Merge branch 'master' into awardables

12 files changed, 103 insertions, 32 deletions

diff --git a/config/application.rb b/config/application.rb
index 2e2ed48db07..b602e2b6168 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -32,7 +32,30 @@ module Gitlab
     config.encoding = "utf-8"
 
     # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt, :variables, :import_url)
+    # 
+    # Parameters filtered:
+    # - Password (:password, :password_confirmation)
+    # - Private tokens (:private_token)
+    # - Two-factor tokens (:otp_attempt)
+    # - Repo/Project Import URLs (:import_url)
+    # - Build variables (:variables)
+    # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
+    # - Webhook URLs (:hook)
+    # - Sentry DSN (:sentry_dsn)
+    # - Deploy keys (:key)
+    config.filter_parameters += %i(
+      certificate
+      encrypted_key
+      hook
+      import_url
+      key
+      otp_attempt
+      password
+      password_confirmation
+      private_token
+      sentry_dsn
+      variables
+    )
 
     # Enable escaping HTML in JSON.
     config.active_support.escape_html_entities_in_json = true
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 689694a3480..4f39016bfa4 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -36,7 +36,7 @@ Rails.application.configure do
   # For having correct urls in mails
   config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
   # Open sent mails in browser
-  config.action_mailer.delivery_method = :letter_opener
+  config.action_mailer.delivery_method = :letter_opener_web
   # Don't make a mess when bootstrapping a development environment
   config.action_mailer.perform_deliveries = (ENV['BOOTSTRAP'] != '1')
 
diff --git a/config/gitlab.teatro.yml b/config/gitlab.teatro.yml
index f0656400beb..01c8dc5ff98 100644
--- a/config/gitlab.teatro.yml
+++ b/config/gitlab.teatro.yml
@@ -15,7 +15,6 @@ production: &base
       issues: true
       merge_requests: true
       wiki: true
-      wall: false
       snippets: false
       visibility_level: "private"  # can be "private" | "internal" | "public"
 
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index d9c15f81404..e682bcb976d 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -152,7 +152,6 @@ production: &base
   ## Gravatar
   ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
   gravatar:
-    enabled: true                 # Use user avatar image from Gravatar.com (default: true)
     # gravatar urls: possible placeholders: %{hash} %{size} %{email}
     # plain_url: "http://..."     # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
     # ssl_url:   "https://..."    # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
@@ -168,9 +167,9 @@ production: &base
     # once per hour you will have concurrent 'git fsck' jobs.
     repository_check_worker:
       cron: "20 * * * *"
-    # Send admin emails once a day
+    # Send admin emails once a week
     admin_email_worker:
-      cron: "0 0 * * *"
+      cron: "0 0 * * 0"
 
     # Remove outdated repository archives
     repository_archive_cache_worker:
@@ -350,6 +349,8 @@ production: &base
       # - { name: 'github',
       #     app_id: 'YOUR_APP_ID',
       #     app_secret: 'YOUR_APP_SECRET',
+      #     url: "https://github.com/",
+      #     verify_ssl: true,
       #     args: { scope: 'user:email' } }
       # - { name: 'bitbucket',
       #     app_id: 'YOUR_APP_ID',
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 10c25044b75..8db2c05fe45 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -140,6 +140,30 @@ Settings.omniauth.cas3['session_duration'] ||= 8.hours
 Settings.omniauth['session_tickets'] ||= Settingslogic.new({})
 Settings.omniauth.session_tickets['cas3'] = 'ticket'
 
+# Fill out omniauth-gitlab settings. It is needed for easy set up GHE or GH by just specifying url.
+
+github_default_url = "https://github.com"
+github_settings = Settings.omniauth['providers'].find { |provider| provider["name"] == "github" }
+
+if github_settings
+  # For compatibility with old config files (before 7.8)
+  # where people dont have url in github settings
+  if github_settings['url'].blank?
+    github_settings['url'] = github_default_url
+  end
+
+  github_settings["args"] ||= Settingslogic.new({})
+
+  if github_settings["url"].include?(github_default_url)
+    github_settings["args"]["client_options"] = OmniAuth::Strategies::GitHub.default_options[:client_options]
+  else
+    github_settings["args"]["client_options"] = {
+      "site"          => File.join(github_settings["url"], "api/v3"),
+      "authorize_url" => File.join(github_settings["url"], "login/oauth/authorize"),
+      "token_url"     => File.join(github_settings["url"], "login/oauth/access_token")
+    }
+  end
+end
 
