diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-20 15:19:03 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-20 15:19:03 +0000 |
| commit | 14bd84b61276ef29b97d23642d698de769bacfd2 (patch) | |
| tree | f9eba90140c1bd874211dea17750a0d422c04080 /app/controllers/concerns | |
| parent | 891c388697b2db0d8ee0c8358a9bdbf6dc56d581 (diff) | |
| download | gitlab-ce-14bd84b61276ef29b97d23642d698de769bacfd2.tar.gz | |
Add latest changes from gitlab-org/gitlab@15-10-stable-eev15.10.0-rc42
Diffstat (limited to 'app/controllers/concerns')
20 files changed, 111 insertions, 148 deletions
diff --git a/app/controllers/concerns/authenticates_with_two_factor.rb b/app/controllers/concerns/authenticates_with_two_factor.rb index b4a36b7db22..691b4f4e21f 100644 --- a/app/controllers/concerns/authenticates_with_two_factor.rb +++ b/app/controllers/concerns/authenticates_with_two_factor.rb @@ -25,13 +25,7 @@ module AuthenticatesWithTwoFactor session[:user_password_hash] = Digest::SHA256.hexdigest(user.encrypted_password) add_gon_variables - push_frontend_feature_flag(:webauthn) - - if Feature.enabled?(:webauthn) - setup_webauthn_authentication(user) - else - setup_u2f_authentication(user) - end + setup_webauthn_authentication(user) render 'devise/sessions/two_factor' end @@ -54,11 +48,7 @@ module AuthenticatesWithTwoFactor if user_params[:otp_attempt].present? && session[:otp_user_id] authenticate_with_two_factor_via_otp(user) elsif user_params[:device_response].present? && session[:otp_user_id] - if user.two_factor_webauthn_enabled? - authenticate_with_two_factor_via_webauthn(user) - else - authenticate_with_two_factor_via_u2f(user) - end + authenticate_with_two_factor_via_webauthn(user) elsif user && user.valid_password?(user_params[:password]) prompt_for_two_factor(user) end @@ -96,15 +86,6 @@ module AuthenticatesWithTwoFactor end end - # Authenticate using the response from a U2F (universal 2nd factor) device - def authenticate_with_two_factor_via_u2f(user) - if U2fRegistration.authenticate(user, u2f_app_id, user_params[:device_response], session[:challenge]) - handle_two_factor_success(user) - else - handle_two_factor_failure(user, 'U2F', _('Authentication via U2F device failed.')) - end - end - def authenticate_with_two_factor_via_webauthn(user) if Webauthn::AuthenticateService.new(user, user_params[:device_response], session[:challenge]).execute handle_two_factor_success(user) @@ -133,11 +114,11 @@ module AuthenticatesWithTwoFactor webauthn_registration_ids = user.webauthn_registrations.pluck(:credential_xid) - get_options = WebAuthn::Credential.options_for_get(allow: webauthn_registration_ids, - user_verification: 'discouraged', - extensions: { appid: WebAuthn.configuration.origin }) - - session[:credentialRequestOptions] = get_options + get_options = WebAuthn::Credential.options_for_get( + allow: webauthn_registration_ids, + user_verification: 'discouraged', + extensions: { appid: WebAuthn.configuration.origin } + ) session[:challenge] = get_options.challenge gon.push(webauthn: { options: Gitlab::Json.dump(get_options) }) end diff --git a/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb b/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb index 574fc6c0f37..045ccf1e5b8 100644 --- a/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb +++ b/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb @@ -11,13 +11,7 @@ module AuthenticatesWithTwoFactorForAdminMode return handle_locked_user(user) unless user.can?