Merge branch 'master' into sh-support-bitbucket-server-import

4 files changed, 10 insertions, 32 deletions

diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 489dc8840e5..e0779112850 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -33,7 +33,7 @@ production: &base
     port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
     https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
 
-    # Uncommment this line below if your ssh host is different from HTTP/HTTPS one
+    # Uncomment this line below if your ssh host is different from HTTP/HTTPS one
     # (you'd obviously need to replace ssh.host_example.com with your own host).
     # Otherwise, ssh host will be set to the `host:` value above
     # ssh_host: ssh.host_example.com
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 3d3448cb4d6..550647ae1c6 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -279,7 +279,7 @@ Settings.cron_jobs['expire_build_artifacts_worker']['cron'] ||= '50 * * * *'
 Settings.cron_jobs['expire_build_artifacts_worker']['job_class'] = 'ExpireBuildArtifactsWorker'
 Settings.cron_jobs['repository_check_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['repository_check_worker']['cron'] ||= '20 * * * *'
-Settings.cron_jobs['repository_check_worker']['job_class'] = 'RepositoryCheck::BatchWorker'
+Settings.cron_jobs['repository_check_worker']['job_class'] = 'RepositoryCheck::DispatchWorker'
 Settings.cron_jobs['admin_email_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['admin_email_worker']['cron'] ||= '0 0 * * 0'
 Settings.cron_jobs['admin_email_worker']['job_class'] = 'AdminEmailWorker'
@@ -394,7 +394,7 @@ repositories_storages          = Settings.repositories.storages.values
 repository_downloads_path      = Settings.gitlab['repository_downloads_path'].to_s.gsub(%r{/$}, '')
 repository_downloads_full_path = File.expand_path(repository_downloads_path, Settings.gitlab['user_home'])
 
-# Gitaly migration: https://gitlab.com/gitlab-org/gitaly/issues/1237
+# Gitaly migration: https://gitlab.com/gitlab-org/gitaly/issues/1255
 Gitlab::GitalyClient::StorageSettings.allow_disk_access do
   if repository_downloads_path.blank? || repositories_storages.any? { |rs| [repository_downloads_path, repository_downloads_full_path].include?(rs.legacy_disk_path.gsub(%r{/$}, '')) }
     Settings.gitlab['repository_downloads_path'] = File.join(Settings.shared['path'], 'cache/archive')
diff --git a/config/initializers/6_validations.rb b/config/initializers/6_validations.rb
index ff6865608f0..bf9e5a50382 100644
--- a/config/initializers/6_validations.rb
+++ b/config/initializers/6_validations.rb
@@ -2,20 +2,6 @@ def storage_name_valid?(name)
   !!(name =~ /\A[a-zA-Z0-9\-_]+\z/)
 end
 
-def find_parent_path(name, path)
-  parent = Pathname.new(path).realpath.parent
-  Gitlab.config.repositories.storages.detect do |n, rs|
-    name != n && Pathname.new(rs.legacy_disk_path).realpath == parent
-  end
-rescue Errno::EIO, Errno::ENOENT => e
-  warning = "WARNING: couldn't verify #{path} (#{name}). "\
-            "If this is an external storage, it might be offline."
-  message = "#{warning}\n#{e.message}"
-  Rails.logger.error("#{message}\n\t" + e.backtrace.join("\n\t"))
-
-  nil
-end
-
 def storage_validation_error(message)
   raise "#{message}. Please fix this in your gitlab.yml before starting GitLab."
 end
@@ -37,17 +23,4 @@ def validate_storages_config
   end
 end
 
-# Gitaly migration: https://gitlab.com/gitlab-org/gitaly/issues/1237
-def validate_storages_paths
-  Gitlab::GitalyClient::StorageSettings.allow_disk_access do
-    Gitlab.config.repositories.storages.each do |name, repository_storage|
-      parent_name, _parent_path = find_parent_path(name, repository_storage.legacy_disk_path)
-      if parent_name
-        storage_validation_error("#{name} is a nested path of #{parent_name}. Nested paths are not supported for repository storages")
-      end
-    end
-  end
-end
-
 validate_storages_config
-validate_storages_paths unless Rails.env.test? || ENV['SKIP_STORAGE_VALIDATION'] == 'true'
diff --git a/config/initializers/doorkeeper_openid_connect.rb b/config/initializers/doorkeeper_openid_connect.rb
index 98e1f6e830f..ae5d834a02c 100644
--- a/config/initializers/doorkeeper_openid_connect.rb
+++ b/config/initializers/doorkeeper_openid_connect.rb
@@ -18,12 +18,17 @@ Doorkeeper::OpenidConnect.configure do
   end
 
   subject do |user|
-    # hash the user's ID with the Rails secret_key_base to avoid revealing it
-    Digest::SHA256.hexdigest "#{user.id}-#{Rails.application.secrets.secret_key_base}"
+    user.id
   end
 
   claims do
     with_options scope: :openid do |o|
+      o.claim(:sub_legacy, response: [:id_token, :user_info]) do |user|
+        # provide the previously hashed 'sub' claim to allow third-party apps
+        # to migrate to the new unhashed value
+        Digest::SHA256.hexdigest "#{user.id}-#{Rails.application.secrets.secret_key_base}"
+      end
+
       o.claim(:name)           { |user| user.name }
       o.claim(:nickname)       { |user| user.username }
       o.claim(:email)          { |user| user.public_email  }