Add latest changes from gitlab-org/gitlab@15-9-stable-eev15.9.0-rc42

7 files changed, 60 insertions, 9 deletions

diff --git a/app/controllers/profiles/avatars_controller.rb b/app/controllers/profiles/avatars_controller.rb
index 55a2904ce83..829a87b7d0a 100644
--- a/app/controllers/profiles/avatars_controller.rb
+++ b/app/controllers/profiles/avatars_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Profiles::AvatarsController < Profiles::ApplicationController
-  feature_category :users
+  feature_category :user_profile
 
   def destroy
     @user = current_user
diff --git a/app/controllers/profiles/emails_controller.rb b/app/controllers/profiles/emails_controller.rb
index 7e332d9a498..c88616b6d6c 100644
--- a/app/controllers/profiles/emails_controller.rb
+++ b/app/controllers/profiles/emails_controller.rb
@@ -7,7 +7,7 @@ class Profiles::EmailsController < Profiles::ApplicationController
   before_action -> { check_rate_limit!(:profile_resend_email_confirmation, scope: current_user, redirect_back: true) },
                 only: [:resend_confirmation_instructions]
 
-  feature_category :users
+  feature_category :user_profile
   urgency :low, [:index]
 
   def index
diff --git a/app/controllers/profiles/groups_controller.rb b/app/controllers/profiles/groups_controller.rb
index 5962b10c44b..fdd76a7f7be 100644
--- a/app/controllers/profiles/groups_controller.rb
+++ b/app/controllers/profiles/groups_controller.rb
@@ -3,7 +3,7 @@
 class Profiles::GroupsController < Profiles::ApplicationController
   include RoutableActions
 
-  feature_category :users
+  feature_category :user_profile
 
   def update
     group = find_routable!(Group, params[:id], request.fullpath)
diff --git a/app/controllers/profiles/keys_controller.rb b/app/controllers/profiles/keys_controller.rb
index 39e8f6c500d..31c758ac763 100644
--- a/app/controllers/profiles/keys_controller.rb
+++ b/app/controllers/profiles/keys_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Profiles::KeysController < Profiles::ApplicationController
-  feature_category :users
+  feature_category :user_profile
   urgency :low, [:create, :index]
 
   def index
@@ -34,6 +34,16 @@ class Profiles::KeysController < Profiles::ApplicationController
     end
   end
 
+  def revoke
+    @key = current_user.keys.find(params[:id])
+    Keys::RevokeService.new(current_user).execute(@key)
+
+    respond_to do |format|
+      format.html { redirect_to profile_keys_url, status: :found }
+      format.js { head :ok }
+    end
+  end
+
   private
 
   def key_params
diff --git a/app/controllers/profiles/preferences_controller.rb b/app/controllers/profiles/preferences_controller.rb
index 974e7104c07..7786bad4251 100644
--- a/app/controllers/profiles/preferences_controller.rb
+++ b/app/controllers/profiles/preferences_controller.rb
@@ -3,7 +3,7 @@
 class Profiles::PreferencesController < Profiles::ApplicationController
   before_action :user
 
-  feature_category :users
+  feature_category :user_profile
 
   urgency :low, [:show]
   urgency :medium, [:update]
diff --git a/app/controllers/profiles/saved_replies_controller.rb b/app/controllers/profiles/saved_replies_controller.rb
new file mode 100644
index 00000000000..5ac5d645efb
--- /dev/null
+++ b/app/controllers/profiles/saved_replies_controller.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Profiles
+  class SavedRepliesController < Profiles::ApplicationController
+    feature_category :user_profile
+
+    before_action do
+      render_404 unless Feature.enabled?(:saved_replies, current_user)
+
+      @hide_search_settings = true
+    end
+  end
+end
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index c36f03d3e69..aded295bfab 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -3,7 +3,7 @@
 class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
   skip_before_action :check_two_factor_requirement
   before_action :ensure_verified_primary_email, only: [:show, :create]
-  before_action :validate_current_password, only: [:create, :codes, :destroy], if: :current_password_required?
+  before_action :validate_current_password, only: [:create, :codes, :destroy, :create_webauthn], if: :current_password_required?
   before_action :update_current_user_otp!, only: [:show]
 
   helper_method :current_password_required?
@@ -21,8 +21,13 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
   def create
     otp_validation_result =
       ::Users::ValidateManualOtpService.new(current_user).execute(params[:pin_code])
+    validated = (otp_validation_result[:status] == :success)
 
-    if otp_validation_result[:status] == :success
+    if validated && current_user.otp_backup_codes? && Feature.enabled?(:webauthn_without_totp)
+      ActiveSession.destroy_all_but_current(current_user, session)
+      Users::UpdateService.new(current_user, user: current_user, otp_required_for_login: true).execute!
+      redirect_to profile_two_factor_auth_path, notice: _("Your Time-based OTP device was registered!")
+    elsif validated
       ActiveSession.destroy_all_but_current(current_user, session)
 
       Users::UpdateService.new(current_user, user: current_user, otp_required_for_login: true).execute! do |user|
@@ -64,10 +69,27 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
 
   def create_webauthn
     @webauthn_registration = Webauthn::RegisterService.new(current_user, device_registration_params, session[:challenge]).execute
+
+    notice = _("Your WebAuthn device was registered!")
     if @webauthn_registration.persisted?
       session.delete(:challenge)
 
-      redirect_to profile_two_factor_auth_path, notice: s_("Your WebAuthn device was registered!")
+      if Feature.enabled?(:webauthn_without_totp)
+
+        if current_user.otp_backup_codes?
+          redirect_to profile_two_factor_auth_path, notice: notice
+        else
+
+          Users::UpdateService.new(current_user, user: current_user).execute! do |user|
+            @codes = current_user.generate_otp_backup_codes!
+          end
+          helpers.dismiss_two_factor_auth_recovery_settings_check
+          flash[:notice] = notice
+          render 'create'
+        end
+      else
+        redirect_to profile_two_factor_auth_path, notice: notice
+      end
     else
       @qr_code = build_qr_code
 
@@ -119,11 +141,17 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
   end
 
   def validate_current_password
+    return if Feature.disabled?(:webauthn_without_totp) && params[:action] == 'create_webauthn'
     return if current_user.valid_password?(params[:current_password])
 
     current_user.increment_failed_attempts!
 
-    @error = { message: _('You must provide a valid current password') }
+    error_message = { message: _('You must provide a valid current password.') }
+    if params[:action] == 'create_webauthn'
+      @webauthn_error = error_message
+    else
+      @error = error_message
+    end
 
     setup_show_page