(:log_in) session[:otp_user_id] = user.id - push_frontend_feature_flag(:webauthn) - - if user.two_factor_webauthn_enabled? - setup_webauthn_authentication(user) - else - setup_u2f_authentication(user) - end + setup_webauthn_authentication(user) render 'admin/sessions/two_factor', layout: 'application' end @@ -30,11 +24,7 @@ module AuthenticatesWithTwoFactorForAdminMode if user_params[:otp_attempt].present? && session[:otp_user_id] admin_mode_authenticate_with_two_factor_via_otp(user) elsif user_params[:device_response].present? && session[:otp_user_id] - if user.two_factor_webauthn_enabled? - admin_mode_authenticate_with_two_factor_via_webauthn(user) - else - admin_mode_authenticate_with_two_factor_via_u2f(user) - end + admin_mode_authenticate_with_two_factor_via_webauthn(user) elsif user && user.valid_password?(user_params[:password]) admin_mode_prompt_for_two_factor(user) else @@ -56,14 +46,6 @@ module AuthenticatesWithTwoFactorForAdminMode end end - def admin_mode_authenticate_with_two_factor_via_u2f(user) - if U2fRegistration.authenticate(user, u2f_app_id, user_params[:device_response], session[:challenge]) - admin_handle_two_factor_success - else - admin_handle_two_factor_failure(user, 'U2F', _('Authentication via U2F device failed.')) - end - end - def admin_mode_authenticate_with_two_factor_via_webauthn(user) if Webauthn::AuthenticateService.new(user, user_params[:device_response], session[:challenge]).execute admin_handle_two_factor_success diff --git a/app/controllers/concerns/confirm_email_warning.rb b/app/controllers/concerns/confirm_email_warning.rb index ec5140bf223..8b7371cbc17 100644 --- a/app/controllers/concerns/confirm_email_warning.rb +++ b/app/controllers/concerns/confirm_email_warning.rb @@ -10,7 +10,7 @@ module ConfirmEmailWarning protected def show_confirm_warning? - html_request? && request.get? && Feature.enabled?(:soft_email_confirmation) + html_request? && request.get? && Gitlab::CurrentSettings.email_confirmation_setting_soft? end def set_confirm_warning diff --git a/app/controllers/concerns/cycle_analytics_params.rb b/app/controllers/concerns/cycle_analytics_params.rb index 5199d879595..8aac3874499 100644 --- a/app/controllers/concerns/cycle_analytics_params.rb +++ b/app/controllers/concerns/cycle_analytics_params.rb @@ -19,7 +19,6 @@ module CycleAnalyticsParams @options ||= {}.tap do |opts| opts[:current_user] = current_user opts[:projects] = params[:project_ids] if params[:project_ids] - opts[:group] = params[:group_id] if params[:group_id] opts[:from] = params[:from] || start_date(params) opts[:to] = params[:to] if params[:to] opts[:end_event_filter] = params[:end_event_filter] if params[:end_event_filter] @@ -78,5 +77,3 @@ module CycleAnalyticsParams end end end - -CycleAnalyticsParams.prepend_mod_with('CycleAnalyticsParams') diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb index cdef1a45a27..8068913eea2 100644 --- a/app/controllers/concerns/enforces_two_factor_authentication.rb +++ b/app/controllers/concerns/enforces_two_factor_authentication.rb @@ -27,7 +27,8 @@ module EnforcesTwoFactorAuthentication render_error( format( _("Authentication error: enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}"), - mfa_help_page: mfa_help_page_url), + mfa_help_page: mfa_help_page_url + ), status: :unauthorized ) else diff --git a/app/controllers/concerns/integrations/params.rb b/app/controllers/concerns/integrations/params.rb index 4d181ded071..7e1ba49d442 100644 --- a/app/controllers/concerns/integrations/params.rb +++ b/app/controllers/concerns/integrations/params.rb @@ -8,6 +8,7 @@ module Integrations :app_store_issuer_id, :app_store_key_id, :app_store_private_key, + :app_store_private_key_file_name, :active, :alert_events, :api_key, @@ -72,6 +73,8 @@ module Integrations :server, :server_host, :server_port, + :service_account_key, + :service_account_key_file_name, :sound, :subdomain, :teamcity_url, diff --git a/app/controllers/concerns/invisible_captcha_on_signup.rb b/app/controllers/concerns/invisible_captcha_on_signup.rb index