15 files changed, 127 insertions, 36 deletions
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
index 1f1c01c8fcc..bc3308fd6c6 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -177,7 +177,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
       message << _("Create a GitLab account first, and then connect it to your %{label} account.") % { label: label }
     end
 
-    flash[:notice] = message.join(' ')
+    flash[:alert] = message.join(' ')
     redirect_to new_user_session_path
   end
 
diff --git a/changelogs/unreleased/add-db-timings-to-sidekiq-logs.yml b/changelogs/unreleased/add-db-timings-to-sidekiq-logs.yml
new file mode 100644
index 00000000000..8abb22a1d74
--- /dev/null
+++ b/changelogs/unreleased/add-db-timings-to-sidekiq-logs.yml
@@ -0,0 +1,5 @@
+---
+title: Log database time in Sidekiq JSON logs
+merge_request: 22548
+author:
+type: other
diff --git a/changelogs/unreleased/display-rules-without-approvers.yml b/changelogs/unreleased/display-rules-without-approvers.yml
new file mode 100644
index 00000000000..86bc7c2711c
--- /dev/null
+++ b/changelogs/unreleased/display-rules-without-approvers.yml
@@ -0,0 +1,5 @@
+---
+title: Show regular rules without approvers
+merge_request: 21918
+author:
+type: fixed
diff --git a/changelogs/unreleased/link-types-api-rest.yml b/changelogs/unreleased/link-types-api-rest.yml
new file mode 100644
index 00000000000..ead1d36a136
--- /dev/null
+++ b/changelogs/unreleased/link-types-api-rest.yml
@@ -0,0 +1,5 @@
+---
+title: Expose issue link type in REST API
+merge_request: 21375
+author:
+type: added
diff --git a/changelogs/unreleased/omniauth-redirect-loop.yml b/changelogs/unreleased/omniauth-redirect-loop.yml
new file mode 100644
index 00000000000..793245f59d9
--- /dev/null
+++ b/changelogs/unreleased/omniauth-redirect-loop.yml
@@ -0,0 +1,5 @@
+---
+title: "Prevent omniauth signup redirect loop"
+merge_request: 22432
+author: Balazs Nagy
+type: fixed
diff --git a/changelogs/unreleased/update-set-value-to-2-0-1.yml b/changelogs/unreleased/update-set-value-to-2-0-1.yml
new file mode 100644
index 00000000000..a4d64da276c
--- /dev/null
+++ b/changelogs/unreleased/update-set-value-to-2-0-1.yml
@@ -0,0 +1,5 @@
+---
+title: Update set-value from 2.0.0 to 2.0.1
+merge_request: 22366
+author: Takuya Noguchi
+type: security
diff --git a/doc/administration/logs.md b/doc/administration/logs.md
index 81a8f537e08..74ba2123c6e 100644
--- a/doc/administration/logs.md
+++ b/doc/administration/logs.md
@@ -249,7 +249,7 @@ Instead of the format above, you can opt to generate JSON logs for
 Sidekiq. For example:
 
 ```json
-{"severity":"INFO","time":"2018-04-03T22:57:22.071Z","queue":"cronjob:update_all_mirrors","args":[],"class":"UpdateAllMirrorsWorker","retry":false,"queue_namespace":"cronjob","jid":"06aeaa3b0aadacf9981f368e","created_at":"2018-04-03T22:57:21.930Z","enqueued_at":"2018-04-03T22:57:21.931Z","pid":10077,"message":"UpdateAllMirrorsWorker JID-06aeaa3b0aadacf9981f368e: done: 0.139 sec","job_status":"done","duration":0.139,"completed_at":"2018-04-03T22:57:22.071Z"}
