15 files changed, 152 insertions, 101 deletions

diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index e33a58d3771..2df8b071e13 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -13,49 +13,6 @@ class ApplicationSetting < ActiveRecord::Base
                             [\r\n]          # any number of newline characters
                           }x
 
-  DEFAULTS_CE = {
-    after_sign_up_text: nil,
-    akismet_enabled: false,
-    container_registry_token_expire_delay: 5,
-    default_branch_protection: Settings.gitlab['default_branch_protection'],
-    default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],
-    default_projects_limit: Settings.gitlab['default_projects_limit'],
-    default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],
-    disabled_oauth_sign_in_sources: [],
-    domain_whitelist: Settings.gitlab['domain_whitelist'],
-    gravatar_enabled: Settings.gravatar['enabled'],
-    help_page_text: nil,
-    housekeeping_bitmaps_enabled: true,
-    housekeeping_enabled: true,
-    housekeeping_full_repack_period: 50,
-    housekeeping_gc_period: 200,
-    housekeeping_incremental_repack_period: 10,
-    import_sources: Gitlab::ImportSources.values,
-    koding_enabled: false,
-    koding_url: nil,
-    max_artifacts_size: Settings.artifacts['max_size'],
-    max_attachment_size: Settings.gitlab['max_attachment_size'],
-    plantuml_enabled: false,
-    plantuml_url: nil,
-    recaptcha_enabled: false,
-    repository_checks_enabled: true,
-    repository_storages: ['default'],
-    require_two_factor_authentication: false,
-    restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'],
-    session_expire_delay: Settings.gitlab['session_expire_delay'],
-    send_user_confirmation_email: false,
-    shared_runners_enabled: Settings.gitlab_ci['shared_runners_enabled'],
-    shared_runners_text: nil,
-    sidekiq_throttling_enabled: false,
-    sign_in_text: nil,
-    signin_enabled: Settings.gitlab['signin_enabled'],
-    signup_enabled: Settings.gitlab['signup_enabled'],
-    two_factor_grace_period: 48,
-    user_default_external: false
-  }
-
-  DEFAULTS = DEFAULTS_CE
-
   serialize :restricted_visibility_levels
   serialize :import_sources
   serialize :disabled_oauth_sign_in_sources, Array
@@ -199,14 +156,64 @@ class ApplicationSetting < ActiveRecord::Base
 
   def self.expire
     Rails.cache.delete(CACHE_KEY)
+  rescue
+    # Gracefully handle when Redis is not available. For example,
+    # omnibus may fail here during gitlab:assets:compile.
   end
 
   def self.cached
     Rails.cache.fetch(CACHE_KEY)
   end
 
+  def self.defaults_ce
+    {
+      after_sign_up_text: nil,
+      akismet_enabled: false,
+      container_registry_token_expire_delay: 5,
+      default_branch_protection: Settings.gitlab['default_branch_protection'],
+      default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],
+      default_projects_limit: Settings.gitlab['default_projects_limit'],
+      default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],
+      disabled_oauth_sign_in_sources: [],
+      domain_whitelist: Settings.gitlab['domain_whitelist'],
+      gravatar_enabled: Settings.gravatar['enabled'],
+      help_page_text: nil,
+      housekeeping_bitmaps_enabled: true,
+      housekeeping_enabled: true,
+      housekeeping_full_repack_period: 50,
+      housekeeping_gc_period: 200,
+      housekeeping_incremental_repack_period: 10,
+      import_sources: Gitlab::ImportSources.values,
+      koding_enabled: false,
+      koding_url: nil,
+      max_artifacts_size: Settings.artifacts['max_size'],
+      max_attachment_size: Settings.gitlab['max_attachment_size'],
+      plantuml_enabled: false,
+      plantuml_url: nil,
+      recaptcha_enabled: false,
+      repository_checks_enabled: true,
+      repository_storages: ['default'],
+      require_two_factor_authentication: false,
+      restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'],
+      session_expire_delay: Settings.gitlab['session_expire_delay'],
+      send_user_confirmation_email: false,
+      shared_runners_enabled: Settings.gitlab_ci['shared_runners_enabled'],
+      shared_runners_text: nil,
+      sidekiq_throttling_enabled: false,
+      sign_in_text: nil,
+      signin_enabled: Settings.gitlab['signin_enabled'],
+      signup_enabled: Settings.gitlab['signup_enabled'],
+      two_factor_grace_period: 48,
+      user_default_external: false
+    }
+  end
+
+  def self.defaults
+    defaults_ce
+  end
+
   def self.create_from_defaults
-    create(DEFAULTS)
+    create(defaults)
   end
 
