summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-12-20 13:37:47 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-12-20 13:37:47 +0000
commitaee0a117a889461ce8ced6fcf73207fe017f1d99 (patch)
tree891d9ef189227a8445d83f35c1b0fc99573f4380 /app/controllers
parent8d46af3258650d305f53b819eabf7ab18d22f59e (diff)
downloadgitlab-ce-aee0a117a889461ce8ced6fcf73207fe017f1d99.tar.gz
Add latest changes from gitlab-org/gitlab@14-6-stable-eev14.6.0-rc42
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/admin/plan_limits_controller.rb1
-rw-r--r--app/controllers/admin/version_check_controller.rb12
-rw-r--r--app/controllers/application_controller.rb18
-rw-r--r--app/controllers/autocomplete_controller.rb2
-rw-r--r--app/controllers/clusters/clusters_controller.rb8
-rw-r--r--app/controllers/concerns/authenticates_with_two_factor.rb4
-rw-r--r--app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb2
-rw-r--r--app/controllers/concerns/check_rate_limit.rb22
-rw-r--r--app/controllers/concerns/cycle_analytics_params.rb1
-rw-r--r--app/controllers/concerns/dependency_proxy/group_access.rb4
-rw-r--r--app/controllers/concerns/integrations/actions.rb2
-rw-r--r--app/controllers/concerns/integrations/hooks_execution.rb12
-rw-r--r--app/controllers/concerns/issuable_actions.rb1
-rw-r--r--app/controllers/concerns/membership_actions.rb1
-rw-r--r--app/controllers/concerns/notes_actions.rb9
-rw-r--r--app/controllers/concerns/one_trust_csp.rb4
-rw-r--r--app/controllers/concerns/preview_markdown.rb2
-rw-r--r--app/controllers/concerns/snippets/blobs_actions.rb2
-rw-r--r--app/controllers/concerns/sourcegraph_decorator.rb2
-rw-r--r--app/controllers/concerns/wiki_actions.rb13
-rw-r--r--app/controllers/confirmations_controller.rb1
-rw-r--r--app/controllers/dashboard_controller.rb2
-rw-r--r--app/controllers/google_api/authorizations_controller.rb35
-rw-r--r--app/controllers/graphql_controller.rb6
-rw-r--r--app/controllers/groups/autocomplete_sources_controller.rb2
-rw-r--r--app/controllers/groups/boards_controller.rb1
-rw-r--r--app/controllers/groups/crm/contacts_controller.rb21
-rw-r--r--app/controllers/groups/crm/organizations_controller.rb17
-rw-r--r--app/controllers/groups/crm_controller.rb30
-rw-r--r--app/controllers/groups/dependency_proxies_controller.rb19
-rw-r--r--app/controllers/groups/dependency_proxy_for_containers_controller.rb2
-rw-r--r--app/controllers/groups/variables_controller.rb2
-rw-r--r--app/controllers/groups_controller.rb21
-rw-r--r--app/controllers/help_controller.rb4
-rw-r--r--app/controllers/import/base_controller.rb16
-rw-r--r--app/controllers/import/bulk_imports_controller.rb8
-rw-r--r--app/controllers/import/gitlab_groups_controller.rb11
-rw-r--r--app/controllers/invites_controller.rb7
-rw-r--r--app/controllers/omniauth_callbacks_controller.rb10
-rw-r--r--app/controllers/profiles/emails_controller.rb16
-rw-r--r--app/controllers/profiles/two_factor_auths_controller.rb6
-rw-r--r--app/controllers/profiles_controller.rb2
-rw-r--r--app/controllers/projects/autocomplete_sources_controller.rb2
-rw-r--r--app/controllers/projects/blame_controller.rb2
-rw-r--r--app/controllers/projects/blob_controller.rb6
-rw-r--r--app/controllers/projects/boards_controller.rb1
-rw-r--r--app/controllers/projects/ci/lints_controller.rb1
-rw-r--r--app/controllers/projects/ci/pipeline_editor_controller.rb4
-rw-r--r--app/controllers/projects/forks_controller.rb2
-rw-r--r--app/controllers/projects/google_cloud/base_controller.rb26
-rw-r--r--app/controllers/projects/google_cloud/service_accounts_controller.rb85
-rw-r--r--app/controllers/projects/google_cloud_controller.rb28
-rw-r--r--app/controllers/projects/hooks_controller.rb2
-rw-r--r--app/controllers/projects/integrations/shimos_controller.rb19
-rw-r--r--app/controllers/projects/issues_controller.rb34
-rw-r--r--app/controllers/projects/jobs_controller.rb8
-rw-r--r--app/controllers/projects/learn_gitlab_controller.rb10
-rw-r--r--app/controllers/projects/merge_requests/conflicts_controller.rb6
-rw-r--r--app/controllers/projects/merge_requests/content_controller.rb5
-rw-r--r--app/controllers/projects/merge_requests/creations_controller.rb9
-rw-r--r--app/controllers/projects/merge_requests/diffs_controller.rb8
-rw-r--r--app/controllers/projects/merge_requests/drafts_controller.rb9
-rw-r--r--app/controllers/projects/merge_requests_controller.rb35
-rw-r--r--app/controllers/projects/notes_controller.rb2
-rw-r--r--app/controllers/projects/pipeline_schedules_controller.rb10
-rw-r--r--app/controllers/projects/pipelines_controller.rb25
-rw-r--r--app/controllers/projects/prometheus/alerts_controller.rb6
-rw-r--r--app/controllers/projects/raw_controller.rb20
-rw-r--r--app/controllers/projects/repositories_controller.rb16
-rw-r--r--app/controllers/projects/runners_controller.rb2
-rw-r--r--app/controllers/projects/settings/ci_cd_controller.rb2
-rw-r--r--app/controllers/projects/tree_controller.rb2
-rw-r--r--app/controllers/projects/usage_quotas_controller.rb9
-rw-r--r--app/controllers/projects/variables_controller.rb2
-rw-r--r--app/controllers/projects_controller.rb25
-rw-r--r--app/controllers/registrations/welcome_controller.rb6
-rw-r--r--app/controllers/registrations_controller.rb3
-rw-r--r--app/controllers/repositories/git_http_client_controller.rb13
-rw-r--r--app/controllers/repositories/lfs_api_controller.rb33
-rw-r--r--app/controllers/search_controller.rb35
-rw-r--r--app/controllers/sessions_controller.rb8
-rw-r--r--app/controllers/user_callouts_controller.rb29
-rw-r--r--app/controllers/users/callouts_controller.rb31
-rw-r--r--app/controllers/users/group_callouts_controller.rb2
-rw-r--r--app/controllers/users/terms_controller.rb1
85 files changed, 556 insertions, 389 deletions
diff --git a/app/controllers/admin/plan_limits_controller.rb b/app/controllers/admin/plan_limits_controller.rb
index 88bc5ea0198..420fd93fad5 100644
--- a/app/controllers/admin/plan_limits_controller.rb
+++ b/app/controllers/admin/plan_limits_controller.rb
@@ -31,6 +31,7 @@ class Admin::PlanLimitsController < Admin::ApplicationController
params.require(:plan_limits).permit(%i[
plan_id
conan_max_file_size
+ helm_max_file_size
maven_max_file_size
npm_max_file_size
nuget_max_file_size
diff --git a/app/controllers/admin/version_check_controller.rb b/app/controllers/admin/version_check_controller.rb
new file mode 100644
index 00000000000..dde1a7abafa
--- /dev/null
+++ b/app/controllers/admin/version_check_controller.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class Admin::VersionCheckController < Admin::ApplicationController
+ feature_category :not_owned
+
+ def version_check
+ response = VersionCheck.new.response
+
+ expires_in 1.minute if response
+ render json: response
+ end
+end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 3af1afab06e..d3ecbdcc1f6 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -23,6 +23,7 @@ class ApplicationController < ActionController::Base
include Gitlab::Utils::StrongMemoize
include ::Gitlab::EndpointAttributes
include FlocOptOut
+ include CheckRateLimit
before_action :authenticate_user!, except: [:route_not_found]
before_action :enforce_terms!, if: :should_enforce_terms?
@@ -66,10 +67,6 @@ class ApplicationController < ActionController::Base
:manifest_import_enabled?, :phabricator_import_enabled?,
:masked_page_url
- # Adds `no-store` to the DEFAULT_CACHE_CONTROL, to prevent security
- # concerns due to caching private data.
- DEFAULT_GITLAB_CACHE_CONTROL = "#{ActionDispatch::Http::Cache::Response::DEFAULT_CACHE_CONTROL}, no-store"
-
def self.endpoint_id_for_action(action_name)
"#{self.name}##{action_name}"
end
@@ -283,10 +280,7 @@ class ApplicationController < ActionController::Base
end
def default_cache_headers
- if current_user
- headers['Cache-Control'] = default_cache_control
- headers['Pragma'] = 'no-cache' # HTTP 1.0 compatibility
- end
+ headers['Pragma'] = 'no-cache' # HTTP 1.0 compatibility
end
def stream_csv_headers(csv_filename)
@@ -297,14 +291,6 @@ class ApplicationController < ActionController::Base
headers['Content-Disposition'] = "attachment; filename=\"#{csv_filename}\""
end
- def default_cache_control
- if request.xhr?
- ActionDispatch::Http::Cache::Response::DEFAULT_CACHE_CONTROL
- else
- DEFAULT_GITLAB_CACHE_CONTROL
- end
- end
-
def validate_user_service_ticket!
return unless signed_in? && session[:service_tickets]
diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
index 5cb5690d72d..c32a7f10aa4 100644
--- a/app/controllers/autocomplete_controller.rb
+++ b/app/controllers/autocomplete_controller.rb
@@ -9,6 +9,8 @@ class AutocompleteController < ApplicationController
feature_category :code_review, [:merge_request_target_branches]
feature_category :continuous_delivery, [:deploy_keys_with_owners]
+ urgency :low, [:merge_request_target_branches]
+
def users
group = Autocomplete::GroupFinder
.new(current_user, project, params)
diff --git a/app/controllers/clusters/clusters_controller.rb b/app/controllers/clusters/clusters_controller.rb
index 32de9e69c85..15a261f572a 100644
--- a/app/controllers/clusters/clusters_controller.rb
+++ b/app/controllers/clusters/clusters_controller.rb
@@ -280,7 +280,10 @@ class Clusters::ClustersController < Clusters::BaseController
end
def generate_gcp_authorize_url
- state = generate_session_key_redirect(clusterable.new_path(provider: :gcp).to_s)
+ new_path = clusterable.new_path(provider: :gcp).to_s
+ error_path = @project ? project_clusters_path(@project) : new_path
+
+ state = generate_session_key_redirect(new_path, error_path)
@authorize_url = GoogleApi::CloudPlatform::Client.new(
nil, callback_google_api_auth_url,
@@ -339,9 +342,10 @@ class Clusters::ClustersController < Clusters::BaseController
session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at]
end
- def generate_session_key_redirect(uri)
+ def generate_session_key_redirect(uri, error_uri)
GoogleApi::CloudPlatform::Client.new_session_key_for_redirect_uri do |key|
session[key] = uri
+ session[:error_uri] = error_uri
end
end
diff --git a/app/controllers/concerns/authenticates_with_two_factor.rb b/app/controllers/concerns/authenticates_with_two_factor.rb
index da5b7ccfbf0..14dcec33545 100644
--- a/app/controllers/concerns/authenticates_with_two_factor.rb
+++ b/app/controllers/concerns/authenticates_with_two_factor.rb
@@ -23,9 +23,9 @@ module AuthenticatesWithTwoFactor
session[:otp_user_id] = user.id
session[:user_password_hash] = Digest::SHA256.hexdigest(user.encrypted_password)
- push_frontend_feature_flag(:webauthn)
+ push_frontend_feature_flag(:webauthn, default_enabled: :yaml)
- if user.two_factor_webauthn_enabled?