+{"severity":"INFO","time":"2018-04-03T22:57:22.071Z","queue":"cronjob:update_all_mirrors","args":[],"class":"UpdateAllMirrorsWorker","retry":false,"queue_namespace":"cronjob","jid":"06aeaa3b0aadacf9981f368e","created_at":"2018-04-03T22:57:21.930Z","enqueued_at":"2018-04-03T22:57:21.931Z","pid":10077,"message":"UpdateAllMirrorsWorker JID-06aeaa3b0aadacf9981f368e: done: 0.139 sec","job_status":"done","duration":0.139,"completed_at":"2018-04-03T22:57:22.071Z","db_duration":0.05,"db_duration_s":0.0005,"gitaly_duration":0,"gitaly_calls":0}
 ```
 
 For Omnibus GitLab installations, add the configuration option:
diff --git a/doc/administration/troubleshooting/debug.md b/doc/administration/troubleshooting/debug.md
index 3007b711405..b754b954391 100644
--- a/doc/administration/troubleshooting/debug.md
+++ b/doc/administration/troubleshooting/debug.md
@@ -196,7 +196,7 @@ is a Unicorn worker that is spinning via `top`. Try to use the `gdb`
 techniques above. In addition, using `strace` may help isolate issues:
 
 ```shell
-strace -tt -T -f -s 1024 -p <PID of unicorn worker> -o /tmp/unicorn.txt
+strace -ttTfyyy -s 1024 -p <PID of unicorn worker> -o /tmp/unicorn.txt
 ```
 
 If you cannot isolate which Unicorn worker is the issue, try to run `strace`
@@ -204,7 +204,7 @@ on all the Unicorn workers to see where the `/internal/allowed` endpoint gets
 stuck:
 
 ```shell
-ps auwx | grep unicorn | awk '{ print " -p " $2}' | xargs strace -tt -T -f -s 1024 -o /tmp/unicorn.txt
+ps auwx | grep unicorn | awk '{ print " -p " $2}' | xargs  strace -ttTfyyy -s 1024 -o /tmp/unicorn.txt
 ```
 
 The output in `/tmp/unicorn.txt` may help diagnose the root cause.
diff --git a/doc/api/issue_links.md b/doc/api/issue_links.md
index 9351b3e4dd5..7c7901d5551 100644
--- a/doc/api/issue_links.md
+++ b/doc/api/issue_links.md
@@ -48,6 +48,7 @@ Parameters:
     "web_url": "http://example.com/example/example/issues/14",
     "confidential": false,
     "weight": null,
+    "link_type": "relates_to"
   }
 ]
 ```
@@ -66,6 +67,7 @@ POST /projects/:id/issues/:issue_iid/links
 | `issue_iid` | integer | yes      | The internal ID of a project's issue |
 | `target_project_id` | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) of a target project  |
 | `target_issue_iid` | integer/string | yes      | The internal ID of a target project's issue |
+| `link_type` | string  | no | The type of the relation ("relates_to", "blocks", "is_blocked_by"), defaults to "relates_to"). Ignored unless `issue_link_types` feature flag is enabled. |
 
 ```bash
 curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/4/issues/1/links?target_project_id=5&target_issue_iid=1"
@@ -134,7 +136,8 @@ Example response:
     "web_url": "http://example.com/example/example/issues/14",
     "confidential": false,
     "weight": null,
-  }
+  },
+  "link_type": "relates_to"
 }
 ```
 
@@ -151,6 +154,7 @@ DELETE /projects/:id/issues/:issue_iid/links/:issue_link_id