   def home_page_url_column_exist
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index 5fe8ddf69d7..b1f77bf242c 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -275,29 +275,23 @@ module Ci
     end
 
     def update_coverage
-      return unless project
-      coverage_regex = project.build_coverage_regex
-      return unless coverage_regex
       coverage = extract_coverage(trace, coverage_regex)
-
-      if coverage.is_a? Numeric
-        update_attributes(coverage: coverage)
-      end
+      update_attributes(coverage: coverage) if coverage.present?
     end
 
     def extract_coverage(text, regex)
-      begin
-        matches = text.scan(Regexp.new(regex)).last
-        matches = matches.last if matches.kind_of?(Array)
-        coverage = matches.gsub(/\d+(\.\d+)?/).first
+      return unless regex
 
-        if coverage.present?
-          coverage.to_f
-        end
-      rescue
-        # if bad regex or something goes wrong we dont want to interrupt transition
-        # so we just silentrly ignore error for now
+      matches = text.scan(Regexp.new(regex)).last
+      matches = matches.last if matches.kind_of?(Array)
+      coverage = matches.gsub(/\d+(\.\d+)?/).first
+
+      if coverage.present?
+        coverage.to_f
       end
+    rescue
+      # if bad regex or something goes wrong we dont want to interrupt transition
+      # so we just silentrly ignore error for now
     end
 
     def has_trace_file?
@@ -522,6 +516,10 @@ module Ci
       self.update(artifacts_expire_at: nil)
     end
 
+    def coverage_regex
+      super || project.try(:build_coverage_regex)
+    end
+
     def when
       read_attribute(:when) || build_attributes_from_config[:when] || 'on_success'
     end
diff --git a/app/models/commit.rb b/app/models/commit.rb
index 316bd2e512b..46f06733da1 100644
--- a/app/models/commit.rb
+++ b/app/models/commit.rb
@@ -100,8 +100,8 @@ class Commit
     commit_reference(from_project, id, full: full)
   end
 
-  def reference_link_text(from_project = nil)
-    commit_reference(from_project, short_id)
+  def reference_link_text(from_project = nil, full: false)
+    commit_reference(from_project, short_id, full: full)
   end
 
   def diff_line_count
diff --git a/app/models/concerns/spammable.rb b/app/models/concerns/spammable.rb
index 1aa97debe42..1acff093aa1 100644
--- a/app/models/concerns/spammable.rb
+++ b/app/models/concerns/spammable.rb
@@ -34,7 +34,13 @@ module Spammable
   end
 
   def check_for_spam
-    self.errors.add(:base, "Your #{self.class.name.underscore} has been recognized as spam and has been discarded.") if spam?
+    if spam?
+      self.errors.add(:base, "Your #{spammable_entity_type} has been recognized as spam and has been discarded.")
+    end
+  end
+
+  def spammable_entity_type
+    self.class.name.underscore
   end
 
   def spam_title
diff --git a/app/models/environment.rb b/app/models/environment.rb
index 652abf18a8a..577367f1eed 100644
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@@ -1,7 +1,8 @@
 class Environment < ActiveRecord::Base
   # Used to generate random suffixes for the slug
+  LETTERS = 'a'..'z'
   NUMBERS = '0'..'9'
-  SUFFIX_CHARS = ('a'..'z').to_a + NUMBERS.to_a
+  SUFFIX_CHARS = LETTERS.to_a + NUMBERS.to_a
 
   belongs_to :project, required: true, validate: true
 
@@ -148,17 +149,24 @@ class Environment < ActiveRecord::Base
     slugified = name.to_s.downcase.gsub(/[^a-z0-9]/, '-')
 
     # Must start with a letter
-    slugified = "env-" + slugified if NUMBERS.cover?(slugified[0])
+    slugified = 'env-' + slugified unless LETTERS.cover?(slugified[0])
+
+    # Repeated dashes are invalid (OpenShift limitation)
+    slugified.gsub!(/\-+/, '-')
 
     # Maximum length: 24 characters (OpenShift limitation)
     slugified = slugified[0..23]
 
-    # Cannot end with a "-" character (Kubernetes label limitation)
-    slugified = slugified[0..-2] if slugified[-1] == "-"
+    # Cannot end with a dash (Kubernetes label limitation)
+    slugified.chop! if slugified.end_with?('-')
 