+ if Feature.enabled?(:webauthn, default_enabled: :yaml)
setup_webauthn_authentication(user)
else
setup_u2f_authentication(user)
diff --git a/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb b/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb
index 574fc6c0f37..05be04059fd 100644
--- a/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb
+++ b/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb
@@ -11,7 +11,7 @@ module AuthenticatesWithTwoFactorForAdminMode
return handle_locked_user(user) unless user.can?(:log_in)
session[:otp_user_id] = user.id
- push_frontend_feature_flag(:webauthn)
+ push_frontend_feature_flag(:webauthn, default_enabled: :yaml)
if user.two_factor_webauthn_enabled?
setup_webauthn_authentication(user)
diff --git a/app/controllers/concerns/check_rate_limit.rb b/app/controllers/concerns/check_rate_limit.rb
index c4de3315e22..5ccdf843525 100644
--- a/app/controllers/concerns/check_rate_limit.rb
+++ b/app/controllers/concerns/check_rate_limit.rb
@@ -5,19 +5,27 @@
# Controller concern that checks if the rate limit for a given action is throttled by calling the
# Gitlab::ApplicationRateLimiter class. If the action is throttled for the current user, the request
# will be logged and an error message will be rendered with a Too Many Requests response status.
+# See lib/api/helpers/rate_limiter.rb for API version
module CheckRateLimit
- def check_rate_limit(key)
- return unless rate_limiter.throttled?(key, scope: current_user, users_allowlist: rate_limit_users_allowlist)
+ def check_rate_limit!(key, scope:, redirect_back: false, **options)
+ return unless rate_limiter.throttled?(key, scope: scope, **options)
rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
- render plain: _('This endpoint has been requested too many times. Try again later.'), status: :too_many_requests
+
+ return yield if block_given?
+
+ message = _('This endpoint has been requested too many times. Try again later.')
+
+ if redirect_back
+ redirect_back_or_default(options: { alert: message })
+ else
+ render plain: message, status: :too_many_requests
+ end
end
+ private
+
def rate_limiter
::Gitlab::ApplicationRateLimiter
end
-
- def rate_limit_users_allowlist
- Gitlab::CurrentSettings.current_application_settings.notes_create_limit_allowlist
- end
end
diff --git a/app/controllers/concerns/cycle_analytics_params.rb b/app/controllers/concerns/cycle_analytics_params.rb
index 626093b4588..70bcefe339c 100644
--- a/app/controllers/concerns/cycle_analytics_params.rb
+++ b/app/controllers/concerns/cycle_analytics_params.rb
@@ -23,6 +23,7 @@ module CycleAnalyticsParams
opts[:from] = params[:from] || start_date(params)
opts[:to] = params[:to] if params[:to]
opts[:end_event_filter] = params[:end_event_filter] if params[:end_event_filter]
+ opts[:use_aggregated_data_collector] = params[:use_aggregated_data_collector] if params[:use_aggregated_data_collector]
opts.merge!(params.slice(*::Gitlab::Analytics::CycleAnalytics::RequestParams::FINDER_PARAM_NAMES))
opts.merge!(date_range(params))
end
diff --git a/app/controllers/concerns/dependency_proxy/group_access.rb b/app/controllers/concerns/dependency_proxy/group_access.rb
index 07aca72b22f..44611641529 100644
--- a/app/controllers/concerns/dependency_proxy/group_access.rb
+++ b/app/controllers/concerns/dependency_proxy/group_access.rb
@@ -5,13 +5,13 @@ module DependencyProxy
extend ActiveSupport::Concern
included do
- before_action :verify_dependency_proxy_enabled!
+ before_action :verify_dependency_proxy_available!
before_action :authorize_read_dependency_proxy!
end
private
- def verify_dependency_proxy_enabled!
+ def verify_dependency_proxy_available!
render_404 unless group&.dependency_proxy_feature_available?
end
diff --git a/app/controllers/concerns/integrations/actions.rb b/app/controllers/concerns/integrations/actions.rb
index 6490742c0f8..1f788860c8f 100644
--- a/app/controllers/concerns/integrations/actions.rb
+++ b/app/controllers/concerns/integrations/actions.rb
@@ -23,7 +23,7 @@ module Integrations::Actions
format.html do
if saved
PropagateIntegrationWorker.perform_async(integration.id)
- redirect_to scoped_edit_integration_path(integration), notice: success_message
+ redirect_to scoped_edit_integration_path(integration, project: integration.project, group: integration.group), notice: success_message
else
render 'shared/integrations/edit'
end
diff --git a/app/controllers/concerns/integrations/hooks_execution.rb b/app/controllers/concerns/integrations/hooks_execution.rb
index af039057a9c..6a9d3d51f9b 100644
--- a/app/controllers/concerns/integrations/hooks_execution.rb
+++ b/app/controllers/concerns/integrations/hooks_execution.rb
@@ -32,16 +32,4 @@ module Integrations::HooksExecution
flash[:alert] = "Hook execution failed: #{message}"
end
end
-
- def create_rate_limit(key, scope)
- if rate_limiter.throttled?(key, scope: [scope, current_user])
- rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
-
- render plain: _('This endpoint has been requested too many times. Try again later.'), status: :too_many_requests
- end
- end
-
- def rate_limiter
- ::Gitlab::ApplicationRateLimiter
- end
end
diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb
index 2d7fbb78209..bac9732018c 100644
--- a/app/controllers/concerns/issuable_actions.rb
+++ b/app/controllers/concerns/issuable_actions.rb
@@ -17,6 +17,7 @@ module IssuableActions
def show
respond_to do |format|
format.html do
+ @show_crm_contacts = issuable.is_a?(Issue) && can?(current_user, :read_crm_contact, issuable.project.group) # rubocop:disable Gitlab/ModuleWithInstanceVariables
@issuable_sidebar = serializer.represent(issuable, serializer: 'sidebar') # rubocop:disable Gitlab/ModuleWithInstanceVariables
render 'show'
end
diff --git a/app/controllers/concerns/membership_actions.rb b/app/controllers/concerns/membership_actions.rb
index 8fd4e98d557..f716c1f6c2f 100644
--- a/app/controllers/concerns/membership_actions.rb
+++ b/app/controllers/concerns/membership_actions.rb
@@ -26,7 +26,6 @@ module MembershipActions
member_data = if member.expires?
{
- expires_in: helpers.distance_of_time_in_words_to_now(member.expires_at),
expires_soon: member.expires_soon?,
expires_at_formatted: member.expires_at.to_time.in_time_zone.to_s(:medium)
}
diff --git a/app/controllers/concerns/notes_actions.rb b/app/controllers/concerns/notes_actions.rb
index c2ee735a2b5..8410a8779f6 100644
--- a/app/controllers/concerns/notes_actions.rb
+++ b/app/controllers/concerns/notes_actions.rb
@@ -3,7 +3,6 @@
module NotesActions
include RendersNotes
include Gitlab::Utils::StrongMemoize
- include CheckRateLimit
extend ActiveSupport::Concern
# last_fetched_at is an integer number of microseconds, which is the same
@@ -16,7 +15,11 @@ module NotesActions
before_action :require_noteable!, only: [:index, :create]
before_action :authorize_admin_note!, only: [:update, :destroy]
before_action :note_project, only: [:create]
- before_action -> { check_rate_limit(:notes_create) }, only: [:create]
+ before_action -> {
+ check_rate_limit!(:notes_create,
+ scope: current_user,
+ users_allowlist: Gitlab::CurrentSettings.current_application_settings.notes_create_limit_allowlist)
+ }, only: [:create]
end
def index
@@ -341,3 +344,5 @@ module NotesActions
noteable.discussions_rendered_on_frontend?
end
end
+
+NotesActions.prepend_mod_with('NotesActions')
diff --git a/app/controllers/concerns/one_trust_csp.rb b/app/controllers/concerns/one_trust_csp.rb
index fbd44f52590..cd35eeb587c 100644
--- a/app/controllers/concerns/one_trust_csp.rb
+++ b/app/controllers/concerns/one_trust_csp.rb
@@ -8,11 +8,11 @@ module OneTrustCSP
next unless helpers.one_trust_enabled? || policy.directives.present?
default_script_src = policy.directives['script-src'] || policy.directives['default-src']
- script_src_values = Array.wrap(default_script_src) | ["'unsafe-eval'", 'https://cdn.cookielaw.org https://*.onetrust.com']
+ script_src_values = Array.wrap(default_script_src) | ["'unsafe-eval'", 'https://cdn.cookielaw.org', 'https://*.onetrust.com']
policy.script_src(*script_src_values)
default_connect_src = policy.directives['connect-src'] || policy.directives['default-src']
- connect_src_values = Array.wrap(default_connect_src) | ['https://cdn.cookielaw.org']
+ connect_src_values = Array.wrap(default_connect_src) | ['https://cdn.cookielaw.org', 'https://*.onetrust.com']
policy.connect_src(*connect_src_values)
end
end
diff --git a/app/controllers/concerns/preview_markdown.rb b/app/controllers/concerns/preview_markdown.rb
index 2916762e31f..1d2f9e31c46 100644
--- a/app/controllers/concerns/preview_markdown.rb
+++ b/app/controllers/concerns/preview_markdown.rb
@@ -21,7 +21,7 @@ module PreviewMarkdown
def projects_filter_params
{
- issuable_state_filter_enabled: true,
+ issuable_reference_expansion_enabled: true,
suggestions_filter_enabled: params[:preview_suggestions].present?
}
end
diff --git a/app/controllers/concerns/snippets/blobs_actions.rb b/app/controllers/concerns/snippets/blobs_actions.rb
index db56ce8f193..b510594ad63 100644
--- a/app/controllers/concerns/snippets/blobs_actions.rb
+++ b/app/controllers/concerns/snippets/blobs_actions.rb
@@ -51,3 +51,5 @@ module Snippets::BlobsActions
params[:snippet_id]
end
end
+
+Snippets::BlobsActions.prepend_mod
diff --git a/app/controllers/concerns/sourcegraph_decorator.rb b/app/controllers/concerns/sourcegraph_decorator.rb
index 5ef09b9221f..061990a4361 100644
--- a/app/controllers/concerns/sourcegraph_decorator.rb
+++ b/app/controllers/concerns/sourcegraph_decorator.rb
@@ -11,7 +11,7 @@ module SourcegraphDecorator
next unless Gitlab::CurrentSettings.sourcegraph_enabled
default_connect_src = p.directives['connect-src'] || p.directives['default-src']
- connect_src_values = Array.wrap(default_connect_src) | [Gitlab::CurrentSettings.sourcegraph_url]
+ connect_src_values = Array.wrap(default_connect_src) | [Gitlab::Utils.append_path(Gitlab::CurrentSettings.sourcegraph_url, '.api/')]
p.connect_src(*connect_src_values)
end
end
diff --git a/app/controllers/concerns/wiki_actions.rb b/app/controllers/concerns/wiki_actions.rb
index 848b7ee44c5..714a6f280f3 100644
--- a/app/controllers/concerns/wiki_actions.rb
+++ b/app/controllers/concerns/wiki_actions.rb
@@ -21,6 +21,10 @@ module WikiActions
before_action :load_sidebar, except: [:pages]
before_action :set_content_class
+ before_action do
+ push_frontend_feature_flag(:wiki_switch_between_content_editor_raw_markdown, @group, default_enabled: :yaml)
+ end
+
before_action only: [:show, :edit, :update] do
@valid_encoding = valid_encoding?
end
@@ -79,7 +83,8 @@ module WikiActions
render 'shared/wikis/show'
elsif file_blob
- send_blob(wiki.repository, file_blob)
+ # This is needed by [GitLab JH](https://gitlab.com/gitlab-jh/gitlab/-/issues/247)
+ send_wiki_file_blob(wiki, file_blob)
elsif show_create_form?
# Assign a title to the WikiPage unless `id` is a randomly generated slug from #new
title = params[:id] unless params[:random_title].present?
