From d10a462fedbd7794a83abdba9b4526600f71de5b Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Mon, 16 Dec 2019 12:07:43 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- Gemfile | 2 +- Gemfile.lock | 4 +- app/assets/javascripts/blob/openapi/index.js | 19 +++ app/assets/javascripts/blob/openapi_viewer.js | 3 + app/assets/javascripts/blob/viewer/index.js | 3 + app/assets/javascripts/lib/utils/axios_utils.js | 4 +- .../suppress_ajax_errors_during_navigation.js | 4 +- app/assets/stylesheets/framework/files.scss | 5 + app/controllers/application_controller.rb | 4 +- app/controllers/concerns/issuable_actions.rb | 2 +- app/controllers/projects/ci/lints_controller.rb | 10 +- app/helpers/application_settings_helper.rb | 1 + app/helpers/icons_helper.rb | 2 +- app/helpers/users_helper.rb | 2 +- app/models/application_setting.rb | 6 + app/models/application_setting_implementation.rb | 3 + app/models/blob.rb | 1 + app/models/blob_viewer/open_api.rb | 15 ++ app/models/ci/build.rb | 2 +- app/models/ci/persistent_ref.rb | 4 +- app/models/ci/pipeline.rb | 1 + app/models/clusters/cluster.rb | 2 +- app/models/clusters/concerns/application_core.rb | 2 +- app/models/concerns/group_descendant.rb | 2 +- app/models/concerns/storage/legacy_namespace.rb | 2 +- app/models/merge_request.rb | 2 +- app/models/upload.rb | 2 +- app/models/uploads/local.rb | 2 +- app/models/user.rb | 5 + app/services/ci/archive_trace_service.rb | 2 +- .../generate_exposed_artifacts_report_service.rb | 2 +- app/services/ci/prepare_build_service.rb | 2 +- app/services/ci/register_job_service.rb | 2 +- .../clusters/applications/base_helm_service.rb | 2 +- .../container_repository/delete_tags_service.rb | 2 +- app/services/projects/fork_service.rb | 18 ++- app/services/projects/import_service.rb | 4 +- .../proxy_variable_substitution_service.rb | 2 +- app/services/users/build_service.rb | 2 +- .../admin/application_settings/_signup.html.haml | 6 + app/views/projects/blob/viewers/_openapi.html.haml | 1 + app/workers/delete_stored_files_worker.rb | 2 +- app/workers/pages_domain_removal_cron_worker.rb | 2 +- app/workers/run_pipeline_schedule_worker.rb | 2 +- app/workers/stuck_ci_jobs_worker.rb | 2 +- .../32115-structured-logging-mail_room.yml | 5 + ...opy-requirements-for-new-user-passwords-mvc.yml | 5 + ...expect-oci-image-configs-to-have-created-fi.yml | 5 + changelogs/unreleased/feat-openapi-viewer.yml | 5 + .../unreleased/make-workflow-rules-to-work.yml | 5 + .../osw-refresh-forks-count-cache-correctly.yml | 5 + .../yaml-processor-validation-errors.yml | 5 + config/gitlab.yml.example | 5 + .../devise_dynamic_password_length_validation.rb | 37 +++++ .../initializers/forbid_sidekiq_in_transactions.rb | 2 +- config/initializers/sentry.rb | 2 +- config/mail_room.yml | 2 + ...imum_password_length_to_application_settings.rb | 11 ++ ...0191205084057_update_minimum_password_length.rb | 24 +++ db/schema.rb | 1 + doc/administration/logs.md | 11 ++ doc/ci/variables/predefined_variables.md | 1 + doc/development/logging.md | 18 +-- doc/security/password_length_limits.md | 38 ++++- .../img/minimum_password_length_settings_v12_6.png | Bin 0 -> 29714 bytes .../admin_area/settings/sign_up_restrictions.md | 7 + doc/user/gitlab_com/index.md | 37 +++-- lib/api/helpers.rb | 4 +- lib/container_registry/tag.rb | 2 + lib/gitlab/bitbucket_import/importer.rb | 2 +- lib/gitlab/bitbucket_server_import/importer.rb | 10 +- lib/gitlab/ci/config.rb | 2 +- lib/gitlab/ci/config/entry/job.rb | 19 ++- lib/gitlab/ci/config/entry/root.rb | 6 +- lib/gitlab/ci/config/entry/workflow.rb | 4 + lib/gitlab/ci/pipeline/chain/config/process.rb | 2 +- .../ci/pipeline/chain/evaluate_workflow_rules.rb | 20 ++- lib/gitlab/ci/yaml_processor.rb | 28 +++- lib/gitlab/config/entry/configurable.rb | 17 +- lib/gitlab/diff/file_collection/base.rb | 6 +- lib/gitlab/diff/highlight.rb | 2 +- lib/gitlab/diff/highlight_cache.rb | 12 +- lib/gitlab/error_tracking.rb | 154 ++++++++++++++++++ lib/gitlab/error_tracking/logger.rb | 11 ++ lib/gitlab/file_detector.rb | 5 +- lib/gitlab/gitaly_client.rb | 2 +- .../importer/pull_request_importer.rb | 2 +- lib/gitlab/gon_helper.rb | 1 - lib/gitlab/gpg.rb | 2 +- lib/gitlab/graphql/calls_gitaly/instrumentation.rb | 2 +- .../graphql/query_analyzers/logger_analyzer.rb | 4 +- lib/gitlab/highlight.rb | 2 +- lib/gitlab/import_export/relation_tree_restorer.rb | 2 +- lib/gitlab/import_export/shared.rb | 2 +- lib/gitlab/mail_room.rb | 15 +- lib/gitlab/sentry.rb | 154 ------------------ lib/gitlab/sentry/logger.rb | 11 -- lib/gitlab/shell.rb | 6 +- lib/gitlab/usage_data_counters/base_counter.rb | 2 +- lib/sentry/client.rb | 6 +- locale/gitlab.pot | 24 +-- package.json | 1 + scripts/review_apps/base-config.yaml | 4 +- .../admin/application_settings_controller_spec.rb | 7 + .../controllers/projects/issues_controller_spec.rb | 4 +- .../projects/merge_requests_controller_spec.rb | 4 +- .../container_registry/config_blob_helm.json | 8 + .../container_registry/tag_manifest_helm.json | 15 ++ spec/frontend/fixtures/static/projects.json | 9 -- .../suppress_ajax_errors_during_navigation_spec.js | 18 +-- spec/lib/container_registry/tag_spec.rb | 23 +++ spec/lib/gitlab/ci/config/entry/job_spec.rb | 46 +++++- spec/lib/gitlab/ci/config_spec.rb | 4 +- spec/lib/gitlab/ci/yaml_processor_spec.rb | 86 ++++++++++- spec/lib/gitlab/diff/highlight_cache_spec.rb | 25 ++- spec/lib/gitlab/diff/highlight_spec.rb | 4 +- spec/lib/gitlab/error_tracking_spec.rb | 172 +++++++++++++++++++++ spec/lib/gitlab/file_detector_spec.rb | 16 ++ spec/lib/gitlab/gitaly_client_spec.rb | 2 +- .../importer/pull_request_importer_spec.rb | 2 +- spec/lib/gitlab/gpg_spec.rb | 4 +- .../gitlab/import_export/avatar_restorer_spec.rb | 10 +- spec/lib/gitlab/import_export/avatar_saver_spec.rb | 4 +- .../lib/gitlab/import_export/file_importer_spec.rb | 16 +- spec/lib/gitlab/import_export/fork_spec.rb | 4 +- spec/lib/gitlab/import_export/lfs_saver_spec.rb | 4 +- .../import_export/merge_request_parser_spec.rb | 8 +- spec/lib/gitlab/import_export/reader_spec.rb | 19 ++- .../lib/gitlab/import_export/repo_restorer_spec.rb | 4 +- spec/lib/gitlab/import_export/repo_saver_spec.rb | 4 +- spec/lib/gitlab/import_export/saver_spec.rb | 4 +- spec/lib/gitlab/import_export/shared_spec.rb | 2 +- .../gitlab/import_export/uploads_manager_spec.rb | 4 +- .../gitlab/import_export/uploads_restorer_spec.rb | 4 +- .../lib/gitlab/import_export/uploads_saver_spec.rb | 4 +- .../gitlab/import_export/wiki_repo_saver_spec.rb | 4 +- spec/lib/gitlab/mail_room/mail_room_spec.rb | 106 +++++++++++++ spec/lib/gitlab/metrics/instrumentation_spec.rb | 8 +- spec/lib/gitlab/query_limiting/middleware_spec.rb | 5 +- spec/lib/gitlab/sanitizers/svg_spec.rb | 4 +- spec/lib/gitlab/sentry_spec.rb | 172 --------------------- spec/lib/gitlab/sherlock/transaction_spec.rb | 5 +- .../correlation_injector_spec.rb | 4 +- spec/lib/gitlab/slash_commands/run_spec.rb | 35 +++-- .../update_minimum_password_length_spec.rb | 30 ++++ spec/models/application_setting_spec.rb | 6 + spec/models/ci/build_spec.rb | 16 +- spec/models/ci/pipeline_spec.rb | 1 + spec/models/clusters/cluster_spec.rb | 2 +- spec/models/concerns/group_descendant_spec.rb | 4 +- spec/models/namespace_spec.rb | 2 +- spec/models/upload_spec.rb | 2 +- spec/models/user_spec.rb | 75 +++++++++ spec/requests/api/branches_spec.rb | 8 +- spec/requests/api/files_spec.rb | 9 +- spec/requests/api/graphql_spec.rb | 4 +- spec/requests/api/groups_spec.rb | 5 +- spec/requests/api/helpers_spec.rb | 4 +- spec/requests/api/jobs_spec.rb | 8 +- spec/requests/api/project_snippets_spec.rb | 8 +- spec/requests/api/snippets_spec.rb | 8 +- spec/requests/api/tags_spec.rb | 4 +- spec/requests/jwt_controller_spec.rb | 4 +- spec/requests/rack_attack_global_spec.rb | 4 +- .../cop/avoid_break_from_strong_memoize_spec.rb | 4 +- spec/rubocop/cop/avoid_return_from_blocks_spec.rb | 4 +- .../analytics_summary_serializer_spec.rb | 5 +- ...ntainer_registry_authentication_service_spec.rb | 4 +- spec/services/boards/issues/create_service_spec.rb | 4 +- spec/services/ci/archive_trace_service_spec.rb | 6 +- .../ci/create_pipeline_service/rules_spec.rb | 59 +++---- spec/services/ci/create_pipeline_service_spec.rb | 4 +- spec/services/ci/pipeline_trigger_service_spec.rb | 8 +- spec/services/ci/play_manual_stage_service_spec.rb | 5 +- spec/services/ci/prepare_build_service_spec.rb | 2 +- spec/services/ci/process_pipeline_service_spec.rb | 4 +- spec/services/ci/register_job_service_spec.rb | 4 +- .../check_installation_progress_service_spec.rb | 7 +- .../check_uninstall_progress_service_spec.rb | 7 +- .../gcp/verify_provision_status_service_spec.rb | 4 +- .../create_or_update_namespace_service_spec.rb | 8 +- spec/services/discussions/resolve_service_spec.rb | 4 +- spec/services/event_create_service_spec.rb | 6 +- spec/services/groups/destroy_service_spec.rb | 4 +- spec/services/groups/transfer_service_spec.rb | 4 +- spec/services/issues/import_csv_service_spec.rb | 16 +- spec/services/issues/move_service_spec.rb | 4 +- spec/services/lfs/lock_file_service_spec.rb | 4 +- spec/services/lfs/locks_finder_service_spec.rb | 4 +- .../merge_requests/create_pipeline_service_spec.rb | 62 +++++++- spec/services/projects/fork_service_spec.rb | 29 +++- spec/services/system_note_service_spec.rb | 4 +- .../shared_examples/mail_room_shared_examples.rb | 35 +++++ .../services/base_helm_service_shared_examples.rb | 2 +- spec/workers/ci/archive_traces_cron_worker_spec.rb | 2 +- spec/workers/run_pipeline_schedule_worker_spec.rb | 2 +- spec/workers/stuck_ci_jobs_worker_spec.rb | 2 +- yarn.lock | 5 + 198 files changed, 1658 insertions(+), 705 deletions(-) create mode 100644 app/assets/javascripts/blob/openapi/index.js create mode 100644 app/assets/javascripts/blob/openapi_viewer.js create mode 100644 app/models/blob_viewer/open_api.rb create mode 100644 app/views/projects/blob/viewers/_openapi.html.haml create mode 100644 changelogs/unreleased/32115-structured-logging-mail_room.yml create mode 100644 changelogs/unreleased/36776-entropy-requirements-for-new-user-passwords-mvc.yml create mode 100644 changelogs/unreleased/37972-container-registry-tags-expect-oci-image-configs-to-have-created-fi.yml create mode 100644 changelogs/unreleased/feat-openapi-viewer.yml create mode 100644 changelogs/unreleased/make-workflow-rules-to-work.yml create mode 100644 changelogs/unreleased/osw-refresh-forks-count-cache-correctly.yml create mode 100644 changelogs/unreleased/yaml-processor-validation-errors.yml create mode 100644 config/initializers/devise_dynamic_password_length_validation.rb create mode 100644 db/migrate/20191123062354_add_minimum_password_length_to_application_settings.rb create mode 100644 db/post_migrate/20191205084057_update_minimum_password_length.rb create mode 100644 doc/user/admin_area/img/minimum_password_length_settings_v12_6.png create mode 100644 lib/gitlab/error_tracking.rb create mode 100644 lib/gitlab/error_tracking/logger.rb delete mode 100644 lib/gitlab/sentry.rb delete mode 100644 lib/gitlab/sentry/logger.rb create mode 100644 spec/fixtures/container_registry/config_blob_helm.json create mode 100644 spec/fixtures/container_registry/tag_manifest_helm.json create mode 100644 spec/lib/gitlab/error_tracking_spec.rb create mode 100644 spec/lib/gitlab/mail_room/mail_room_spec.rb delete mode 100644 spec/lib/gitlab/sentry_spec.rb create mode 100644 spec/migrations/update_minimum_password_length_spec.rb create mode 100644 spec/support/shared_examples/mail_room_shared_examples.rb diff --git a/Gemfile b/Gemfile index 938c6187325..219c190c26d 100644 --- a/Gemfile +++ b/Gemfile @@ -417,7 +417,7 @@ end gem 'octokit', '~> 4.9' -gem 'mail_room', '~> 0.9.1' +gem 'mail_room', '~> 0.10.0' gem 'email_reply_trimmer', '~> 0.1' gem 'html2text' diff --git a/Gemfile.lock b/Gemfile.lock index 6cb2daa25be..8d8fa9cbffd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -593,7 +593,7 @@ GEM lumberjack (1.0.13) mail (2.7.1) mini_mime (>= 0.1.1) - mail_room (0.9.1) + mail_room (0.10.0) marcel (0.3.3) mimemagic (~> 0.3.2) marginalia (1.8.0) @@ -1247,7 +1247,7 @@ DEPENDENCIES licensee (~> 8.9) lograge (~> 0.5) loofah (~> 2.2) - mail_room (~> 0.9.1) + mail_room (~> 0.10.0) marginalia (~> 1.8.0) memory_profiler (~> 0.9) method_source (~> 0.8) diff --git a/app/assets/javascripts/blob/openapi/index.js b/app/assets/javascripts/blob/openapi/index.js new file mode 100644 index 00000000000..a6f28de799f --- /dev/null +++ b/app/assets/javascripts/blob/openapi/index.js @@ -0,0 +1,19 @@ +import { SwaggerUIBundle } from 'swagger-ui-dist'; +import flash from '~/flash'; +import { __ } from '~/locale'; + +export default () => { + const el = document.getElementById('js-openapi-viewer'); + + Promise.all([import(/* webpackChunkName: 'openapi' */ 'swagger-ui-dist/swagger-ui.css')]) + .then(() => { + SwaggerUIBundle({ + url: el.dataset.endpoint, + dom_id: '#js-openapi-viewer', + }); + }) + .catch(error => { + flash(__('Something went wrong while initializing the OpenAPI viewer')); + throw error; + }); +}; diff --git a/app/assets/javascripts/blob/openapi_viewer.js b/app/assets/javascripts/blob/openapi_viewer.js new file mode 100644 index 00000000000..0cacc33571f --- /dev/null +++ b/app/assets/javascripts/blob/openapi_viewer.js @@ -0,0 +1,3 @@ +import renderOpenApi from './openapi'; + +export default renderOpenApi; diff --git a/app/assets/javascripts/blob/viewer/index.js b/app/assets/javascripts/blob/viewer/index.js index 07e4dde41d9..742404da46c 100644 --- a/app/assets/javascripts/blob/viewer/index.js +++ b/app/assets/javascripts/blob/viewer/index.js @@ -39,6 +39,9 @@ export default class BlobViewer { case 'notebook': initViewer(import(/* webpackChunkName: 'notebook_viewer' */ '../notebook_viewer')); break; + case 'openapi': + initViewer(import(/* webpackChunkName: 'openapi_viewer' */ '../openapi_viewer')); + break; case 'pdf': initViewer(import(/* webpackChunkName: 'pdf_viewer' */ '../pdf_viewer')); break; diff --git a/app/assets/javascripts/lib/utils/axios_utils.js b/app/assets/javascripts/lib/utils/axios_utils.js index a04fe609015..4eec5bffc66 100644 --- a/app/assets/javascripts/lib/utils/axios_utils.js +++ b/app/assets/javascripts/lib/utils/axios_utils.js @@ -33,11 +33,9 @@ window.addEventListener('beforeunload', () => { // Ignore AJAX errors caused by requests // being cancelled due to browser navigation -const { gon } = window; -const featureFlagEnabled = gon && gon.features && gon.features.suppressAjaxNavigationErrors; axios.interceptors.response.use( response => response, - err => suppressAjaxErrorsDuringNavigation(err, isUserNavigating, featureFlagEnabled), + err => suppressAjaxErrorsDuringNavigation(err, isUserNavigating), ); export default axios; diff --git a/app/assets/javascripts/lib/utils/suppress_ajax_errors_during_navigation.js b/app/assets/javascripts/lib/utils/suppress_ajax_errors_during_navigation.js index 4c61da9b862..fb4d9b7de9c 100644 --- a/app/assets/javascripts/lib/utils/suppress_ajax_errors_during_navigation.js +++ b/app/assets/javascripts/lib/utils/suppress_ajax_errors_during_navigation.js @@ -2,8 +2,8 @@ * An Axios error interceptor that suppresses AJAX errors caused * by the request being cancelled when the user navigates to a new page */ -export default (err, isUserNavigating, featureFlagEnabled) => { - if (featureFlagEnabled && isUserNavigating && err.code === 'ECONNABORTED') { +export default (err, isUserNavigating) => { + if (isUserNavigating && err.code === 'ECONNABORTED') { // If the user is navigating away from the current page, // prevent .then() and .catch() handlers from being // called by returning a Promise that never resolves diff --git a/app/assets/stylesheets/framework/files.scss b/app/assets/stylesheets/framework/files.scss index e7b5629b999..8e0314bc6da 100644 --- a/app/assets/stylesheets/framework/files.scss +++ b/app/assets/stylesheets/framework/files.scss @@ -486,3 +486,8 @@ span.idiff { overflow-y: auto; max-height: 20rem; } + +#js-openapi-viewer pre.version { + background-color: transparent; + border: transparent; +} diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ba986c495e2..f5306801c04 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -165,7 +165,7 @@ class ApplicationController < ActionController::Base end def log_exception(exception) - Gitlab::Sentry.track_exception(exception) + Gitlab::ErrorTracking.track_exception(exception) backtrace_cleaner = request.env["action_dispatch.backtrace_cleaner"] application_trace = ActionDispatch::ExceptionWrapper.new(backtrace_cleaner, exception).application_trace @@ -533,7 +533,7 @@ class ApplicationController < ActionController::Base end def sentry_context(&block) - Gitlab::Sentry.with_context(current_user, &block) + Gitlab::ErrorTracking.with_context(current_user, &block) end def allow_gitaly_ref_name_caching diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb index 4a1b06bf01f..c4abaacd573 100644 --- a/app/controllers/concerns/issuable_actions.rb +++ b/app/controllers/concerns/issuable_actions.rb @@ -98,7 +98,7 @@ module IssuableActions error_message = "Destroy confirmation not provided for #{issuable.human_class_name}" exception = RuntimeError.new(error_message) - Gitlab::Sentry.track_exception( + Gitlab::ErrorTracking.track_exception( exception, project_path: issuable.project.full_path, issuable_type: issuable.class.name, diff --git a/app/controllers/projects/ci/lints_controller.rb b/app/controllers/projects/ci/lints_controller.rb index d7a0b7ece14..812420e9708 100644 --- a/app/controllers/projects/ci/lints_controller.rb +++ b/app/controllers/projects/ci/lints_controller.rb @@ -8,11 +8,13 @@ class Projects::Ci::LintsController < Projects::ApplicationController def create @content = params[:content] - @error = Gitlab::Ci::YamlProcessor.validation_message(@content, yaml_processor_options) - @status = @error.blank? + result = Gitlab::Ci::YamlProcessor.new_with_validation_errors(@content, yaml_processor_options) - if @error.blank? - @config_processor = Gitlab::Ci::YamlProcessor.new(@content, yaml_processor_options) + @error = result.errors.join(', ') + @status = result.valid? + + if result.valid? + @config_processor = result.content @stages = @config_processor.stages @builds = @config_processor.builds @jobs = @config_processor.jobs diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb index d9416cb10c4..71e4195c50f 100644 --- a/app/helpers/application_settings_helper.rb +++ b/app/helpers/application_settings_helper.rb @@ -232,6 +232,7 @@ module ApplicationSettingsHelper :metrics_port, :metrics_sample_interval, :metrics_timeout, + :minimum_password_length, :mirror_available, :pages_domain_verification_enabled, :password_authentication_enabled_for_web, diff --git a/app/helpers/icons_helper.rb b/app/helpers/icons_helper.rb index cacb4113cb2..876789e0d4a 100644 --- a/app/helpers/icons_helper.rb +++ b/app/helpers/icons_helper.rb @@ -44,7 +44,7 @@ module IconsHelper def sprite_icon(icon_name, size: nil, css_class: nil) if known_sprites&.exclude?