     # Add a random suffix, shortening the current string if necessary, if it
     # has been slugified. This ensures uniqueness.
-    slugified = slugified[0..16] + "-" + random_suffix if slugified != name
+    if slugified != name
+      slugified = slugified[0..16]
+      slugified << '-' unless slugified.end_with?('-')
+      slugified << random_suffix
+    end
 
     self.slug = slugified
   end
diff --git a/app/models/issue.rb b/app/models/issue.rb
index 65638d9a299..d8826b65fcc 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -97,10 +97,11 @@ class Issue < ActiveRecord::Base
     end
   end
 
-  def to_reference(from_project = nil, full: false)
+  # `from` argument can be a Namespace or Project.
+  def to_reference(from = nil, full: false)
     reference = "#{self.class.reference_prefix}#{iid}"
 
-    "#{project.to_reference(from_project, full: full)}#{reference}"
+    "#{project.to_reference(from, full: full)}#{reference}"
   end
 
   def referenced_merge_requests(current_user = nil)
diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb
index 6753504acff..082adcafcc8 100644
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -179,10 +179,11 @@ class MergeRequest < ActiveRecord::Base
     work_in_progress?(title) ? title : "WIP: #{title}"
   end
 
-  def to_reference(from_project = nil, full: false)
+  # `from` argument can be a Namespace or Project.
+  def to_reference(from = nil, full: false)
     reference = "#{self.class.reference_prefix}#{iid}"
 
-    "#{project.to_reference(from_project, full: full)}#{reference}"
+    "#{project.to_reference(from, full: full)}#{reference}"
   end
 
   def first_commit
diff --git a/app/models/project.rb b/app/models/project.rb
index 59faf35e051..37f4705adbd 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -225,6 +225,7 @@ class Project < ActiveRecord::Base
   scope :with_project_feature, -> { joins('LEFT JOIN project_features ON projects.id = project_features.project_id') }
   scope :with_statistics, -> { includes(:statistics) }
   scope :with_shared_runners, -> { where(shared_runners_enabled: true) }
+  scope :inside_path, ->(path) { joins(:route).where('routes.path LIKE ?', "#{path}/%") }
 
   # "enabled" here means "not disabled". It includes private features!
   scope :with_feature_enabled, ->(feature) {
@@ -591,10 +592,11 @@ class Project < ActiveRecord::Base
     end
   end
 
-  def to_reference(from_project = nil, full: false)
-    if full || cross_namespace_reference?(from_project)
+  # `from` argument can be a Namespace or Project.
+  def to_reference(from = nil, full: false)
+    if full || cross_namespace_reference?(from)
       path_with_namespace
-    elsif cross_project_reference?(from_project)
+    elsif cross_project_reference?(from)
       path
     end
   end
@@ -1291,21 +1293,26 @@ class Project < ActiveRecord::Base
 
   private
 
+  def cross_namespace_reference?(from)
+    case from
+    when Project
+      namespace != from.namespace
+    when Namespace
+      namespace != from
+    end
+  end
+
   # Check if a reference is being done cross-project
-  #
-  # from_project - Refering Project object
-  def cross_project_reference?(from_project)
-    from_project && self != from_project
+  def cross_project_reference?(from)
+    return true if from.is_a?(Namespace)
+
+    from && self != from
   end
 
   def pushes_since_gc_redis_key
     "projects/#{id}/pushes_since_gc"
   end
 
-  def cross_namespace_reference?(from_project)
-    from_project && namespace != from_project.namespace
-  end
-
   def default_branch_protected?
     current_application_settings.default_branch_protection == Gitlab::Access::PROTECTION_FULL ||
       current_application_settings.default_branch_protection == Gitlab::Access::PROTECTION_DEV_CAN_MERGE
diff --git a/app/models/project_services/chat_slash_commands_service.rb b/app/models/project_services/chat_slash_commands_service.rb
index 2bcff541cc0..5eb1bd86e9d 100644
--- a/app/models/project_services/chat_slash_commands_service.rb
+++ b/app/models/project_services/chat_slash_commands_service.rb
@@ -31,13 +31,13 @@ class ChatSlashCommandsService < Service
     return unless valid_token?(params[:token])
 
     user = find_chat_user(params)
-    unless user
+
+    if user
+      Gitlab::ChatCommands::Command.new(project, user, params).execute
+    else
       url = authorize_chat_name_url(params)
-      return presenter.authorize_chat_name(url)
+      Gitlab::ChatCommands::Presenters::Access.new(url).authorize
     end
-
-    Gitlab::ChatCommands::Command.new(project, user,
-      params).execute
   end
 
