Add latest changes from gitlab-org/gitlab@14-10-stable-eev14.10.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-04-20 10:00:54 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-04-20 10:00:54 +0000
commit: 3cccd102ba543e02725d247893729e5c73b38295 (patch)
tree: f36a04ec38517f5deaaacb5acc7d949688d1e187 /app/controllers/concerns
parent: 205943281328046ef7b4528031b90fbda70c75ac (diff)
download: gitlab-ce-3cccd102ba543e02725d247893729e5c73b38295.tar.gz
4 files changed, 38 insertions, 17 deletions
diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb
index c67e73d4e78..b1b6e21644e 100644
--- a/app/controllers/concerns/enforces_two_factor_authentication.rb
+++ b/app/controllers/concerns/enforces_two_factor_authentication.rb
@@ -10,6 +10,11 @@
 module EnforcesTwoFactorAuthentication
   extend ActiveSupport::Concern
 
+  MFA_HELP_PAGE = Rails.application.routes.url_helpers.help_page_url(
+    'user/profile/account/two_factor_authentication.html',
+    anchor: 'enable-two-factor-authentication'
+  )
+
   included do
     before_action :check_two_factor_requirement, except: [:route_not_found]
 
@@ -24,7 +29,16 @@ module EnforcesTwoFactorAuthentication
     return unless respond_to?(:current_user)
 
     if two_factor_authentication_required? && current_user_requires_two_factor?
-      redirect_to profile_two_factor_auth_path
+      case self
+      when GraphqlController
+        render_error(
+          _("Authentication error: enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}") %
+          { mfa_help_page: MFA_HELP_PAGE },
+          status: :unauthorized
+        )
+      else
+        redirect_to profile_two_factor_auth_path
+      end
     end
   end
 
diff --git a/app/controllers/concerns/integrations/params.rb b/app/controllers/concerns/integrations/params.rb
index 80acb369cb2..d256b331174 100644
--- a/app/controllers/concerns/integrations/params.rb
+++ b/app/controllers/concerns/integrations/params.rb
@@ -89,7 +89,7 @@ module Integrations
       param_values = return_value[:integration]
 
       if param_values.is_a?(ActionController::Parameters)
-        integration.password_fields.each do |param|
+        integration.secret_fields.each do |param|
           param_values.delete(param) if param_values[param].blank?
         end
       end
diff --git a/app/controllers/concerns/sessionless_authentication.rb b/app/controllers/concerns/sessionless_authentication.rb
index 48daacc09c2..7ec9be6baaf 100644
--- a/app/controllers/concerns/sessionless_authentication.rb
+++ b/app/controllers/concerns/sessionless_authentication.rb
@@ -20,16 +20,21 @@ module SessionlessAuthentication
   end
 
   def sessionless_sign_in(user)
-    if user.can_log_in_with_non_expired_password?
-      # Notice we are passing store false, so the user is not
-      # actually stored in the session and a token is needed
-      # for every request. If you want the token to work as a
-      # sign in token, you can simply remove store: false.
-      sign_in(user, store: false, message: :sessionless_sign_in)
-    elsif request_authenticator.can_sign_in_bot?(user)
-      # we suppress callbacks to avoid redirecting the bot
-      sign_in(user, store: false, message: :sessionless_sign_in, run_callbacks: false)
-    end
+    signed_in_user =
+      if user.can_log_in_with_non_expired_password?
+        # Notice we are passing store false, so the user is not
+        # actually stored in the session and a token is needed
+        # for every request. If you want the token to work as a
+        # sign in token, you can simply remove store: false.
+        sign_in(user, store: false, message: :sessionless_sign_in)
+      elsif request_authenticator.can_sign_in_bot?(user)
+        # we suppress callbacks to avoid redirecting the bot
+        sign_in(user, store: false, message: :sessionless_sign_in, run_callbacks: false)
+      end
+
+    reset_auth_user! if respond_to?(:reset_auth_user!, true)
+
+    signed_in_user
   end
 
   def sessionless_bypass_admin_mode!(&block)
diff --git a/app/controllers/concerns/wiki_actions.rb b/app/controllers/concerns/wiki_actions.rb
index 714a6f280f3..91de1d8aeae 100644
--- a/app/controllers/concerns/wiki_actions.rb
+++ b/app/controllers/concerns/wiki_actions.rb
@@ -21,10 +21,6 @@ module WikiActions
     before_action :load_sidebar, except: [:pages]
     before_action :set_content_class
 
-    before_action do
-      push_frontend_feature_flag(:wiki_switch_between_content_editor_raw_markdown, @group, default_enabled: :yaml)
-    end
-
     before_action only: [:show, :edit, :update] do
       @valid_encoding = valid_encoding?
     end
@@ -223,7 +219,7 @@ module WikiActions
 
   def page
     strong_memoize(:page) do
-      wiki.find_page(*page_params)
+      wiki.find_page(*page_params, load_content: load_content?)
     end
   end
 
@@ -310,6 +306,12 @@ module WikiActions
   def send_wiki_file_blob(wiki, file_blob)
     send_blob(wiki.repository, file_blob)
   end
+
+  def load_content?
+    return false if %w[history destroy diff show].include?(params[:action])
+
+    true
+  end
 end
 
 WikiActions.prepend_mod
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-04-20 10:00:54 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-04-20 10:00:54 +0000
commit	3cccd102ba543e02725d247893729e5c73b38295 (patch)
tree	f36a04ec38517f5deaaacb5acc7d949688d1e187 /app/controllers/concerns
parent	205943281328046ef7b4528031b90fbda70c75ac (diff)
download	gitlab-ce-3cccd102ba543e02725d247893729e5c73b38295.tar.gz