@@ -301,4 +306,10 @@ module WikiActions
view: diff_view
}
end
+
+ def send_wiki_file_blob(wiki, file_blob)
+ send_blob(wiki.repository, file_blob)
+ end
end
+
+WikiActions.prepend_mod
diff --git a/app/controllers/confirmations_controller.rb b/app/controllers/confirmations_controller.rb
index 6725e19df25..dd30d688fa8 100644
--- a/app/controllers/confirmations_controller.rb
+++ b/app/controllers/confirmations_controller.rb
@@ -3,6 +3,7 @@
class ConfirmationsController < Devise::ConfirmationsController
include AcceptsPendingInvitations
include GitlabRecaptcha
+ include OneTrustCSP
prepend_before_action :check_recaptcha, only: :create
before_action :load_recaptcha, only: :new
diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
index 8d7686a95fb..2ecd17db487 100644
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -18,6 +18,8 @@ class DashboardController < Dashboard::ApplicationController
feature_category :team_planning, [:issues, :issues_calendar]
feature_category :code_review, [:merge_requests]
+ urgency :low, [:merge_requests]
+
def activity
respond_to do |format|
format.html
diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb
index 76a1c43dfa3..b9c5e87c69c 100644
--- a/app/controllers/google_api/authorizations_controller.rb
+++ b/app/controllers/google_api/authorizations_controller.rb
@@ -8,19 +8,36 @@ module GoogleApi
feature_category :kubernetes_management
+ ##
+ # handle the response from google after the user
+ # goes through authentication and authorization process
def callback
- token, expires_at = GoogleApi::CloudPlatform::Client
- .new(nil, callback_google_api_auth_url)
- .get_token(params[:code])
-
- session[GoogleApi::CloudPlatform::Client.session_key_for_token] = token
- session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] =
- expires_at.to_s
-
+ redirect_uri = redirect_uri_from_session
+ ##
+ # when the user declines authorizations
+ # `error` param is returned
+ if params[:error]
+ flash[:alert] = _('Google Cloud authorizations required')
+ redirect_uri = session[:error_uri]
+ ##
+ # on success, the `code` param is returned
+ elsif params[:code]
+ token, expires_at = GoogleApi::CloudPlatform::Client
+ .new(nil, callback_google_api_auth_url)
+ .get_token(params[:code])
+
+ session[GoogleApi::CloudPlatform::Client.session_key_for_token] = token
+ session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] = expires_at.to_s
+ redirect_uri = redirect_uri_from_session
+ end
+ ##
+ # or google may just timeout
rescue ::Faraday::TimeoutError, ::Faraday::ConnectionFailed
flash[:alert] = _('Timeout connecting to the Google API. Please try again.')
+ ##
+ # regardless, we redirect the user appropriately
ensure
- redirect_to redirect_uri_from_session
+ redirect_to redirect_uri
end
private
diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb
index 899fa614949..f48d03869a4 100644
--- a/app/controllers/graphql_controller.rb
+++ b/app/controllers/graphql_controller.rb
@@ -50,6 +50,8 @@ class GraphqlController < ApplicationController
end
rescue_from StandardError do |exception|
+ @exception_object = exception
+
log_exception(exception)
if Rails.env.test? || Rails.env.development?
@@ -197,7 +199,9 @@ class GraphqlController < ApplicationController
# Merging to :metadata will ensure these are logged as top level keys
payload[:metadata] ||= {}
- payload[:metadata].merge!(graphql: logs)
+ payload[:metadata][:graphql] = logs
+
+ payload[:exception_object] = @exception_object if @exception_object
end
def logs
diff --git a/app/controllers/groups/autocomplete_sources_controller.rb b/app/controllers/groups/autocomplete_sources_controller.rb
index 82f8854bd2b..17cdcd9cb9b 100644
--- a/app/controllers/groups/autocomplete_sources_controller.rb
+++ b/app/controllers/groups/autocomplete_sources_controller.rb
@@ -5,6 +5,8 @@ class Groups::AutocompleteSourcesController < Groups::ApplicationController
feature_category :team_planning, [:issues, :labels, :milestones, :commands]
feature_category :code_review, [:merge_requests]
+ urgency :low, [:merge_requests]
+
def members
render json: ::Groups::ParticipantsService.new(@group, current_user).execute(target)
end
diff --git a/app/controllers/groups/boards_controller.rb b/app/controllers/groups/boards_controller.rb
index 3152c4d733f..3fbcb2fd7aa 100644
--- a/app/controllers/groups/boards_controller.rb
+++ b/app/controllers/groups/boards_controller.rb
@@ -11,7 +11,6 @@ class Groups::BoardsController < Groups::ApplicationController
push_frontend_feature_flag(:board_multi_select, group, default_enabled: :yaml)
push_frontend_feature_flag(:swimlanes_buffered_rendering, group, default_enabled: :yaml)
push_frontend_feature_flag(:iteration_cadences, group, default_enabled: :yaml)
- push_frontend_feature_flag(:labels_widget, group, default_enabled: :yaml)
experiment(:prominent_create_board_btn, subject: current_user) do |e|
e.use { }
e.try { }
diff --git a/app/controllers/groups/crm/contacts_controller.rb b/app/controllers/groups/crm/contacts_controller.rb
new file mode 100644
index 00000000000..f00f4d1df25
--- /dev/null
+++ b/app/controllers/groups/crm/contacts_controller.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+class Groups::Crm::ContactsController < Groups::ApplicationController
+ feature_category :team_planning
+
+ before_action :authorize_read_crm_contact!
+
+ def new
+ render action: "index"
+ end
+
+ def edit
+ render action: "index"
+ end
+
+ private
+
+ def authorize_read_crm_contact!
+ render_404 unless can?(current_user, :read_crm_contact, group)
+ end
+end
diff --git a/app/controllers/groups/crm/organizations_controller.rb b/app/controllers/groups/crm/organizations_controller.rb
new file mode 100644
index 00000000000..ab720f490be
--- /dev/null
+++ b/app/controllers/groups/crm/organizations_controller.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class Groups::Crm::OrganizationsController < Groups::ApplicationController
+ feature_category :team_planning
+
+ before_action :authorize_read_crm_organization!
+
+ def new
+ render action: "index"
+ end
+
+ private
+
+ def authorize_read_crm_organization!
+ render_404 unless can?(current_user, :read_crm_organization, group)
+ end
+end
diff --git a/app/controllers/groups/crm_controller.rb b/app/controllers/groups/crm_controller.rb
deleted file mode 100644
index 40661b09be6..00000000000
--- a/app/controllers/groups/crm_controller.rb
+++ /dev/null
@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-
-class Groups::CrmController < Groups::ApplicationController
- feature_category :team_planning
-
- before_action :authorize_read_crm_contact!, only: [:contacts]
- before_action :authorize_read_crm_organization!, only: [:organizations]
-
- def contacts
- respond_to do |format|
- format.html
- end
- end
-
- def organizations
- respond_to do |format|
- format.html
- end
- end
-
- private
-
- def authorize_read_crm_contact!
- render_404 unless can?(current_user, :read_crm_contact, group)
- end
-
- def authorize_read_crm_organization!
- render_404 unless can?(current_user, :read_crm_organization, group)
- end
-end
diff --git a/app/controllers/groups/dependency_proxies_controller.rb b/app/controllers/groups/dependency_proxies_controller.rb
index b037aa52939..2e120de435e 100644
--- a/app/controllers/groups/dependency_proxies_controller.rb
+++ b/app/controllers/groups/dependency_proxies_controller.rb
@@ -5,30 +5,19 @@ module Groups
include ::DependencyProxy::GroupAccess
before_action :authorize_admin_dependency_proxy!, only: :update
- before_action :dependency_proxy
+ before_action :verify_dependency_proxy_enabled!
feature_category :package_registry
- def show
- @blobs_count = group.dependency_proxy_blobs.count
- @blobs_total_size = group.dependency_proxy_blobs.total_size
- end
-
- def update
- dependency_proxy.update(dependency_proxy_params)
-
- redirect_to group_dependency_proxy_path(group)
- end
-
private
def dependency_proxy
@dependency_proxy ||=
- group.dependency_proxy_setting || group.create_dependency_proxy_setting
+ group.dependency_proxy_setting || group.create_dependency_proxy_setting!
end
- def dependency_proxy_params
- params.require(:dependency_proxy_group_setting).permit(:enabled)
+ def verify_dependency_proxy_enabled!
+ render_404 unless dependency_proxy.enabled?
end
end
end
diff --git a/app/controllers/groups/dependency_proxy_for_containers_controller.rb b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
index fc930ffebbd..171314b5f26 100644
--- a/app/controllers/groups/dependency_proxy_for_containers_controller.rb
+++ b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
@@ -19,7 +19,7 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
feature_category :dependency_proxy
def manifest
- result = DependencyProxy::FindOrCreateManifestService.new(group, image, tag, token).execute
+ result = DependencyProxy::FindCachedManifestService.new(group, image, tag, token).execute
if result[:status] == :success
if result[:manifest]
diff --git a/app/controllers/groups/variables_controller.rb b/app/controllers/groups/variables_controller.rb
index 9dbbd385ea8..1e23db9f32b 100644
--- a/app/controllers/groups/variables_controller.rb
+++ b/app/controllers/groups/variables_controller.rb
@@ -8,6 +8,8 @@ module Groups
feature_category :pipeline_authoring
+ urgency :low, [:show]
+
def show
respond_to do |format|
format.json do
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb
index 6ae711a6e14..62336c7eede 100644
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -37,7 +37,7 @@ class GroupsController < Groups::ApplicationController
push_frontend_feature_flag(:iteration_cadences, @group, default_enabled: :yaml)
end
- before_action :export_rate_limit, only: [:export, :download_export]
+ before_action :check_export_rate_limit!, only: [:export, :download_export]
helper_method :captcha_required?
@@ -59,6 +59,9 @@ class GroupsController < Groups::ApplicationController
feature_category :projects, [:projects]
feature_category :importers, [:export, :download_export]
+ urgency :high, [:unfoldered_environment_names]
+ urgency :low, [:merge_requests]
+
def index
redirect_to(current_user ? dashboard_groups_path : explore_groups_path)
end
@@ -92,7 +95,6 @@ class GroupsController < Groups::ApplicationController
if @group.import_state&.in_progress?
redirect_to group_import_path(@group)
else
- publish_invite_members_for_task_experiment
render_show_html
end
end
@@ -312,16 +314,12 @@ class GroupsController < Groups::ApplicationController
url_for(safe_params)
end
- def export_rate_limit
+ def check_export_rate_limit!
prefixed_action = "group_#{params[:action]}".to_sym
scope = params[:action] == :download_export ? @group : nil
- if Gitlab::ApplicationRateLimiter.throttled?(prefixed_action, scope: [current_user, scope].compact)
- Gitlab::ApplicationRateLimiter.log_request(request, "#{prefixed_action}_request_limit".to_sym, current_user)
-
- render plain: _('This endpoint has been requested too many times. Try again later.'), status: :too_many_requests
- end
+ check_rate_limit!(prefixed_action, scope: [current_user, scope].compact)
end
def ensure_export_enabled
@@ -380,13 +378,6 @@ class GroupsController < Groups::ApplicationController
def captcha_required?
captcha_enabled? && !params[:parent_id]
end
-
- def publish_invite_members_for_task_experiment
- return unless params[:open_modal] == 'invite_members_for_task'
- return unless current_user&.can?(:admin_group_member, @group)
-
- experiment(:invite_members_for_task, namespace: @group).publish_to_client
- end
end
GroupsController.prepend_mod_with('GroupsController')
diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb
index e0020c22145..f267d383804 100644
--- a/app/controllers/help_controller.rb
+++ b/app/controllers/help_controller.rb
@@ -59,10 +59,6 @@ class HelpController < ApplicationController
@instance_configuration = InstanceConfiguration.new
end
- def ui
- @user = User.new(id: 0, name: 'John Doe', username: '@johndoe')
- end
-
private
def path_params
diff --git a/app/controllers/import/base_controller.rb b/app/controllers/import/base_controller.rb
index 53856e4575b..7ad3a2ee358 100644
--- a/app/controllers/import/base_controller.rb
+++ b/app/controllers/import/base_controller.rb
@@ -3,7 +3,7 @@
class Import::BaseController < ApplicationController
include ActionView::Helpers::SanitizeHelper
- before_action :import_rate_limit, only: [:create]
+ before_action -> { check_rate_limit!(:project_import, scope: [current_user, :project_import], redirect_back: true) }, only: [:create]
feature_category :importers
def status
@@ -98,18 +98,4 @@ class Import::BaseController < ApplicationController
def project_save_error(project)
project.errors.full_messages.join(', ')
end
-
- def import_rate_limit
- key = "project_import".to_sym
-
- if rate_limiter.throttled?(key, scope: [current_user, key])
- rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
-
- redirect_back_or_default(options: { alert: _('This endpoint has been requested too many times. Try again later.') })
- end
- end
-
- def rate_limiter
- ::Gitlab::ApplicationRateLimiter
- end
end
diff --git a/app/controllers/import/bulk_imports_controller.rb b/app/controllers/import/bulk_imports_controller.rb
index bec26cb547d..f26c06b7e37 100644
--- a/app/controllers/import/bulk_imports_controller.rb
+++ b/app/controllers/import/bulk_imports_controller.rb
@@ -40,13 +40,9 @@ class Import::BulkImportsController < ApplicationController
end
def create
- response = ::BulkImports::CreateService.new(current_user, create_params, credentials).execute
+ responses = create_params.map { |entry| ::BulkImports::CreateService.new(current_user, entry, credentials).execute }
- if response.success?
