18 files changed, 47 insertions, 24 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 60ee11b5f6e..4095ac48782 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,9 +2,11 @@ Please view this file on the master branch, on stable branches it's out of date.
 
 v 7.13.0 (unreleased)
   - Fix Merge Request webhook to properly fire "merge" action when accepted from the web UI
+  - Add `two_factor_enabled` field to admin user API (Stan Hu)
   - Fix invalid timestamps in RSS feeds (Rowan Wookey)
   - Fix error when deleting a user who has projects (Stan Hu)
   - Fix downloading of patches on public merge requests when user logged out (Stan Hu)
+  - The password for the default administrator (root) account has been changed from "5iveL!fe" to "password".
   - Update maintenance documentation to explain no need to recompile asssets for omnibus installations (Stan Hu)
   - Support commenting on diffs in side-by-side mode (Stan Hu)
   - Fix JavaScript error when clicking on the comment button on a diff line that has a comment already (Stan Hu)
@@ -18,6 +20,7 @@ v 7.13.0 (unreleased)
   - Allow Administrators to filter the user list by those with or without Two-factor Authentication enabled.
   - Show a user's Two-factor Authentication status in the administration area.
   - Explicit error when commit not found in the CI
+  - Improve performance for issue and merge request pages 
 
 v 7.12.0 (unreleased)
   - Fix Error 500 when one user attempts to access a personal, internal snippet (Stan Hu)
diff --git a/README.md b/README.md
index 52a483aa532..37badd448c1 100644
--- a/README.md
+++ b/README.md
@@ -62,7 +62,7 @@ The recommended way to install GitLab is using the provided [Omnibus packages](h
 
 There are various other options to install GitLab, please refer to the [installation page on the GitLab website](https://about.gitlab.com/installation/) for more information.
 
-You can access a new installation with the login **`root`** and password **`5iveL!fe`**, after login you are required to set a unique password.
+You can access a new installation with the login **`root`** and password **`password`**, after login you are required to set a unique password.
 
 ## Third-party applications
 
diff --git a/app/assets/stylesheets/generic/common.scss b/app/assets/stylesheets/generic/common.scss
index 1419a9cded9..961ac793de2 100644
--- a/app/assets/stylesheets/generic/common.scss
+++ b/app/assets/stylesheets/generic/common.scss
@@ -364,3 +364,12 @@ table {
     margin-top: 8px;
   }
 }
+
+.profiler-results {
+  top: 50px !important;
+
+  .profiler-button,
+  .profiler-controls {
+    border-color: #EEE !important;
+  }
+}
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index 7d168aa827b..69bd1f58449 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -55,6 +55,7 @@ class Projects::IssuesController < Projects::ApplicationController
   end
 
   def show
+    @participants = @issue.participants(current_user, @project)
     @note = @project.notes.new(noteable: @issue)
     @notes = @issue.notes.inc_author.fresh
     @noteable = @issue
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 51ecbfd561a..a13688305b7 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -246,6 +246,8 @@ class Projects::MergeRequestsController < Projects::ApplicationController
   end
 
   def define_show_vars
+    @participants = @merge_request.participants(current_user, @project)
+
     # Build a note object for comment form
     @note = @project.notes.new(noteable: @merge_request)
     @notes = @merge_request.mr_and_commit_notes.inc_author.fresh
diff --git a/app/models/concerns/participable.rb b/app/models/concerns/participable.rb
index 9f667f47e0d..7c9597333dd 100644
--- a/app/models/concerns/participable.rb
+++ b/app/models/concerns/participable.rb
@@ -14,7 +14,7 @@
 #
 #       participant :author, :assignee, :mentioned_users, :notes
 #     end
-#     
+#
 #     issue = Issue.last
 #     users = issue.participants
 #     # `users` will contain the issue's author, its assignee,
@@ -35,11 +35,13 @@ module Participable
     end
   end
 
+  # Be aware that this method makes a lot of sql queries.
+  # Save result into variable if you are going to reuse it inside same request
   def participants(current_user = self.author, project = self.project)
     participants = self.class.participant_attrs.flat_map do |attr|
       meth = method(attr)
 
