fixed conflict

7 files changed, 44 insertions, 25 deletions

diff --git a/app/controllers/admin/projects_controller.rb b/app/controllers/admin/projects_controller.rb
index f616ccf5684..da5f5bb83fa 100644
--- a/app/controllers/admin/projects_controller.rb
+++ b/app/controllers/admin/projects_controller.rb
@@ -23,7 +23,8 @@ class Admin::ProjectsController < Admin::ApplicationController
   end
 
   def transfer
-    ::Projects::TransferService.new(@project, current_user, params.dup).execute
+    namespace = Namespace.find_by(id: params[:new_namespace_id])
+    ::Projects::TransferService.new(@project, current_user, params.dup).execute(namespace)
 
     @project.reload
     redirect_to admin_namespace_project_path(@project.namespace, @project)
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 7a683098df3..770fe00af51 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -55,6 +55,12 @@ class Admin::UsersController < Admin::ApplicationController
     end
   end
 
+  def disable_two_factor
+    user.disable_two_factor!
+    redirect_to admin_user_path(user),
+      notice: 'Two-factor Authentication has been disabled for this user'
+  end
+
   def create
     opts = {
       force_random_password: true,
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 8a9d0ce6ff4..362b03e0d5e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -183,7 +183,10 @@ class ApplicationController < ActionController::Base
     headers['X-XSS-Protection'] = '1; mode=block'
     headers['X-UA-Compatible'] = 'IE=edge'
     headers['X-Content-Type-Options'] = 'nosniff'
-    headers['Strict-Transport-Security'] = 'max-age=31536000' if Gitlab.config.gitlab.https
+    # Enabling HSTS for non-standard ports would send clients to the wrong port
+    if Gitlab.config.gitlab.https and Gitlab.config.gitlab.port == 443
+      headers['Strict-Transport-Security'] = 'max-age=31536000'
+    end
   end
 
   def add_gon_variables
diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
index 11af9895261..52e9c58b47c 100644
--- a/app/controllers/autocomplete_controller.rb
+++ b/app/controllers/autocomplete_controller.rb
@@ -1,22 +1,35 @@
 class AutocompleteController < ApplicationController
+  skip_before_action :authenticate_user!, only: [:users]
+
   def users
-    @users =
-      if params[:project_id].present?
-        project = Project.find(params[:project_id])
+    begin
+      @users =
+        if params[:project_id].present?
+          project = Project.find(params[:project_id])
 
-        if can?(current_user, :read_project, project)
-          project.team.users
-        end
-      elsif params[:group_id]
-        group = Group.find(params[:group_id])
+          if can?(current_user, :read_project, project)
+            project.team.users
+          end
+        elsif params[:group_id]
+          group = Group.find(params[:group_id])
 
-        if can?(current_user, :read_group, group)
-          group.users
+          if can?(current_user, :read_group, group)
+            group.users
+          end
+        elsif current_user
+          User.all
         end
-      else
-        User.all
+    rescue ActiveRecord::RecordNotFound
+      if current_user
+        return render json: {}, status: 404
       end
+    end
+
+    if @users.nil? && current_user.nil?
+      authenticate_user!
+    end
 
+    @users ||= User.none
     @users = @users.search(params[:search]) if params[:search].present?
     @users = @users.active
     @users = @users.page(params[:page]).per(PER_PAGE)
diff --git a/app/controllers/profiles/preferences_controller.rb b/app/controllers/profiles/preferences_controller.rb
index 538b09ca54d..f83b4abd1e2 100644
--- a/app/controllers/profiles/preferences_controller.rb
+++ b/app/controllers/profiles/preferences_controller.rb
@@ -32,6 +32,7 @@ class Profiles::PreferencesController < Profiles::ApplicationController
     params.require(:user).permit(
       :color_scheme_id,
       :dashboard,
+      :project_view,
       :theme_id
     )
   end
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index 03845f1e1ec..f9af0871cf1 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -29,13 +29,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
   end
 
   def destroy
-    current_user.update_attributes({
-      two_factor_enabled:        false,
-      encrypted_otp_secret:      nil,
-      encrypted_otp_secret_iv:   nil,
-      encrypted_otp_secret_salt: nil,
-      otp_backup_codes:          nil
-    })
+    current_user.disable_two_factor!
 
     redirect_to profile_account_path
   end
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 5474f9e97a6..b191819a117 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -52,10 +52,11 @@ class ProjectsController < ApplicationController
   end
 
   def transfer
-    transfer_params = params.permit(:new_namespace_id)
-    ::Projects::TransferService.new(project, current_user, transfer_params).execute
-    if @project.errors[:namespace_id].present?
-      flash[:alert] = @project.errors[:namespace_id].first
+    namespace = Namespace.find_by(id: params[:new_namespace_id])
+    ::Projects::TransferService.new(project, current_user).execute(namespace)
+
+    if @project.errors[:new_namespace].present?
+      flash[:alert] = @project.errors[:new_namespace].first
     end
   end