- render json: response.payload.to_json(only: [:id])
- else
- render json: { error: response.message }, status: response.http_status
- end
+ render json: responses.map { |response| { success: response.success?, id: response.payload[:id], message: response.message } }
end
def realtime_changes
diff --git a/app/controllers/import/gitlab_groups_controller.rb b/app/controllers/import/gitlab_groups_controller.rb
index 503b10f766b..aca71f6d57a 100644
--- a/app/controllers/import/gitlab_groups_controller.rb
+++ b/app/controllers/import/gitlab_groups_controller.rb
@@ -4,7 +4,7 @@ class Import::GitlabGroupsController < ApplicationController
include WorkhorseAuthorization
before_action :ensure_group_import_enabled
- before_action :import_rate_limit, only: %i[create]
+ before_action :check_import_rate_limit!, only: %i[create]
feature_category :importers
@@ -55,12 +55,9 @@ class Import::GitlabGroupsController < ApplicationController
render_404 unless Feature.enabled?(:group_import_export, @group, default_enabled: true)
end
- def import_rate_limit
- if Gitlab::ApplicationRateLimiter.throttled?(:group_import, scope: current_user)
- Gitlab::ApplicationRateLimiter.log_request(request, :group_import_request_limit, current_user)
-
- flash[:alert] = _('This endpoint has been requested too many times. Try again later.')
- redirect_to new_group_path
+ def check_import_rate_limit!
+ check_rate_limit!(:group_import, scope: current_user) do
+ redirect_to new_group_path, alert: _('This endpoint has been requested too many times. Try again later.')
end
end
diff --git a/app/controllers/invites_controller.rb b/app/controllers/invites_controller.rb
index d4b1306cc5e..2a7f2d42e2a 100644
--- a/app/controllers/invites_controller.rb
+++ b/app/controllers/invites_controller.rb
@@ -77,12 +77,6 @@ class InvitesController < ApplicationController
def track_invite_join_click
return unless member && initial_invite_email?
- if params[:experiment_name] == 'invite_email_preview_text'
- experiment(:invite_email_preview_text, actor: member).track(:join_clicked)
- elsif params[:experiment_name] == 'invite_email_from'
- experiment(:invite_email_from, actor: member).track(:join_clicked)
- end
-
Gitlab::Tracking.event(self.class.name, 'join_clicked', label: 'invite_email', property: member.id.to_s)
end
@@ -104,7 +98,6 @@ class InvitesController < ApplicationController
session[:invite_email] = member.invite_email
session[:originating_member_id] = member.id if initial_invite_email?
- session[:invite_email_experiment_name] = params[:experiment_name] if initial_invite_email? && params[:experiment_name]
end
def initial_invite_email?
diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb
index 9d7a1712698..dc5b22e1606 100644
--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -9,7 +9,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
after_action :verify_known_sign_in
- protect_from_forgery except: [:kerberos, :saml, :cas3, :failure], with: :exception, prepend: true
+ protect_from_forgery except: [:kerberos, :saml, :cas3, :failure] + AuthHelper.saml_providers, with: :exception, prepend: true
feature_category :authentication_and_authorization
@@ -162,6 +162,10 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
user = auth_user.find_and_update!
if auth_user.valid_sign_in?
+ # In this case the `#current_user` would not be set. So we can't fetch it
+ # from that in `#context_user`. Pushing it manually here makes the information
+ # available in the logs for this request.
+ Gitlab::ApplicationContext.push(user: user)
log_audit_event(user, with: oauth['provider'])
set_remember_me(user)
@@ -287,10 +291,6 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def fail_admin_mode_invalid_credentials
redirect_to new_admin_session_path, alert: _('Invalid login or password')
end
-
- def context_user
- current_user
- end
end
OmniauthCallbacksController.prepend_mod_with('OmniauthCallbacksController')
diff --git a/app/controllers/profiles/emails_controller.rb b/app/controllers/profiles/emails_controller.rb
index 6e5b18cb885..be2cb270a19 100644
--- a/app/controllers/profiles/emails_controller.rb
+++ b/app/controllers/profiles/emails_controller.rb
@@ -2,8 +2,10 @@
class Profiles::EmailsController < Profiles::ApplicationController
before_action :find_email, only: [:destroy, :resend_confirmation_instructions]
- before_action -> { rate_limit!(:profile_add_new_email) }, only: [:create]
- before_action -> { rate_limit!(:profile_resend_email_confirmation) }, only: [:resend_confirmation_instructions]
+ before_action -> { check_rate_limit!(:profile_add_new_email, scope: current_user, redirect_back: true) },
+ only: [:create]
+ before_action -> { check_rate_limit!(:profile_resend_email_confirmation, scope: current_user, redirect_back: true) },
+ only: [:resend_confirmation_instructions]
feature_category :users
@@ -42,16 +44,6 @@ class Profiles::EmailsController < Profiles::ApplicationController
private
- def rate_limit!(action)
- rate_limiter = ::Gitlab::ApplicationRateLimiter
-
- if rate_limiter.throttled?(action, scope: current_user)
- rate_limiter.log_request(request, action, current_user)
-
- redirect_back_or_default(options: { alert: _('This action has been performed too many times. Try again later.') })
- end
- end
-
def email_params
params.require(:email).permit(:email)
end
diff --git a/app/controllers/profiles/two_factor_auths_controller.rb b/app/controllers/profiles/two_factor_auths_controller.rb
index e607346b40e..77fae34e2d2 100644
--- a/app/controllers/profiles/two_factor_auths_controller.rb
+++ b/app/controllers/profiles/two_factor_auths_controller.rb
@@ -8,7 +8,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
helper_method :current_password_required?
before_action do
- push_frontend_feature_flag(:webauthn)
+ push_frontend_feature_flag(:webauthn, default_enabled: :yaml)
end
feature_category :authentication_and_authorization
@@ -44,7 +44,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
@qr_code = build_qr_code
@account_string = account_string
- if Feature.enabled?(:webauthn)
+ if Feature.enabled?(:webauthn, default_enabled: :yaml)
setup_webauthn_registration
else
setup_u2f_registration
@@ -69,7 +69,7 @@ class Profiles::TwoFactorAuthsController < Profiles::ApplicationController
@error = { message: _('Invalid pin code.') }
@qr_code = build_qr_code
- if Feature.enabled?(:webauthn)
+ if Feature.enabled?(:webauthn, default_enabled: :yaml)
setup_webauthn_registration
else
setup_u2f_registration
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index 6330a6aa107..e6b80f90dca 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -8,7 +8,7 @@ class ProfilesController < Profiles::ApplicationController
before_action :authorize_change_username!, only: :update_username
skip_before_action :require_email, only: [:show, :update]
before_action do
- push_frontend_feature_flag(:webauthn)
+ push_frontend_feature_flag(:webauthn, default_enabled: :yaml)
end
feature_category :users
diff --git a/app/controllers/projects/autocomplete_sources_controller.rb b/app/controllers/projects/autocomplete_sources_controller.rb
index 0d5f64c739c..cf432cfb429 100644
--- a/app/controllers/projects/autocomplete_sources_controller.rb
+++ b/app/controllers/projects/autocomplete_sources_controller.rb
@@ -8,6 +8,8 @@ class Projects::AutocompleteSourcesController < Projects::ApplicationController
feature_category :users, [:members]
feature_category :snippets, [:snippets]
+ urgency :low, [:merge_requests]
+
def members
render json: ::Projects::ParticipantsService.new(@project, current_user).execute(target)
end
diff --git a/app/controllers/projects/blame_controller.rb b/app/controllers/projects/blame_controller.rb
index 0f87690bba5..57a06f26f8c 100644
--- a/app/controllers/projects/blame_controller.rb
+++ b/app/controllers/projects/blame_controller.rb
@@ -27,3 +27,5 @@ class Projects::BlameController < Projects::ApplicationController
@blame = Gitlab::View::Presenter::Factory.new(@blame, project: @project, path: @path).fabricate!
end
end
+
+Projects::BlameController.prepend_mod
diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index cd50c8cf5b1..b30ef7506aa 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -44,7 +44,7 @@ class Projects::BlobController < Projects::ApplicationController
before_action do
push_frontend_feature_flag(:refactor_blob_viewer, @project, default_enabled: :yaml)
- push_frontend_feature_flag(:refactor_text_viewer, @project, default_enabled: :yaml)
+ push_frontend_feature_flag(:highlight_js, @project, default_enabled: :yaml)
push_frontend_feature_flag(:consolidated_edit_button, @project, default_enabled: :yaml)
push_licensed_feature(:file_locks) if @project.licensed_feature_available?(:file_locks)
end
@@ -99,7 +99,7 @@ class Projects::BlobController < Projects::ApplicationController
@content = params[:content]
@blob.load_all_data!
diffy = Diffy::Diff.new(@blob.data, @content, diff: '-U 3', include_diff_info: true)
- diff_lines = diffy.diff.scan(/.*\n/)[2..-1]
+ diff_lines = diffy.diff.scan(/.*\n/)[2..]
diff_lines = Gitlab::Diff::Parser.new.parse(diff_lines).to_a
@diff_lines = Gitlab::Diff::Highlight.new(diff_lines, repository: @repository).highlight
@@ -298,3 +298,5 @@ class Projects::BlobController < Projects::ApplicationController
experiment(:code_quality_walkthrough, namespace: @project.root_ancestor).track(:commit_created)
end
end
+
+Projects::BlobController.prepend_mod
diff --git a/app/controllers/projects/boards_controller.rb b/app/controllers/projects/boards_controller.rb
index 7354c2c71ac..81ad6243efe 100644
--- a/app/controllers/projects/boards_controller.rb
+++ b/app/controllers/projects/boards_controller.rb
@@ -11,7 +11,6 @@ class Projects::BoardsController < Projects::ApplicationController
push_frontend_feature_flag(:issue_boards_filtered_search, project, default_enabled: :yaml)
push_frontend_feature_flag(:board_multi_select, project, default_enabled: :yaml)
push_frontend_feature_flag(:iteration_cadences, project&.group, default_enabled: :yaml)
- push_frontend_feature_flag(:labels_widget, project, default_enabled: :yaml)
experiment(:prominent_create_board_btn, subject: current_user) do |e|
e.use { }
e.try { }
diff --git a/app/controllers/projects/ci/lints_controller.rb b/app/controllers/projects/ci/lints_controller.rb
index 9dc3194df85..7ef5016ac00 100644
--- a/app/controllers/projects/ci/lints_controller.rb
+++ b/app/controllers/projects/ci/lints_controller.rb
@@ -6,6 +6,7 @@ class Projects::Ci::LintsController < Projects::ApplicationController
feature_category :pipeline_authoring
respond_to :json, only: [:create]
+ urgency :low, [:create]
def show
end
diff --git a/app/controllers/projects/ci/pipeline_editor_controller.rb b/app/controllers/projects/ci/pipeline_editor_controller.rb
index 600516f95a2..6f12e3940dd 100644
--- a/app/controllers/projects/ci/pipeline_editor_controller.rb
+++ b/app/controllers/projects/ci/pipeline_editor_controller.rb
@@ -9,6 +9,8 @@ class Projects::Ci::PipelineEditorController < Projects::ApplicationController
feature_category :pipeline_authoring
+ urgency :low, [:show]
+
def show
end
@@ -21,7 +23,7 @@ class Projects::Ci::PipelineEditorController < Projects::ApplicationController
def setup_walkthrough_experiment
experiment(:pipeline_editor_walkthrough, namespace: @project.namespace, sticky_to: current_user) do |e|
e.candidate {}
- e.record!
