diff options
| -rw-r--r-- | CHANGELOG | 3 | ||||
| -rw-r--r-- | app/assets/javascripts/merge_request.js.coffee | 8 | ||||
| -rw-r--r-- | app/controllers/help_controller.rb | 56 | ||||
| -rw-r--r-- | app/models/label.rb | 2 | ||||
| -rw-r--r-- | app/views/help/show.html.haml | 2 | ||||
| -rw-r--r-- | app/views/projects/labels/_form.html.haml | 2 | ||||
| -rw-r--r-- | app/views/projects/merge_requests/_show.html.haml | 6 | ||||
| -rw-r--r-- | config/initializers/doorkeeper.rb | 4 | ||||
| -rw-r--r-- | config/initializers/mime_types.rb | 3 | ||||
| -rw-r--r-- | config/routes.rb | 2 | ||||
| -rw-r--r-- | doc/ssh/README.md | 6 | ||||
| -rw-r--r-- | features/steps/dashboard/help.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/markdown.rb | 32 | ||||
| -rw-r--r-- | spec/controllers/help_controller_spec.rb | 61 | ||||
| -rw-r--r-- | spec/features/help_pages_spec.rb | 2 | ||||
| -rw-r--r-- | spec/routing/routing_spec.rb | 59 |
16 files changed, 156 insertions, 94 deletions
diff --git a/CHANGELOG b/CHANGELOG index 2df2175e782..98461c493df 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -103,7 +103,8 @@ v 7.10.0 (unreleased) - Remove truncation from issue titles on milestone page (Jason Blanchard) - Fix stuck Merge Request merging events from old installations (Ben Bodenmiller) - Fix merge request comments on files with multiple commits - + - Fix Resource Owner Password Authentication Flow + v 7.9.4 - Security: Fix project import URL regex to prevent arbitary local repos from being imported - Fixed issue where only 25 commits would load in file listings diff --git a/app/assets/javascripts/merge_request.js.coffee b/app/assets/javascripts/merge_request.js.coffee index fc75f143836..ae5d088d593 100644 --- a/app/assets/javascripts/merge_request.js.coffee +++ b/app/assets/javascripts/merge_request.js.coffee @@ -58,14 +58,6 @@ class @MergeRequest , 'json' bindEvents: -> - this.$('.merge-request-tabs').on 'click', 'a', (event) => - a = $(event.currentTarget) - - href = a.attr('href') - History.replaceState {path: href}, document.title, href - - event.preventDefault() - this.$('.merge-request-tabs').on 'click', 'li', (event) => this.activateTab($(event.currentTarget).data('action')) diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb index 0e5567c7734..35ece5b270b 100644 --- a/app/controllers/help_controller.rb +++ b/app/controllers/help_controller.rb @@ -3,40 +3,54 @@ class HelpController < ApplicationController end def show - @filepath = clean_path_info(params[:filepath]) - @format = params[:format] + category = clean_path_info(path_params[:category]) + file = path_params[:file] respond_to do |format| - format.md { render_doc } - format.all { send_file_data } - end - end + format.any(:markdown, :md, :html) do + path = Rails.root.join('doc', category, "#{file}.md") - def shortcuts - end + if File.exist?(path) + @markdown = File.read(path) - private + render 'show.html.haml' + else + # Force template to Haml + render 'errors/not_found.html.haml', layout: 'errors', status: 404 + end + end + + # Allow access to images in the doc folder + format.any(:png, :gif, :jpeg) do + path = Rails.root.join('doc', category, "#{file}.#{params[:format]}") + + if File.exist?(path) + send_file(path, disposition: 'inline') + else + head :not_found + end + end - def render_doc - if File.exists?(Rails.root.join('doc', @filepath + '.md')) - render 'show.html.haml' - else - not_found! + # Any other format we don't recognize, just respond 404 + format.any { head :not_found } end end - def send_file_data - path = Rails.root.join('doc', "#{@filepath}.#{@format}") - if File.exists?