 | `id`        | integer/string | yes      | The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding) owned by the authenticated user  |
 | `issue_iid` | integer | yes      | The internal ID of a project's issue |
 | `issue_link_id` | integer/string | yes      | The ID of an issue relationship |
+| `link_type` | string  | no | The type of the relation ('relates_to', 'blocks', 'is_blocked_by'), defaults to 'relates_to' |
 
 ```json
 {
@@ -213,6 +217,7 @@ DELETE /projects/:id/issues/:issue_iid/links/:issue_link_id
     "web_url": "http://example.com/example/example/issues/14",
     "confidential": false,
     "weight": null,
-  }
+  },
+  "link_type": "relates_to"
 }
 ```
diff --git a/lib/gitlab/sidekiq_logging/structured_logger.rb b/lib/gitlab/sidekiq_logging/structured_logger.rb
index bcc2e77714d..2baa16abe27 100644
--- a/lib/gitlab/sidekiq_logging/structured_logger.rb
+++ b/lib/gitlab/sidekiq_logging/structured_logger.rb
@@ -1,5 +1,8 @@
 # frozen_string_literal: true
 
+require 'active_record'
+require 'active_record/log_subscriber'
+
 module Gitlab
   module SidekiqLogging
     class StructuredLogger
@@ -10,6 +13,7 @@ module Gitlab
       def call(job, queue)
         started_time = get_time
         base_payload = parse_job(job)
+        ActiveRecord::LogSubscriber.reset_runtime
 
         Sidekiq.logger.info log_job_start(base_payload)
 
@@ -63,6 +67,9 @@ module Gitlab
 
         convert_to_iso8601(payload, DONE_TIMESTAMP_FIELDS)
 
+        payload['db_duration'] = ActiveRecord::LogSubscriber.runtime
+        payload['db_duration_s'] = payload['db_duration'] / 1000
+
         payload
       end
 
diff --git a/spec/controllers/omniauth_callbacks_controller_spec.rb b/spec/controllers/omniauth_callbacks_controller_spec.rb
index 6c5f36804e8..8b92976252c 100644
--- a/spec/controllers/omniauth_callbacks_controller_spec.rb
+++ b/spec/controllers/omniauth_callbacks_controller_spec.rb
@@ -287,6 +287,34 @@ describe OmniauthCallbacksController, type: :controller, do_not_mock_admin_mode:
       request.env['omniauth.auth'] = Rails.application.env_config['omniauth.auth']
     end
 
+    context 'sign up' do
+      before do
+        user.destroy
+      end
+
+      it 'denies login if sign up is enabled, but block_auto_created_users is set' do
+        post :saml, params: { SAMLResponse: mock_saml_response }
+
+        expect(flash[:alert]).to start_with 'Your account has been blocked.'
+      end
+
+      it 'accepts login if sign up is enabled' do
+        stub_omniauth_setting(block_auto_created_users: false)
+
+        post :saml, params: { SAMLResponse: mock_saml_response }
+
+        expect(request.env['warden']).to be_authenticated
+      end
+
+      it 'denies login if sign up is not enabled' do
+        stub_omniauth_setting(allow_single_sign_on: false, block_auto_created_users: false)
+
+        post :saml, params: { SAMLResponse: mock_saml_response }
+
+        expect(flash[:alert]).to start_with 'Signing in using your saml account without a pre-existing GitLab account is not allowed.'
