Add latest changes from gitlab-org/gitlab@master

9 files changed, 113 insertions, 67 deletions

diff --git a/app/assets/javascripts/mirrors/mirror_repos.js b/app/assets/javascripts/mirrors/mirror_repos.js
index e5acaaf9366..5401fb7b6ec 100644
--- a/app/assets/javascripts/mirrors/mirror_repos.js
+++ b/app/assets/javascripts/mirrors/mirror_repos.js
@@ -22,15 +22,18 @@ export default class MirrorRepos {
   }
 
   initMirrorPush() {
+    this.$keepDivergentRefsInput = $('.js-mirror-keep-divergent-refs', this.$form);
     this.$passwordGroup = $('.js-password-group', this.$container);
     this.$password = $('.js-password', this.$passwordGroup);
     this.$authMethod = $('.js-auth-method', this.$form);
 
+    this.$keepDivergentRefsInput.on('change', () => this.updateKeepDivergentRefs());
     this.$authMethod.on('change', () => this.togglePassword());
     this.$password.on('input.updateUrl', () => this.debouncedUpdateUrl());
 
     this.initMirrorSSH();
     this.updateProtectedBranches();
+    this.updateKeepDivergentRefs();
   }
 
   initMirrorSSH() {
@@ -61,6 +64,16 @@ export default class MirrorRepos {
     $('.js-mirror-protected-hidden', this.$form).val(val);
   }
 
+  updateKeepDivergentRefs() {
+    const field = this.$keepDivergentRefsInput.get(0);
+
+    // This field only exists after the form is switched to 'Push' mode
+    if (field) {
+      const val = field.checked ? this.$keepDivergentRefsInput.val() : '0';
+      $('.js-mirror-keep-divergent-refs-hidden', this.$form).val(val);
+    }
+  }
+
   registerUpdateListeners() {
     this.debouncedUpdateUrl = debounce(() => this.updateUrl(), 200);
     this.$urlInput.on('input', () => this.debouncedUpdateUrl());
diff --git a/app/controllers/projects/mirrors_controller.rb b/app/controllers/projects/mirrors_controller.rb
index 936f89e58e7..518e6a92afa 100644
--- a/app/controllers/projects/mirrors_controller.rb
+++ b/app/controllers/projects/mirrors_controller.rb
@@ -77,6 +77,7 @@ class Projects::MirrorsController < Projects::ApplicationController
         id
         enabled
         only_protected_branches
+        keep_divergent_refs
         auth_method
         password
         ssh_known_hosts
diff --git a/app/models/audit_event.rb b/app/models/audit_event.rb
index 7ff0076c3e3..03841917bbf 100644
--- a/app/models/audit_event.rb
+++ b/app/models/audit_event.rb
@@ -30,26 +30,12 @@ class AuditEvent < ApplicationRecord
   end
 
   def author_name
-    lazy_author.name
+    self.user.name
   end
 
   def formatted_details
     details.merge(details.slice(:from, :to).transform_values(&:to_s))
   end
-
-  def lazy_author
-    BatchLoader.for(author_id).batch(default_value: default_author_value) do |author_ids, loader|
-      User.where(id: author_ids).find_each do |user|
-        loader.call(user.id, user)
-      end
-    end
-  end
-
-  private
-
-  def default_author_value
-    ::Gitlab::Audit::NullAuthor.for(author_id, details[:author_name])
-  end
 end
 
 AuditEvent.prepend_if_ee('EE::AuditEvent')
diff --git a/app/models/user.rb b/app/models/user.rb
index 8709bfb18fd..b147c7d4d48 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1825,7 +1825,7 @@ class User < ApplicationRecord
     return if restrictions.blank?
 