+ e.publish_to_database
end
end
end
diff --git a/app/controllers/projects/forks_controller.rb b/app/controllers/projects/forks_controller.rb
index 5154f145b46..ba83f8dad35 100644
--- a/app/controllers/projects/forks_controller.rb
+++ b/app/controllers/projects/forks_controller.rb
@@ -22,6 +22,8 @@ class Projects::ForksController < Projects::ApplicationController
end
def index
+ @sort = params[:sort]
+
@total_forks_count = project.forks.size
@public_forks_count = project.forks.public_only.size
@private_forks_count = @total_forks_count - project.forks.public_and_internal_only.size
diff --git a/app/controllers/projects/google_cloud/base_controller.rb b/app/controllers/projects/google_cloud/base_controller.rb
new file mode 100644
index 00000000000..aff305ab7d6
--- /dev/null
+++ b/app/controllers/projects/google_cloud/base_controller.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+class Projects::GoogleCloud::BaseController < Projects::ApplicationController
+ feature_category :five_minute_production_app
+
+ before_action :admin_project_google_cloud!
+ before_action :google_oauth2_enabled!
+ before_action :feature_flag_enabled!
+
+ private
+
+ def admin_project_google_cloud!
+ access_denied! unless can?(current_user, :admin_project_google_cloud, project)
+ end
+
+ def google_oauth2_enabled!
+ config = Gitlab::Auth::OAuth::Provider.config_for('google_oauth2')
+ if config.app_id.blank? || config.app_secret.blank?
+ access_denied! 'This GitLab instance not configured for Google Oauth2.'
+ end
+ end
+
+ def feature_flag_enabled!
+ access_denied! unless Feature.enabled?(:incubation_5mp_google_cloud, project)
+ end
+end
diff --git a/app/controllers/projects/google_cloud/service_accounts_controller.rb b/app/controllers/projects/google_cloud/service_accounts_controller.rb
new file mode 100644
index 00000000000..a69a744154c
--- /dev/null
+++ b/app/controllers/projects/google_cloud/service_accounts_controller.rb
@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+class Projects::GoogleCloud::ServiceAccountsController < Projects::GoogleCloud::BaseController
+ before_action :validate_gcp_token!
+
+ def index
+ @google_cloud_path = project_google_cloud_index_path(project)
+ google_api_client = GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
+ gcp_projects = google_api_client.list_projects
+
+ if gcp_projects.empty?
+ @js_data = { screen: 'no_gcp_projects' }.to_json
+ render status: :unauthorized, template: 'projects/google_cloud/errors/no_gcp_projects'
+ else
+ @js_data = {
+ screen: 'service_accounts_form',
+ gcpProjects: gcp_projects,
+ environments: project.environments,
+ cancelPath: project_google_cloud_index_path(project)
+ }.to_json
+ end
+ rescue Google::Apis::ClientError => error
+ handle_gcp_error(error, project)
+ end
+
+ def create
+ google_api_client = GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
+ service_accounts_service = GoogleCloud::ServiceAccountsService.new(project)
+ gcp_project = params[:gcp_project]
+ environment = params[:environment]
+ generated_name = "GitLab :: #{@project.name} :: #{environment}"
+ generated_desc = "GitLab generated service account for project '#{@project.name}' and environment '#{environment}'"
+
+ service_account = google_api_client.create_service_account(gcp_project, generated_name, generated_desc)
+ service_account_key = google_api_client.create_service_account_key(gcp_project, service_account.unique_id)
+
+ service_accounts_service.add_for_project(
+ environment,
+ service_account.project_id,
+ service_account.to_json,
+ service_account_key.to_json
+ )
+
+ redirect_to project_google_cloud_index_path(project), notice: _('Service account generated successfully')
+ rescue Google::Apis::ClientError, Google::Apis::ServerError, Google::Apis::AuthorizationError => error
+ handle_gcp_error(error, project)
+ end
+
+ private
+
+ def validate_gcp_token!
+ is_token_valid = GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
+ .validate_token(expires_at_in_session)
+
+ return if is_token_valid
+
+ return_url = project_google_cloud_index_path(project)
+ state = generate_session_key_redirect(request.url, return_url)
+ @authorize_url = GoogleApi::CloudPlatform::Client.new(nil,
+ callback_google_api_auth_url,
+ state: state).authorize_url
+ redirect_to @authorize_url
+ end
+
+ def generate_session_key_redirect(uri, error_uri)
+ GoogleApi::CloudPlatform::Client.new_session_key_for_redirect_uri do |key|
+ session[key] = uri
+ session[:error_uri] = error_uri
+ end
+ end
+
+ def token_in_session
+ session[GoogleApi::CloudPlatform::Client.session_key_for_token]
+ end
+
+ def expires_at_in_session
+ session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at]
+ end
+
+ def handle_gcp_error(error, project)
+ Gitlab::ErrorTracking.track_exception(error, project_id: project.id)
+ @js_data = { screen: 'gcp_error', error: error.to_s }.to_json
+ render status: :unauthorized, template: 'projects/google_cloud/errors/gcp_error'
+ end
+end
diff --git a/app/controllers/projects/google_cloud_controller.rb b/app/controllers/projects/google_cloud_controller.rb
index 7257ed1ef6f..1fa8ae60376 100644
--- a/app/controllers/projects/google_cloud_controller.rb
+++ b/app/controllers/projects/google_cloud_controller.rb
@@ -1,34 +1,12 @@
# frozen_string_literal: true
-class Projects::GoogleCloudController < Projects::ApplicationController
- feature_category :google_cloud
-
- before_action :admin_project_google_cloud?
- before_action :google_oauth2_enabled?
- before_action :feature_flag_enabled?
-
+class Projects::GoogleCloudController < Projects::GoogleCloud::BaseController
def index
@js_data = {
+ screen: 'home',
serviceAccounts: GoogleCloud::ServiceAccountsService.new(project).find_for_project,
- createServiceAccountUrl: '#mocked-url-create-service',
+ createServiceAccountUrl: project_google_cloud_service_accounts_path(project),
emptyIllustrationUrl: ActionController::Base.helpers.image_path('illustrations/pipelines_empty.svg')
}.to_json
end
-
- private
-
- def admin_project_google_cloud?
- access_denied! unless can?(current_user, :admin_project_google_cloud, project)
- end
-
- def google_oauth2_enabled?
- config = Gitlab::Auth::OAuth::Provider.config_for('google_oauth2')
- if config.app_id.blank? || config.app_secret.blank?
- access_denied! 'This GitLab instance not configured for Google Oauth2.'
- end
- end
-
- def feature_flag_enabled?
- access_denied! unless Feature.enabled?(:incubation_5mp_google_cloud)
- end
end
diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb
index c79e5a8cc85..99eba32e00f 100644
--- a/app/controllers/projects/hooks_controller.rb
+++ b/app/controllers/projects/hooks_controller.rb
@@ -6,7 +6,7 @@ class Projects::HooksController < Projects::ApplicationController
# Authorize
before_action :authorize_admin_project!
before_action :hook_logs, only: :edit
- before_action -> { create_rate_limit(:project_testing_hook, @project) }, only: :test
+ before_action -> { check_rate_limit!(:project_testing_hook, scope: [@project, current_user]) }, only: :test
respond_to :html
diff --git a/app/controllers/projects/integrations/shimos_controller.rb b/app/controllers/projects/integrations/shimos_controller.rb
new file mode 100644
index 00000000000..827dbb8f3f9
--- /dev/null
+++ b/app/controllers/projects/integrations/shimos_controller.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Projects
+ module Integrations
+ class ShimosController < Projects::ApplicationController
+ feature_category :integrations
+
+ before_action :ensure_renderable
+
+ def show; end
+
+ private
+
+ def ensure_renderable
+ render_404 unless Feature.enabled?(:shimo_integration, project) && project.has_shimo? && project.shimo_integration&.render?
+ end
+ end
+ end
+end
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index 853e9c7ccdd..fc67cd98d15 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -10,7 +10,7 @@ class Projects::IssuesController < Projects::ApplicationController
include RecordUserLastActivity
ISSUES_EXCEPT_ACTIONS = %i[index calendar new create bulk_update import_csv export_csv service_desk].freeze
- SET_ISSUEABLES_INDEX_ONLY_ACTIONS = %i[index calendar service_desk].freeze
+ SET_ISSUABLES_INDEX_ONLY_ACTIONS = %i[index calendar service_desk].freeze
prepend_before_action(only: [:index]) { authenticate_sessionless_user!(:rss) }
prepend_before_action(only: [:calendar]) { authenticate_sessionless_user!(:ics) }
@@ -22,7 +22,7 @@ class Projects::IssuesController < Projects::ApplicationController
before_action :issue, unless: ->(c) { ISSUES_EXCEPT_ACTIONS.include?(c.action_name.to_sym) }
after_action :log_issue_show, unless: ->(c) { ISSUES_EXCEPT_ACTIONS.include?(c.action_name.to_sym) }
- before_action :set_issuables_index, if: ->(c) { SET_ISSUEABLES_INDEX_ONLY_ACTIONS.include?(c.action_name.to_sym) }
+ before_action :set_issuables_index, if: ->(c) { SET_ISSUABLES_INDEX_ONLY_ACTIONS.include?(c.action_name.to_sym) }
# Allow write(create) issue
before_action :authorize_create_issue!, only: [:new, :create]
@@ -37,7 +37,9 @@ class Projects::IssuesController < Projects::ApplicationController
before_action :authorize_download_code!, only: [:related_branches]
# Limit the amount of issues created per minute
- before_action :create_rate_limit, only: [:create], if: -> { Feature.disabled?('rate_limited_service_issues_create', project, default_enabled: :yaml) }
+ before_action -> { check_rate_limit!(:issues_create, scope: [@project, @current_user])},
+ only: [:create],
+ if: -> { Feature.disabled?('rate_limited_service_issues_create', project, default_enabled: :yaml) }
before_action do
push_frontend_feature_flag(:tribute_autocomplete, @project)
@@ -49,19 +51,9 @@ class Projects::IssuesController < Projects::ApplicationController
before_action only: :show do
push_frontend_feature_flag(:real_time_issue_sidebar, @project, default_enabled: :yaml)
- push_frontend_feature_flag(:confidential_notes, @project, default_enabled: :yaml)
+ push_frontend_feature_flag(:confidential_notes, project&.group, default_enabled: :yaml)
push_frontend_feature_flag(:issue_assignees_widget, @project, default_enabled: :yaml)
- push_frontend_feature_flag(:labels_widget, @project, default_enabled: :yaml)
push_frontend_feature_flag(:paginated_issue_discussions, @project, default_enabled: :yaml)
-
- experiment(:invite_members_in_comment, namespace: @project.root_ancestor) do |experiment_instance|
- experiment_instance.exclude! unless helpers.can_admin_project_member?(@project)
-
- experiment_instance.use {}
- experiment_instance.try(:invite_member_link) {}
-
- experiment_instance.track(:view, property: @project.root_ancestor.id.to_s)
- end
end
around_action :allow_gitaly_ref_name_caching, only: [:discussions]
@@ -373,20 +365,6 @@ class Projects::IssuesController < Projects::ApplicationController
project_compare_path(project, from: project.default_branch, to: branch[:name])
end
- def create_rate_limit
- key = :issues_create
-
- if rate_limiter.throttled?(key, scope: [@project, @current_user])
- rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
-
- render plain: _('This endpoint has been requested too many times. Try again later.'), status: :too_many_requests
- end
- end
-
- def rate_limiter
- ::Gitlab::ApplicationRateLimiter
- end
-
def service_desk?