+      end
+    end
+
     context 'with GitLab initiated request' do
       before do
         post :saml, params: { SAMLResponse: mock_saml_response }
diff --git a/spec/frontend/diffs/components/settings_dropdown_spec.js b/spec/frontend/diffs/components/settings_dropdown_spec.js
index c360f5584ca..6aed445ad71 100644
--- a/spec/frontend/diffs/components/settings_dropdown_spec.js
+++ b/spec/frontend/diffs/components/settings_dropdown_spec.js
@@ -25,7 +25,7 @@ describe('Diff settiings dropdown component', () => {
 
     extendStore(store);
 
-    vm = mount(localVue.extend(SettingsDropdown), {
+    vm = mount(SettingsDropdown, {
       localVue,
       store,
       sync: false,
diff --git a/spec/frontend/frequent_items/components/frequent_items_search_input_spec.js b/spec/frontend/frequent_items/components/frequent_items_search_input_spec.js
index e5f1ab21c7f..b708fd4cf68 100644
--- a/spec/frontend/frequent_items/components/frequent_items_search_input_spec.js
+++ b/spec/frontend/frequent_items/components/frequent_items_search_input_spec.js
@@ -1,13 +1,10 @@
-import { shallowMount, createLocalVue } from '@vue/test-utils';
+import { shallowMount } from '@vue/test-utils';
 import searchComponent from '~/frequent_items/components/frequent_items_search_input.vue';
 import eventHub from '~/frequent_items/event_hub';
 
-const localVue = createLocalVue();
-
 const createComponent = (namespace = 'projects') =>
-  shallowMount(localVue.extend(searchComponent), {
+  shallowMount(searchComponent, {
     propsData: { namespace },
-    localVue,
     sync: false,
   });
 
@@ -42,7 +39,7 @@ describe('FrequentItemsSearchInputComponent', () => {
       jest.spyOn(eventHub, '$on').mockImplementation(() => {});
       const vmX = createComponent().vm;
 
-      localVue.nextTick(() => {
+      vmX.$nextTick(() => {
         expect(eventHub.$on).toHaveBeenCalledWith(
           `${vmX.namespace}-dropdownOpen`,
           expect.any(Function),
@@ -60,7 +57,7 @@ describe('FrequentItemsSearchInputComponent', () => {
       vmX.$mount();
       vmX.$destroy();
 
-      localVue.nextTick(() => {
+      vmX.$nextTick(() => {
         expect(eventHub.$off).toHaveBeenCalledWith(
           `${vmX.namespace}-dropdownOpen`,
           expect.any(Function),
diff --git a/spec/lib/gitlab/sidekiq_logging/structured_logger_spec.rb b/spec/lib/gitlab/sidekiq_logging/structured_logger_spec.rb
index 772b0168a2a..20adfe7091c 100644
--- a/spec/lib/gitlab/sidekiq_logging/structured_logger_spec.rb
+++ b/spec/lib/gitlab/sidekiq_logging/structured_logger_spec.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'fast_spec_helper'
+require 'spec_helper'
 
 describe Gitlab::SidekiqLogging::StructuredLogger do
   describe '#call' do
@@ -40,8 +40,10 @@ describe Gitlab::SidekiqLogging::StructuredLogger do
         'message' => 'TestWorker JID-da883554ee4fe414012f5f42: done: 0.0 sec',
         'job_status' => 'done',
         'duration' => 0.0,
-        "completed_at" => timestamp.iso8601(3),
-        "cpu_s" => 1.111112
+        'completed_at' => timestamp.iso8601(3),
+        'cpu_s' => 1.111112,
+        'db_duration' => 0,
+        'db_duration_s' => 0
       )
     end
     let(:exception_payload) do
@@ -183,6 +185,43 @@ describe Gitlab::SidekiqLogging::StructuredLogger do
         end
       end
     end
+
+    context 'when the job performs database queries' do
+      before do
+        allow(Time).to receive(:now).and_return(timestamp)
+        allow(Process).to receive(:clock_gettime).and_call_original
+      end
+
+      let(:expected_start_payload) { start_payload.except('args') }
+
+      let(:expected_end_payload) do