(path) - send_file(path, disposition: 'inline') - else - head :not_found - end + def shortcuts end def ui end + private + + def path_params + params.require(:category) + params.require(:file) + + params + end + PATH_SEPS = Regexp.union(*[::File::SEPARATOR, ::File::ALT_SEPARATOR].compact) # Taken from ActionDispatch::FileHandler diff --git a/app/models/label.rb b/app/models/label.rb index 9d7099c5652..1f22ed23d42 100644 --- a/app/models/label.rb +++ b/app/models/label.rb @@ -13,6 +13,8 @@ class Label < ActiveRecord::Base DEFAULT_COLOR = '#428BCA' + default_value_for :color, DEFAULT_COLOR + belongs_to :project has_many :label_links, dependent: :destroy has_many :issues, through: :label_links, source: :target, source_type: 'Issue' diff --git a/app/views/help/show.html.haml b/app/views/help/show.html.haml index f22aa92caf7..cc1be6a717a 100644 --- a/app/views/help/show.html.haml +++ b/app/views/help/show.html.haml @@ -1,2 +1,2 @@ .documentation.wiki - = markdown File.read(Rails.root.join('doc', @filepath + '.md')).gsub("$your_email", current_user.email) + = markdown @markdown.gsub('$your_email', current_user.email) diff --git a/app/views/projects/labels/_form.html.haml b/app/views/projects/labels/_form.html.haml index ad993db6c0b..261d52dedc1 100644 --- a/app/views/projects/labels/_form.html.haml +++ b/app/views/projects/labels/_form.html.haml @@ -16,7 +16,7 @@ .col-sm-10 .input-group .input-group-addon.label-color-preview - = f.color_field :color, value: "#AA33EE", class: "form-control" + = f.color_field :color, class: "form-control" .help-block Choose any color. %br diff --git a/app/views/projects/merge_requests/_show.html.haml b/app/views/projects/merge_requests/_show.html.haml index a74aede4e6b..cec02de84ca 100644 --- a/app/views/projects/merge_requests/_show.html.haml +++ b/app/views/projects/merge_requests/_show.html.haml @@ -36,17 +36,17 @@ - if @commits.present? %ul.nav.nav-tabs.merge-request-tabs - %li.notes-tab{data: {action: 'notes'}} + %li.notes-tab{data: {action: 'notes', toggle: 'tab'}} = link_to merge_request_path(@merge_request) do %i.fa.fa-comments Discussion %span.badge= @merge_request.mr_and_commit_notes.user.count - %li.commits-tab{data: {action: 'commits'}} + %li.commits-tab{data: {action: 'commits', toggle: 'tab'}} = link_to merge_request_path(@merge_request), title: 'Commits' do %i.fa.fa-history Commits %span.badge= @commits.size - %li.diffs-tab{data: {action: 'diffs'}} + %li.diffs-tab{data: {action: 'diffs', toggle: 'tab'}} = link_to diffs_namespace_project_merge_request_path(@project.namespace, @project, @merge_request) do %i.fa.fa-list-alt Changes diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 9da7ebf4290..d422acb31d6 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -11,7 +11,7 @@ Doorkeeper.configure do end resource_owner_from_credentials do |routes| - u = User.find_by(email: params[:username]) + u = User.find_by(email: params[:username]) || User.find_by(username: params[:username]) u if u && u.valid_password?(params[:password]) end @@ -83,7 +83,7 @@ Doorkeeper.configure do # # If not specified, Doorkeeper enables all the four grant flows. # - # grant_flows %w(authorization_code implicit password client_credentials) + grant_flows %w(authorization_code password client_credentials) # Under some circumstances you might want to have applications auto-approved, # so that the user skips the authorization step. diff --git a/config/initializers/mime_types.rb b/config/initializers/mime_types.rb index 6978ad93024..ca58ae92d1b 100644 --- a/config/initializers/mime_types.rb +++ b/config/initializers/mime_types.rb @@ -6,4 +6,5 @@ Mime::Type.register_alias "text/plain", :diff Mime::Type.register_alias "text/plain", :patch -Mime::Type.register_alias 'text/html', :md +Mime::Type.register_alias 'text/html', :markdown +Mime::Type.register_alias 'text/html', :md diff --git a/config/routes.rb b/config/routes.rb index 4f33b11d220..744a99feded 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -39,9 +39,9 @@ Gitlab::Application.routes.draw do # Help get 'help' => 'help#index' + get 'help/:category/:file' => 'help#show', as: :help_page, constraints: { category: /.*/, file: /[^\/\.]+/ } get 'help/shortcuts' get 'help/ui' => 'help#ui' - get 'help/:filepath' => 'help#show', as: :help_page, constraints: { filepath: /[^\.]