(icon_name) exception = ArgumentError.new("#{icon_name} is not a known icon in @gitlab-org/gitlab-svg") - Gitlab::Sentry.track_and_raise_for_dev_exception(exception) + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(exception) end css_classes = [] diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb index ee3c03905ef..195e4154c67 100644 --- a/app/helpers/users_helper.rb +++ b/app/helpers/users_helper.rb @@ -57,7 +57,7 @@ module UsersHelper unless user.association(:status).loaded? exception = RuntimeError.new("Status was not preloaded") - Gitlab::Sentry.track_and_raise_for_dev_exception(exception, user: user.inspect) + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(exception, user: user.inspect) end return unless user.status diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index e764b6c56b0..456b6430088 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -46,6 +46,12 @@ class ApplicationSetting < ApplicationRecord presence: true, numericality: { only_integer: true, greater_than_or_equal_to: 0 } + validates :minimum_password_length, + presence: true, + numericality: { only_integer: true, + greater_than_or_equal_to: DEFAULT_MINIMUM_PASSWORD_LENGTH, + less_than_or_equal_to: Devise.password_length.max } + validates :home_page_url, allow_blank: true, addressable_url: true, diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb index e1eb8d429bb..98d8bb43b93 100644 --- a/app/models/application_setting_implementation.rb +++ b/app/models/application_setting_implementation.rb @@ -30,6 +30,8 @@ module ApplicationSettingImplementation '/admin/session' ].freeze + DEFAULT_MINIMUM_PASSWORD_LENGTH = 8 + class_methods do def defaults { @@ -106,6 +108,7 @@ module ApplicationSettingImplementation sourcegraph_enabled: false, sourcegraph_url: nil, sourcegraph_public_only: true, + minimum_password_length: DEFAULT_MINIMUM_PASSWORD_LENGTH, terminal_max_session_time: 0, throttle_authenticated_api_enabled: false, throttle_authenticated_api_period_in_seconds: 3600, diff --git a/app/models/blob.rb b/app/models/blob.rb index cc089715b06..c0f26ee64f8 100644 --- a/app/models/blob.rb +++ b/app/models/blob.rb @@ -26,6 +26,7 @@ class Blob < SimpleDelegator BlobViewer::Markup, BlobViewer::Notebook, BlobViewer::SVG, + BlobViewer::OpenApi, BlobViewer::Image, BlobViewer::Sketch, diff --git a/app/models/blob_viewer/open_api.rb b/app/models/blob_viewer/open_api.rb new file mode 100644 index 00000000000..963b7336c8d --- /dev/null +++ b/app/models/blob_viewer/open_api.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +module BlobViewer + class OpenApi < Base + include Rich + include ClientSide + + self.partial_name = 'openapi' + self.file_types = %i(openapi) + self.binary = false + # TODO: get an icon for OpenAPI + self.switcher_icon = 'file-pdf-o' + self.switcher_title = 'OpenAPI' + end +end diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb index 2e6b5d68747..4077a868373 100644 --- a/app/models/ci/build.rb +++ b/app/models/ci/build.rb @@ -289,7 +289,7 @@ module Ci begin build.deployment.drop! rescue => e - Gitlab::Sentry.track_and_raise_for_dev_exception(e, build_id: build.id) + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, build_id: build.id) end true diff --git a/app/models/ci/persistent_ref.rb b/app/models/ci/persistent_ref.rb index 634c03e0326..76139f5d676 100644 --- a/app/models/ci/persistent_ref.rb +++ b/app/models/ci/persistent_ref.rb @@ -26,7 +26,7 @@ module Ci create_ref(sha, path) rescue => e - Gitlab::Sentry + Gitlab::ErrorTracking .track_exception(e, pipeline_id: pipeline.id) end @@ -37,7 +37,7 @@ module Ci rescue Gitlab::Git::Repository::NoRepository # no-op rescue => e - Gitlab::Sentry + Gitlab::ErrorTracking .track_exception(e, pipeline_id: pipeline.id) end diff --git a/app/models/ci/pipeline.rb b/app/models/ci/pipeline.rb index ce263566ea6..29ec41ef1a1 100644 --- a/app/models/ci/pipeline.rb +++ b/app/models/ci/pipeline.rb @@ -638,6 +638,7 @@ module Ci variables.append(key: 'CI_COMMIT_BEFORE_SHA', value: before_sha) variables.append(key: 'CI_COMMIT_REF_NAME', value: source_ref) variables.append(key: 'CI_COMMIT_REF_SLUG', value: source_ref_slug) + variables.append(key: 'CI_COMMIT_BRANCH', value: ref) if branch? variables.append(key: 'CI_COMMIT_TAG', value: ref) if tag? variables.append(key: 'CI_COMMIT_MESSAGE', value: git_commit_message.to_s) variables.append(key: 'CI_COMMIT_TITLE', value: git_commit_full_title.to_s) diff --git a/app/models/clusters/cluster.rb b/app/models/clusters/cluster.rb index 2d5b4905bf5..d2eee78f3df 100644 --- a/app/models/clusters/cluster.rb +++ b/app/models/clusters/cluster.rb @@ -335,7 +335,7 @@ module Clusters rescue Kubeclient::HttpError => e kubeclient_error_status(e.message) rescue => e - Gitlab::Sentry.track_exception(e, cluster_id: id) + Gitlab::ErrorTracking.track_exception(e, cluster_id: id) :unknown_failure else diff --git a/app/models/clusters/concerns/application_core.rb b/app/models/clusters/concerns/application_core.rb index cc9eafbcdd6..f6431f5bac3 100644 --- a/app/models/clusters/concerns/application_core.rb +++ b/app/models/clusters/concerns/application_core.rb @@ -76,7 +76,7 @@ module Clusters message: error.message }) - Gitlab::Sentry.track_exception(error, cluster_id: cluster&.id, application_id: id) + Gitlab::ErrorTracking.track_exception(error, cluster_id: cluster&.id, application_id: id) end end end diff --git a/app/models/concerns/group_descendant.rb b/app/models/concerns/group_descendant.rb index 18f6a7a9c58..67953105bed 100644 --- a/app/models/concerns/group_descendant.rb +++ b/app/models/concerns/group_descendant.rb @@ -52,7 +52,7 @@ module GroupDescendant issue_url: 'https://gitlab.com/gitlab-org/gitlab-foss/issues/49404' } - Gitlab::Sentry.track_and_raise_for_dev_exception(exception, extras) + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(exception, extras) end if parent.nil? && hierarchy_top.present? diff --git a/app/models/concerns/storage/legacy_namespace.rb b/app/models/concerns/storage/legacy_namespace.rb index b9081f9bbf2..da4f2a79895 100644 --- a/app/models/concerns/storage/legacy_namespace.rb +++ b/app/models/concerns/storage/legacy_namespace.rb @@ -37,7 +37,7 @@ module Storage send_update_instructions write_projects_repository_config rescue => e - Gitlab::Sentry.track_and_raise_for_dev_exception(e, + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, full_path_before_last_save: full_path_before_last_save, full_path: full_path, action: 'move_dir') diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb index 1671b1e2d55..2280c5280d5 100644 --- a/app/models/merge_request.rb +++ b/app/models/merge_request.rb @@ -1514,7 +1514,7 @@ class MergeRequest < ApplicationRecord end end rescue ActiveRecord::LockWaitTimeout => e - Gitlab::Sentry.track_exception(e) + Gitlab::ErrorTracking.track_exception(e) raise RebaseLockTimeout, REBASE_LOCK_MESSAGE end diff --git a/app/models/upload.rb b/app/models/upload.rb index 12917f85431..46ae924bf8c 100644 --- a/app/models/upload.rb +++ b/app/models/upload.rb @@ -104,7 +104,7 @@ class Upload < ApplicationRecord # Help sysadmins find missing upload files if persisted? && !exist exception = RuntimeError.new("Uploaded file does not exist") - Gitlab::Sentry.track_exception(exception, self.attributes) + Gitlab::ErrorTracking.track_exception(exception, self.attributes) Gitlab::Metrics.counter(:upload_file_does_not_exist_total, _('The number of times an upload record could not find its file')).increment end diff --git a/app/models/uploads/local.rb b/app/models/uploads/local.rb index f1f25dfb584..bd295a66838 100644 --- a/app/models/uploads/local.rb +++ b/app/models/uploads/local.rb @@ -23,7 +23,7 @@ module Uploads unless in_uploads?