From 61d81025139e2e6b3706c05eee4e60ff13417323 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Tue, 20 Jul 2021 09:22:29 +0000
Subject: Add latest changes from gitlab-org/gitlab@14-0-stable-ee

---
 .../components/terraform_installation.vue               |  3 +--
 app/models/concerns/has_repository.rb                   |  5 +++++
 app/models/lfs_download_object.rb                       | 16 ++++++++++++++--
 app/models/project.rb                                   | 17 +++++------------
 app/models/repository.rb                                | 13 +++++++++++++
 app/models/user.rb                                      |  2 +-
 .../lfs_pointers/lfs_download_link_list_service.rb      |  2 ++
 .../projects/lfs_pointers/lfs_download_service.rb       | 14 +++++++++-----
 app/uploaders/object_storage.rb                         |  5 +++--
 9 files changed, 53 insertions(+), 24 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/packages_and_registries/infrastructure_registry/components/terraform_installation.vue b/app/assets/javascripts/packages_and_registries/infrastructure_registry/components/terraform_installation.vue
index c19ff3b4293..c62bf7fb722 100644
--- a/app/assets/javascripts/packages_and_registries/infrastructure_registry/components/terraform_installation.vue
+++ b/app/assets/javascripts/packages_and_registries/infrastructure_registry/components/terraform_installation.vue
@@ -14,8 +14,7 @@ export default {
   computed: {
     ...mapState(['packageEntity', 'terraformHelpPath', 'gitlabHost', 'projectPath']),
     provisionInstructions() {
-      // eslint-disable-next-line @gitlab/require-i18n-strings
-      return `module "${this.packageEntity.name}" {
+      return `module "my_module_name" {
   source = "${this.gitlabHost}/${this.projectPath}/${this.packageEntity.name}"
   version = "${this.packageEntity.version}"
 }`;
diff --git a/app/models/concerns/has_repository.rb b/app/models/concerns/has_repository.rb
index 33f6904bc91..1b4c590694a 100644
--- a/app/models/concerns/has_repository.rb
+++ b/app/models/concerns/has_repository.rb
@@ -14,6 +14,7 @@ module HasRepository
   include Gitlab::Utils::StrongMemoize
 
   delegate :base_dir, :disk_path, to: :storage
+  delegate :change_head, to: :repository
 
   def valid_repo?
     repository.exists?
@@ -117,4 +118,8 @@ module HasRepository
   def repository_size_checker
     raise NotImplementedError
   end
+
+  def after_repository_change_head
+    reload_default_branch
+  end
 end
diff --git a/app/models/lfs_download_object.rb b/app/models/lfs_download_object.rb
index 6383f95d546..319499fd1b7 100644
--- a/app/models/lfs_download_object.rb
+++ b/app/models/lfs_download_object.rb
@@ -3,20 +3,32 @@
 class LfsDownloadObject
   include ActiveModel::Validations
 
-  attr_accessor :oid, :size, :link
+  attr_accessor :oid, :size, :link, :headers
   delegate :sanitized_url, :credentials, to: :sanitized_uri
 
   validates :oid, format: { with: /\A\h{64}\z/ }
   validates :size, numericality: { greater_than_or_equal_to: 0 }
   validates :link, public_url: { protocols: %w(http https) }
+  validate :headers_must_be_hash
 
-  def initialize(oid:, size:, link:)
+  def initialize(oid:, size:, link:, headers: {})
     @oid = oid
     @size = size
     @link = link
+    @headers = headers || {}
   end
 
   def sanitized_uri
     @sanitized_uri ||= Gitlab::UrlSanitizer.new(link)
   end
+
+  def has_authorization_header?
+    headers.keys.map(&:downcase).include?('authorization')
+  end
+
+  private
+
+  def headers_must_be_hash
+    errors.add(:base, "headers must be a Hash") unless headers.is_a?(Hash)
+  end
 end
diff --git a/app/models/project.rb b/app/models/project.rb
index 1f8e8b81015..95ba0973321 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -1661,18 +1661,11 @@ class Project < ApplicationRecord
     :visibility_level
   end
 
-  def change_head(branch)
-    if repository.branch_exists?(branch)
-      repository.before_change_head
-      repository.raw_repository.write_ref('HEAD', "refs/heads/#{branch}")
-      repository.copy_gitattributes(branch)
-      repository.after_change_head
-      ProjectCacheWorker.perform_async(self.id, [], [:commit_count])
-      reload_default_branch
-    else
-      errors.add(:base, _("Could not change HEAD: branch '%{branch}' does not exist") % { branch: branch })
-      false
-    end
+  override :after_repository_change_head
+  def after_repository_change_head
+    ProjectCacheWorker.perform_async(self.id, [], [:commit_count])
+
+    super
   end
 
   def forked_from?(other_project)
diff --git a/app/models/repository.rb b/app/models/repository.rb
index 1bd61fe48cb..a77aaf02e06 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -466,6 +466,7 @@ class Repository
   # Runs code after the HEAD of a repository is changed.
   def after_change_head
     expire_all_method_caches
+    container.after_repository_change_head
   end
 