+        end_payload.except('args').merge('cpu_s' => a_value > 0)
+      end
+
+      let(:expected_end_payload_with_db) do
+        expected_end_payload.merge(
+          'db_duration' => a_value >= 100,
+          'db_duration_s' => a_value >= 0.1
+        )
+      end
+
+      it 'logs the database time' do
+        expect(logger).to receive(:info).with(expected_start_payload).ordered
+        expect(logger).to receive(:info).with(expected_end_payload_with_db).ordered
+
+        subject.call(job, 'test_queue') { ActiveRecord::Base.connection.execute('SELECT pg_sleep(0.1);') }
+      end
+
+      it 'prevents database time from leaking to the next job' do
+        expect(logger).to receive(:info).with(expected_start_payload).ordered
+        expect(logger).to receive(:info).with(expected_end_payload_with_db).ordered
+        expect(logger).to receive(:info).with(expected_start_payload).ordered
+        expect(logger).to receive(:info).with(expected_end_payload).ordered
+
+        subject.call(job, 'test_queue') { ActiveRecord::Base.connection.execute('SELECT pg_sleep(0.1);') }
+        subject.call(job, 'test_queue') { }
+      end
+    end
   end
 
   describe '#add_time_keys!' do
diff --git a/yarn.lock b/yarn.lock
index decb9e3e5d6..27a5b97a3d8 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -6118,7 +6118,7 @@ is-plain-obj@^1.1.0:
   resolved "https://registry.yarnpkg.com/is-plain-obj/-/is-plain-obj-1.1.0.tgz#71a50c8429dfca773c92a390a4a03b39fcd51d3e"
   integrity sha1-caUMhCnfync8kqOQpKA7OfzVHT4=
 
-is-plain-object@^2.0.1, is-plain-object@^2.0.3, is-plain-object@^2.0.4:
+is-plain-object@^2.0.3, is-plain-object@^2.0.4:
   version "2.0.4"
   resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-2.0.4.tgz#2c163b3fafb1b606d9d17928f05c2a1c38e07677"
   integrity sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==
@@ -10076,20 +10076,10 @@ set-blocking@^2.0.0, set-blocking@~2.0.0:
   resolved "https://registry.yarnpkg.com/set-blocking/-/set-blocking-2.0.0.tgz#045f9782d011ae9a6803ddd382b24392b3d890f7"
   integrity sha1-BF+XgtARrppoA93TgrJDkrPYkPc=
 
-set-value@^0.4.3:
-  version "0.4.3"
-  resolved "https://registry.yarnpkg.com/set-value/-/set-value-0.4.3.tgz#7db08f9d3d22dc7f78e53af3c3bf4666ecdfccf1"
-  integrity sha1-fbCPnT0i3H945Trzw79GZuzfzPE=
-  dependencies:
-    extend-shallow "^2.0.1"
-    is-extendable "^0.1.1"
-    is-plain-object "^2.0.1"
-    to-object-path "^0.3.0"
-
-set-value@^2.0.0:
-  version "2.0.0"
-  resolved "https://registry.yarnpkg.com/set-value/-/set-value-2.0.0.tgz#71ae4a88f0feefbbf52d1ea604f3fb315ebb6274"
-  integrity sha512-hw0yxk9GT/Hr5yJEYnHNKYXkIA8mVJgd9ditYZCe16ZczcaELYYcfvaXesNACk2O8O0nTiPQcQhGUQj8JLzeeg==
+set-value@^2.0.0, set-value@^2.0.1:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/set-value/-/set-value-2.0.1.tgz#a18d40530e6f07de4228c7defe4227af8cad005b"
+  integrity sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==
   dependencies:
     extend-shallow "^2.0.1"
     is-extendable "^0.1.1"
@@ -11349,14 +11339,14 @@ unified@^7.0.0:
     x-is-string "^0.1.0"
 
 union-value@^1.0.0:
-  version "1.0.0"
-  resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.0.tgz#5c71c34cb5bad5dcebe3ea0cd08207ba5aa1aea4"
-  integrity sha1-XHHDTLW61dzr4+oM0IIHulqhrqQ=
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.1.tgz#0b6fe7b835aecda61c6ea4d4f02c14221e109847"
+  integrity sha512-tJfXmxMeWYnczCVs7XAEvIV7ieppALdyepWMkHkwciRpZraG/xwT+s2JN8+pr1+8jCRf80FFzvr+MpQeeoF4Xg==
   dependencies:
     arr-union "^3.1.0"
     get-value "^2.0.6"
     is-extendable "^0.1.1"
-    set-value "^0.4.3"
+    set-value "^2.0.1"
 
 uniq@^1.0.1:
   version "1.0.1"