     if Gitlab::UntrustedRegexp.new(restrictions).match?(email)
-      errors.add(:email, _('is not allowed for sign-up'))
+      errors.add(:email, _('is not allowed. Try again with a different email address, or contact your GitLab admin.'))
     end
   end
 
diff --git a/app/presenters/pages_domain_presenter.rb b/app/presenters/pages_domain_presenter.rb
new file mode 100644
index 00000000000..6b74983d932
--- /dev/null
+++ b/app/presenters/pages_domain_presenter.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class PagesDomainPresenter < Gitlab::View::Presenter::Delegated
+  presents :pages_domain
+
+  def needs_verification?
+    Gitlab::CurrentSettings.pages_domain_verification_enabled? && unverified?
+  end
+
+  def show_auto_ssl_failed_warning?
+    return false unless Feature.enabled?(:pages_letsencrypt_errors, pages_domain.project)
+
+    # validations prevents auto ssl from working, so there is no need to show that warning until
+    return false if needs_verification?
+
+    ::Gitlab::LetsEncrypt.enabled? && auto_ssl_failed
+  end
+end
diff --git a/app/services/audit_event_service.rb b/app/services/audit_event_service.rb
index d9e40c456aa..42ed5f17d8d 100644
--- a/app/services/audit_event_service.rb
+++ b/app/services/audit_event_service.rb
@@ -13,7 +13,7 @@ class AuditEventService
   #
   # @return [AuditEventService]
   def initialize(author, entity, details = {})
-    @author = build_author(author)
+    @author = author
     @entity = entity
     @details = details
   end
@@ -49,14 +49,6 @@ class AuditEventService
 
   private
 
-  def build_author(author)
-    if author.is_a?(User)
-      author
-    else
-      Gitlab::Audit::UnauthenticatedAuthor.new(name: author)
-    end
-  end
-
   def base_payload
     {
       author_id: @author.id,
diff --git a/app/services/metrics/dashboard/clone_dashboard_service.rb b/app/services/metrics/dashboard/clone_dashboard_service.rb
index ee5b50aefc3..3ca25b3bd9b 100644
--- a/app/services/metrics/dashboard/clone_dashboard_service.rb
+++ b/app/services/metrics/dashboard/clone_dashboard_service.rb
@@ -5,9 +5,18 @@
 module Metrics
   module Dashboard
     class CloneDashboardService < ::BaseService
+      include Stepable
+
       ALLOWED_FILE_TYPE = '.yml'
       USER_DASHBOARDS_DIR = ::Metrics::Dashboard::CustomDashboardService::DASHBOARD_ROOT
 
+      steps :check_push_authorized,
+        :check_branch_name,
+        :check_file_type,
+        :check_dashboard_template,
+        :create_file,
+        :refresh_repository_method_caches
+
       class << self
         def allowed_dashboard_templates
           @allowed_dashboard_templates ||= Set[::Metrics::Dashboard::SystemDashboardService::DASHBOARD_PATH].freeze
@@ -22,21 +31,52 @@ module Metrics
         end
       end
 
-      # rubocop:disable Cop/BanCatchThrow
       def execute
-        catch(:error) do
-          throw(:error, error(_(%q(You are not allowed to push into this branch. Create another branch or open a merge request.)), :forbidden)) unless push_authorized?
+        execute_steps
+      end
+
+      private
+
+      def check_push_authorized(result)
+        return error(_('You are not allowed to push into this branch. Create another branch or open a merge request.'), :forbidden) unless push_authorized?
+
+        success(result)
+      end
+
+      def check_branch_name(result)
+        return error(_('There was an error creating the dashboard, branch name is invalid.'), :bad_request) unless valid_branch_name?
+        return error(_('There was an error creating the dashboard, branch named: %{branch} already exists.') % { branch: params[:branch] }, :bad_request) unless new_or_default_branch?
+
+        success(result)
+      end
 
-          result = ::Files::CreateService.new(project, current_user, dashboard_attrs).execute
-          throw(:error, wrap_error(result)) unless result[:status] == :success
+      def check_file_type(result)
+        return error(_('The file name should have a .yml extension'), :bad_request) unless target_file_type_valid?
 