-      value = 
+      value =
         if meth.arity == 1 || meth.arity == -1
           meth.call(current_user)
         else
@@ -59,7 +61,7 @@ module Participable
   end
 
   private
-  
+
   def participants_for(value, current_user = nil, project = nil)
     case value
     when User
diff --git a/app/views/projects/issues/_discussion.html.haml b/app/views/projects/issues/_discussion.html.haml
index 48858fa32da..656e06ca105 100644
--- a/app/views/projects/issues/_discussion.html.haml
+++ b/app/views/projects/issues/_discussion.html.haml
@@ -12,8 +12,8 @@
     .votes-holder.pull-right
       #votes= render 'votes/votes_block', votable: @issue
     .participants
-      %span= pluralize(@issue.participants(current_user).count, 'participant')
-      - @issue.participants(current_user).each do |participant|
+      %span= pluralize(@participants.count, 'participant')
+      - @participants.each do |participant|
         = link_to_member(@project, participant, name: false, size: 24)
     .voting_notes#notes= render 'projects/notes/notes_with_form'
   %aside.col-md-3
diff --git a/app/views/projects/issues/_issue_context.html.haml b/app/views/projects/issues/_issue_context.html.haml
index 323f5c84a85..88b63946905 100644
--- a/app/views/projects/issues/_issue_context.html.haml
+++ b/app/views/projects/issues/_issue_context.html.haml
@@ -28,18 +28,19 @@
       = f.submit class: 'btn'
 
   - if current_user
+    - subscribed = @issue.subscribed?(current_user)
     %div.prepend-top-20.clearfix
       .issuable-context-title
         %label
           Subscription:
       %button.btn.btn-block.subscribe-button{:type => 'button'}
         %i.fa.fa-eye
-        %span= @issue.subscribed?(current_user) ? "Unsubscribe" : "Subscribe"
-      - subscribtion_status = @issue.subscribed?(current_user) ? "subscribed" : "unsubscribed"
+        %span= subscribed ? "Unsubscribe" : "Subscribe"
+      - subscribtion_status = subscribed ? "subscribed" : "unsubscribed"
       .subscription-status{"data-status" => subscribtion_status}
-        .description-block.unsubscribed{class: ( "hidden" if @issue.subscribed?(current_user) )}
+        .description-block.unsubscribed{class: ( "hidden" if subscribed )}
           You're not receiving notifications from this thread.
-        .description-block.subscribed{class: ( "hidden" unless @issue.subscribed?(current_user) )}
+        .description-block.subscribed{class: ( "hidden" unless subscribed )}
           You're receiving notifications because you're subscribed to this thread.
 
 :coffeescript
diff --git a/app/views/projects/merge_requests/show/_context.html.haml b/app/views/projects/merge_requests/show/_context.html.haml
index 1d0e2e350b0..5f2f65e0087 100644
--- a/app/views/projects/merge_requests/show/_context.html.haml
+++ b/app/views/projects/merge_requests/show/_context.html.haml
@@ -30,18 +30,19 @@
         = f.submit class: 'btn'
 
   - if current_user
+    - subscribed = @merge_request.subscribed?(current_user)
     %div.prepend-top-20.clearfix
       .issuable-context-title
         %label
           Subscription:
       %button.btn.btn-block.subscribe-button{:type => 'button'}
         = icon('eye')
-        %span= @merge_request.subscribed?(current_user) ? 'Unsubscribe' : 'Subscribe'
-      - subscribtion_status = @merge_request.subscribed?(current_user) ? 'subscribed' : 'unsubscribed'
+        %span= subscribed ? 'Unsubscribe' : 'Subscribe'
+      - subscribtion_status = subscribed ? 'subscribed' : 'unsubscribed'
       .subscription-status{data: {status: subscribtion_status}}
-        .description-block.unsubscribed{class: ( 'hidden' if @merge_request.subscribed?(current_user) )}
+        .description-block.unsubscribed{class: ( 'hidden' if subscribed )}
           You're not receiving notifications from this thread.
-        .description-block.subscribed{class: ( 'hidden' unless @merge_request.subscribed?(current_user) )}
+        .description-block.subscribed{class: ( 'hidden' unless subscribed )}
           You're receiving notifications because you're subscribed to this thread.
 
 :coffeescript
diff --git a/app/views/projects/merge_requests/show/_participants.html.haml b/app/views/projects/merge_requests/show/_participants.html.haml
index 9c93fa55fe6..c67afe963e7 100644
--- a/app/views/projects/merge_requests/show/_participants.html.haml
+++ b/app/views/projects/merge_requests/show/_participants.html.haml
@@ -1,4 +1,4 @@
 .participants
-  %span #{@merge_request.participants(current_user).count} participants
-  - @merge_request.participants(current_user).each do |participant|
+  %span #{@participants.count} participants
+  - @participants.each do |participant|
     = link_to_member(@project, participant, name: false, size: 24)
diff --git a/config/initializers/6_rack_profiler.rb b/config/initializers/6_rack_profiler.rb
index 5312fd8e89a..1d958904e8f 100644
--- a/config/initializers/6_rack_profiler.rb
+++ b/config/initializers/6_rack_profiler.rb
@@ -5,6 +5,6 @@ if Rails.env.development?
   Rack::MiniProfilerRails.initialize!(Rails.application)
 
