+    name: registry.gitlab.com/gitlab-org/security-products/analyzers/klar:$CS_MAJOR_VERSION
     entrypoint: []
   variables:
     # By default, use the latest clair vulnerabilities database, however, allow it to be overridden here
diff --git a/lib/gitlab/diff/file_collection/merge_request_diff_batch.rb b/lib/gitlab/diff/file_collection/merge_request_diff_batch.rb
index c6d1e0b93a7..663326e01d5 100644
--- a/lib/gitlab/diff/file_collection/merge_request_diff_batch.rb
+++ b/lib/gitlab/diff/file_collection/merge_request_diff_batch.rb
@@ -29,6 +29,10 @@ module Gitlab
           }
         end
 
+        def diff_file_paths
+          diff_files.map(&:file_path)
+        end
+
         override :diffs
         def diffs
           strong_memoize(:diffs) do
diff --git a/lib/gitlab/diff/lines_unfolder.rb b/lib/gitlab/diff/lines_unfolder.rb
index 0bd18fe9622..6def3a074a3 100644
--- a/lib/gitlab/diff/lines_unfolder.rb
+++ b/lib/gitlab/diff/lines_unfolder.rb
@@ -54,7 +54,7 @@ module Gitlab
       def unfold_required?
         strong_memoize(:unfold_required) do
           next false unless @diff_file.text?
-          next false unless @position.on_text? && @position.unchanged?
+          next false unless @position.unfoldable?
           next false if @diff_file.new_file? || @diff_file.deleted_file?
           next false unless @position.old_line
           # Invalid position (MR import scenario)
diff --git a/lib/gitlab/diff/position.rb b/lib/gitlab/diff/position.rb
index 5fe06b9c5e6..8b99fd5cd42 100644
--- a/lib/gitlab/diff/position.rb
+++ b/lib/gitlab/diff/position.rb
@@ -79,6 +79,10 @@ module Gitlab
         formatter.line_age
       end
 
+      def unfoldable?
+        on_text? && unchanged?
+      end
+
       def unchanged?
         type.nil?
       end
diff --git a/lib/gitlab/diff/position_collection.rb b/lib/gitlab/diff/position_collection.rb
new file mode 100644
index 00000000000..59c60f77aaa
--- /dev/null
+++ b/lib/gitlab/diff/position_collection.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Diff
+    class PositionCollection
+      include Enumerable
+
+      # collection - An array of Gitlab::Diff::Position
+      def initialize(collection, diff_head_sha)
+        @collection = collection
+        @diff_head_sha = diff_head_sha
+      end
+
+      def each(&block)
+        @collection.each(&block)
+      end
+
+      def concat(positions)
+        tap { @collection.concat(positions) }
+      end
+
+      # Doing a lightweight filter in-memory given we're not prepared for querying
+      # positions (https://gitlab.com/gitlab-org/gitlab/issues/33271).
+      def unfoldable
+        select do |position|
+          position.unfoldable? && position.head_sha == @diff_head_sha
+        end
+      end
+    end
+  end
+end