Add latest changes from gitlab-org/gitlab@14-7-stable-eev14.7.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-01-20 09:16:11 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-01-20 09:16:11 +0000
commit: edaa33dee2ff2f7ea3fac488d41558eb5f86d68c (patch)
tree: 11f143effbfeba52329fb7afbd05e6e2a3790241 /app/controllers
parent: d8a5691316400a0f7ec4f83832698f1988eb27c1 (diff)
download: gitlab-ce-edaa33dee2ff2f7ea3fac488d41558eb5f86d68c.tar.gz
53 files changed, 348 insertions, 245 deletions
diff --git a/app/controllers/admin/runner_projects_controller.rb b/app/controllers/admin/runner_projects_controller.rb
index fdf681de9ef..598c536d652 100644
--- a/app/controllers/admin/runner_projects_controller.rb
+++ b/app/controllers/admin/runner_projects_controller.rb
@@ -9,9 +9,9 @@ class Admin::RunnerProjectsController < Admin::ApplicationController
     @runner = Ci::Runner.find(params[:runner_project][:runner_id])
 
     if @runner.assign_to(@project, current_user)
-      redirect_to admin_runner_path(@runner), notice: s_('Runners|Runner assigned to project.')
+      redirect_to edit_admin_runner_url(@runner), notice: s_('Runners|Runner assigned to project.')
     else
-      redirect_to admin_runner_path(@runner), alert: 'Failed adding runner to project'
+      redirect_to edit_admin_runner_url(@runner), alert: 'Failed adding runner to project'
     end
   end
 
@@ -20,7 +20,7 @@ class Admin::RunnerProjectsController < Admin::ApplicationController
     runner = rp.runner
     rp.destroy
 
-    redirect_to admin_runner_path(runner), status: :found, notice: s_('Runners|Runner unassigned from project.')
+    redirect_to edit_admin_runner_url(runner), status: :found, notice: s_('Runners|Runner unassigned from project.')
   end
 
   private
diff --git a/app/controllers/admin/runners_controller.rb b/app/controllers/admin/runners_controller.rb
index 9312651b8bf..16657612050 100644
--- a/app/controllers/admin/runners_controller.rb
+++ b/app/controllers/admin/runners_controller.rb
@@ -11,13 +11,21 @@ class Admin::RunnersController < Admin::ApplicationController
   end
 
   def show
+    # We will show runner details in a read-only view in
+    # future iterations. For now, this route will have a
+    # redirect until this new view is developed. See more:
+    # https://gitlab.com/gitlab-org/gitlab/-/issues/347856
+    redirect_to edit_admin_runner_path(runner) unless Feature.enabled?(:runner_read_only_admin_view, default_enabled: :yaml)
+  end
+
+  def edit
     assign_builds_and_projects
   end
 
   def update
     if Ci::UpdateRunnerService.new(@runner).update(runner_params)
       respond_to do |format|
-        format.html { redirect_to admin_runner_path(@runner) }
+        format.html { redirect_to edit_admin_runner_path(@runner) }
       end
     else
       assign_builds_and_projects
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index cdfb3a32f4c..b40e2affcee 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -158,7 +158,7 @@ class Admin::UsersController < Admin::ApplicationController
   end
 
   def confirm
-    if update_user { |user| user.confirm }
+    if update_user { |user| user.force_confirm }
       redirect_back_or_admin_user(notice: _("Successfully confirmed"))
     else
       redirect_back_or_admin_user(alert: _("Error occurred. User was not confirmed"))
diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
index c32a7f10aa4..ee5caf63703 100644
--- a/app/controllers/autocomplete_controller.rb
+++ b/app/controllers/autocomplete_controller.rb
@@ -2,6 +2,7 @@
 
 class AutocompleteController < ApplicationController
   skip_before_action :authenticate_user!, only: [:users, :award_emojis, :merge_request_target_branches]
+  before_action :check_email_search_rate_limit!, only: [:users]
 
   feature_category :users, [:users, :user]
   feature_category :projects, [:projects]
@@ -71,6 +72,12 @@ class AutocompleteController < ApplicationController
   def target_branch_params
     params.permit(:group_id, :project_id).select { |_, v| v.present? }
   end
+
+  def check_email_search_rate_limit!
+    search_params = Gitlab::Search::Params.new(params)
+
+    check_rate_limit!(:user_email_lookup, scope: [current_user]) if search_params.email_lookup?
+  end
 end
 
 AutocompleteController.prepend_mod_with('AutocompleteController')
diff --git a/app/controllers/concerns/access_tokens_actions.rb b/app/controllers/concerns/access_tokens_actions.rb
new file mode 100644
index 00000000000..451841c43bb
--- /dev/null
+++ b/app/controllers/concerns/access_tokens_actions.rb
@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+module AccessTokensActions
+  extend ActiveSupport::Concern
+
+  included do
+    before_action -> { check_permission(:read_resource_access_tokens) }, only: [:index]
+    before_action -> { check_permission(:destroy_resource_access_tokens) }, only: [:revoke]
+    before_action -> { check_permission(:create_resource_access_tokens) }, only: [:create]
+  end
+
+  # rubocop:disable Gitlab/ModuleWithInstanceVariables
+  def index
+    @resource_access_token = PersonalAccessToken.new
+    set_index_vars
+  end
+  # rubocop:enable Gitlab/ModuleWithInstanceVariables
+
+  # rubocop:disable Gitlab/ModuleWithInstanceVariables
+  def create
+    token_response = ResourceAccessTokens::CreateService.new(current_user, resource, create_params).execute
+
+    if token_response.success?
+      @resource_access_token = token_response.payload[:access_token]
+      PersonalAccessToken.redis_store!(key_identity, @resource_access_token.token)
+
+      redirect_to resource_access_tokens_path, notice: _("Your new access token has been created.")
+    else
+      redirect_to resource_access_tokens_path, alert: _("Failed to create new access token: %{token_response_message}") % { token_response_message: token_response.message }
+    end
+  end
+  # rubocop:enable Gitlab/ModuleWithInstanceVariables
+
+  # rubocop:disable Gitlab/ModuleWithInstanceVariables
+  def revoke
+    @resource_access_token = finder.find(params[:id])
+    revoked_response = ResourceAccessTokens::RevokeService.new(current_user, resource, @resource_access_token).execute
+
+    if revoked_response.success?
+      flash[:notice] = _("Revoked access token %{access_token_name}!") % { access_token_name: @resource_access_token.name }
+    else
+      flash[:alert] = _("Could not revoke access token %{access_token_name}.") % { access_token_name: @resource_access_token.name }
+    end
+
+    redirect_to resource_access_tokens_path
+  end
+  # rubocop:enable Gitlab/ModuleWithInstanceVariables
+
+  private
+
+  def check_permission(action)
+    render_404 unless can?(current_user, action, resource)
+  end
+
+  def create_params
+    params.require(:resource_access_token).permit(:name, :expires_at, :access_level, scopes: [])
+  end
+
+  # rubocop:disable Gitlab/ModuleWithInstanceVariables
+  def set_index_vars
+    # Loading resource members so that we can fetch access level of the bot
+    # user in the resource without multiple queries.
+    resource.members.load
+
+    @scopes = Gitlab::Auth.resource_bot_scopes
+    @active_resource_access_tokens = finder(state: 'active').execute.preload_users
+    @inactive_resource_access_tokens = finder(state: 'inactive', sort: 'expires_at_asc').execute.preload_users
+    @new_resource_access_token = PersonalAccessToken.redis_getdel(key_identity)
+  end
+  # rubocop:enable Gitlab/ModuleWithInstanceVariables
+
+  def finder(options = {})
+    PersonalAccessTokensFinder.new({ user: bot_users, impersonation: false }.merge(options))
+  end
+
+  def bot_users
+    resource.bots
+  end
+
+  def key_identity
+    "#{current_user.id}:#{resource.id}"
+  end
+end
diff --git a/app/controllers/concerns/check_rate_limit.rb b/app/controllers/concerns/check_rate_limit.rb
index 5ccdf843525..0eaf74fd3a9 100644
--- a/app/controllers/concerns/check_rate_limit.rb
+++ b/app/controllers/concerns/check_rate_limit.rb
@@ -8,6 +8,7 @@
 # See lib/api/helpers/rate_limiter.rb for API version
 module CheckRateLimit
   def check_rate_limit!(key, scope:, redirect_back: false, **options)
+    return if bypass_header_set?
     return unless rate_limiter.throttled?(key, scope: scope, **options)
 
     rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user)
@@ -28,4 +29,8 @@ module CheckRateLimit
   def rate_limiter
     ::Gitlab::ApplicationRateLimiter
   end
+
+  def bypass_header_set?
+    ::Gitlab::Throttle.bypass_header.present? && request.get_header(Gitlab::Throttle.bypass_header) == '1'
+  end
 end
diff --git a/app/controllers/concerns/integrations/actions.rb b/app/controllers/concerns/integrations/actions.rb
index 1f788860c8f..f6e98c25b72 100644
--- a/app/controllers/concerns/integrations/actions.rb
+++ b/app/controllers/concerns/integrations/actions.rb
@@ -8,6 +8,9 @@ module Integrations::Actions
     include IntegrationsHelper
 
     before_action :integration, only: [:edit, :update, :overrides, :test]
+    before_action do
+      push_frontend_feature_flag(:vue_integration_form, current_user, default_enabled: :yaml)
+    end
 
     urgency :low, [:test]
   end
diff --git a/app/controllers/concerns/integrations/params.rb b/app/controllers/concerns/integrations/params.rb
index 201fb1dc83f..945540d1f8c 100644
--- a/app/controllers/concerns/integrations/params.rb
+++ b/app/controllers/concerns/integrations/params.rb
@@ -11,6 +11,7 @@ module Integrations
       :api_key,
       :api_token,
       :api_url,
+      :archive_trace_events,
       :bamboo_url,
       :branches_to_be_notified,
       :labels_to_be_notified,
diff --git a/app/controllers/concerns/sessionless_authentication.rb b/app/controllers/concerns/sessionless_authentication.rb
index c6d926c8a8d..1f17f9f4e1b 100644
--- a/app/controllers/concerns/sessionless_authentication.rb
+++ b/app/controllers/concerns/sessionless_authentication.rb
@@ -20,7 +20,7 @@ module SessionlessAuthentication
   end
 
   def sessionless_sign_in(user)
-    if can?(user, :log_in) && !user.password_expired_if_applicable?
+    if user.can_log_in_with_non_expired_password?
       # Notice we are passing store false, so the user is not
       # actually stored in the session and a token is needed
       # for every request. If you want the token to work as a
diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb
index f48d03869a4..689ca32f6d9 100644
--- a/app/controllers/graphql_controller.rb
+++ b/app/controllers/graphql_controller.rb
@@ -44,6 +44,13 @@ class GraphqlController < ApplicationController
   # The default feature category is overridden to read from request
   feature_category :not_owned
 
+  # We don't know what the query is going to be, so we can't set a high urgency
+  # See https://gitlab.com/groups/gitlab-org/-/epics/5841 for the work that will
+  # allow us to specify an urgency per query.
+  # Currently, all queries have a default urgency. And this is measured in the `graphql_queries`
+  # SLI. But queries could be multiplexed, so the total duration could be longer.
+  urgency :low, [:execute]
+
   def execute
     result = multiplex? ? execute_multiplex : execute_query
     render json: result
diff --git a/app/controllers/groups/application_controller.rb b/app/controllers/groups/application_controller.rb
index ab67a007bd9..f9c875b80b2 100644
--- a/app/controllers/groups/application_controller.rb
+++ b/app/controllers/groups/application_controller.rb
@@ -37,6 +37,18 @@ class Groups::ApplicationController < ApplicationController
     end
   end
 
+  def authorize_admin_group_runners!
+    unless can?(current_user, :admin_group_runners, group)
+      render_404
+    end
+  end
+
+  def authorize_read_group_runners!
+    unless can?(current_user, :read_group_runners, group)
+      render_404
+    end
+  end
+
   def authorize_create_deploy_token!
     unless can?(current_user, :create_deploy_token, group)
       render_404
diff --git a/app/controllers/groups/boards_controller.rb b/app/controllers/groups/boards_controller.rb
index 3fbcb2fd7aa..6de77450a46 100644
--- a/app/controllers/groups/boards_controller.rb
+++ b/app/controllers/groups/boards_controller.rb
@@ -9,7 +9,6 @@ class Groups::BoardsController < Groups::ApplicationController
   before_action do
     push_frontend_feature_flag(:issue_boards_filtered_search, group, default_enabled: :yaml)
     push_frontend_feature_flag(:board_multi_select, group, default_enabled: :yaml)
-    push_frontend_feature_flag(:swimlanes_buffered_rendering, group, default_enabled: :yaml)
     push_frontend_feature_flag(:iteration_cadences, group, default_enabled: :yaml)
     experiment(:prominent_create_board_btn, subject: current_user) do |e|
       e.use { }
diff --git a/app/controllers/groups/dependency_proxy_for_containers_controller.rb b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
index 171314b5f26..00839583ecc 100644
--- a/app/controllers/groups/dependency_proxy_for_containers_controller.rb
+++ b/app/controllers/groups/dependency_proxy_for_containers_controller.rb
@@ -33,17 +33,15 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
   end
 
   def blob
-    return blob_via_workhorse if Feature.enabled?(:dependency_proxy_workhorse, group, default_enabled: :yaml)
-
-    result = DependencyProxy::FindOrCreateBlobService
-      .new(group, image, token, params[:sha]).execute
+    blob = @group.dependency_proxy_blobs.find_by_file_name(blob_file_name)
 