action_name == 'service_desk'
end
diff --git a/app/controllers/projects/jobs_controller.rb b/app/controllers/projects/jobs_controller.rb
index 81b8da9cba3..fa7c62c34dd 100644
--- a/app/controllers/projects/jobs_controller.rb
+++ b/app/controllers/projects/jobs_controller.rb
@@ -4,8 +4,8 @@ class Projects::JobsController < Projects::ApplicationController
include SendFileUpload
include ContinueParams
- before_action :find_job_as_build, except: [:index, :play]
- before_action :find_job_as_processable, only: [:play]
+ before_action :find_job_as_build, except: [:index, :play, :show]
+ before_action :find_job_as_processable, only: [:play, :show]
before_action :authorize_read_build_trace!, only: [:trace, :raw]
before_action :authorize_read_build!
before_action :authorize_update_build!,
@@ -42,7 +42,7 @@ class Projects::JobsController < Projects::ApplicationController
format.json do
Gitlab::PollingInterval.set_header(response, interval: 10_000)
- render json: BuildSerializer
+ render json: Ci::JobSerializer
.new(project: @project, current_user: @current_user)
.represent(@build.present(current_user: current_user), {}, BuildDetailsEntity)
end
@@ -118,7 +118,7 @@ class Projects::JobsController < Projects::ApplicationController
end
def status
- render json: BuildSerializer
+ render json: Ci::JobSerializer
.new(project: @project, current_user: @current_user)
.represent_status(@build.present(current_user: current_user))
end
diff --git a/app/controllers/projects/learn_gitlab_controller.rb b/app/controllers/projects/learn_gitlab_controller.rb
index 91a43c5f03f..177533b89c8 100644
--- a/app/controllers/projects/learn_gitlab_controller.rb
+++ b/app/controllers/projects/learn_gitlab_controller.rb
@@ -3,6 +3,7 @@
class Projects::LearnGitlabController < Projects::ApplicationController
before_action :authenticate_user!
before_action :check_experiment_enabled?
+ before_action :enable_invite_for_help_continuous_onboarding_experiment
feature_category :users
@@ -14,4 +15,13 @@ class Projects::LearnGitlabController < Projects::ApplicationController
def check_experiment_enabled?
return access_denied! unless helpers.learn_gitlab_enabled?(project)
end
+
+ def enable_invite_for_help_continuous_onboarding_experiment
+ return unless current_user.can?(:admin_group_member, project.namespace)
+
+ experiment(:invite_for_help_continuous_onboarding, namespace: project.namespace) do |e|
+ e.candidate {}
+ e.publish_to_database
+ end
+ end
end
diff --git a/app/controllers/projects/merge_requests/conflicts_controller.rb b/app/controllers/projects/merge_requests/conflicts_controller.rb
index a8038878504..76a233afa13 100644
--- a/app/controllers/projects/merge_requests/conflicts_controller.rb
+++ b/app/controllers/projects/merge_requests/conflicts_controller.rb
@@ -5,6 +5,12 @@ class Projects::MergeRequests::ConflictsController < Projects::MergeRequests::Ap
before_action :authorize_can_resolve_conflicts!
+ urgency :low, [
+ :show,
+ :conflict_for_path,
+ :resolve_conflicts
+ ]
+
def show
respond_to do |format|
format.html do
diff --git a/app/controllers/projects/merge_requests/content_controller.rb b/app/controllers/projects/merge_requests/content_controller.rb
index 399745151b1..588fc85ff77 100644
--- a/app/controllers/projects/merge_requests/content_controller.rb
+++ b/app/controllers/projects/merge_requests/content_controller.rb
@@ -13,6 +13,11 @@ class Projects::MergeRequests::ContentController < Projects::MergeRequests::Appl
FAST_POLLING_INTERVAL = 10.seconds.in_milliseconds
SLOW_POLLING_INTERVAL = 5.minutes.in_milliseconds
+ urgency :low, [
+ :widget,
+ :cached_widget
+ ]
+
def widget
respond_to do |format|
format.json do
diff --git a/app/controllers/projects/merge_requests/creations_controller.rb b/app/controllers/projects/merge_requests/creations_controller.rb
index ecc5ad1f84e..beb179f584b 100644
--- a/app/controllers/projects/merge_requests/creations_controller.rb
+++ b/app/controllers/projects/merge_requests/creations_controller.rb
@@ -10,6 +10,15 @@ class Projects::MergeRequests::CreationsController < Projects::MergeRequests::Ap
before_action :apply_diff_view_cookie!, only: [:diffs, :diff_for_path]
before_action :build_merge_request, except: [:create]
+ urgency :low, [
+ :new,
+ :create,
+ :pipelines,
+ :diffs,
+ :branch_from,
+ :branch_to
+ ]
+
def new
define_new_vars
end
diff --git a/app/controllers/projects/merge_requests/diffs_controller.rb b/app/controllers/projects/merge_requests/diffs_controller.rb
index 1188aec24a8..32ca7d779d2 100644
--- a/app/controllers/projects/merge_requests/diffs_controller.rb
+++ b/app/controllers/projects/merge_requests/diffs_controller.rb
@@ -14,6 +14,13 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
after_action :track_viewed_diffs_events, only: [:diffs_batch]
+ urgency :low, [
+ :show,
+ :diff_for_path,
+ :diffs_batch,
+ :diffs_metadata
+ ]
+
def show
render_diffs
end
@@ -36,6 +43,7 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
options = {
environment: environment,
merge_request: @merge_request,
+ commit: commit,
diff_view: diff_view,
merge_ref_head_diff: render_merge_ref_head_diff?,
pagination_data: diffs.pagination_data,
diff --git a/app/controllers/projects/merge_requests/drafts_controller.rb b/app/controllers/projects/merge_requests/drafts_controller.rb
index ca3f36cafe1..645720a0889 100644
--- a/app/controllers/projects/merge_requests/drafts_controller.rb
+++ b/app/controllers/projects/merge_requests/drafts_controller.rb
@@ -9,6 +9,13 @@ class Projects::MergeRequests::DraftsController < Projects::MergeRequests::Appli
before_action :authorize_admin_draft!, only: [:update, :destroy]
before_action :authorize_admin_draft!, if: -> { action_name == 'publish' && params[:id].present? }
+ urgency :low, [
+ :create,
+ :update,
+ :destroy,
+ :publish
+ ]
+
def index
drafts = prepare_notes_for_rendering(draft_notes)
render json: DraftNoteSerializer.new(current_user: current_user).represent(drafts)
@@ -110,7 +117,7 @@ class Projects::MergeRequests::DraftsController < Projects::MergeRequests::Appli
def render_draft_note(note)
params = { target_id: merge_request.id, target_type: 'MergeRequest', text: note.note }
result = PreviewMarkdownService.new(@project, current_user, params).execute
- markdown_params = { markdown_engine: result[:markdown_engine], issuable_state_filter_enabled: true }
+ markdown_params = { markdown_engine: result[:markdown_engine], issuable_reference_expansion_enabled: true }
note.rendered_note = view_context.markdown(result[:text], markdown_params)
note.users_referenced = result[:users]
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 6c5a8aa0610..7133233f083 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -42,21 +42,11 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
push_frontend_feature_flag(:restructured_mr_widget, project, default_enabled: :yaml)
push_frontend_feature_flag(:mr_changes_fluid_layout, project, default_enabled: :yaml)
push_frontend_feature_flag(:mr_attention_requests, project, default_enabled: :yaml)
- push_frontend_feature_flag(:labels_widget, project, default_enabled: :yaml)
# Usage data feature flags
push_frontend_feature_flag(:users_expanding_widgets_usage_data, @project, default_enabled: :yaml)
push_frontend_feature_flag(:diff_settings_usage_data, default_enabled: :yaml)
push_frontend_feature_flag(:diff_searching_usage_data, @project, default_enabled: :yaml)
-
- experiment(:invite_members_in_comment, namespace: @project.root_ancestor) do |experiment_instance|
- experiment_instance.exclude! unless helpers.can_admin_project_member?(@project)
-
- experiment_instance.use {}
- experiment_instance.try(:invite_member_link) {}
-
- experiment_instance.track(:view, property: @project.root_ancestor.id.to_s)
- end
end
before_action do
@@ -74,15 +64,28 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
:show, :toggle_award_emoji, :toggle_subscription, :update
]
- feature_category :code_testing, [
- :test_reports, :coverage_reports, :codequality_reports,
- :codequality_mr_diff_reports
- ]
-
+ feature_category :code_testing, [:test_reports, :coverage_reports]
+ feature_category :code_quality, [:codequality_reports, :codequality_mr_diff_reports]
feature_category :accessibility_testing, [:accessibility_reports]
feature_category :infrastructure_as_code, [:terraform_reports]
feature_category :continuous_integration, [:pipeline_status, :pipelines, :exposed_artifacts]
+ urgency :high, [:export_csv]
+ urgency :low, [
+ :index,
+ :show,
+ :commits,
+ :bulk_update,
+ :edit,
+ :update,
+ :cancel_auto_merge,
+ :merge,
+ :ci_environments_status,
+ :destroy,
+ :rebase,
+ :discussions
+ ]
+
def index
@merge_requests = @issuables
@@ -286,7 +289,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
if merge_request.errors.present?
render json: @merge_request.errors, status: :bad_request
else
- render json: serializer.represent(@merge_request, serializer: 'basic')
+ render json: serializer.represent(@merge_request, serializer: params[:serializer] || 'basic')
end
end
end
diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index e8057308386..7322e08e62e 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -57,7 +57,7 @@ class Projects::NotesController < Projects::ApplicationController
def outdated_line_change
diff_lines = Rails.cache.fetch(['note', note.id, 'oudated_line_change'], expires_in: 7.days) do
- ::MergeRequests::OutdatedDiscussionDiffLinesService.new(project: @project, note: note).execute.to_json
+ ::MergeRequests::OutdatedDiscussionDiffLinesService.new(project: note.noteable.source_project, note: note).execute.to_json
end
render json: diff_lines
diff --git a/app/controllers/projects/pipeline_schedules_controller.rb b/app/controllers/projects/pipeline_schedules_controller.rb
index 4af7508b935..ac94cc001dd 100644
--- a/app/controllers/projects/pipeline_schedules_controller.rb
+++ b/app/controllers/projects/pipeline_schedules_controller.rb
@@ -3,7 +3,7 @@
class Projects::PipelineSchedulesController < Projects::ApplicationController
before_action :schedule, except: [:index, :new, :create]
- before_action :play_rate_limit, only: [:play]
+ before_action :check_play_rate_limit!, only: [:play]
before_action :authorize_play_pipeline_schedule!, only: [:play]
before_action :authorize_read_pipeline_schedule!
before_action :authorize_create_pipeline_schedule!, only: [:new, :create]
@@ -81,19 +81,15 @@ class Projects::PipelineSchedulesController < Projects::ApplicationController
private
- def play_rate_limit
+ def check_play_rate_limit!
return unless current_user
- if rate_limiter.throttled?(:play_pipeline_schedule, scope: [current_user, schedule])
+ check_rate_limit!(:play_pipeline_schedule, scope: [current_user, schedule]) do
flash[:alert] = _('You cannot play this scheduled pipeline at the moment. Please wait a minute.')
redirect_to pipeline_schedules_path(@project)
end
end
- def rate_limiter
- ::Gitlab::ApplicationRateLimiter
- end
-
def schedule
@schedule ||= project.pipeline_schedules.find(params[:id])
end
diff --git a/app/controllers/projects/pipelines_controller.rb b/app/controllers/projects/pipelines_controller.rb
index a2312484a9b..71dc67bb6dc 100644
--- a/app/controllers/projects/pipelines_controller.rb
+++ b/app/controllers/projects/pipelines_controller.rb
@@ -14,13 +14,22 @@ class Projects::PipelinesController < Projects::ApplicationController
before_action :authorize_update_pipeline!, only: [:retry, :cancel]
before_action :ensure_pipeline, only: [:show, :downloadable_artifacts]
+ before_action do
+ push_frontend_feature_flag(:jobs_tab_vue, @project, default_enabled: :yaml)
+ end
+
# Will be removed with https://gitlab.com/gitlab-org/gitlab/-/issues/225596
before_action :redirect_for_legacy_scope_filter, only: [:index], if: -> { request.format.html? }
around_action :allow_gitaly_ref_name_caching, only: [:index, :show]
+ # Will be removed with https://gitlab.com/gitlab-org/gitlab/-/issues/345074
track_redis_hll_event :charts, name: 'p_analytics_pipelines'
+ track_redis_hll_event :charts, name: 'p_analytics_ci_cd_pipelines', if: -> { should_track_ci_cd_pipelines? }
+ track_redis_hll_event :charts, name: 'p_analytics_ci_cd_deployment_frequency', if: -> { should_track_ci_cd_deployment_frequency? }
+ track_redis_hll_event :charts, name: 'p_analytics_ci_cd_lead_time', if: -> { should_track_ci_cd_lead_time? }
+
wrap_parameters Ci::Pipeline
POLLING_INTERVAL = 10_000
@@ -307,7 +316,7 @@ class Projects::PipelinesController < Projects::ApplicationController
e.control {}
e.candidate {}
- e.record!