 Settings['shared'] ||= Settingslogic.new({})
 Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root)
@@ -245,7 +269,7 @@ Settings.cron_jobs['repository_check_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['repository_check_worker']['cron'] ||= '20 * * * *'
 Settings.cron_jobs['repository_check_worker']['job_class'] = 'RepositoryCheck::BatchWorker'
 Settings.cron_jobs['admin_email_worker'] ||= Settingslogic.new({})
-Settings.cron_jobs['admin_email_worker']['cron'] ||= '0 0 * * *'
+Settings.cron_jobs['admin_email_worker']['cron'] ||= '0 0 * * 0'
 Settings.cron_jobs['admin_email_worker']['job_class'] = 'AdminEmailWorker'
 Settings.cron_jobs['repository_archive_cache_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['repository_archive_cache_worker']['cron'] ||= '0 * * * *'
diff --git a/config/initializers/metrics.rb b/config/initializers/metrics.rb
index 22fe51a4534..b2d08d87bac 100644
--- a/config/initializers/metrics.rb
+++ b/config/initializers/metrics.rb
@@ -61,12 +61,30 @@ if Gitlab::Metrics.enabled?
       config.instrument_instance_methods(const)
     end
 
-    Dir[Rails.root.join('app', 'finders', '*.rb')].each do |path|
-      const = File.basename(path, '.rb').camelize.constantize
-
-      config.instrument_instance_methods(const)
+    # Path to search => prefix to strip from constant
+    paths_to_instrument = {
+      ['app', 'finders']                    => ['app', 'finders'],
+      ['app', 'mailers', 'emails']          => ['app', 'mailers'],
+      ['app', 'services', '**']             => ['app', 'services'],
+      ['lib', 'gitlab', 'diff']             => ['lib'],
+      ['lib', 'gitlab', 'email', 'message'] => ['lib']
+    }
+
+    paths_to_instrument.each do |(path, prefix)|
+      prefix = Rails.root.join(*prefix)
+
+      Dir[Rails.root.join(*path + ['*.rb'])].each do |file_path|
+        path = Pathname.new(file_path).relative_path_from(prefix)
+        const = path.to_s.sub('.rb', '').camelize.constantize
+
+        config.instrument_methods(const)
+        config.instrument_instance_methods(const)
+      end
     end
 
+    config.instrument_methods(Premailer::Adapter::Nokogiri)
+    config.instrument_instance_methods(Premailer::Adapter::Nokogiri)
+
     [
       :Blame, :Branch, :BranchCollection, :Blob, :Commit, :Diff, :Repository,
       :Tag, :TagCollection, :Tree
@@ -97,16 +115,9 @@ if Gitlab::Metrics.enabled?
     config.instrument_methods(Gitlab::ReferenceExtractor)
     config.instrument_instance_methods(Gitlab::ReferenceExtractor)
 
-    # Instrument all service classes
-    services = Rails.root.join('app', 'services')
-
-    Dir[services.join('**', '*.rb')].each do |file_path|
-      path = Pathname.new(file_path).relative_path_from(services)
-      const = path.to_s.sub('.rb', '').camelize.constantize
-
-      config.instrument_methods(const)
-      config.instrument_instance_methods(const)
-    end
+    # Instrument the classes used for checking if somebody has push access.
+    config.instrument_instance_methods(Gitlab::GitAccess)
+    config.instrument_instance_methods(Gitlab::GitAccessWiki)
   end
 
   GC::Profiler.enable
diff --git a/config/initializers/rack_attack.rb.example b/config/initializers/rack_attack.rb.example
index b1bbcca1d61..30d05f16153 100644
--- a/config/initializers/rack_attack.rb.example
+++ b/config/initializers/rack_attack.rb.example
@@ -17,8 +17,9 @@ paths_to_be_protected = [
 # Create one big regular expression that matches strings starting with any of
 # the paths_to_be_protected.
 paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ })
+rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled']
 