-    if result[:status] == :success
-      event_name = tracking_event_name(object_type: :blob, from_cache: result[:from_cache])
+    if blob.present?
+      event_name = tracking_event_name(object_type: :blob, from_cache: true)
       track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
-      send_upload(result[:blob].file)
+
+      send_upload(blob.file)
     else
-      head result[:http_status]
+      send_dependency(token_header, DependencyProxy::Registry.blob_url(image, params[:sha]), blob_file_name)
     end
   end
 
@@ -99,19 +97,6 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
 
   private
 
-  def blob_via_workhorse
-    blob = @group.dependency_proxy_blobs.find_by_file_name(blob_file_name)
-
-    if blob.present?
-      event_name = tracking_event_name(object_type: :blob, from_cache: true)
-      track_package_event(event_name, :dependency_proxy, namespace: group, user: auth_user)
-
-      send_upload(blob.file)
-    else
-      send_dependency(token_header, DependencyProxy::Registry.blob_url(image, params[:sha]), blob_file_name)
-    end
-  end
-
   def send_manifest(manifest, from_cache:)
     response.headers[DependencyProxy::Manifest::DIGEST_HEADER] = manifest.digest
     response.headers['Content-Length'] = manifest.size
@@ -160,8 +145,7 @@ class Groups::DependencyProxyForContainersController < ::Groups::DependencyProxy
   end
 
   def dependency_proxy
-    @dependency_proxy ||=
-      group.dependency_proxy_setting || group.create_dependency_proxy_setting
+    @dependency_proxy ||= group.dependency_proxy_setting
   end
 
   def ensure_group
diff --git a/app/controllers/groups/packages_controller.rb b/app/controllers/groups/packages_controller.rb
index 47f1816cc4c..1f3d80260ed 100644
--- a/app/controllers/groups/packages_controller.rb
+++ b/app/controllers/groups/packages_controller.rb
@@ -6,6 +6,11 @@ module Groups
 
     feature_category :package_registry
 
+    # The show action renders index to allow frontend routing to work on page refresh
+    def show
+      render :index
+    end
+
     private
 
     def verify_packages_enabled!
diff --git a/app/controllers/groups/runners_controller.rb b/app/controllers/groups/runners_controller.rb
index 5c21c7b023c..f602d02a165 100644
--- a/app/controllers/groups/runners_controller.rb
+++ b/app/controllers/groups/runners_controller.rb
@@ -1,9 +1,8 @@
 # frozen_string_literal: true
 
 class Groups::RunnersController < Groups::ApplicationController
-  # TODO Proper policies, such as `read_group_runners, should be implemented per
-  # https://gitlab.com/gitlab-org/gitlab/-/issues/334802
-  before_action :authorize_admin_group!
+  before_action :authorize_read_group_runners!, only: [:index, :show]
+  before_action :authorize_admin_group_runners!, only: [:edit, :update, :destroy, :pause, :resume]
   before_action :runner_list_group_view_vue_ui_enabled, only: [:index]
   before_action :runner, only: [:edit, :update, :destroy, :pause, :resume, :show]
 
@@ -17,7 +16,7 @@ class Groups::RunnersController < Groups::ApplicationController
   end
 
   def runner_list_group_view_vue_ui_enabled
-    return render_404 unless Feature.enabled?(:runner_list_group_view_vue_ui, group, default_enabled: :yaml)
+    render_404 unless Feature.enabled?(:runner_list_group_view_vue_ui, group, default_enabled: :yaml)
   end
 
   def show
diff --git a/app/controllers/groups/settings/access_tokens_controller.rb b/app/controllers/groups/settings/access_tokens_controller.rb
new file mode 100644
index 00000000000..b9ab2e008cc
--- /dev/null
+++ b/app/controllers/groups/settings/access_tokens_controller.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Groups
+  module Settings
+    class AccessTokensController < Groups::ApplicationController
+      include AccessTokensActions
+
+      layout 'group_settings'
+      feature_category :authentication_and_authorization
+
+      alias_method :resource, :group
+
+      def resource_access_tokens_path
+        group_settings_access_tokens_path
+      end
+    end
+  end
+end
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb
index 62336c7eede..4acbb0482f3 100644
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -32,7 +32,6 @@ class GroupsController < Groups::ApplicationController
   before_action :user_actions, only: [:show]
 
   before_action do
-    push_frontend_feature_flag(:vue_issuables_list, @group)
     push_frontend_feature_flag(:vue_issues_list, @group, default_enabled: :yaml)
     push_frontend_feature_flag(:iteration_cadences, @group, default_enabled: :yaml)
   end
@@ -276,7 +275,8 @@ class GroupsController < Groups::ApplicationController
       :resource_access_token_creation_allowed,
       :prevent_sharing_groups_outside_hierarchy,
       :setup_for_company,
-      :jobs_to_be_done
+      :jobs_to_be_done,
+      :crm_enabled
     ]
   end
 
diff --git a/app/controllers/import/gitlab_controller.rb b/app/controllers/import/gitlab_controller.rb
index 662b02010ba..fa9517c3545 100644
--- a/app/controllers/import/gitlab_controller.rb
+++ b/app/controllers/import/gitlab_controller.rb
@@ -41,7 +41,7 @@ class Import::GitlabController < Import::BaseController
 
   override :importable_repos
   def importable_repos
-    client.projects(starting_page: 1, page_limit: MAX_PROJECT_PAGES, per_page: PER_PAGE_PROJECTS)
+    client.projects(starting_page: 1, page_limit: MAX_PROJECT_PAGES, per_page: PER_PAGE_PROJECTS).to_a
   end
 
   override :incompatible_repos
diff --git a/app/controllers/oauth/token_info_controller.rb b/app/controllers/oauth/token_info_controller.rb
index e37f8992d92..789356f4410 100644
--- a/app/controllers/oauth/token_info_controller.rb
+++ b/app/controllers/oauth/token_info_controller.rb
@@ -13,7 +13,7 @@ class Oauth::TokenInfoController < Doorkeeper::TokenInfoController
         'expires_in_seconds' => token_json[:expires_in]
       ), status: :ok
     else
-      error = Doorkeeper::OAuth::ErrorResponse.new(name: :invalid_request)
+      error = Doorkeeper::OAuth::InvalidTokenResponse.new
       response.headers.merge!(error.headers)
       render json: error.body, status: error.status
     end
diff --git a/app/controllers/profiles/emails_controller.rb b/app/controllers/profiles/emails_controller.rb
index be2cb270a19..7a88162f469 100644
--- a/app/controllers/profiles/emails_controller.rb
+++ b/app/controllers/profiles/emails_controller.rb
@@ -52,3 +52,5 @@ class Profiles::EmailsController < Profiles::ApplicationController
     @email = current_user.emails.find(params[:id])
   end
 end
+
+Profiles::EmailsController.prepend_mod
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index e6b80f90dca..46738651960 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -6,6 +6,9 @@ class ProfilesController < Profiles::ApplicationController
 
   before_action :user
   before_action :authorize_change_username!, only: :update_username
+  before_action only: :update_username do
+    check_rate_limit!(:profile_update_username, scope: current_user) if Feature.enabled?(:rate_limit_profile_update_username, default_enabled: :yaml)
+  end
   skip_before_action :require_email, only: [:show, :update]
   before_action do
     push_frontend_feature_flag(:webauthn, default_enabled: :yaml)
diff --git a/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb b/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb
index 2f9d70fede1..7b38c069a60 100644
--- a/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb
+++ b/app/controllers/projects/analytics/cycle_analytics/stages_controller.rb
@@ -11,6 +11,8 @@ class Projects::Analytics::CycleAnalytics::StagesController < Projects::Applicat
   before_action :authorize_read_cycle_analytics!
   before_action :only_default_value_stream_is_allowed!
 