+ e.publish_to_database
end
end
@@ -320,9 +329,21 @@ class Projects::PipelinesController < Projects::ApplicationController
e.control {}
e.candidate {}
- e.record!
+ e.publish_to_database
end
end
+
+ def should_track_ci_cd_pipelines?
+ params[:chart].blank? || params[:chart] == 'pipelines'
+ end
+
+ def should_track_ci_cd_deployment_frequency?
+ params[:chart] == 'deployment-frequency'
+ end
+
+ def should_track_ci_cd_lead_time?
+ params[:chart] == 'lead-time'
+ end
end
Projects::PipelinesController.prepend_mod_with('Projects::PipelinesController')
diff --git a/app/controllers/projects/prometheus/alerts_controller.rb b/app/controllers/projects/prometheus/alerts_controller.rb
index 312919831d4..7aebff13278 100644
--- a/app/controllers/projects/prometheus/alerts_controller.rb
+++ b/app/controllers/projects/prometheus/alerts_controller.rb
@@ -82,17 +82,17 @@ module Projects
def create_service
Projects::Prometheus::Alerts::CreateService
- .new(project, current_user, alerts_params)
+ .new(project: project, current_user: current_user, params: alerts_params)
end
def update_service
Projects::Prometheus::Alerts::UpdateService
- .new(project, current_user, alerts_params)
+ .new(project: project, current_user: current_user, params: alerts_params)
end
def destroy_service
Projects::Prometheus::Alerts::DestroyService
- .new(project, current_user, nil)
+ .new(project: project, current_user: current_user, params: nil)
end
def schedule_prometheus_update!
diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb
index e86d2490282..9707b70f26f 100644
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -13,7 +13,7 @@ class Projects::RawController < Projects::ApplicationController
before_action :set_ref_and_path
before_action :require_non_empty_project
before_action :authorize_download_code!
- before_action :show_rate_limit, only: [:show], unless: :external_storage_request?
+ before_action :check_show_rate_limit!, only: [:show], unless: :external_storage_request?
before_action :redirect_to_external_storage, only: :show, if: :static_objects_external_storage_enabled?
feature_category :source_code_management
@@ -33,21 +33,11 @@ class Projects::RawController < Projects::ApplicationController
@ref, @path = extract_ref(get_id)
end
- def show_rate_limit
- if rate_limiter.throttled?(:show_raw_controller, scope: [@project, @path], threshold: raw_blob_request_limit)
- rate_limiter.log_request(request, :raw_blob_request_limit, current_user)
-
+ def check_show_rate_limit!
+ check_rate_limit!(:raw_blob, scope: [@project, @path]) do
render plain: _('You cannot access the raw file. Please wait a minute.'), status: :too_many_requests
end
end
-
- def rate_limiter
- ::Gitlab::ApplicationRateLimiter
- end
-
- def raw_blob_request_limit
- Gitlab::CurrentSettings
- .current_application_settings
- .raw_blob_request_limit
- end
end
+
+Projects::RawController.prepend_mod
diff --git a/app/controllers/projects/repositories_controller.rb b/app/controllers/projects/repositories_controller.rb
index 8beebb52980..77826a2f789 100644
--- a/app/controllers/projects/repositories_controller.rb
+++ b/app/controllers/projects/repositories_controller.rb
@@ -3,16 +3,16 @@
class Projects::RepositoriesController < Projects::ApplicationController
include ExtractsPath
include StaticObjectExternalStorage
- include Gitlab::RateLimitHelpers
include HotlinkInterceptor
+ include Gitlab::RepositoryArchiveRateLimiter
prepend_before_action(only: [:archive]) { authenticate_sessionless_user!(:archive) }
skip_before_action :default_cache_headers, only: :archive
# Authorize
+ before_action :check_archive_rate_limiting!, only: :archive
before_action :require_non_empty_project, except: :create
- before_action :archive_rate_limit!, only: :archive
before_action :intercept_hotlinking!, only: :archive
before_action :assign_archive_vars, only: :archive
before_action :assign_append_sha, only: :archive
@@ -42,12 +42,6 @@ class Projects::RepositoriesController < Projects::ApplicationController
private
- def archive_rate_limit!
- if archive_rate_limit_reached?(current_user, @project)
- render plain: ::Gitlab::RateLimitHelpers::ARCHIVE_RATE_LIMIT_REACHED_MESSAGE, status: :too_many_requests
- end
- end
-
def repo_params
@repo_params ||= { ref: @ref, path: params[:path], format: params[:format], append_sha: @append_sha }
end
@@ -125,6 +119,12 @@ class Projects::RepositoriesController < Projects::ApplicationController
[path, nil]
end
end
+
+ def check_archive_rate_limiting!
+ check_archive_rate_limit!(current_user, @project) do
+ render(plain: _('This archive has been requested too many times. Try again later.'), status: :too_many_requests)
+ end
+ end
end
Projects::RepositoriesController.prepend_mod_with('Projects::RepositoriesController')
diff --git a/app/controllers/projects/runners_controller.rb b/app/controllers/projects/runners_controller.rb
index e841c3e3d49..62a9f8a4625 100644
--- a/app/controllers/projects/runners_controller.rb
+++ b/app/controllers/projects/runners_controller.rb
@@ -4,8 +4,6 @@ class Projects::RunnersController < Projects::ApplicationController
before_action :authorize_admin_build!
before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show]
- layout 'project_settings'
-
feature_category :runner
def index
diff --git a/app/controllers/projects/settings/ci_cd_controller.rb b/app/controllers/projects/settings/ci_cd_controller.rb
index 4fe37352995..ef6c10d43cd 100644
--- a/app/controllers/projects/settings/ci_cd_controller.rb
+++ b/app/controllers/projects/settings/ci_cd_controller.rb
@@ -9,10 +9,10 @@ module Projects
layout 'project_settings'
before_action :authorize_admin_pipeline!
+ before_action :check_builds_available!
before_action :define_variables
before_action do
push_frontend_feature_flag(:ajax_new_deploy_token, @project)
- push_frontend_feature_flag(:ci_scoped_job_token, @project, default_enabled: :yaml)
end
helper_method :highlight_badge
diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb
index f8f2c1f0836..660ebcc30d3 100644
--- a/app/controllers/projects/tree_controller.rb
+++ b/app/controllers/projects/tree_controller.rb
@@ -60,3 +60,5 @@ class Projects::TreeController < Projects::ApplicationController
}
end
end
+
+Projects::TreeController.prepend_mod
diff --git a/app/controllers/projects/usage_quotas_controller.rb b/app/controllers/projects/usage_quotas_controller.rb
index b319e427eaa..680874ffee4 100644
--- a/app/controllers/projects/usage_quotas_controller.rb
+++ b/app/controllers/projects/usage_quotas_controller.rb
@@ -9,14 +9,5 @@ class Projects::UsageQuotasController < Projects::ApplicationController
def index
@hide_search_settings = true
- @storage_app_data = {
- project_path: @project.full_path,
- usage_quotas_help_page_path: help_page_path('user/usage_quotas'),
- build_artifacts_help_page_path: help_page_path('ci/pipelines/job_artifacts', anchor: 'when-job-artifacts-are-deleted'),
- packages_help_page_path: help_page_path('user/packages/package_registry/index.md', anchor: 'delete-a-package'),
- repository_help_page_path: help_page_path('user/project/repository/reducing_the_repo_size_using_git'),
- snippets_help_page_path: help_page_path('user/snippets', anchor: 'reduce-snippets-repository-size'),
- wiki_help_page_path: help_page_path('administration/wikis/index.md', anchor: 'reduce-wiki-repository-size')
- }
end
end
diff --git a/app/controllers/projects/variables_controller.rb b/app/controllers/projects/variables_controller.rb
index f93c75a203e..e7bccf5a243 100644
--- a/app/controllers/projects/variables_controller.rb
+++ b/app/controllers/projects/variables_controller.rb
@@ -5,6 +5,8 @@ class Projects::VariablesController < Projects::ApplicationController
feature_category :pipeline_authoring
+ urgency :low, [:show, :update]
+
def show
respond_to do |format|
format.json do
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 5b17b75a963..04dde5ef7b2 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -30,14 +30,15 @@ class ProjectsController < Projects::ApplicationController
before_action :event_filter, only: [:show, :activity]
# Project Export Rate Limit
- before_action :export_rate_limit, only: [:export, :download_export, :generate_new_export]
+ before_action :check_export_rate_limit!, only: [:export, :download_export, :generate_new_export]
before_action do
push_frontend_feature_flag(:lazy_load_commits, @project, default_enabled: :yaml)
push_frontend_feature_flag(:refactor_blob_viewer, @project, default_enabled: :yaml)
- push_frontend_feature_flag(:refactor_text_viewer, @project, default_enabled: :yaml)
+ push_frontend_feature_flag(:highlight_js, @project, default_enabled: :yaml)
push_frontend_feature_flag(:increase_page_size_exponentially, @project, default_enabled: :yaml)
push_frontend_feature_flag(:new_dir_modal, @project, default_enabled: :yaml)
+ push_licensed_feature(:file_locks) if @project.present? && @project.licensed_feature_available?(:file_locks)
end
layout :determine_layout
@@ -51,7 +52,9 @@ class ProjectsController < Projects::ApplicationController
feature_category :team_planning, [:preview_markdown, :new_issuable_address]
feature_category :importers, [:export, :remove_export, :generate_new_export, :download_export]
feature_category :code_review, [:unfoldered_environment_names]
+
urgency :low, [:refs]
+ urgency :high, [:unfoldered_environment_names]
def index
redirect_to(current_user ? root_path : explore_root_path)
@@ -116,7 +119,10 @@ class ProjectsController < Projects::ApplicationController
if @project.errors[:new_namespace].present?
flash[:alert] = @project.errors[:new_namespace].first
+ return redirect_to edit_project_path(@project)
end
+
+ redirect_to edit_project_path(@project)
end
# rubocop: enable CodeReuse/ActiveRecord
@@ -126,6 +132,8 @@ class ProjectsController < Projects::ApplicationController
if ::Projects::UnlinkForkService.new(@project, current_user).execute
flash[:notice] = _('The fork relationship has been removed.')
end
+
+ redirect_to edit_project_path(@project)
end
def activity
@@ -452,6 +460,7 @@ class ProjectsController < Projects::ApplicationController
:packages_enabled,
:service_desk_enabled,
:merge_commit_template,
+ :squash_commit_template,
project_setting_attributes: project_setting_attributes
] + [project_feature_attributes: project_feature_attributes]
end
@@ -535,20 +544,12 @@ class ProjectsController < Projects::ApplicationController
@project = @project.present(current_user: current_user)
end
- def export_rate_limit
+ def check_export_rate_limit!
prefixed_action = "project_#{params[:action]}".to_sym
project_scope = params[:action] == 'download_export' ? @project : nil
- if rate_limiter.throttled?(prefixed_action, scope: [current_user, project_scope].compact)
- rate_limiter.log_request(request, "#{prefixed_action}_request_limit".to_sym, current_user)
-
- render plain: _('This endpoint has been requested too many times. Try again later.'), status: :too_many_requests
- end
- end
-
- def rate_limiter
- ::Gitlab::ApplicationRateLimiter
+ check_rate_limit!(prefixed_action, scope: [current_user, project_scope].compact)
end
def render_edit
diff --git a/app/controllers/registrations/welcome_controller.rb b/app/controllers/registrations/welcome_controller.rb
index 39d3125a4a3..41fd1b7a1e6 100644
--- a/app/controllers/registrations/welcome_controller.rb
+++ b/app/controllers/registrations/welcome_controller.rb
@@ -72,16 +72,10 @@ module Registrations
end
def show_tasks_to_be_done?
