Add latest changes from gitlab-org/gitlab@master

3 files changed, 64 insertions, 0 deletions

diff --git a/lib/api/namespaces.rb b/lib/api/namespaces.rb
index 750dc7fc2a1..17425c288fc 100644
--- a/lib/api/namespaces.rb
+++ b/lib/api/namespaces.rb
@@ -34,6 +34,7 @@ module API
       params do
         optional :search, type: String, desc: 'Returns a list of namespaces the user is authorized to view based on the search criteria'
         optional :owned_only, type: Boolean, desc: 'In GitLab 14.2 and later, returns a list of owned namespaces only'
+        optional :top_level_only, type: Boolean, default: false, desc: 'Only include top level namespaces'
 
         use :pagination
         use :optional_list_params_ee
@@ -43,6 +44,8 @@ module API
 
         namespaces = current_user.admin ? Namespace.all : current_user.namespaces(owned_only: owned_only)
 
+        namespaces = namespaces.top_most if params[:top_level_only]
+
         namespaces = namespaces.without_project_namespaces.include_route
 
         namespaces = namespaces.include_gitlab_subscription_with_hosted_plan if Gitlab.ee?
diff --git a/lib/gitlab/slash_commands/presenters/access.rb b/lib/gitlab/slash_commands/presenters/access.rb
index e098762f290..56a960c9bbf 100644
--- a/lib/gitlab/slash_commands/presenters/access.rb
+++ b/lib/gitlab/slash_commands/presenters/access.rb
@@ -42,6 +42,17 @@ module Gitlab
 
           ephemeral_response(text: message)
         end
+
+        def confirm(url)
+          text = [
+            _("To ensure the highest security standards, we verify the source of all slash commands."),
+            Kernel.format(_("Please confirm the request by accessing %{url} through a web browser."),
+              url: "<#{url}|this link>"),
+            _("Upon successful validation, you're granted access to slash commands.")
+          ].join("\n\n")
+
+          ephemeral_response(text: text)
+        end
       end
     end
   end
diff --git a/lib/gitlab/slash_commands/verify_request.rb b/lib/gitlab/slash_commands/verify_request.rb
new file mode 100644
index 00000000000..41f71064573
--- /dev/null
+++ b/lib/gitlab/slash_commands/verify_request.rb
@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module SlashCommands
+    class VerifyRequest
+      attr_accessor :integration, :chat_name, :response_url
+
+      def initialize(integration, chat_name, response_url = nil)
+        @integration = integration
+        @chat_name = chat_name
+        @response_url = response_url
+      end
+
+      def approve!
+        update_token!
+        update_source_message
+      end
+
+      def valid?
+        return false if integration.token.nil? || chat_name.token.nil?
+
+        ActiveSupport::SecurityUtils.secure_compare(integration.token, chat_name.token)
+      end
+
+      private
+
+      def update_token!
+        chat_name.update!(token: integration.token)
+      end
+
+      def update_source_message
+        request_body = Gitlab::Json.dump(verified_request_body)
+
+        Gitlab::HTTP.post(response_url, body: request_body, headers: headers)
+      end
+
+      def verified_request_body
+        {
+          'replace_original' => 'true',
+          'text' => _("You've successfully verified! You now have access to slash commands. " \
+                      "Thanks for helping ensure security!")
+        }
+      end
+
+      def headers
+        { 'Content-Type' => 'application/json' }
+      end
+    end
+  end
+end