+  urgency :low
+
   private
 
   override :parent
diff --git a/app/controllers/projects/analytics/cycle_analytics/summary_controller.rb b/app/controllers/projects/analytics/cycle_analytics/summary_controller.rb
index bf8742bf6e8..69327feeb02 100644
--- a/app/controllers/projects/analytics/cycle_analytics/summary_controller.rb
+++ b/app/controllers/projects/analytics/cycle_analytics/summary_controller.rb
@@ -9,6 +9,8 @@ class Projects::Analytics::CycleAnalytics::SummaryController < Projects::Applica
 
   before_action :authorize_read_cycle_analytics!
 
+  urgency :low
+
   def show
     render json: project_level.summary
   end
diff --git a/app/controllers/projects/boards_controller.rb b/app/controllers/projects/boards_controller.rb
index 81ad6243efe..adaa47b48cb 100644
--- a/app/controllers/projects/boards_controller.rb
+++ b/app/controllers/projects/boards_controller.rb
@@ -7,8 +7,7 @@ class Projects::BoardsController < Projects::ApplicationController
   before_action :check_issues_available!
   before_action :assign_endpoint_vars
   before_action do
-    push_frontend_feature_flag(:swimlanes_buffered_rendering, project, default_enabled: :yaml)
-    push_frontend_feature_flag(:issue_boards_filtered_search, project, default_enabled: :yaml)
+    push_frontend_feature_flag(:issue_boards_filtered_search, project&.group, default_enabled: :yaml)
     push_frontend_feature_flag(:board_multi_select, project, default_enabled: :yaml)
     push_frontend_feature_flag(:iteration_cadences, project&.group, default_enabled: :yaml)
     experiment(:prominent_create_board_btn, subject: current_user) do |e|
diff --git a/app/controllers/projects/google_cloud/base_controller.rb b/app/controllers/projects/google_cloud/base_controller.rb
index aff305ab7d6..f4a773a62f6 100644
--- a/app/controllers/projects/google_cloud/base_controller.rb
+++ b/app/controllers/projects/google_cloud/base_controller.rb
@@ -23,4 +23,39 @@ class Projects::GoogleCloud::BaseController < Projects::ApplicationController
   def feature_flag_enabled!
     access_denied! unless Feature.enabled?(:incubation_5mp_google_cloud, project)
   end
+
+  def validate_gcp_token!
+    is_token_valid = GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
+                                                     .validate_token(expires_at_in_session)
+
+    return if is_token_valid
+
+    return_url = project_google_cloud_index_path(project)
+    state = generate_session_key_redirect(request.url, return_url)
+    @authorize_url = GoogleApi::CloudPlatform::Client.new(nil,
+                                                          callback_google_api_auth_url,
+                                                          state: state).authorize_url
+    redirect_to @authorize_url
+  end
+
+  def generate_session_key_redirect(uri, error_uri)
+    GoogleApi::CloudPlatform::Client.new_session_key_for_redirect_uri do |key|
+      session[key] = uri
+      session[:error_uri] = error_uri
+    end
+  end
+
+  def token_in_session
+    session[GoogleApi::CloudPlatform::Client.session_key_for_token]
+  end
+
+  def expires_at_in_session
+    session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at]
+  end
+
+  def handle_gcp_error(error, project)
+    Gitlab::ErrorTracking.track_exception(error, project_id: project.id)
+    @js_data = { screen: 'gcp_error', error: error.to_s }.to_json
+    render status: :unauthorized, template: 'projects/google_cloud/errors/gcp_error'
+  end
 end
diff --git a/app/controllers/projects/google_cloud/deployments_controller.rb b/app/controllers/projects/google_cloud/deployments_controller.rb
new file mode 100644
index 00000000000..4e7fd73e378
--- /dev/null
+++ b/app/controllers/projects/google_cloud/deployments_controller.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class Projects::GoogleCloud::DeploymentsController < Projects::GoogleCloud::BaseController
+  before_action :validate_gcp_token!
+
+  def cloud_run
+    render json: "Placeholder"
+  end
+
+  def cloud_storage
+    render json: "Placeholder"
+  end
+end
diff --git a/app/controllers/projects/google_cloud/service_accounts_controller.rb b/app/controllers/projects/google_cloud/service_accounts_controller.rb
index a69a744154c..b5f2b658235 100644
--- a/app/controllers/projects/google_cloud/service_accounts_controller.rb
+++ b/app/controllers/projects/google_cloud/service_accounts_controller.rb
@@ -24,62 +24,16 @@ class Projects::GoogleCloud::ServiceAccountsController < Projects::GoogleCloud::
   end
 
   def create
-    google_api_client = GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
-    service_accounts_service = GoogleCloud::ServiceAccountsService.new(project)
-    gcp_project = params[:gcp_project]
-    environment = params[:environment]
-    generated_name = "GitLab :: #{@project.name} :: #{environment}"
-    generated_desc = "GitLab generated service account for project '#{@project.name}' and environment '#{environment}'"
-
-    service_account = google_api_client.create_service_account(gcp_project, generated_name, generated_desc)
-    service_account_key = google_api_client.create_service_account_key(gcp_project, service_account.unique_id)
-
-    service_accounts_service.add_for_project(
-      environment,
-      service_account.project_id,
-      service_account.to_json,
-      service_account_key.to_json
-    )
-
-    redirect_to project_google_cloud_index_path(project), notice: _('Service account generated successfully')
+    response = GoogleCloud::CreateServiceAccountsService.new(
+      project,
+      current_user,
+      google_oauth2_token: token_in_session,
+      gcp_project_id: params[:gcp_project],
+      environment_name: params[:environment]
+    ).execute
+
+    redirect_to project_google_cloud_index_path(project), notice: response.message
   rescue Google::Apis::ClientError, Google::Apis::ServerError, Google::Apis::AuthorizationError => error
     handle_gcp_error(error, project)
   end
-
-  private
-
-  def validate_gcp_token!
-    is_token_valid = GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
-                                                     .validate_token(expires_at_in_session)
-
-    return if is_token_valid
-
-    return_url = project_google_cloud_index_path(project)
-    state = generate_session_key_redirect(request.url, return_url)
-    @authorize_url = GoogleApi::CloudPlatform::Client.new(nil,
-                                                          callback_google_api_auth_url,
-                                                          state: state).authorize_url
-    redirect_to @authorize_url
-  end
-
-  def generate_session_key_redirect(uri, error_uri)
-    GoogleApi::CloudPlatform::Client.new_session_key_for_redirect_uri do |key|
-      session[key] = uri
-      session[:error_uri] = error_uri
-    end
-  end
-
-  def token_in_session
-    session[GoogleApi::CloudPlatform::Client.session_key_for_token]
-  end
-
-  def expires_at_in_session
-    session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at]
-  end
-
-  def handle_gcp_error(error, project)
-    Gitlab::ErrorTracking.track_exception(error, project_id: project.id)
-    @js_data = { screen: 'gcp_error', error: error.to_s }.to_json
-    render status: :unauthorized, template: 'projects/google_cloud/errors/gcp_error'
-  end
 end
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index fc67cd98d15..785fbdaa611 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -43,7 +43,6 @@ class Projects::IssuesController < Projects::ApplicationController
 