b78869e02d0..a704ff251b3 100644 --- a/app/controllers/concerns/invisible_captcha_on_signup.rb +++ b/app/controllers/concerns/invisible_captcha_on_signup.rb @@ -26,15 +26,17 @@ module InvisibleCaptchaOnSignup end def invisible_captcha_honeypot_counter - @invisible_captcha_honeypot_counter ||= - Gitlab::Metrics.counter(:bot_blocked_by_invisible_captcha_honeypot, - 'Counter of blocked sign up attempts with filled honeypot') + @invisible_captcha_honeypot_counter ||= Gitlab::Metrics.counter( + :bot_blocked_by_invisible_captcha_honeypot, + 'Counter of blocked sign up attempts with filled honeypot' + ) end def invisible_captcha_timestamp_counter - @invisible_captcha_timestamp_counter ||= - Gitlab::Metrics.counter(:bot_blocked_by_invisible_captcha_timestamp, - 'Counter of blocked sign up attempts with invalid timestamp') + @invisible_captcha_timestamp_counter ||= Gitlab::Metrics.counter( + :bot_blocked_by_invisible_captcha_timestamp, + 'Counter of blocked sign up attempts with invalid timestamp' + ) end def log_request(message) diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb index e1381b4173f..d364daf93c3 100644 --- a/app/controllers/concerns/issuable_actions.rb +++ b/app/controllers/concerns/issuable_actions.rb @@ -151,9 +151,7 @@ module IssuableActions end case issuable - when MergeRequest - render_mr_discussions(discussion_notes, discussion_serializer, discussion_cache_context) - when Issue + when MergeRequest, Issue if stale?(etag: [discussion_cache_context, discussion_notes]) render json: discussion_serializer.represent(discussion_notes, context: self) end @@ -164,23 +162,6 @@ module IssuableActions private - def render_mr_discussions(discussions, serializer, cache_context) - return unless stale?(etag: [cache_context, discussions]) - - if Feature.enabled?(:disabled_mr_discussions_redis_cache, project) - render json: serializer.represent(discussions, context: self) - else - render_cached_discussions(discussions, serializer, cache_context) - end - end - - def render_cached_discussions(discussions, serializer, cache_context) - render_cached(discussions, - with: serializer, - cache_context: ->(_) { cache_context }, - context: self) - end - def notes_filter strong_memoize(:notes_filter) do notes_filter_param = params[:notes_filter]&.to_i diff --git a/app/controllers/concerns/kas_cookie.rb b/app/controllers/concerns/kas_cookie.rb new file mode 100644 index 00000000000..ef58ab1972b --- /dev/null +++ b/app/controllers/concerns/kas_cookie.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +module KasCookie + extend ActiveSupport::Concern + + def set_kas_cookie + return unless ::Gitlab::Kas::UserAccess.enabled? + + public_session_id = Gitlab::Session.current&.id&.public_id + return unless public_session_id + + cookie_data = ::Gitlab::Kas::UserAccess.cookie_data(public_session_id) + + cookies[::Gitlab::Kas::COOKIE_KEY] = cookie_data + end +end diff --git a/app/controllers/concerns/known_sign_in.rb b/app/controllers/concerns/known_sign_in.rb index cacc7e4628f..997f26fa959 100644 --- a/app/controllers/concerns/known_sign_in.rb +++ b/app/controllers/concerns/known_sign_in.rb @@ -26,8 +26,13 @@ module KnownSignIn end def update_cookie - set_secure_cookie(KNOWN_SIGN_IN_COOKIE, current_user.id, - type: COOKIE_TYPE_ENCRYPTED, httponly: true, expires: KNOWN_SIGN_IN_COOKIE_EXPIRY) + set_secure_cookie( + KNOWN_SIGN_IN_COOKIE, + current_user.id, + type: COOKIE_TYPE_ENCRYPTED, + httponly: true, + expires: KNOWN_SIGN_IN_COOKIE_EXPIRY + ) end def sessions diff --git a/app/controllers/concerns/membership_actions.rb b/app/controllers/concerns/membership_actions.rb index 773e4c15d6e..da2ed9d62e7 100644 --- a/app/controllers/concerns/membership_actions.rb +++ b/app/controllers/concerns/membership_actions.rb @@ -63,10 +63,10 @@ module MembershipActions if access_requester.persisted? redirect_to polymorphic_path(membershipable), - notice: _('Your request for access has been queued for review.') + notice: _('Your request for access has been queued for review.') else redirect_to polymorphic_path(membershipable), - alert: format(_("Your request for access could not be processed: %{error_message}"), error_message: access_requester.errors.full_messages.to_sentence) + alert: format(_("Your request for access could not be processed: %{error_message}"), error_message: access_requester.errors.full_messages.to_sentence) end end diff --git a/app/controllers/concerns/notes_actions.rb b/app/controllers/concerns/notes_actions.rb index 512dbf0de5d..06b9c901e4a 100644 --- a/app/controllers/concerns/notes_actions.rb +++ b/app/controllers/concerns/notes_actions.rb @@ -45,7 +45,8 @@ module NotesActions respond_to do |format| format.json do json = { - commands_changes: @note.commands_changes&.slice(:emoji_award, :time_estimate, :spend_time) + commands_changes: @note.commands_changes&.slice(:emoji_award, :time_estimate, :spend_time), + command_names: @note.command_names } if @note.persisted? && return_discussion? diff --git a/app/controllers/concerns/observability/content_security_policy.rb b/app/controllers/concerns/observability/content_security_policy.rb index 3865e3b606d..1e25dc492a0 100644 --- a/app/controllers/concerns/observability/content_security_policy.rb +++ b/app/controllers/concerns/observability/content_security_policy.rb @@ -12,17 +12,17 @@ module Observability defined?(project) ? project&.group : nil end - next if p.directives.blank? || !Gitlab::Observability.observability_enabled?(current_user, current_group) + next if p.directives.blank? || !Feature.enabled?(:observability_group_tab, current_group) default_frame_src = p.directives['frame-src'] || p.directives['default-src'] # When ObservabilityUI is not authenticated, it needs to be able # to redirect to the GL sign-in page, hence '/users/sign_in' and '/oauth/authorize' - frame_src_values = Array.wrap(default_frame_src) | [Gitlab::Observability.observability_url, - Gitlab::Utils.append_path(Gitlab.config.gitlab.url, -'/users/sign_in'), - Gitlab::Utils.append_path(Gitlab.config.gitlab.url, -'/oauth/authorize')] + frame_src_values = Array.wrap(default_frame_src) | [ + Gitlab::Observability.observability_url, + Gitlab::Utils.append_path(Gitlab.config.gitlab.url, '/users/sign_in'), + Gitlab::Utils.append_path(Gitlab.config.gitlab.url, '/oauth/authorize') + ] p.frame_src(*frame_src_values) end diff --git a/app/controllers/concerns/product_analytics_tracking.rb b/app/controllers/concerns/product_analytics_tracking.rb index 5696e441ad0..5ed2b2a82eb 100644 --- a/app/controllers/concerns/product_analytics_tracking.rb +++ b/app/controllers/concerns/product_analytics_tracking.rb @@ -5,48 +5,48 @@ module ProductAnalyticsTracking include RedisTracking extend ActiveSupport::Concern - MIGRATED_EVENTS = ['g_analytics_valuestream'].freeze + MIGRATED_EVENTS = %w[ + g_analytics_valuestream + i_search_paid + i_search_total + i_search_advanced + i_ecosystem_jira_service_list_issues + users_viewing_analytics_group_devops_adoption + i_analytics_dev_ops_adoption + i_analytics_dev_ops_score + p_analytics_merge_request + i_analytics_instance_statistics + g_analytics_contribution + p_analytics_pipelines + p_analytics_code_reviews + p_analytics_valuestream + p_analytics_insights + p_analytics_issues + p_analytics_repo + g_analytics_insights + g_analytics_issues + g_analytics_productivity + i_analytics_cohorts + ].freeze class_methods do - # TODO: Remove once all the events are migrated to #track_custom_event - # during https://gitlab.com/groups/gitlab-org/-/epics/8641 - def