   private
@@ -49,8 +49,4 @@ class ChatSlashCommandsService < Service
   def authorize_chat_name_url(params)
     ChatNames::AuthorizeUserService.new(self, params).execute
   end
-
-  def presenter
-    Gitlab::ChatCommands::Presenter.new
-  end
 end
diff --git a/app/models/project_services/jira_service.rb b/app/models/project_services/jira_service.rb
index 2ac76e97de0..80d002f9c32 100644
--- a/app/models/project_services/jira_service.rb
+++ b/app/models/project_services/jira_service.rb
@@ -60,9 +60,9 @@ class JiraService < IssueTrackerService
   end
 
   def help
-    'You need to configure JIRA before enabling this service. For more details
+    "You need to configure JIRA before enabling this service. For more details
     read the
-    [JIRA service documentation](https://docs.gitlab.com/ce/project_services/jira.html).'
+    [JIRA service documentation](#{help_page_url('project_services/jira')})."
   end
 
   def title
diff --git a/app/models/project_services/mattermost_slash_commands_service.rb b/app/models/project_services/mattermost_slash_commands_service.rb
index 50a011db74e..b0f7a42f9a3 100644
--- a/app/models/project_services/mattermost_slash_commands_service.rb
+++ b/app/models/project_services/mattermost_slash_commands_service.rb
@@ -28,8 +28,8 @@ class MattermostSlashCommandsService < ChatSlashCommandsService
     [false, e.message]
   end
 
-  def list_teams(user)
-    Mattermost::Team.new(user).all
+  def list_teams(current_user)
+    [Mattermost::Team.new(current_user).all, nil]
   rescue Mattermost::Error => e
     [[], e.message]
   end
diff --git a/app/models/project_snippet.rb b/app/models/project_snippet.rb
index 25b5d777641..9bb456eee24 100644
--- a/app/models/project_snippet.rb
+++ b/app/models/project_snippet.rb
@@ -9,4 +9,8 @@ class ProjectSnippet < Snippet
 
   participant :author
   participant :notes_with_associations
+
+  def check_for_spam?
+    super && project.public?
+  end
 end
diff --git a/app/models/repository.rb b/app/models/repository.rb
index 43dba86e5ed..d77b7692d75 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -1188,7 +1188,18 @@ class Repository
   end
 
   def tags_sorted_by_committed_date
-    tags.sort_by { |tag| tag.dereferenced_target.committed_date }
+    tags.sort_by do |tag|
+      # Annotated tags can point to any object (e.g. a blob), but generally
+      # tags point to a commit. If we don't have a commit, then just default
+      # to putting the tag at the end of the list.
+      target = tag.dereferenced_target
+
+      if target
+        target.committed_date
+      else
+        Time.now
+      end
+    end
   end
 
   def keep_around_ref_name(sha)
diff --git a/app/models/snippet.rb b/app/models/snippet.rb
index 771a7350556..2665a7249a3 100644
--- a/app/models/snippet.rb
+++ b/app/models/snippet.rb
@@ -7,6 +7,7 @@ class Snippet < ActiveRecord::Base
   include Sortable
   include Awardable
   include Mentionable
+  include Spammable
 
   cache_markdown_field :title, pipeline: :single_line
   cache_markdown_field :content
@@ -17,7 +18,7 @@ class Snippet < ActiveRecord::Base
     default_content_html_invalidator || file_name_changed?
   end
 
-  default_value_for :visibility_level, Snippet::PRIVATE
+  default_value_for(:visibility_level) { current_application_settings.default_snippet_visibility }
 
   belongs_to :author, class_name: 'User'
   belongs_to :project
@@ -46,6 +47,9 @@ class Snippet < ActiveRecord::Base
   participant :author
   participant :notes_with_associations
 
+  attr_spammable :title, spam_title: true
+  attr_spammable :content, spam_description: true
+
   def self.reference_prefix
     '$'
   end
@@ -127,6 +131,14 @@ class Snippet < ActiveRecord::Base
     notes.includes(:author)
   end
 
+  def check_for_spam?
+    public?
+  end
+
+  def spammable_entity_type
+    'snippet'
+  end
+
   class << self
     # Searches for snippets with a matching title or file name.
     #
diff --git a/app/models/todo.rb b/app/models/todo.rb
index 4c99aa0d3be..2adf494ce11 100644
--- a/app/models/todo.rb
+++ b/app/models/todo.rb
@@ -103,9 +103,9 @@ class Todo < ActiveRecord::Base
 
   def target_reference
     if for_commit?
-      target.short_id
+      target.reference_link_text(full: true)
     else
-      target.to_reference
+      target.to_reference(full: true)
     end
   end