   before_action do
     push_frontend_feature_flag(:tribute_autocomplete, @project)
-    push_frontend_feature_flag(:vue_issuables_list, project)
     push_frontend_feature_flag(:improved_emoji_picker, project, default_enabled: :yaml)
     push_frontend_feature_flag(:vue_issues_list, project&.group, default_enabled: :yaml)
     push_frontend_feature_flag(:iteration_cadences, project&.group, default_enabled: :yaml)
@@ -54,6 +53,7 @@ class Projects::IssuesController < Projects::ApplicationController
     push_frontend_feature_flag(:confidential_notes, project&.group, default_enabled: :yaml)
     push_frontend_feature_flag(:issue_assignees_widget, @project, default_enabled: :yaml)
     push_frontend_feature_flag(:paginated_issue_discussions, @project, default_enabled: :yaml)
+    push_frontend_feature_flag(:fix_comment_scroll, @project, default_enabled: :yaml)
   end
 
   around_action :allow_gitaly_ref_name_caching, only: [:discussions]
@@ -291,10 +291,12 @@ class Projects::IssuesController < Projects::ApplicationController
   end
 
   def issue_params
-    params.require(:issue).permit(
+    all_params = params.require(:issue).permit(
       *issue_params_attributes,
       sentry_issue_attributes: [:sentry_issue_identifier]
     )
+
+    clean_params(all_params)
   end
 
   def issue_params_attributes
@@ -348,6 +350,13 @@ class Projects::IssuesController < Projects::ApplicationController
 
   private
 
+  def clean_params(all_params)
+    issue_type = all_params[:issue_type].to_s
+    all_params.delete(:issue_type) unless WorkItems::Type.allowed_types_for_issues.include?(issue_type)
+
+    all_params
+  end
+
   def finder_options
     options = super
 
diff --git a/app/controllers/projects/jobs_controller.rb b/app/controllers/projects/jobs_controller.rb
index fa7c62c34dd..bfc2fe6432d 100644
--- a/app/controllers/projects/jobs_controller.rb
+++ b/app/controllers/projects/jobs_controller.rb
@@ -19,6 +19,7 @@ class Projects::JobsController < Projects::ApplicationController
 
   before_action do
     push_frontend_feature_flag(:infinitely_collapsible_sections, @project, default_enabled: :yaml)
+    push_frontend_feature_flag(:trigger_job_retry_action, @project, default_enabled: :yaml)
   end
 
   layout 'project'
diff --git a/app/controllers/projects/mattermosts_controller.rb b/app/controllers/projects/mattermosts_controller.rb
index ebba20b285a..c4f4913a620 100644
--- a/app/controllers/projects/mattermosts_controller.rb
+++ b/app/controllers/projects/mattermosts_controller.rb
@@ -20,7 +20,7 @@ class Projects::MattermostsController < Projects::ApplicationController
 
     if result
       flash[:notice] = 'This service is now configured'
-      redirect_to edit_project_service_path(@project, integration)
+      redirect_to edit_project_integration_path(@project, integration)
     else
       flash[:alert] = message || 'Failed to configure service'
       redirect_to new_project_mattermost_path(@project)
diff --git a/app/controllers/projects/merge_requests/creations_controller.rb b/app/controllers/projects/merge_requests/creations_controller.rb
index beb179f584b..88337242fcd 100644
--- a/app/controllers/projects/merge_requests/creations_controller.rb
+++ b/app/controllers/projects/merge_requests/creations_controller.rb
@@ -56,9 +56,7 @@ class Projects::MergeRequests::CreationsController < Projects::MergeRequests::Ap
 
     @diff_notes_disabled = true
 
-    @environment = @merge_request.environments_for(current_user, latest: true).last
-
-    render json: { html: view_to_html_string('projects/merge_requests/creations/_diffs', diffs: @diffs, environment: @environment) }
+    render json: { html: view_to_html_string('projects/merge_requests/creations/_diffs', diffs: @diffs) }
   end
 
   def diff_for_path
diff --git a/app/controllers/projects/merge_requests/diffs_controller.rb b/app/controllers/projects/merge_requests/diffs_controller.rb
index 32ca7d779d2..9bc9c19157a 100644
--- a/app/controllers/projects/merge_requests/diffs_controller.rb
+++ b/app/controllers/projects/merge_requests/diffs_controller.rb
@@ -35,13 +35,11 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
 
     diffs = @compare.diffs_in_batch(params[:page], params[:per_page], diff_options: diff_options_hash)
     unfoldable_positions = @merge_request.note_positions_for_paths(diffs.diff_file_paths, current_user).unfoldable
-    environment = @merge_request.environments_for(current_user, latest: true).last
 
     diffs.unfold_diff_files(unfoldable_positions)
     diffs.write_cache
 
     options = {
-      environment: environment,
       merge_request: @merge_request,
       commit: commit,
       diff_view: diff_view,
@@ -54,7 +52,6 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
       # NOTE: Any variables that would affect the resulting json needs to be added to the cache_context to avoid stale cache issues.
       cache_context = [
         current_user&.cache_key,
-        environment&.cache_key,
         unfoldable_positions.map(&:to_h),
         diff_view,
         params[:w],
@@ -98,7 +95,6 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
   # Deprecated: https://gitlab.com/gitlab-org/gitlab/issues/37735
   def render_diffs
     diffs = @compare.diffs(diff_options)
-    @environment = @merge_request.environments_for(current_user, latest: true).last
 
     diffs.unfold_diff_files(note_positions.unfoldable)
     diffs.write_cache
@@ -175,7 +171,6 @@ class Projects::MergeRequests::DiffsController < Projects::MergeRequests::Applic
 
   def additional_attributes
     {
-      environment: @environment,
       merge_request: @merge_request,
       merge_request_diff: @merge_request_diff,
       merge_request_diffs: @merge_request_diffs,
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 7133233f083..f936aeb0084 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -42,17 +42,14 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
     push_frontend_feature_flag(:restructured_mr_widget, project, default_enabled: :yaml)
     push_frontend_feature_flag(:mr_changes_fluid_layout, project, default_enabled: :yaml)
     push_frontend_feature_flag(:mr_attention_requests, project, default_enabled: :yaml)
-
+    push_frontend_feature_flag(:refactor_mr_widgets_extensions, @project, default_enabled: :yaml)
+    push_frontend_feature_flag(:rebase_without_ci_ui, @project, default_enabled: :yaml)
     # Usage data feature flags
     push_frontend_feature_flag(:users_expanding_widgets_usage_data, @project, default_enabled: :yaml)
     push_frontend_feature_flag(:diff_settings_usage_data, default_enabled: :yaml)
     push_frontend_feature_flag(:diff_searching_usage_data, @project, default_enabled: :yaml)
   end
 