(path) message = "Path '#{path}' is not in uploads dir, skipping" logger.warn(message) - Gitlab::Sentry.track_and_raise_for_dev_exception( + Gitlab::ErrorTracking.track_and_raise_for_dev_exception( RuntimeError.new(message), uploads_dir: storage_dir) return end diff --git a/app/models/user.rb b/app/models/user.rb index b6ed550e441..441ad1e70be 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -381,6 +381,11 @@ class User < ApplicationRecord # Class methods # class << self + # Devise method overridden to allow support for dynamic password lengths + def password_length + Gitlab::CurrentSettings.minimum_password_length..Devise.password_length.max + end + # Devise method overridden to allow sign in with email or username def find_for_database_authentication(warden_conditions) conditions = warden_conditions.dup diff --git a/app/services/ci/archive_trace_service.rb b/app/services/ci/archive_trace_service.rb index 75c7eee2f72..f143736ddc1 100644 --- a/app/services/ci/archive_trace_service.rb +++ b/app/services/ci/archive_trace_service.rb @@ -46,7 +46,7 @@ module Ci message: "Failed to archive trace. message: #{error.message}.", job_id: job.id) - Gitlab::Sentry + Gitlab::ErrorTracking .track_and_raise_for_dev_exception(error, issue_url: 'https://gitlab.com/gitlab-org/gitlab-foss/issues/51502', job_id: job.id ) diff --git a/app/services/ci/generate_exposed_artifacts_report_service.rb b/app/services/ci/generate_exposed_artifacts_report_service.rb index af6331341ff..1dbcd192279 100644 --- a/app/services/ci/generate_exposed_artifacts_report_service.rb +++ b/app/services/ci/generate_exposed_artifacts_report_service.rb @@ -15,7 +15,7 @@ module Ci data: data } rescue => e - Gitlab::Sentry.track_exception(e, project_id: project.id) + Gitlab::ErrorTracking.track_exception(e, project_id: project.id) { status: :error, key: key(base_pipeline, head_pipeline), diff --git a/app/services/ci/prepare_build_service.rb b/app/services/ci/prepare_build_service.rb index 8ace7914f8e..5d024c45e5f 100644 --- a/app/services/ci/prepare_build_service.rb +++ b/app/services/ci/prepare_build_service.rb @@ -13,7 +13,7 @@ module Ci build.enqueue! rescue => e - Gitlab::Sentry.track_exception(e, build_id: build.id) + Gitlab::ErrorTracking.track_exception(e, build_id: build.id) build.drop(:unmet_prerequisites) end diff --git a/app/services/ci/register_job_service.rb b/app/services/ci/register_job_service.rb index 24597579d9e..57c0cdd0602 100644 --- a/app/services/ci/register_job_service.rb +++ b/app/services/ci/register_job_service.rb @@ -128,7 +128,7 @@ module Ci end def track_exception_for_build(ex, build) - Gitlab::Sentry.track_exception(ex, + Gitlab::ErrorTracking.track_exception(ex, build_id: build.id, build_name: build.name, build_stage: build.stage, diff --git a/app/services/clusters/applications/base_helm_service.rb b/app/services/clusters/applications/base_helm_service.rb index 2b51de71934..f38051bcad2 100644 --- a/app/services/clusters/applications/base_helm_service.rb +++ b/app/services/clusters/applications/base_helm_service.rb @@ -21,7 +21,7 @@ module Clusters group_ids: app.cluster.group_ids } - Gitlab::Sentry.track_exception(error, meta) + Gitlab::ErrorTracking.track_exception(error, meta) end def log_event(event) diff --git a/app/services/projects/container_repository/delete_tags_service.rb b/app/services/projects/container_repository/delete_tags_service.rb index 0da3ddea9f7..88ff3c2c9df 100644 --- a/app/services/projects/container_repository/delete_tags_service.rb +++ b/app/services/projects/container_repository/delete_tags_service.rb @@ -51,7 +51,7 @@ module Projects digests = deleted_tags.values.uniq # rubocop: disable CodeReuse/ActiveRecord - Gitlab::Sentry.track_and_raise_for_dev_exception(ArgumentError.new('multiple tag digests')) if digests.many? + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(ArgumentError.new('multiple tag digests')) if digests.many? deleted_tags end diff --git a/app/services/projects/fork_service.rb b/app/services/projects/fork_service.rb index 47ab7f9a8a0..e66a0ed181a 100644 --- a/app/services/projects/fork_service.rb +++ b/app/services/projects/fork_service.rb @@ -3,11 +3,16 @@ module Projects class ForkService < BaseService def execute(fork_to_project = nil) - if fork_to_project - link_existing_project(fork_to_project) - else - fork_new_project - end + forked_project = + if fork_to_project + link_existing_project(fork_to_project) + else + fork_new_project + end + + refresh_forks_count if forked_project&.saved? + + forked_project end private @@ -92,8 +97,7 @@ module Projects def link_fork_network(fork_to_project) return if fork_to_project.errors.any? - fork_to_project.fork_network_member.save && - refresh_forks_count + fork_to_project.fork_network_member.save end def refresh_forks_count diff --git a/app/services/projects/import_service.rb b/app/services/projects/import_service.rb index bef4897baec..cc12aacaf02 100644 --- a/app/services/projects/import_service.rb +++ b/app/services/projects/import_service.rb @@ -25,13 +25,13 @@ module Projects success rescue Gitlab::UrlBlocker::BlockedUrlError => e - Gitlab::Sentry.track_exception(e, project_path: project.full_path, importer: project.import_type) + Gitlab::ErrorTracking.track_exception(e, project_path: project.full_path, importer: project.import_type) error(s_("ImportProjects|Error importing repository %{project_safe_import_url} into %{project_full_path} - %{message}") % { project_safe_import_url: project.safe_import_url, project_full_path: project.full_path, message: e.message }) rescue => e message = Projects::ImportErrorFilter.filter_message(e.message) - Gitlab::Sentry.track_exception(e, project_path: project.full_path, importer: project.import_type) + Gitlab::ErrorTracking.track_exception(e, project_path: project.full_path, importer: project.import_type) error(s_("ImportProjects|Error importing repository %{project_safe_import_url} into %{project_full_path} - %{message}") % { project_safe_import_url: project.safe_import_url, project_full_path: project.full_path, message: message }) end diff --git a/app/services/prometheus/proxy_variable_substitution_service.rb b/app/services/prometheus/proxy_variable_substitution_service.rb index 4a6678ec237..ca56292e9d6 100644 --- a/app/services/prometheus/proxy_variable_substitution_service.rb +++ b/app/services/prometheus/proxy_variable_substitution_service.rb @@ -32,7 +32,7 @@ module Prometheus