   # Runs code after a new commit has been pushed.
@@ -1142,6 +1143,18 @@ class Repository
     Gitlab::CurrentSettings.pick_repository_storage
   end
 
+  def change_head(branch)
+    if branch_exists?(branch)
+      before_change_head
+      raw_repository.write_ref('HEAD', "refs/heads/#{branch}")
+      copy_gitattributes(branch)
+      after_change_head
+    else
+      container.errors.add(:base, _("Could not change HEAD: branch '%{branch}' does not exist") % { branch: branch })
+      false
+    end
+  end
+
   private
 
   # TODO Genericize finder, later split this on finders by Ref or Oid
diff --git a/app/models/user.rb b/app/models/user.rb
index 52bf9149ee2..ce702131151 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -2095,7 +2095,7 @@ class User < ApplicationRecord
   end
 
   def check_username_format
-    return if username.blank? || Mime::EXTENSION_LOOKUP.keys.none? { |type| username.end_with?(type) }
+    return if username.blank? || Mime::EXTENSION_LOOKUP.keys.none? { |type| username.end_with?(".#{type}") }
 
     errors.add(:username, _('ending with MIME type format is not allowed.'))
   end
diff --git a/app/services/projects/lfs_pointers/lfs_download_link_list_service.rb b/app/services/projects/lfs_pointers/lfs_download_link_list_service.rb
index efd410088ab..c82ed97203f 100644
--- a/app/services/projects/lfs_pointers/lfs_download_link_list_service.rb
+++ b/app/services/projects/lfs_pointers/lfs_download_link_list_service.rb
@@ -81,11 +81,13 @@ module Projects
       def parse_response_links(objects_response)
         objects_response.each_with_object([]) do |entry, link_list|
           link = entry.dig('actions', DOWNLOAD_ACTION, 'href')
+          headers = entry.dig('actions', DOWNLOAD_ACTION, 'header')
 
           raise DownloadLinkNotFound unless link
 
           link_list << LfsDownloadObject.new(oid: entry['oid'],
                                              size: entry['size'],
+                                             headers: headers,
                                              link: add_credentials(link))
         rescue DownloadLinkNotFound, Addressable::URI::InvalidURIError
           log_error("Link for Lfs Object with oid #{entry['oid']} not found or invalid.")
diff --git a/app/services/projects/lfs_pointers/lfs_download_service.rb b/app/services/projects/lfs_pointers/lfs_download_service.rb
index 525f8a25d04..9e2edf7c4ef 100644
--- a/app/services/projects/lfs_pointers/lfs_download_service.rb
+++ b/app/services/projects/lfs_pointers/lfs_download_service.rb
@@ -11,7 +11,7 @@ module Projects
       LARGE_FILE_SIZE = 1.megabytes
 
       attr_reader :lfs_download_object
-      delegate :oid, :size, :credentials, :sanitized_url, to: :lfs_download_object, prefix: :lfs
+      delegate :oid, :size, :credentials, :sanitized_url, :headers, to: :lfs_download_object, prefix: :lfs
 
       def initialize(project, lfs_download_object)
         super(project)
@@ -71,17 +71,21 @@ module Projects
         raise_oid_error! if digester.hexdigest != lfs_oid
       end
 
-      def download_headers
-        { stream_body: true }.tap do |headers|
+      def download_options
+        http_options = { headers: lfs_headers, stream_body: true }
+
+        return http_options if lfs_download_object.has_authorization_header?
+
+        http_options.tap do |options|
           if lfs_credentials[:user].present? || lfs_credentials[:password].present?
             # Using authentication headers in the request
-            headers[:basic_auth] = { username: lfs_credentials[:user], password: lfs_credentials[:password] }
+            options[:basic_auth] = { username: lfs_credentials[:user], password: lfs_credentials[:password] }
           end
         end
       end
 
       def fetch_file(&block)
-        response = Gitlab::HTTP.get(lfs_sanitized_url, download_headers, &block)
+        response = Gitlab::HTTP.get(lfs_sanitized_url, download_options, &block)
 
         raise ResponseError, "Received error code #{response.code}" unless response.success?
       end
diff --git a/app/uploaders/object_storage.rb b/app/uploaders/object_storage.rb
index be5839b7ec5..1d56cddca63 100644
--- a/app/uploaders/object_storage.rb
+++ b/app/uploaders/object_storage.rb
@@ -283,8 +283,9 @@ module ObjectStorage
         if file_storage?
           IO.copy_stream(path, file)
         else
-          streamer = lambda { |chunk, _, _| file.write(chunk) }
-          Excon.get(url, response_block: streamer)
+          Faraday.get(url) do |req|
+            req.options.on_data = proc { |chunk, _| file.write(chunk) }
+          end
         end
 
         file.seek(0, IO::SEEK_SET)
-- 
cgit v1.2.3