-  before_action do
-    push_frontend_feature_flag(:show_relevant_approval_rule_approvers, @project, default_enabled: :yaml)
-  end
-
   around_action :allow_gitaly_ref_name_caching, only: [:index, :show, :discussions]
 
   after_action :log_merge_request_show, only: [:show]
@@ -66,7 +63,7 @@ class Projects::MergeRequestsController < Projects::MergeRequests::ApplicationCo
 
   feature_category :code_testing, [:test_reports, :coverage_reports]
   feature_category :code_quality, [:codequality_reports, :codequality_mr_diff_reports]
-  feature_category :accessibility_testing, [:accessibility_reports]
+  feature_category :code_testing, [:accessibility_reports]
   feature_category :infrastructure_as_code, [:terraform_reports]
   feature_category :continuous_integration, [:pipeline_status, :pipelines, :exposed_artifacts]
 
diff --git a/app/controllers/projects/packages/infrastructure_registry_controller.rb b/app/controllers/projects/packages/infrastructure_registry_controller.rb
index 4506a83634a..c02a0a56e03 100644
--- a/app/controllers/projects/packages/infrastructure_registry_controller.rb
+++ b/app/controllers/projects/packages/infrastructure_registry_controller.rb
@@ -9,7 +9,11 @@ module Projects
 
       def show
         @package = project.packages.find(params[:id])
-        @package_files = @package.package_files.recent
+        @package_files = if Feature.enabled?(:packages_installable_package_files, default_enabled: :yaml)
+                           @package.installable_package_files.recent
+                         else
+                           @package.package_files.recent
+                         end
       end
     end
   end
diff --git a/app/controllers/projects/packages/packages_controller.rb b/app/controllers/projects/packages/packages_controller.rb
index 5de71466c10..969922266fa 100644
--- a/app/controllers/projects/packages/packages_controller.rb
+++ b/app/controllers/projects/packages/packages_controller.rb
@@ -7,8 +7,9 @@ module Projects
 
       feature_category :package_registry
 
+      # The show action renders index to allow frontend routing to work on page refresh
       def show
-        @package = project.packages.find(params[:id])
+        render :index
       end
     end
   end
diff --git a/app/controllers/projects/prometheus/metrics_controller.rb b/app/controllers/projects/prometheus/metrics_controller.rb
index f3a3d22244c..e61d357ce4e 100644
--- a/app/controllers/projects/prometheus/metrics_controller.rb
+++ b/app/controllers/projects/prometheus/metrics_controller.rb
@@ -66,7 +66,7 @@ module Projects
         )
 
         if @metric.persisted?
-          redirect_to edit_project_service_path(project, ::Integrations::Prometheus),
+          redirect_to edit_project_integration_path(project, ::Integrations::Prometheus),
                       notice: _('Metric was successfully added.')
         else
           render 'new'
@@ -77,7 +77,7 @@ module Projects
         @metric = update_metrics_service(prometheus_metric).execute
 
         if @metric.persisted?
-          redirect_to edit_project_service_path(project, ::Integrations::Prometheus),
+          redirect_to edit_project_integration_path(project, ::Integrations::Prometheus),
                       notice: _('Metric was successfully updated.')
         else
           render 'edit'
@@ -93,7 +93,7 @@ module Projects
 
         respond_to do |format|
           format.html do
-            redirect_to edit_project_service_path(project, ::Integrations::Prometheus), status: :see_other
+            redirect_to edit_project_integration_path(project, ::Integrations::Prometheus), status: :see_other
           end
           format.json do
             head :ok
diff --git a/app/controllers/projects/security/configuration_controller.rb b/app/controllers/projects/security/configuration_controller.rb
index 444f4783a19..14f765814e6 100644
--- a/app/controllers/projects/security/configuration_controller.rb
+++ b/app/controllers/projects/security/configuration_controller.rb
@@ -9,6 +9,37 @@ module Projects
 
       def show
         render_403 unless can?(current_user, :read_security_configuration, project)
+
+        respond_to do |format|
+          format.html
+          format.json do
+            render status: :ok, json: configuration.to_h
+          end
+        end
+      end
+
+      private
+
+      def configuration
+        if unify_configuration_enabled?
+          configuration_presenter
+        else
+          {}
+        end
+      end
+
+      def configuration_presenter
+        ::Projects::Security::ConfigurationPresenter.new(project,
+                                                         **presenter_attributes,
+                                                         current_user: current_user)
+      end
+
+      def presenter_attributes
+        {}
+      end
+
+      def unify_configuration_enabled?
+        Feature.enabled?(:unify_security_configuration, project, default_enabled: :yaml)
       end
     end
   end
diff --git a/app/controllers/projects/service_hook_logs_controller.rb b/app/controllers/projects/service_hook_logs_controller.rb
index 88de0b7ba0d..7b037c60321 100644
--- a/app/controllers/projects/service_hook_logs_controller.rb
+++ b/app/controllers/projects/service_hook_logs_controller.rb
@@ -7,13 +7,13 @@ class Projects::ServiceHookLogsController < Projects::HookLogsController
 
   def retry
     execute_hook
-    redirect_to edit_project_service_path(@project, @integration)
+    redirect_to edit_project_integration_path(@project, @integration)
   end
 
   private
 
   def integration
-    @integration ||= @project.find_or_initialize_integration(params[:service_id])
+    @integration ||= @project.find_or_initialize_integration(params[:integration_id])
   end
 
   override :hook
diff --git a/app/controllers/projects/services_controller.rb b/app/controllers/projects/services_controller.rb
index 9464826701d..9896f75c099 100644
--- a/app/controllers/projects/services_controller.rb
+++ b/app/controllers/projects/services_controller.rb
@@ -12,6 +12,9 @@ class Projects::ServicesController < Projects::ApplicationController
   before_action :web_hook_logs, only: [:edit, :update]
   before_action :set_deprecation_notice_for_prometheus_integration, only: [:edit, :update]
   before_action :redirect_deprecated_prometheus_integration, only: [:update]
+  before_action do
+    push_frontend_feature_flag(:vue_integration_form, current_user, default_enabled: :yaml)
+  end
 
   respond_to :html
 
@@ -66,7 +69,7 @@ class Projects::ServicesController < Projects::ApplicationController
   private
 