success(result) rescue TypeError, ArgumentError => exception log_error(exception.message) - Gitlab::Sentry.track_exception(exception, extra: { + Gitlab::ErrorTracking.track_exception(exception, extra: { template_string: query, variables: predefined_context }) diff --git a/app/services/users/build_service.rb b/app/services/users/build_service.rb index 8c85ad9ffd8..ea4d11e728e 100644 --- a/app/services/users/build_service.rb +++ b/app/services/users/build_service.rb @@ -23,7 +23,7 @@ module Users @reset_token = user.generate_reset_token if params[:reset_password] if user_params[:force_random_password] - random_password = Devise.friendly_token.first(Devise.password_length.min) + random_password = Devise.friendly_token.first(User.password_length.min) user.password = user.password_confirmation = random_password end end diff --git a/app/views/admin/application_settings/_signup.html.haml b/app/views/admin/application_settings/_signup.html.haml index 7c1df78f30c..b9d9d86ca30 100644 --- a/app/views/admin/application_settings/_signup.html.haml +++ b/app/views/admin/application_settings/_signup.html.haml @@ -12,6 +12,12 @@ = f.check_box :send_user_confirmation_email, class: 'form-check-input' = f.label :send_user_confirmation_email, class: 'form-check-label' do Send confirmation email on sign-up + .form-group + = f.label :minimum_password_length, _('Minimum password length (number of characters)'), class: 'label-bold' + = f.number_field :minimum_password_length, class: 'form-control', rows: 4, min: ApplicationSetting::DEFAULT_MINIMUM_PASSWORD_LENGTH, max: Devise.password_length.max + - password_policy_guidelines_link = link_to _('Password Policy Guidelines'), 'https://about.gitlab.com/handbook/security/#gitlab-password-policy-guidelines', target: '_blank', rel: 'noopener noreferrer nofollow' + .form-text.text-muted + = _("See GitLab's %{password_policy_guidelines}").html_safe % { password_policy_guidelines: password_policy_guidelines_link } .form-group = f.label :domain_whitelist, 'Whitelisted domains for sign-ups', class: 'label-bold' = f.text_area :domain_whitelist_raw, placeholder: 'domain.com', class: 'form-control', rows: 8 diff --git a/app/views/projects/blob/viewers/_openapi.html.haml b/app/views/projects/blob/viewers/_openapi.html.haml new file mode 100644 index 00000000000..ce8030cf2d2 --- /dev/null +++ b/app/views/projects/blob/viewers/_openapi.html.haml @@ -0,0 +1 @@ +.file-content#js-openapi-viewer{ data: { endpoint: blob_raw_path } } diff --git a/app/workers/delete_stored_files_worker.rb b/app/workers/delete_stored_files_worker.rb index 1d52f71c866..e1e2f66f573 100644 --- a/app/workers/delete_stored_files_worker.rb +++ b/app/workers/delete_stored_files_worker.rb @@ -15,7 +15,7 @@ class DeleteStoredFilesWorker unless klass message = "Unknown class '#{class_name}'" logger.error(message) - Gitlab::Sentry.track_and_raise_for_dev_exception(RuntimeError.new(message)) + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(RuntimeError.new(message)) return end diff --git a/app/workers/pages_domain_removal_cron_worker.rb b/app/workers/pages_domain_removal_cron_worker.rb index ba3c89d0e70..07ecde55922 100644 --- a/app/workers/pages_domain_removal_cron_worker.rb +++ b/app/workers/pages_domain_removal_cron_worker.rb @@ -11,7 +11,7 @@ class PagesDomainRemovalCronWorker PagesDomain.for_removal.find_each do |domain| domain.destroy! rescue => e - Gitlab::Sentry.track_exception(e) + Gitlab::ErrorTracking.track_exception(e) end end end diff --git a/app/workers/run_pipeline_schedule_worker.rb b/app/workers/run_pipeline_schedule_worker.rb index 450dee0e83e..f8f8a2fe7ae 100644 --- a/app/workers/run_pipeline_schedule_worker.rb +++ b/app/workers/run_pipeline_schedule_worker.rb @@ -38,7 +38,7 @@ class RunPipelineScheduleWorker Rails.logger.error "Failed to create a scheduled pipeline. " \ "schedule_id: #{schedule.id} message: #{error.message}" - Gitlab::Sentry + Gitlab::ErrorTracking .track_and_raise_for_dev_exception(error, issue_url: 'https://gitlab.com/gitlab-org/gitlab-foss/issues/41231', schedule_id: schedule.id) diff --git a/app/workers/stuck_ci_jobs_worker.rb b/app/workers/stuck_ci_jobs_worker.rb index 99eff044eae..d08cea9e494 100644 --- a/app/workers/stuck_ci_jobs_worker.rb +++ b/app/workers/stuck_ci_jobs_worker.rb @@ -80,7 +80,7 @@ class StuckCiJobsWorker end def track_exception_for_build(ex, build) - Gitlab::Sentry.track_exception(ex, + Gitlab::ErrorTracking.track_exception(ex, build_id: build.id, build_name: build.name, build_stage: build.stage, diff --git a/changelogs/unreleased/32115-structured-logging-mail_room.yml b/changelogs/unreleased/32115-structured-logging-mail_room.yml new file mode 100644 index 00000000000..17b678a82d4 --- /dev/null +++ b/changelogs/unreleased/32115-structured-logging-mail_room.yml @@ -0,0 +1,5 @@ +--- +title: Upgrade `mail_room` gem to 0.10.0 and enable structured logging +merge_request: 19186 +author: +type: added diff --git a/changelogs/unreleased/36776-entropy-requirements-for-new-user-passwords-mvc.yml b/changelogs/unreleased/36776-entropy-requirements-for-new-user-passwords-mvc.yml new file mode 100644 index 00000000000..6b2e159c273 --- /dev/null +++ b/changelogs/unreleased/36776-entropy-requirements-for-new-user-passwords-mvc.yml @@ -0,0 +1,5 @@ +--- +title: Allow administrators to set a minimum password length +merge_request: 20661 +author: +type: added diff --git a/changelogs/unreleased/37972-container-registry-tags-expect-oci-image-configs-to-have-created-fi.yml b/changelogs/unreleased/37972-container-registry-tags-expect-oci-image-configs-to-have-created-fi.yml new file mode 100644 index 00000000000..65e9685494c --- /dev/null +++ b/changelogs/unreleased/37972-container-registry-tags-expect-oci-image-configs-to-have-created-fi.yml @@ -0,0 +1,5 @@ +--- +title: Fix crash registry contains helm charts +merge_request: 21381 +author: +type: fixed diff --git a/changelogs/unreleased/feat-openapi-viewer.yml b/changelogs/unreleased/feat-openapi-viewer.yml new file mode 100644 index 00000000000..fc5e2cb06fc --- /dev/null +++ b/changelogs/unreleased/feat-openapi-viewer.yml @@ -0,0 +1,5 @@ +--- +title: add OpenAPI file viewer +merge_request: 21106 +author: Roger Meier +type: added diff --git a/changelogs/unreleased/make-workflow-rules-to-work.yml b/changelogs/unreleased/make-workflow-rules-to-work.yml new file mode 100644 index 00000000000..04a6a53de13 --- /dev/null +++ b/changelogs/unreleased/make-workflow-rules-to-work.yml @@ -0,0 +1,5 @@ +--- +title: Make `workflow:rules` to work well with Merge Requests +merge_request: 21742 +author: +type: changed diff --git