+/ } # # Global snippets diff --git a/doc/ssh/README.md b/doc/ssh/README.md index 0acb15896d3..0acf92fbf54 100644 --- a/doc/ssh/README.md +++ b/doc/ssh/README.md @@ -71,3 +71,9 @@ keys of all the projects you have access to are available. This project access can happen through being a direct member of the project, or through a group. See `def accessible_deploy_keys` in `app/models/user.rb` for more information. + +## Applications + +### Eclipse + +How to add your ssh key to Eclipse: http://wiki.eclipse.org/EGit/User_Guide#Eclipse_SSH_Configuration diff --git a/features/steps/dashboard/help.rb b/features/steps/dashboard/help.rb index fa52e391f05..ef433c57c6e 100644 --- a/features/steps/dashboard/help.rb +++ b/features/steps/dashboard/help.rb @@ -8,7 +8,7 @@ class Spinach::Features::DashboardHelp < Spinach::FeatureSteps end step 'I visit the "Rake Tasks" help page' do - visit help_page_path('raketasks/maintenance', format: 'md') + visit help_page_path("raketasks", "maintenance") end step 'I should see "Rake Tasks" page markdown rendered' do diff --git a/lib/gitlab/markdown.rb b/lib/gitlab/markdown.rb index 8073417a16a..47c456d8dc7 100644 --- a/lib/gitlab/markdown.rb +++ b/lib/gitlab/markdown.rb @@ -68,23 +68,8 @@ module Gitlab @options = options @html_options = html_options - # Extract pre blocks so they are not altered - # from http://github.github.com/github-flavored-markdown/ - text.gsub!(%r{<pre>.*?</pre>|<code>.*?</code>}m) { |match| extract_piece(match) } - # Extract links with probably parsable hrefs - text.gsub!(%r{<a.*?>.*?</a>}m) { |match| extract_piece(match) } - # Extract images with probably parsable src - text.gsub!(%r{<img.*?>}m) { |match| extract_piece(match) } - # TODO: add popups with additional information - text = parse(text, project) - - # Insert pre block extractions - text.gsub!(/\{gfm-extraction-(\h{32})\}/) do - insert_piece($1) - end - # Used markdown pipelines in GitLab: # GitlabEmojiFilter - performs emoji replacement. # SanitizationFilter - remove unsafe HTML tags and attributes @@ -129,6 +114,21 @@ module Gitlab text = result[:output].to_html(save_with: save_options) + # Extract pre blocks so they are not altered + # from http://github.github.com/github-flavored-markdown/ + text.gsub!(%r{<pre>.*?</pre>|<code>.*?</code>}m) { |match| extract_piece(match) } + # Extract links with probably parsable hrefs + text.gsub!(%r{<a.*?>.*?</a>}m) { |match| extract_piece(match) } + # Extract images with probably parsable src + text.gsub!(%r{<img.*?>}m) { |match| extract_piece(match) } + + text = parse(text, project) + + # Insert pre block extractions + text.gsub!(/\{gfm-extraction-(\h{32})\}/) do + insert_piece($1) + end + if options[:parse_tasks] text = parse_tasks(text) end @@ -150,7 +150,7 @@ module Gitlab @extractions[id] end - # Private: Parses text for references and emoji + # Private: Parses text for references # # text - Text to parse # diff --git a/spec/controllers/help_controller_spec.rb b/spec/controllers/help_controller_spec.rb new file mode 100644 index 00000000000..93535ced7ae --- /dev/null +++ b/spec/controllers/help_controller_spec.rb @@ -0,0 +1,61 @@ +require 'spec_helper' + +describe HelpController do + let(:user) { create(:user) } + + before do + sign_in(user) + end + + describe 'GET #show' do + context 'for Markdown formats' do + context 'when requested file exists' do + before do + get :show, category: 'ssh', file: 'README', format: :md + end + + it 'assigns to @markdown' do + expect(assigns[:markdown]).not_to be_empty + end + + it 'renders HTML' do + expect(response).to render_template('show.html.haml') + expect(response.content_type).to eq 'text/html' + end + end + + context 'when requested file is missing' do + it 'renders not found' do + get :show, category: 'foo', file: 'bar', format: :md + expect(response).to be_not_found + end + end + end + + context 'for image formats' do + context 'when requested file exists' do + it 'renders the raw file' do + get :show, category: 'workflow/protected_branches', + file: 'protected_branches1', format: :png + expect(response).to be_success + expect(response.content_type).to eq 'image/png' + expect(response.headers['Content-Disposition']).to match(/^inline;/) + end + end + + context 'when requested file is missing' do + it 'renders not found' do + get :show, category: 'foo', file: 'bar', format: :png + expect(response).to be_not_found + end + end + end + + context 'for other formats' do + it 'always renders not found' do + get :show, category: 'ssh', file: 'README', format: :foo + expect(response).to be_not_found + end + end + end +end diff --git a/spec/features/help_pages_spec.rb b/spec/features/help_pages_spec.rb index 28423eb8caa..8c6b669ce78 100644 --- a/spec/features/help_pages_spec.rb +++ b/spec/features/help_pages_spec.rb @@ -6,7 +6,7 @@ describe 'Help Pages', feature: true do login_as :user end it 'replace the variable $your_email with the email of the user' do - visit help_page_path(filepath: 'ssh/README', format: 'md') + visit help_page_path('ssh', 'README') expect(page).to have_content("ssh-keygen -t rsa -C \"#{@user.email}\"") end end diff --git a/spec/routing/routing_spec.rb b/spec/routing/routing_spec.rb index f5db548f97c..e219a57c29e 100644 --- a/spec/routing/routing_spec.rb +++ b/spec/routing/routing_spec.rb @@ -64,50 +64,35 @@ describe SnippetsController, "routing" do end end -# help GET /help(.:format) help#index -# help_permissions GET /help/permissions(.:format) help#permissions -# help_workflow GET /help/workflow(.:format) help#workflow -# help_api GET /help/api(.:format) help#api -# help_web_hooks GET /help/web_hooks(.:format) help#web_hooks -# help_system_hooks GET /help/system_hooks(.:format) help#system_hooks -# help_markdown GET /help/markdown(.:format) help#markdown -# help_ssh GET /help/ssh(.:format) help#ssh -# help_raketasks GET /help/raketasks(.:format) help#raketasks -describe HelpController, 'routing' do - it 'to #index' do - expect(get('/help')).to route_to('help#index') - end - - it 'to #permissions' do - expect(get('/help/permissions/permissions')).to route_to('help#show', filepath: 'permissions/permissions') - end - - it 'to #workflow' do - expect(get('/help/workflow/README')).to route_to('help#show', filepath: 'workflow/README') - end - - it 'to #api' do - expect(get('/help/api/README')).to route_to('help#show', filepath: 'api/README') - end - - it 'to #web_hooks' do - expect(get('/help/web_hooks/web_hooks')).to route_to('help#show', filepath: 'web_hooks/web_hooks') +# help GET /help(.:format) help#index +# help_page GET /help/:category/:file(.:format) help#show {:category=>/.*/, :file=>/[^\/\.]+/} +# help_shortcuts GET /help/shortcuts(.:format) help#shortcuts +# help_ui GET /help/ui(.:format) help#ui +describe HelpController, "routing" do + it "to #index" do + expect(get("/help")).to route_to('help#index') end - it 'to #system_hooks' do - expect(get('/help/system_hooks/system_hooks')).to route_to('help#show', filepath: 'system_hooks/system_hooks') - end + it 'to #show' do + path = '/help/markdown/markdown.md' + expect(get(path)).to route_to('help#show', + category: 'markdown', + file: 'markdown', + format: 'md') - it 'to #markdown' do - expect(get('/help/markdown/markdown')).to route_to('help#show',filepath: 'markdown/markdown') + path = '/help/workflow/protected_branches/protected_branches1.png' + expect(get(path)).to route_to('help#show', + category: 'workflow/protected_branches', + file: 'protected_branches1', + format: 'png') end - it 'to #ssh' do - expect(get('/help/ssh/README')).to route_to('help#show', filepath: 'ssh/README') + it 'to #shortcuts' do + expect(get('/help/shortcuts')).to route_to('help#shortcuts') end - it 'to #raketasks' do - expect(get('/help/raketasks/README')).to route_to('help#show', filepath: 'raketasks/README') + it 'to #ui' do + expect(get('/help/ui')).to route_to('help#ui') end end |