   def redirect_path
-    safe_redirect_path(params[:redirect_to]).presence || edit_project_service_path(project, integration)
+    safe_redirect_path(params[:redirect_to]).presence || edit_project_integration_path(project, integration)
   end
 
   def service_test_response
@@ -119,7 +122,7 @@ class Projects::ServicesController < Projects::ApplicationController
   end
 
   def redirect_deprecated_prometheus_integration
-    redirect_to edit_project_service_path(project, integration) if integration.is_a?(::Integrations::Prometheus) && Feature.enabled?(:settings_operations_prometheus_service, project)
+    redirect_to edit_project_integration_path(project, integration) if integration.is_a?(::Integrations::Prometheus) && Feature.enabled?(:settings_operations_prometheus_service, project)
   end
 
   def set_deprecation_notice_for_prometheus_integration
diff --git a/app/controllers/projects/settings/access_tokens_controller.rb b/app/controllers/projects/settings/access_tokens_controller.rb
index 1ecede4c7a2..32916831ecd 100644
--- a/app/controllers/projects/settings/access_tokens_controller.rb
+++ b/app/controllers/projects/settings/access_tokens_controller.rb
@@ -3,77 +3,15 @@
 module Projects
   module Settings
     class AccessTokensController < Projects::ApplicationController
-      include ProjectsHelper
+      include AccessTokensActions
 
       layout 'project_settings'
-      before_action -> { check_permission(:read_resource_access_tokens) }, only: [:index]
-      before_action -> { check_permission(:destroy_resource_access_tokens) }, only: [:revoke]
-      before_action -> { check_permission(:create_resource_access_tokens) }, only: [:create]
-
       feature_category :authentication_and_authorization
 
-      def index
-        @project_access_token = PersonalAccessToken.new
-        set_index_vars
-      end
-
-      def create
-        token_response = ResourceAccessTokens::CreateService.new(current_user, @project, create_params).execute
-
-        if token_response.success?
-          @project_access_token = token_response.payload[:access_token]
-          PersonalAccessToken.redis_store!(key_identity, @project_access_token.token)
-
-          redirect_to namespace_project_settings_access_tokens_path, notice: _("Your new project access token has been created.")
-        else
-          redirect_to namespace_project_settings_access_tokens_path, alert: _("Failed to create new project access token: %{token_response_message}") % { token_response_message: token_response.message }
-        end
-      end
-
-      def revoke
-        @project_access_token = finder.find(params[:id])
-        revoked_response = ResourceAccessTokens::RevokeService.new(current_user, @project, @project_access_token).execute
-
-        if revoked_response.success?
-          flash[:notice] = _("Revoked project access token %{project_access_token_name}!") % { project_access_token_name: @project_access_token.name }
-        else
-          flash[:alert] = _("Could not revoke project access token %{project_access_token_name}.") % { project_access_token_name: @project_access_token.name }
-        end
-
-        redirect_to namespace_project_settings_access_tokens_path
-      end
-
-      private
-
-      def check_permission(action)
-        render_404 unless can?(current_user, action, @project)
-      end
-
-      def create_params
-        params.require(:project_access_token).permit(:name, :expires_at, :access_level, scopes: [])
-      end
-
-      def set_index_vars
-        # Loading project members so that we can fetch access level of the bot
-        # user in the project without multiple queries.
-        @project.project_members.load
-
-        @scopes = Gitlab::Auth.resource_bot_scopes
-        @active_project_access_tokens = finder(state: 'active').execute.preload_users
-        @inactive_project_access_tokens = finder(state: 'inactive', sort: 'expires_at_asc').execute.preload_users
-        @new_project_access_token = PersonalAccessToken.redis_getdel(key_identity)
-      end
-
-      def finder(options = {})
-        PersonalAccessTokensFinder.new({ user: bot_users, impersonation: false }.merge(options))
-      end
-
-      def bot_users
-        @project.bots
-      end
+      alias_method :resource, :project
 
-      def key_identity
-        "#{current_user.id}:#{@project.id}"
+      def resource_access_tokens_path
+        namespace_project_settings_access_tokens_path
       end
     end
   end
diff --git a/app/controllers/projects/settings/ci_cd_controller.rb b/app/controllers/projects/settings/ci_cd_controller.rb
index ef6c10d43cd..c71134e0547 100644
--- a/app/controllers/projects/settings/ci_cd_controller.rb
+++ b/app/controllers/projects/settings/ci_cd_controller.rb
@@ -26,9 +26,13 @@ module Projects
           ).to_json
         end
 
-        # @assignable_runners is using ci_owned_runners
-        ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/336436') do
+        if current_user.ci_owned_runners_cross_joins_fix_enabled?
           render
+        else
+          # @assignable_runners is using ci_owned_runners
+          ::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/336436') do
+            render
+          end
         end
       end
 
diff --git a/app/controllers/projects/settings/repository_controller.rb b/app/controllers/projects/settings/repository_controller.rb
index cc419bab687..d750bd201e2 100644
--- a/app/controllers/projects/settings/repository_controller.rb
+++ b/app/controllers/projects/settings/repository_controller.rb
@@ -81,8 +81,7 @@ module Projects
         @protected_branch = @project.protected_branches.new
         @protected_tag = @project.protected_tags.new
 
-        @protected_branches_count = @protected_branches.reduce(0) { |sum, branch| sum + branch.matching(@project.repository.branches).size }
-        @protected_tags_count = @protected_tags.reduce(0) { |sum, tag| sum + tag.matching(@project.repository.tags).size }
+        @protected_tags_count = @protected_tags.reduce(0) { |sum, tag| sum + tag.matching(@project.repository.tag_names).size }
 
         load_gon_index
       end
diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb
index 660ebcc30d3..4f905a2d565 100644
--- a/app/controllers/projects/tree_controller.rb
+++ b/app/controllers/projects/tree_controller.rb
@@ -6,6 +6,7 @@ class Projects::TreeController < Projects::ApplicationController
   include CreatesCommit
   include ActionView::Helpers::SanitizeHelper
   include RedirectsForMissingPathOnTree
+  include SourcegraphDecorator
 
   around_action :allow_gitaly_ref_name_caching, only: [:show]
 