a/changelogs/unreleased/osw-refresh-forks-count-cache-correctly.yml b/changelogs/unreleased/osw-refresh-forks-count-cache-correctly.yml new file mode 100644 index 00000000000..426efd53b22 --- /dev/null +++ b/changelogs/unreleased/osw-refresh-forks-count-cache-correctly.yml @@ -0,0 +1,5 @@ +--- +title: Ensure forks count cache refresh for source project +merge_request: 21771 +author: +type: fixed diff --git a/changelogs/unreleased/yaml-processor-validation-errors.yml b/changelogs/unreleased/yaml-processor-validation-errors.yml new file mode 100644 index 00000000000..aaca26d6b3d --- /dev/null +++ b/changelogs/unreleased/yaml-processor-validation-errors.yml @@ -0,0 +1,5 @@ +--- +title: Return multiple errors from CI linter +merge_request: 21589 +author: +type: added diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index a7b0a0f0b62..5ac9b7ee6e5 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -181,6 +181,11 @@ production: &base mailbox: "inbox" # The IDLE command timeout. idle_timeout: 60 + # The log file path for the structured log file. + # Since `mail_room` is run independently of Rails, an absolute path is preferred. + # The default is 'log/mail_room_json.log' relative to the root of the Rails app. + # + # log_path: log/mail_room_json.log ## Build Artifacts artifacts: diff --git a/config/initializers/devise_dynamic_password_length_validation.rb b/config/initializers/devise_dynamic_password_length_validation.rb new file mode 100644 index 00000000000..e71b28bc495 --- /dev/null +++ b/config/initializers/devise_dynamic_password_length_validation.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +# Discard the default Devise length validation from the `User` model. + +# This needs to be discarded because the length validation provided by Devise does not +# support dynamically checking for min and max lengths. + +# A new length validation has been added to the User model instead, to keep supporting +# dynamic password length validations, like: + +# validates :password, length: { maximum: proc { password_length.max }, minimum: proc { password_length.min } }, allow_blank: true + +def length_validator_supports_dynamic_length_checks?(validator) + validator.options[:minimum].is_a?(Proc) && + validator.options[:maximum].is_a?(Proc) +end + +# Get the in-built Devise validator on password length. +password_length_validator = User.validators_on(:password).find do |validator| + validator.kind == :length +end + +# This initializer can be removed as soon as https://github.com/plataformatec/devise/pull/5166 +# is merged into Devise. +if length_validator_supports_dynamic_length_checks?(password_length_validator) + raise "Devise now supports dynamic length checks, please remove the monkey patch in #{__FILE__}" +else + # discard the in-built length validator by always returning true + def password_length_validator.validate(*_) + true + end + + # add a custom password length validator with support for dynamic length validation. + User.class_eval do + validates :password, length: { maximum: proc { password_length.max }, minimum: proc { password_length.min } }, allow_blank: true + end +end diff --git a/config/initializers/forbid_sidekiq_in_transactions.rb b/config/initializers/forbid_sidekiq_in_transactions.rb index bd59fd4ab90..9bade443aae 100644 --- a/config/initializers/forbid_sidekiq_in_transactions.rb +++ b/config/initializers/forbid_sidekiq_in_transactions.rb @@ -29,7 +29,7 @@ module Sidekiq MSG rescue Sidekiq::Worker::EnqueueFromTransactionError => e ::Rails.logger.error(e.message) if ::Rails.env.production? - Gitlab::Sentry.track_and_raise_for_dev_exception(e) + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e) end end diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb index cebb0edf275..a1eddd6a2c2 100644 --- a/config/initializers/sentry.rb +++ b/config/initializers/sentry.rb @@ -2,4 +2,4 @@ require 'gitlab/current_settings' -Gitlab::Sentry.configure +Gitlab::ErrorTracking.configure diff --git a/config/mail_room.yml b/config/mail_room.yml index c3a5be8d38c..75024c2b2e1 100644 --- a/config/mail_room.yml +++ b/config/mail_room.yml @@ -13,6 +13,8 @@ :email: <%= config[:user].to_json %> :password: <%= config[:password].to_json %> :idle_timeout: <%= config[:idle_timeout].to_json %> + :logger: + :log_path: <%= config[:log_path].to_json %> :name: <%= config[:mailbox].to_json %> diff --git a/db/migrate/20191123062354_add_minimum_password_length_to_application_settings.rb b/db/migrate/20191123062354_add_minimum_password_length_to_application_settings.rb new file mode 100644 index 00000000000..0a7ad9d81a9 --- /dev/null +++ b/db/migrate/20191123062354_add_minimum_password_length_to_application_settings.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +class AddMinimumPasswordLengthToApplicationSettings < ActiveRecord::Migration[5.2] + DOWNTIME = false + + DEFAULT_MINIMUM_PASSWORD_LENGTH = 8 + + def change + add_column(:application_settings, :minimum_password_length, :integer, default: DEFAULT_MINIMUM_PASSWORD_LENGTH, null: false) + end +end diff --git a/db/post_migrate/20191205084057_update_minimum_password_length.rb b/db/post_migrate/20191205084057_update_minimum_password_length.rb new file mode 100644 index 00000000000..d9324347075 --- /dev/null +++ b/db/post_migrate/20191205084057_update_minimum_password_length.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +class UpdateMinimumPasswordLength < ActiveRecord::Migration[5.2] + DOWNTIME = false + + def up + value_to_be_updated_to = [ + Devise.password_length.min, + ApplicationSetting::DEFAULT_MINIMUM_PASSWORD_LENGTH + ].max + + execute "UPDATE application_settings SET minimum_password_length = #{value_to_be_updated_to}" + + ApplicationSetting.expire + end + + def down + value_to_be_updated_to = ApplicationSetting::DEFAULT_MINIMUM_PASSWORD_LENGTH + + execute "UPDATE application_settings SET minimum_password_length = #{value_to_be_updated_to}" + + ApplicationSetting.expire + end +end diff --git a/db/schema.rb b/db/schema.rb index 9ba5fcc41c6..bfb6f55bbd4 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -351,6 +351,7 @@ ActiveRecord::Schema.define(version: 2019_12_08_071112) do t.string "sourcegraph_url", limit: 255 t.boolean "sourcegraph_public_only", default: true, null: false t.bigint "snippet_size_limit", default: 52428800, null: false + t.integer "minimum_password_length", default: 8, null: false t.text "encrypted_akismet_api_key" t.string "encrypted_akismet_api_key_iv", limit: 255 t.text "encrypted_elasticsearch_aws_secret_access_key" diff --git a/doc/administration/logs.md b/doc/administration/logs.md index ed0d402c030..f4a1c754252 100644 --- a/doc/administration/logs.md +++ b/doc/administration/logs.md @@ -360,6 +360,17 @@ Introduced in GitLab 12.3. This file lives in `/var/log/gitlab/gitlab-rails/migr Omnibus GitLab packages or in `/home/git/gitlab/log/migrations.log` for installations from source. +## `mail_room_json.log` (default) + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/19186) in GitLab 12.6. + +This file lives in `/var/log/gitlab/mail_room/mail_room_json.log` for +Omnibus GitLab packages or in `/home/git/gitlab/log/mail_room_json.log` for +installations from source. + +This structured log file records internal activity in the `mail_room` gem. +Its name and path are configurable, so the name and path may not match the above. + ## Reconfigure Logs Reconfigure log files live in `/var/log/gitlab/reconfigure` for Omnibus GitLab diff --git a/doc/ci/variables/predefined_variables.md b/doc/ci/variables/predefined_variables.md index 837fcd01050..e25425b01ae 100644 --- a/doc/ci/variables/predefined_variables.md +++ b/doc/ci/variables/predefined_variables.md @@ -37,6 +37,7 @@ future GitLab releases.** | `CI_COMMIT_REF_SLUG` | 9.0 | all | `$CI_COMMIT_REF_NAME` lowercased, shortened to 63 bytes, and with everything except `0-9` and `a-z` replaced with `-`. No leading / trailing `-`. Use in URLs, host names and domain names. | | `CI_COMMIT_SHA` | 9.0 | all | The commit revision for which project is built | | `CI_COMMIT_SHORT_SHA` | 11.7 | all | The first eight characters of `CI_COMMIT_SHA` | +| `CI_COMMIT_BRANCH` | 12.6 | 0.5 | The commit branch name. Present only when building branches. | | `CI_COMMIT_TAG` | 9.0 | 0.5 | The commit tag name. Present only when building tags. | | `CI_COMMIT_TITLE` | 10.8 | all | The title of the commit - the full first line of the message | | `CI_CONCURRENT_ID` | all | 11.10 | Unique ID of build execution within a single executor. | diff --git a/doc/development/logging.md b/doc/development/logging.md index 4ccb5a1a06e..2eb140d3b7e 100644 --- a/doc/development/logging.md +++ b/doc/development/logging.md @@ -142,21 +142,21 @@ It should be noted that manual logging of exceptions is not allowed, as: 1. It is very likely that manually logged exceptions will end-up across multiple files, which increases burden scraping all logging files. -To avoid duplicating and having consistent behavior the `Gitlab::Sentry` +To avoid duplicating and having consistent behavior the `Gitlab::ErrorTracking` provides helper methods to track exceptions: -1. `Gitlab::Sentry.track_and_raise_exception`: this method logs, +1. `Gitlab::ErrorTracking.track_and_raise_exception`: this method logs, sends exception to Sentry (if configured) and re-raises the exception, -1. `Gitlab::Sentry.track_exception`: this method only logs +1. `Gitlab::ErrorTracking.track_exception`: this method only logs and sends exception to Sentry (if configured), -1. `Gitlab::Sentry.log_exception`: this method only logs the exception, +1. `Gitlab::ErrorTracking.log_exception`: this method only logs the exception, and DOES NOT send the exception to Sentry, -1. `Gitlab::Sentry.track_and_raise_for_dev_exception`: this method logs, +1. `Gitlab::ErrorTracking.track_and_raise_for_dev_exception`: this method logs, sends exception to Sentry (if configured) and re-raises the exception for development and test enviroments. -It is advised to only use `Gitlab::Sentry.track_and_raise_exception` -and `Gitlab::Sentry.track_exception` as presented on below examples. +It is advised to only use `Gitlab::ErrorTracking.track_and_raise_exception` +and `Gitlab::ErrorTracking.track_exception` as presented on below examples. Consider adding additional extra parameters to provide more context for each tracked exception. @@ -170,7 +170,7 @@ class MyService < ::BaseService success rescue => e - Gitlab::Sentry.track_exception(e, project_id: project.id) + Gitlab::ErrorTracking.track_exception(e, project_id: project.id) error('Exception occurred') end @@ -184,7 +184,7 @@ class MyService < ::BaseService success rescue => e - Gitlab::Sentry.track_and_raise_exception(e, project_id: project.id) + Gitlab::ErrorTracking.track_and_raise_exception(e, project_id: project.id) end end ``` diff --git a/doc/security/password_length_limits.md b/doc/security/password_length_limits.md index 9909ef4a8e4..235730eb825 100644 --- a/doc/security/password_length_limits.md +++ b/doc/security/password_length_limits.md @@ -4,7 +4,19 @@ type: reference, howto # Custom password length limits -The user password length is set to a minimum of 8 characters by default. +By default, GitLab supports passwords with: + +- A minimum length of 8. +- A maximum length of 128. + +GitLab administrators can modify password lengths: + +- Using configuration file. +- [From](https://gitlab.com/gitlab-org/gitlab/merge_requests/20661) GitLab 12.6, using the GitLab UI. + +## Modify maximum password length using configuration file + +The user password length is set to a maximum of 128 characters by default. To change that for installations from source: 1. Edit `devise_password_length.rb`: @@ -18,15 +30,35 @@ To change that for installations from source: 1. Change the new password length limits: ```ruby - config.password_length = 12..128 + config.password_length = 12..135 ``` In this example, the minimum length is 12 characters, and the maximum length - is 128 characters. + is 135 characters. 1. [Restart GitLab](../administration/restart_gitlab.md#installations-from-source) for the changes to take effect. +NOTE: **Note:** +From GitLab 12.6, the minimum password length set in this configuration file will be ignored. Minimum password lengths will now have to be modified via the [GitLab UI](#modify-minimum-password-length-using-gitlab-ui) instead. + +## Modify minimum password length using GitLab UI + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/20661) in GitLab 12.6 + +The user password length is set to a minimum of 8 characters by default. +To change that using GitLab UI: + +In the Admin area under **Settings** (`/admin/application_settings`), go to section **Sign-up Restrictions**. + +[Minimum password length settings](../user/admin_area/img/minimum_password_length_settings_v12_6.png) + +Set the **Minimum password length** to a value greater than or equal to 8 and hit **Save changes** to save the changes. + +CAUTION: **Caution:** +Changing minimum or maximum limit does not affect existing user passwords in any manner. Existing users will not be asked to reset their password to adhere to the new limits. +The new limit restriction will only apply during new user sign-ups and when an existing user performs a password reset. +