-          repository.refresh_method_caches([:metrics_dashboard])
-          success(result.merge(http_status: :created, dashboard: dashboard_details))
+        success(result)
+      end
+
+      def check_dashboard_template(result)
+        return error(_('Not found.'), :not_found) unless self.class.allowed_dashboard_templates.include?(params[:dashboard])
+
+        success(result)
+      end
+
+      def create_file(result)
+        create_file_response = ::Files::CreateService.new(project, current_user, dashboard_attrs).execute
+
+        if create_file_response[:status] == :success
+          success(result.merge(create_file_response))
+        else
+          wrap_error(create_file_response)
         end
       end
-      # rubocop:enable Cop/BanCatchThrow
 
-      private
+      def refresh_repository_method_caches(result)
+        repository.refresh_method_caches([:metrics_dashboard])
+
+        success(result.merge(http_status: :created, dashboard: dashboard_details))
+      end
 
       def dashboard_attrs
         {
@@ -62,26 +102,13 @@ module Metrics
         Gitlab::UserAccess.new(current_user, project: project).can_push_to_branch?(branch)
       end
 
-      # rubocop:disable Cop/BanCatchThrow
       def dashboard_template
-        @dashboard_template ||= begin
-          throw(:error, error(_('Not found.'), :not_found)) unless self.class.allowed_dashboard_templates.include?(params[:dashboard])
-
-          params[:dashboard]
-        end
+        @dashboard_template ||= params[:dashboard]
       end
-      # rubocop:enable Cop/BanCatchThrow
 
-      # rubocop:disable Cop/BanCatchThrow
       def branch
-        @branch ||= begin
-          throw(:error, error(_('There was an error creating the dashboard, branch name is invalid.'), :bad_request)) unless valid_branch_name?
-          throw(:error, error(_('There was an error creating the dashboard, branch named: %{branch} already exists.') % { branch: params[:branch] }, :bad_request)) unless new_or_default_branch? # temporary validation for first UI iteration
-
-          params[:branch]
-        end
+        @branch ||= params[:branch]
       end
-      # rubocop:enable Cop/BanCatchThrow
 
       def new_or_default_branch?
         !repository.branch_exists?(params[:branch]) || project.default_branch == params[:branch]
@@ -95,20 +122,22 @@ module Metrics
         @new_dashboard_path ||= File.join(USER_DASHBOARDS_DIR, file_name)
       end
 
-      # rubocop:disable Cop/BanCatchThrow
       def file_name
-        @file_name ||= begin
-          throw(:error, error(_('The file name should have a .yml extension'), :bad_request)) unless target_file_type_valid?
-
-          File.basename(params[:file_name])
-        end
+        @file_name ||= File.basename(params[:file_name])
       end
-      # rubocop:enable Cop/BanCatchThrow
 
       def target_file_type_valid?
         File.extname(params[:file_name]) == ALLOWED_FILE_TYPE
       end
 
+      def wrap_error(result)
+        if result[:message] == 'A file with this name already exists'
+          error(_("A file with '%{file_name}' already exists in %{branch} branch") % { file_name: file_name, branch: branch }, :bad_request)
+        else
+          result
+        end
+      end
+
       def new_dashboard_content
         ::Gitlab::Metrics::Dashboard::Processor
           .new(project, raw_dashboard, sequence, {})
@@ -119,14 +148,6 @@ module Metrics
         @repository ||= project.repository
       end
 
-      def wrap_error(result)
-        if result[:message] == 'A file with this name already exists'
-          error(_("A file with '%{file_name}' already exists in %{branch} branch") % { file_name: file_name, branch: branch }, :bad_request)
-        else
-          result
-        end
-      end
-
       def raw_dashboard
         YAML.safe_load(File.read(Rails.root.join(dashboard_template)))
       end
diff --git a/app/views/projects/mirrors/_mirror_repos_push.html.haml b/app/views/projects/mirrors/_mirror_repos_push.html.haml
index b7c885b4a63..8482424a184 100644
--- a/app/views/projects/mirrors/_mirror_repos_push.html.haml
+++ b/app/views/projects/mirrors/_mirror_repos_push.html.haml
@@ -1,8 +1,15 @@
 - protocols = Gitlab::UrlSanitizer::ALLOWED_SCHEMES.join('|')
+- keep_divergent_refs = Feature.enabled?(:keep_divergent_refs, @project)
 