   Rack::MiniProfiler.config.position = 'right'
-  Rack::MiniProfiler.config.start_hidden = true
+  Rack::MiniProfiler.config.start_hidden = false
   Rack::MiniProfiler.config.skip_paths << '/teaspoon'
 end
diff --git a/db/fixtures/development/01_admin.rb b/db/fixtures/development/01_admin.rb
index bba2fc4b186..b25d0dfc701 100644
--- a/db/fixtures/development/01_admin.rb
+++ b/db/fixtures/development/01_admin.rb
@@ -5,7 +5,7 @@ Gitlab::Seeder.quiet do
     s.email = 'admin@example.com'
     s.notification_email = 'admin@example.com'
     s.username = 'root'
-    s.password = '5iveL!fe'
+    s.password = 'password'
     s.admin = true
     s.projects_limit = 100
     s.confirmed_at = DateTime.now
diff --git a/db/fixtures/production/001_admin.rb b/db/fixtures/production/001_admin.rb
index 1c8740f6ba9..1af8dfc0ef0 100644
--- a/db/fixtures/production/001_admin.rb
+++ b/db/fixtures/production/001_admin.rb
@@ -1,5 +1,5 @@
 if ENV['GITLAB_ROOT_PASSWORD'].blank?
-  password = '5iveL!fe'
+  password = 'password'
   expire_time = Time.now
 else
   password = ENV['GITLAB_ROOT_PASSWORD']
diff --git a/doc/api/users.md b/doc/api/users.md
index cd141daadc8..8b04282f160 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -58,7 +58,8 @@ GET /users
     "is_admin": false,
     "avatar_url": "http://localhost:3000/uploads/user/avatar/1/cd8.jpeg",
     "can_create_group": true,
-    "current_sign_in_at": "2014-03-19T13:12:15Z"
+    "current_sign_in_at": "2014-03-19T13:12:15Z",
+    "two_factor_enabled": true
   },
   {
     "id": 2,
@@ -81,7 +82,8 @@ GET /users
     "can_create_group": true,
     "can_create_project": true,
     "projects_limit": 100,
-    "current_sign_in_at": "2014-03-19T17:54:13Z"
+    "current_sign_in_at": "2014-03-19T17:54:13Z",
+    "two_factor_enabled": false
   }
 ]
 ```
diff --git a/doc/install/installation.md b/doc/install/installation.md
index 8b918cba133..cf58abea4eb 100644
--- a/doc/install/installation.md
+++ b/doc/install/installation.md
@@ -404,7 +404,7 @@ NOTE: Supply `SANITIZE=true` environment variable to `gitlab:check` to omit proj
 Visit YOUR_SERVER in your web browser for your first GitLab login. The setup has created a default admin account for you. You can use it to log in:
 
     root
-    5iveL!fe
+    password
 
 **Important Note:** On login you'll be prompted to change the password.
 
diff --git a/docker/README.md b/docker/README.md
index fb3bde5016d..9507aa6a63c 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -13,7 +13,7 @@ It might take a while before the docker container is responding to queries.
 
 You can check the status with something like `sudo docker logs -f 7c10172d7705`.
 
-You can login to the web interface with username `root` and password `5iveL!fe`.
+You can login to the web interface with username `root` and password `password`.
 
 Next time, you can just use docker start and stop to run the container.
 
@@ -159,4 +159,4 @@ sudo docker push sytse/gitlab-data
 
 ## Troubleshooting
 
-Please see the [troubleshooting](troubleshooting.md) file in this directory.
\ No newline at end of file
+Please see the [troubleshooting](troubleshooting.md) file in this directory.
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index b23eff3661c..14a8f929d76 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -24,6 +24,7 @@ module API
       expose :identities, using: Entities::Identity
       expose :can_create_group?, as: :can_create_group
       expose :can_create_project?, as: :can_create_project
+      expose :two_factor_enabled
     end
 
     class UserLogin < UserFull
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index c10998e171f..1a29058f3f1 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -35,6 +35,7 @@ describe API::API, api: true  do
         expect(json_response.first.keys).to include 'email'
         expect(json_response.first.keys).to include 'identities'
         expect(json_response.first.keys).to include 'can_create_project'
+        expect(json_response.first.keys).to include 'two_factor_enabled'
       end
     end
   end