track_event(*controller_actions, name:, conditions: nil, destinations: [:redis_hll], &block) + def track_event(*controller_actions, name:, action: nil, label: nil, conditions: nil, destinations: [:redis_hll], &block) custom_conditions = [:trackable_html_request?, *conditions] after_action only: controller_actions, if: custom_conditions do - route_events_to(destinations, name, &block) - end - end - - def track_custom_event(*controller_actions, name:, action:, label:, conditions: nil, destinations: [:redis_hll], &block) - custom_conditions = [:trackable_html_request?, *conditions] - - after_action only: controller_actions, if: custom_conditions do - route_custom_events_to(destinations, name, action, label, &block) + route_events_to(destinations, name, action, label, &block) end end end private - def route_events_to(destinations, name, &block) - track_unique_redis_hll_event(name, &block) if destinations.include?(:redis_hll) - - return unless destinations.include?(:snowplow) && event_enabled?(name) - - Gitlab::Tracking.event( - self.class.to_s, - name, - namespace: tracking_namespace_source, - user: current_user, - context: [Gitlab::Tracking::ServicePingContext.new(data_source: :redis_hll, event: name).to_context] - ) - end - - def route_custom_events_to(destinations, name, action, label, &block) + def route_events_to(destinations, name, action, label, &block) track_unique_redis_hll_event(name, &block) if destinations.include?(:redis_hll) return unless destinations.include?(:snowplow) && event_enabled?(name) + raise "action is required when destination is snowplow" unless action + raise "label is required when destination is snowplow" unless label optional_arguments = { namespace: tracking_namespace_source, @@ -68,28 +68,11 @@ module ProductAnalyticsTracking return true if MIGRATED_EVENTS.include?(event) events_to_ff = { - i_search_paid: :_phase2, - i_search_total: :_phase2, - i_search_advanced: :_phase2, - i_ecosystem_jira_service_list_issues: :_phase2, - users_viewing_analytics_group_devops_adoption: :_phase2, - i_analytics_dev_ops_adoption: :_phase2, - i_analytics_dev_ops_score: :_phase2, - p_analytics_merge_request: :_phase2, - i_analytics_instance_statistics: :_phase2, - g_analytics_contribution: :_phase2, - p_analytics_pipelines: :_phase2, - p_analytics_code_reviews: :_phase2, - p_analytics_valuestream: :_phase2, - p_analytics_insights: :_phase2, - p_analytics_issues: :_phase2, - p_analytics_repo: :_phase2, - g_analytics_insights: :_phase2, - g_analytics_issues: :_phase2, - g_analytics_productivity: :_phase2, - i_analytics_cohorts: :_phase2, - - g_compliance_dashboard: :_phase4 + g_edit_by_sfe: :_phase4, + g_compliance_dashboard: :_phase4, + g_compliance_audit_events: :_phase4, + i_compliance_audit_events: :_phase4, + i_compliance_credential_inventory: :_phase4 } Feature.enabled?("route_hll_to_snowplow#{events_to_ff[event.to_sym]}", tracking_namespace_source) diff --git a/app/controllers/concerns/registrations_tracking.rb b/app/controllers/concerns/registrations_tracking.rb index 14743349c1a..6c83c57d9dd 100644 --- a/app/controllers/concerns/registrations_tracking.rb +++ b/app/controllers/concerns/registrations_tracking.rb @@ -13,3 +13,5 @@ module RegistrationsTracking params.permit(:glm_source, :glm_content) end end + +RegistrationsTracking.prepend_mod diff --git a/app/controllers/concerns/renders_notes.rb b/app/controllers/concerns/renders_notes.rb index f8e3717acee..889d3f0a9d2 100644 --- a/app/controllers/concerns/renders_notes.rb +++ b/app/controllers/concerns/renders_notes.rb @@ -24,13 +24,13 @@ module RendersNotes # rubocop: disable CodeReuse/ActiveRecord def preload_noteable_for_regular_notes(notes) - ActiveRecord::Associations::Preloader.new.preload(notes.reject(&:for_commit?), :noteable) + ActiveRecord::Associations::Preloader.new(records: notes.reject(&:for_commit?), associations: :noteable).call end # rubocop: enable CodeReuse/ActiveRecord # rubocop: disable CodeReuse/ActiveRecord def preload_author_status(notes) - ActiveRecord::Associations::Preloader.new.preload(notes, { author: :status }) + ActiveRecord::Associations::Preloader.new(records: notes, associations: { author: :status }).call end # rubocop: enable CodeReuse/ActiveRecord end diff --git a/app/controllers/concerns/renders_projects_list.rb b/app/controllers/concerns/renders_projects_list.rb index 05bd9972ee7..739b2be3fe9 100644 --- a/app/controllers/concerns/renders_projects_list.rb +++ b/app/controllers/concerns/renders_projects_list.rb @@ -8,6 +8,7 @@ module RendersProjectsList # once when the entities are rendered projects.each(&:forks_count) projects.each(&:open_issues_count) + projects.each(&:open_merge_requests_count) projects end diff --git a/app/controllers/concerns/sorting_preference.rb b/app/controllers/concerns/sorting_preference.rb index 300c1d6d779..3dc1780d6fe 100644 --- a/app/controllers/concerns/sorting_preference.rb +++ b/app/controllers/concerns/sorting_preference.rb @@ -90,6 +90,10 @@ module SortingPreference return false unless sort_order return can_sort_by_issue_weight?(action_name == 'issues') if sort_order.include?('weight') + if sort_order.include?('merged_at') + return can_sort_by_merged_date?(controller_name == 'merge_requests' || action_name == 'merge_requests') + end + true end end diff --git a/app/controllers/concerns/uploads_actions.rb b/app/controllers/concerns/uploads_actions.rb index 308da018a42..e53d0bc65a0 100644 --- a/app/controllers/concerns/uploads_actions.rb +++ b/app/controllers/concerns/uploads_actions.rb @@ -9,7 +9,6 @@ module UploadsActions included do prepend_before_action :set_request_format_from_path_extension - skip_before_action :default_cache_headers, only: :show rescue_from FileUploader::InvalidSecret, with: :render_404 end diff --git a/app/controllers/concerns/wiki_actions.rb b/app/controllers/concerns/wiki_actions.rb index 2b781c528ad..ebcce635945 100644 --- a/app/controllers/concerns/wiki_actions.rb +++ b/app/controllers/concerns/wiki_actions.rb @@ -11,6 +11,15 @@ module WikiActions RESCUE_GIT_TIMEOUTS_IN = %w[show edit history diff pages].freeze included do + content_security_policy do |p| + next if p.directives.blank? + + default_frame_src = p.directives['frame-src'] || p.directives['default-src'] + frame_src_values = Array.wrap(default_frame_src) | ['https://embed.diagrams.net'].compact + + p.frame_src(*frame_src_values) + end + before_action { respond_to :html } before_action :authorize_read_wiki! @@ -37,9 +46,7 @@ module WikiActions end end - # NOTE: We want to include wiki page views in the same counter as the other - # Event-based wiki actions tracked through TrackUniqueEvents, so we use the same event name. - track_redis_hll_event :show, name: Gitlab::UsageDataCounters::TrackUniqueEvents::WIKI_ACTION.to_s + track_redis_hll_event :show, name: 'wiki_action' helper_method :view_file_button, :diff_file_html_data @@ -142,8 +149,7 @@ module WikiActions # rubocop:disable Gitlab/ModuleWithInstanceVariables def history if page - @commits = Kaminari.paginate_array(page.versions(page: params[:page].to_i), - total_count: page.count_versions) + @commits = Kaminari.paginate_array(page.versions(page: params[:page].to_i), total_count: page.count_versions) .page(params[:page]) render 'shared/wikis/history' @@ -178,8 +184,7 @@ module WikiActions if response.success? flash[:toast] = _("Wiki page was successfully deleted.") - redirect_to wiki_path(wiki), - status: :found + redirect_to wiki_path(wiki), status: :found else @error = response.message render 'shared/wikis/edit' |