 = f.fields_for :remote_mirrors, @project.remote_mirrors.build do |rm_f|
   = rm_f.hidden_field :enabled, value: '1'
   = rm_f.hidden_field :url, class: 'js-mirror-url-hidden', required: true, pattern: "(#{protocols}):\/\/.+"
   = rm_f.hidden_field :only_protected_branches, class: 'js-mirror-protected-hidden'
+  - if keep_divergent_refs
+    = rm_f.hidden_field :keep_divergent_refs, class: 'js-mirror-keep-divergent-refs-hidden'
   = render partial: 'projects/mirrors/ssh_host_keys', locals: { f: rm_f }
   = render partial: 'projects/mirrors/authentication_method', locals: { f: rm_f }
+  - if keep_divergent_refs
+    .form-check.append-bottom-10
+      = check_box_tag :keep_divergent_refs, '1', false, class: 'js-mirror-keep-divergent-refs form-check-input'
+      = label_tag :keep_divergent_refs, 'Keep divergent refs', class: 'form-check-label'
diff --git a/app/views/projects/pages/_list.html.haml b/app/views/projects/pages/_list.html.haml
index 6d196b06135..0d40f375926 100644
--- a/app/views/projects/pages/_list.html.haml
+++ b/app/views/projects/pages/_list.html.haml
@@ -6,6 +6,7 @@
       Domains (#{@domains.count})
     %ul.list-group.list-group-flush.pages-domain-list{ class: ("has-verification-status" if verification_enabled) }
       - @domains.each do |domain|
+        - domain = Gitlab::View::Presenter::Factory.new(domain, current_user: current_user).fabricate!
         %li.pages-domain-list-item.list-group-item.d-flex.justify-content-between
           - if verification_enabled
             - tooltip, status = domain.unverified? ? [s_('GitLabPages|Unverified'), 'failed'] : [s_('GitLabPages|Verified'), 'success']
@@ -13,20 +14,27 @@
               = sprite_icon("status_#{status}", size: 16 )
           .domain-name
             = external_link(domain.url, domain.url)
-            - if domain.subject
+            - if domain.certificate
               %div
                 %span.badge.badge-gray
-                  = s_('GitLabPages|Certificate: %{subject}') % { subject: domain.subject }
+                  = s_('GitLabPages|Certificate: %{subject}') % { subject: domain.pages_domain.subject }
                 - if domain.expired?
                   %span.badge.badge-danger
                     = s_('GitLabPages|Expired')
           %div
             = link_to s_('GitLabPages|Edit'), project_pages_domain_path(@project, domain), class: "btn btn-sm btn-grouped btn-success btn-inverted"
             = link_to s_('GitLabPages|Remove'), project_pages_domain_path(@project, domain), data: { confirm: s_('GitLabPages|Are you sure?')}, method: :delete, class: "btn btn-remove btn-sm btn-grouped"
-        - if verification_enabled && domain.unverified?
+        - if domain.needs_verification?
           %li.list-group-item.bs-callout-warning
             - details_link_start = "<a href='#{project_pages_domain_path(@project, domain)}'>".html_safe
             - details_link_end = '</a>'.html_safe
             = s_('GitLabPages|%{domain} is not verified. To learn how to verify ownership, visit your %{link_start}domain details%{link_end}.').html_safe % { domain: domain.domain,
                 link_start: details_link_start,
                 link_end: details_link_end }
+        - if domain.show_auto_ssl_failed_warning?
+          %li.list-group-item.bs-callout-warning
+            - details_link_start = "<a href='#{project_pages_domain_path(@project, domain)}'>".html_safe
+            - details_link_end = '</a>'.html_safe
+            = s_("GitLabPages|Something went wrong while obtaining Let's Encrypt certificate for %{domain}. To retry visit your %{link_start}domain details%{link_end}.").html_safe % { domain: domain.domain,
+                link_start: details_link_start,
+                link_end: details_link_end }