@@ -19,6 +20,9 @@ class Projects::TreeController < Projects::ApplicationController
     push_frontend_feature_flag(:lazy_load_commits, @project, default_enabled: :yaml)
     push_frontend_feature_flag(:new_dir_modal, @project, default_enabled: :yaml)
     push_frontend_feature_flag(:refactor_blob_viewer, @project, default_enabled: :yaml)
+    push_frontend_feature_flag(:highlight_js, @project, default_enabled: :yaml)
+    push_licensed_feature(:file_locks) if @project.licensed_feature_available?(:file_locks)
+    push_frontend_feature_flag(:consolidated_edit_button, @project, default_enabled: :yaml)
   end
 
   feature_category :source_code_management
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 04dde5ef7b2..64abcd7cc33 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -9,6 +9,7 @@ class ProjectsController < Projects::ApplicationController
   include RecordUserLastActivity
   include ImportUrlParams
   include FiltersEvents
+  include SourcegraphDecorator
 
   prepend_before_action(only: [:show]) { authenticate_sessionless_user!(:rss) }
 
@@ -39,6 +40,7 @@ class ProjectsController < Projects::ApplicationController
     push_frontend_feature_flag(:increase_page_size_exponentially, @project, default_enabled: :yaml)
     push_frontend_feature_flag(:new_dir_modal, @project, default_enabled: :yaml)
     push_licensed_feature(:file_locks) if @project.present? && @project.licensed_feature_available?(:file_locks)
+    push_frontend_feature_flag(:consolidated_edit_button, @project, default_enabled: :yaml)
   end
 
   layout :determine_layout
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index ed3facd72c5..c1765d367d1 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -13,6 +13,13 @@ class RegistrationsController < Devise::RegistrationsController
   before_action :ensure_destroy_prerequisites_met, only: [:destroy]
   before_action :load_recaptcha, only: :new
   before_action :set_invite_params, only: :new
+  before_action only: [:create] do
+    check_rate_limit!(:user_sign_up, scope: request.ip) if Feature.enabled?(:rate_limit_user_sign_up_endpoint, default_enabled: :yaml)
+  end
+
+  before_action only: [:new] do
+    push_frontend_feature_flag(:gitlab_gtm_datalayer, type: :ops)
+  end
 
   feature_category :authentication_and_authorization
 
diff --git a/app/controllers/repositories/lfs_api_controller.rb b/app/controllers/repositories/lfs_api_controller.rb
index d93d88c9e64..2b0aa67326e 100644
--- a/app/controllers/repositories/lfs_api_controller.rb
+++ b/app/controllers/repositories/lfs_api_controller.rb
@@ -155,7 +155,7 @@ module Repositories
     end
 
     def should_auto_link?
-      return false unless Feature.enabled?(:lfs_auto_link_fork_source, project)
+      return false unless Feature.enabled?(:lfs_auto_link_fork_source, project, default_enabled: :yaml)
       return false unless project.forked?
 
       # Sanity check in case for some reason the user doesn't have access to the parent
diff --git a/app/controllers/sandbox_controller.rb b/app/controllers/sandbox_controller.rb
new file mode 100644
index 00000000000..a87c2b38e60
--- /dev/null
+++ b/app/controllers/sandbox_controller.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class SandboxController < ApplicationController # rubocop:disable Gitlab/NamespacedClass
+  skip_before_action :authenticate_user!
+
+  feature_category :not_owned
+
+  def mermaid
+    render layout: false
+  end
+end
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index 99a6dfa811e..d58ed252a36 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -17,6 +17,7 @@ class SearchController < ApplicationController
     search_term_present = params[:search].present? || params[:term].present?
     search_term_present && !params[:project_id].present?
   end
+  before_action :check_email_search_rate_limit!, only: [:show, :count, :autocomplete]
 
   rescue_from ActiveRecord::QueryCanceled, with: :render_timeout
 
@@ -142,6 +143,7 @@ class SearchController < ApplicationController
     payload[:metadata]['meta.search.filters.confidential'] = params[:confidential]
     payload[:metadata]['meta.search.filters.state'] = params[:state]
     payload[:metadata]['meta.search.force_search_results'] = params[:force_search_results]
+    payload[:metadata]['meta.search.project_ids'] = params[:project_ids]
 
     if search_service.abuse_detected?
       payload[:metadata]['abuse.confidence'] = Gitlab::Abuse.confidence(:certain)
@@ -198,6 +200,12 @@ class SearchController < ApplicationController
       render status: :request_timeout
     end
   end
+
+  def check_email_search_rate_limit!
+    return unless search_service.params.email_lookup?
+
+    check_rate_limit!(:user_email_lookup, scope: [current_user])
+  end
 end
 
 SearchController.prepend_mod_with('SearchController')
diff --git a/app/controllers/sherlock/application_controller.rb b/app/controllers/sherlock/application_controller.rb
deleted file mode 100644
index c048254d348..00000000000
--- a/app/controllers/sherlock/application_controller.rb
+++ /dev/null
@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-module Sherlock
-  class ApplicationController < ::ApplicationController
-    before_action :find_transaction
-
-    def find_transaction
-      if params[:transaction_id]
-        @transaction = Gitlab::Sherlock.collection
-          .find_transaction(params[:transaction_id])
-      end
-    end
-  end
-end
diff --git a/app/controllers/sherlock/file_samples_controller.rb b/app/controllers/sherlock/file_samples_controller.rb
deleted file mode 100644
index 900446bb75a..00000000000
--- a/app/controllers/sherlock/file_samples_controller.rb
+++ /dev/null
@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-module Sherlock
-  class FileSamplesController < Sherlock::ApplicationController
-    def show
-      @file_sample = @transaction.find_file_sample(params[:id])
-    end
-  end
-end
diff --git a/app/controllers/sherlock/queries_controller.rb b/app/controllers/sherlock/queries_controller.rb
deleted file mode 100644
index 49a25c682b5..00000000000
--- a/app/controllers/sherlock/queries_controller.rb
+++ /dev/null
@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-module Sherlock
-  class QueriesController < Sherlock::ApplicationController
-    def show
-      @query = @transaction.find_query(params[:id])
-    end
-  end
-end
diff --git a/app/controllers/sherlock/transactions_controller.rb b/app/controllers/sherlock/transactions_controller.rb
deleted file mode 100644
index 8d1847507cc..00000000000
--- a/app/controllers/sherlock/transactions_controller.rb
+++ /dev/null
@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-
-module Sherlock
-  class TransactionsController < Sherlock::ApplicationController
-    def index
-      @transactions = Gitlab::Sherlock.collection.newest_first
-    end
-
-    def show
-      @transaction = Gitlab::Sherlock.collection.find_transaction(params[:id])
-
-      render_404 unless @transaction
-    end
-
-    def destroy_all
-      Gitlab::Sherlock.collection.clear
-
-      redirect_back_or_default(options: { status: :found })
-    end
-  end
-end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 26f56307862..8710eebf210 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -23,6 +23,9 @@ class UsersController < ApplicationController
   before_action :user, except: [:exists]
   before_action :authorize_read_user_profile!,
                 only: [:calendar, :calendar_activities, :groups, :projects, :contributed, :starred, :snippets, :followers, :following]
+  before_action only: [:exists] do
+    check_rate_limit!(:username_exists, scope: request.ip) if Feature.enabled?(:rate_limit_username_exists_endpoint, default_enabled: :yaml)
+  end
 
   feature_category :users
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-01-20 09:16:11 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-01-20 09:16:11 +0000
commit	edaa33dee2ff2f7ea3fac488d41558eb5f86d68c (patch)
tree	11f143effbfeba52329fb7afbd05e6e2a3790241 /app/controllers
parent	d8a5691316400a0f7ec4f83832698f1988eb27c1 (diff)
download	gitlab-ce-edaa33dee2ff2f7ea3fac488d41558eb5f86d68c.tar.gz