-unless Rails.env.test?
+unless Rails.env.test? || !rack_attack_enabled
   Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req|
     if req.post? && req.path =~ paths_regex
       req.ip
diff --git a/config/initializers/rack_attack_git_basic_auth.rb b/config/initializers/rack_attack_git_basic_auth.rb
index bbbfed68329..6a721826170 100644
--- a/config/initializers/rack_attack_git_basic_auth.rb
+++ b/config/initializers/rack_attack_git_basic_auth.rb
@@ -1,4 +1,6 @@
-unless Rails.env.test?
+rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled']
+
+unless Rails.env.test? || !rack_attack_enabled
   # Tell the Rack::Attack Rack middleware to maintain an IP blacklist. We will
   # update the blacklist from Grack::Auth#authenticate_user.
   Rack::Attack.blacklist('Git HTTP Basic Auth') do |req|
diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb
index e87899b2d5c..74fef7cadfe 100644
--- a/config/initializers/sentry.rb
+++ b/config/initializers/sentry.rb
@@ -15,6 +15,9 @@ if Rails.env.production?
     Raven.configure do |config|
       config.dsn = current_application_settings.sentry_dsn
       config.release = Gitlab::REVISION
+      
+      # Sanitize fields based on those sanitized from Rails.
+      config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)
     end
   end
 end
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 88cb859871c..599dabb9e50 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -22,7 +22,7 @@ else
     key: '_gitlab_session',
     secure: Gitlab.config.gitlab.https,
     httponly: true,
-    expire_after: Settings.gitlab['session_expire_delay'] * 60,
+    expires_in: Settings.gitlab['session_expire_delay'] * 60,
     path: (Rails.application.config.relative_url_root.nil?) ? '/' : Gitlab::Application.config.relative_url_root
   )
 end
diff --git a/config/initializers/trusted_proxies.rb b/config/initializers/trusted_proxies.rb
index b8cc025bae2..d256a16d42b 100644
--- a/config/initializers/trusted_proxies.rb
+++ b/config/initializers/trusted_proxies.rb
@@ -1,2 +1,3 @@
-Rails.application.config.action_dispatch.trusted_proxies =
+Rails.application.config.action_dispatch.trusted_proxies = (
   [ '127.0.0.1', '::1' ] + Array(Gitlab.config.gitlab.trusted_proxies)
+).map { |proxy| IPAddr.new(proxy) }
diff --git a/config/routes.rb b/config/routes.rb
index ecde83d8547..8deb224cde9 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -16,16 +16,18 @@ Rails.application.routes.draw do
     end
   end
 
-  # Make the built-in Rails routes available in development, otherwise they'd
-  # get swallowed by the `namespace/project` route matcher below.
-  #
-  # See https://git.io/va79N
   if Rails.env.development?
+    # Make the built-in Rails routes available in development, otherwise they'd
+    # get swallowed by the `namespace/project` route matcher below.
+    #
+    # See https://git.io/va79N
     get '/rails/mailers'         => 'rails/mailers#index'
     get '/rails/mailers/:path'   => 'rails/mailers#preview'
     get '/rails/info/properties' => 'rails/info#properties'
     get '/rails/info/routes'     => 'rails/info#routes'
     get '/rails/info'            => 'rails/info#index'
+
+    mount LetterOpenerWeb::Engine, at: '/rails/letter_opener'
   end
 
   namespace :ci do
@@ -212,8 +214,6 @@ Rails.application.routes.draw do
       resources :keys, only: [:show, :destroy]
       resources :identities, except: [:show]
 
-      delete 'stop_impersonation' => 'impersonation#destroy', on: :collection
-
       member do
         get :projects
         get :keys
@@ -223,12 +223,14 @@ Rails.application.routes.draw do
         put :unblock
         put :unlock
         put :confirm
-        post 'impersonate' => 'impersonation#create'
+        post :impersonate
         patch :disable_two_factor
         delete 'remove/:email_id', action: 'remove_email', as: 'remove_email'
       end
     end
 
+    resource :impersonation, only: :destroy
+
     resources :abuse_reports, only: [:index, :destroy]
     resources :spam_logs, only: [:index, :destroy]
 
@@ -418,6 +420,7 @@ Rails.application.routes.draw do
 
   devise_scope :user do
     get '/users/auth/:provider/omniauth_error' => 'omniauth_callbacks#omniauth_error', as: :omniauth_error
+    get '/users/almost_there' => 'confirmations#almost_there'
   end
 
   root to: "root#index"
@@ -549,6 +552,7 @@ Rails.application.routes.draw do
             post :cancel_builds
             post :retry_builds
             post :revert
+            post :cherry_pick
           end
         end
 
@@ -669,6 +673,7 @@ Rails.application.routes.draw do
             post :cancel
             post :retry
             post :erase
+            get :raw
           end
 
           resource :artifacts, only: [] do
@@ -707,6 +712,7 @@ Rails.application.routes.draw do
             post :toggle_award_emoji
             get :referenced_merge_requests
             get :related_branches
+            get :can_create_branch
           end
           collection do
             post  :bulk_update