- return unless experiment(:invite_members_for_task).enabled?
-
MemberTask.for_members(current_user.members).exists?
end
# overridden in EE
- def trial_params
- end
-
- # overridden in EE
def update_success_path
end
end
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index 450c12a233b..ed3facd72c5 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -210,9 +210,6 @@ class RegistrationsController < Devise::RegistrationsController
return unless member
- experiment_name = session.delete(:invite_email_experiment_name)
- experiment(:invite_email_preview_text, actor: member).track(:accepted) if experiment_name == 'invite_email_preview_text'
- experiment(:invite_email_from, actor: member).track(:accepted) if experiment_name == 'invite_email_from'
Gitlab::Tracking.event(self.class.name, 'accepted', label: 'invite_email', property: member.id.to_s)
end
diff --git a/app/controllers/repositories/git_http_client_controller.rb b/app/controllers/repositories/git_http_client_controller.rb
index b3adda8c633..c002c9b83f9 100644
--- a/app/controllers/repositories/git_http_client_controller.rb
+++ b/app/controllers/repositories/git_http_client_controller.rb
@@ -8,12 +8,9 @@ module Repositories
attr_reader :authentication_result, :redirected_path
- delegate :actor, :authentication_abilities, to: :authentication_result, allow_nil: true
+ delegate :authentication_abilities, to: :authentication_result, allow_nil: true
delegate :type, to: :authentication_result, allow_nil: true, prefix: :auth_result
- alias_method :user, :actor
- alias_method :authenticated_user, :actor
-
# Git clients will not know what authenticity token to send along
skip_around_action :set_session_storage
skip_before_action :verify_authenticity_token
@@ -22,8 +19,16 @@ module Repositories
feature_category :source_code_management
+ def authenticated_user
+ authentication_result&.user || authentication_result&.deploy_token
+ end
+
private
+ def user
+ authenticated_user
+ end
+
def download_request?
raise NotImplementedError
end
diff --git a/app/controllers/repositories/lfs_api_controller.rb b/app/controllers/repositories/lfs_api_controller.rb
index 30cafb6747e..d93d88c9e64 100644
--- a/app/controllers/repositories/lfs_api_controller.rb
+++ b/app/controllers/repositories/lfs_api_controller.rb
@@ -76,7 +76,10 @@ module Repositories
existing_oids = project.lfs_objects_oids(oids: objects_oids)
objects.each do |object|
- object[:actions] = upload_actions(object) unless existing_oids.include?(object[:oid])
+ next if existing_oids.include?(object[:oid])
+ next if should_auto_link? && oids_from_fork.include?(object[:oid]) && link_to_project!(object)
+
+ object[:actions] = upload_actions(object)
end
objects
@@ -150,6 +153,34 @@ module Repositories
Gitlab::LfsToken.new(user).basic_encoding
end
+
+ def should_auto_link?
+ return false unless Feature.enabled?(:lfs_auto_link_fork_source, project)
+ return false unless project.forked?
+
+ # Sanity check in case for some reason the user doesn't have access to the parent
+ can?(user, :download_code, project.fork_source)
+ end
+
+ def oids_from_fork
+ @oids_from_fork ||= project.lfs_objects_oids_from_fork_source(oids: objects_oids)
+ end
+
+ def link_to_project!(object)
+ lfs_object = LfsObject.for_oid_and_size(object[:oid], object[:size])
+
+ return unless lfs_object
+
+ LfsObjectsProject.link_to_project!(lfs_object, project)
+
+ Gitlab::AppJsonLogger.info(message: "LFS object auto-linked to forked project",
+ lfs_object_oid: lfs_object.oid,
+ lfs_object_size: lfs_object.size,
+ source_project_id: project.fork_source.id,
+ source_project_path: project.fork_source.full_path,
+ target_project_id: project.project_id,
+ target_project_path: project.full_path)
+ end
end
end
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index 0e285dae089..99a6dfa811e 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -5,14 +5,13 @@ class SearchController < ApplicationController
include SearchHelper
include RedisTracking
- RESCUE_FROM_TIMEOUT_ACTIONS = [:count, :show].freeze
+ RESCUE_FROM_TIMEOUT_ACTIONS = [:count, :show, :autocomplete].freeze
track_redis_hll_event :show, name: 'i_search_total'
around_action :allow_gitaly_ref_name_caching
before_action :block_anonymous_global_searches, :check_scope_global_search_enabled, except: :opensearch
- before_action :strip_surrounding_whitespace_from_search, except: :opensearch
skip_before_action :authenticate_user!
requires_cross_project_access if: -> do
search_term_present = params[:search].present? || params[:term].present?
@@ -74,11 +73,7 @@ class SearchController < ApplicationController
def autocomplete
term = params[:term]
- if params[:project_id].present?
- @project = Project.find_by(id: params[:project_id])
- @project = nil unless can?(current_user, :read_project, @project)
- end
-
+ @project = search_service.project
@ref = params[:project_ref] if params[:project_ref].present?
render json: search_autocomplete_opts(term).to_json
@@ -97,12 +92,12 @@ class SearchController < ApplicationController
def search_term_valid?
unless search_service.valid_query_length?
- flash[:alert] = t('errors.messages.search_chars_too_long', count: SearchService::SEARCH_CHAR_LIMIT)
+ flash[:alert] = t('errors.messages.search_chars_too_long', count: Gitlab::Search::Params::SEARCH_CHAR_LIMIT)
return false
end
unless search_service.valid_terms_count?
- flash[:alert] = t('errors.messages.search_terms_too_long', count: SearchService::SEARCH_TERM_LIMIT)
+ flash[:alert] = t('errors.messages.search_terms_too_long', count: Gitlab::Search::Params::SEARCH_TERM_LIMIT)
return false
end
@@ -147,10 +142,15 @@ class SearchController < ApplicationController
payload[:metadata]['meta.search.filters.confidential'] = params[:confidential]
payload[:metadata]['meta.search.filters.state'] = params[:state]
payload[:metadata]['meta.search.force_search_results'] = params[:force_search_results]
+
+ if search_service.abuse_detected?
+ payload[:metadata]['abuse.confidence'] = Gitlab::Abuse.confidence(:certain)
+ payload[:metadata]['abuse.messages'] = search_service.abuse_messages
+ end
end
def block_anonymous_global_searches
- return if params[:project_id].present? || params[:group_id].present?
+ return unless search_service.global_search?
return if current_user
return unless ::Feature.enabled?(:block_anonymous_global_searches, type: :ops)
@@ -160,7 +160,7 @@ class SearchController < ApplicationController
end
def check_scope_global_search_enabled
- return if params[:project_id].present? || params[:group_id].present?
+ return unless search_service.global_search?
search_allowed = case params[:scope]
when 'blobs'
@@ -189,20 +189,15 @@ class SearchController < ApplicationController
@timeout = true
- if count_action_name?
+ case action_name.to_sym
+ when :count
render json: {}, status: :request_timeout
+ when :autocomplete
+ render json: [], status: :request_timeout
else
render status: :request_timeout
end
end
-
- def count_action_name?
- action_name.to_sym == :count
- end
-
- def strip_surrounding_whitespace_from_search
- %i(term search).each { |param| params[param]&.strip! }
- end
end
SearchController.prepend_mod_with('SearchController')
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index bbd7e5d5725..7e8e3ea8789 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -32,7 +32,7 @@ class SessionsController < Devise::SessionsController
before_action :load_recaptcha
before_action :set_invite_params, only: [:new]
before_action do
- push_frontend_feature_flag(:webauthn)
+ push_frontend_feature_flag(:webauthn, default_enabled: :yaml)
end
after_action :log_failed_login, if: :action_new_and_failed_login?
@@ -84,6 +84,8 @@ class SessionsController < Devise::SessionsController
end
def destroy
+ headers['Clear-Site-Data'] = '"*"'
+
Gitlab::AppLogger.info("User Logout: username=#{current_user.username} ip=#{request.remote_ip}")
super
# hide the signed_out notice
@@ -303,9 +305,9 @@ class SessionsController < Devise::SessionsController
def authentication_method
if user_params[:otp_attempt]
AuthenticationEvent::TWO_FACTOR
- elsif user_params[:device_response] && Feature.enabled?(:webauthn)
+ elsif user_params[:device_response] && Feature.enabled?(:webauthn, default_enabled: :yaml)
AuthenticationEvent::TWO_FACTOR_WEBAUTHN
- elsif user_params[:device_response] && !Feature.enabled?(:webauthn)
+ elsif user_params[:device_response] && !Feature.enabled?(:webauthn, default_enabled: :yaml)
AuthenticationEvent::TWO_FACTOR_U2F
else
AuthenticationEvent::STANDARD
diff --git a/app/controllers/user_callouts_controller.rb b/app/controllers/user_callouts_controller.rb
deleted file mode 100644
index f52a09adf5a..00000000000
--- a/app/controllers/user_callouts_controller.rb
+++ /dev/null
@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-class UserCalloutsController < ApplicationController
- feature_category :navigation
-
- def create
- if callout.persisted?
- respond_to do |format|
- format.json { head :ok }
- end
- else
- respond_to do |format|
- format.json { head :bad_request }
- end
- end
- end
-
- private
-
- def callout
- Users::DismissUserCalloutService.new(
- container: nil, current_user: current_user, params: { feature_name: feature_name }
- ).execute
- end
-
- def feature_name
- params.require(:feature_name)
- end
-end
diff --git a/app/controllers/users/callouts_controller.rb b/app/controllers/users/callouts_controller.rb
new file mode 100644
index 00000000000..fe308d9dd1e
--- /dev/null
+++ b/app/controllers/users/callouts_controller.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Users
+ class CalloutsController < ApplicationController
+ feature_category :navigation
+
+ def create
+ if callout.persisted?
+ respond_to do |format|
+ format.json { head :ok }
+ end
+ else
+ respond_to do |format|
+ format.json { head :bad_request }
+ end
+ end
+ end
+
+ private
+
+ def callout
+ Users::DismissCalloutService.new(
+ container: nil, current_user: current_user, params: { feature_name: feature_name }
+ ).execute
+ end
+
+ def feature_name
+ params.require(:feature_name)
+ end
+ end
+end
diff --git a/app/controllers/users/group_callouts_controller.rb b/app/controllers/users/group_callouts_controller.rb
index cc27452e6a3..abca12ccea7 100644
--- a/app/controllers/users/group_callouts_controller.rb
+++ b/app/controllers/users/group_callouts_controller.rb
@@ -1,7 +1,7 @@
# frozen_string_literal: true
module Users
- class GroupCalloutsController < UserCalloutsController
+ class GroupCalloutsController < Users::CalloutsController
private
def callout
diff --git a/app/controllers/users/terms_controller.rb b/app/controllers/users/terms_controller.rb
index 7fbf0faa68b..f0d95b56d33 100644
--- a/app/controllers/users/terms_controller.rb
+++ b/app/controllers/users/terms_controller.rb
@@ -3,6 +3,7 @@
module Users
class TermsController < ApplicationController
include InternalRedirect
+ include OneTrustCSP
skip_before_action :authenticate_user!, only: [:index]
skip_before_action :enforce_terms!