summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGELOG4
-rw-r--r--app/assets/javascripts/dispatcher.js.coffee5
-rw-r--r--app/controllers/projects/tree_controller.rb4
-rw-r--r--doc/profile/two_factor_authentication.md5
-rw-r--r--doc/raketasks/backup_restore.md35
-rw-r--r--spec/controllers/projects/tree_controller_spec.rb (renamed from spec/controllers/tree_controller_spec.rb)29
-rw-r--r--spec/requests/api/branches_spec.rb5
-rw-r--r--spec/support/test_env.rb11
8 files changed, 86 insertions, 12 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 052f4865d69..2765923124f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,7 +1,8 @@
Please view this file on the master branch, on stable branches it's out of date.
v 7.14.0 (unreleased)
- - Remove repository graph log to fix slow cache updates after push event (Stan Hu)
+ - Fix full screen mode for snippet comments (Daniel Gerhardt)
+ - Fix 404 error in files view after deleting the last file in a repository (Stan Hu)
- Fix label read access for unauthenticated users (Daniel Gerhardt)
- Fix access to disabled features for unauthenticated users (Daniel Gerhardt)
- Fix OAuth provider bug where GitLab would not go return to the redirect_uri after sign-in (Stan Hu)
@@ -12,6 +13,7 @@ v 7.14.0 (unreleased)
- Add fetch command to the MR page.
v 7.13.0 (unreleased)
+ - Remove repository graph log to fix slow cache updates after push event (Stan Hu)
- Only enable HSTS header for HTTPS and port 443 (Stan Hu)
- Fix user autocomplete for unauthenticated users accessing public projects (Stan Hu)
- Fix redirection to home page URL for unauthorized users (Daniel Gerhardt)
diff --git a/app/assets/javascripts/dispatcher.js.coffee b/app/assets/javascripts/dispatcher.js.coffee
index 2ab148bc296..81e73799271 100644
--- a/app/assets/javascripts/dispatcher.js.coffee
+++ b/app/assets/javascripts/dispatcher.js.coffee
@@ -128,7 +128,10 @@ class Dispatcher
shortcut_handler = new ShortcutsNavigation()
new ZenMode()
new DropzoneInput($('.wiki-form'))
- when 'snippets', 'labels', 'graphs'
+ when 'snippets'
+ shortcut_handler = new ShortcutsNavigation()
+ new ZenMode() if path[2] == 'show'
+ when 'labels', 'graphs'
shortcut_handler = new ShortcutsNavigation()
when 'project_members', 'deploy_keys', 'hooks', 'services', 'protected_branches'
shortcut_handler = new ShortcutsNavigation()
diff --git a/app/controllers/projects/tree_controller.rb b/app/controllers/projects/tree_controller.rb
index b659e15f242..92e4bc16d9d 100644
--- a/app/controllers/projects/tree_controller.rb
+++ b/app/controllers/projects/tree_controller.rb
@@ -7,13 +7,15 @@ class Projects::TreeController < Projects::ApplicationController
before_action :authorize_download_code!
def show
+ return not_found! unless @repository.commit(@ref)
+
if tree.entries.empty?
if @repository.blob_at(@commit.id, @path)
redirect_to(
namespace_project_blob_path(@project.namespace, @project,
File.join(@ref, @path))
) and return
- else
+ elsif @path.present?
return not_found!
end
end
diff --git a/doc/profile/two_factor_authentication.md b/doc/profile/two_factor_authentication.md
index fb215c8b269..f60ce35d3e2 100644
--- a/doc/profile/two_factor_authentication.md
+++ b/doc/profile/two_factor_authentication.md
@@ -63,5 +63,10 @@ your phone's application or a recovery code to log in.
1. Go to **Account**.
1. Click **Disable Two-factor Authentication**.
+## Note to GitLab administrators
+
+You need to take special care to that 2FA keeps working after
+[restoring a GitLab backup](../raketasks/backup_restore.md).
+
[Google Authenticator]: https://support.google.com/accounts/answer/1066447?hl=en
[FreeOTP]: https://fedorahosted.org/freeotp/
diff --git a/doc/raketasks/backup_restore.md b/doc/raketasks/backup_restore.md
index 39a13b14fba..36ab2b91959 100644
--- a/doc/raketasks/backup_restore.md
+++ b/doc/raketasks/backup_restore.md
@@ -9,6 +9,13 @@ This archive will be saved in backup_path (see `config/gitlab.yml`).
The filename will be `[TIMESTAMP]_gitlab_backup.tar`. This timestamp can be used to restore an specific backup.
You can only restore a backup to exactly the same version of GitLab that you created it on, for example 7.2.1.
+You need to keep a separate copy of `/etc/gitlab/gitlab-secrets.json`
+(for omnibus packages) or `/home/git/gitlab/.secret` (for installations
+from source). This file contains the database encryption key used
+for two-factor authentication. If you restore a GitLab backup without
+restoring the database encryption key, users who have two-factor
+authentication enabled will loose access to your GitLab server.
+
If you are interested in GitLab CI backup please follow to the [CI backup documentation](https://gitlab.com/gitlab-org/gitlab-ci/blob/master/doc/raketasks/backup_restore.md)*
```
@@ -143,15 +150,39 @@ with the name of your bucket:
## Storing configuration files
-Please be informed that a backup does not store your configuration files.
+Please be informed that a backup does not store your configuration
+files. One reason for this is that your database contains encrypted
+information for two-factor authentication. Storing encrypted
+information along with its key in the same place defeats the purpose
+of using encryption in the first place!
+
If you use an Omnibus package please see the [instructions in the readme to backup your configuration](https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md#backup-and-restore-omnibus-gitlab-configuration).
If you have a cookbook installation there should be a copy of your configuration in Chef.
-If you have an installation from source, please consider backing up your `gitlab.yml` file, any SSL keys and certificates, and your [SSH host keys](https://superuser.com/questions/532040/copy-ssh-keys-from-one-server-to-another-server/532079#532079).
+If you have an installation from source, please consider backing up your `.secret` file, `gitlab.yml` file, any SSL keys and certificates, and your [SSH host keys](https://superuser.com/questions/532040/copy-ssh-keys-from-one-server-to-another-server/532079#532079).
+
+At the very **minimum** you should backup `/etc/gitlab/gitlab-secrets.json`
+(Omnibus) or `/home/git/gitlab/.secret` (source) to preserve your
+database encryption key.
## Restore a previously created backup
You can only restore a backup to exactly the same version of GitLab that you created it on, for example 7.2.1.
+### Prerequisites
+
+You need to have a working GitLab installation before you can perform
+a restore. This is mainly because the system user performing the
+restore actions ('git') is usually not allowed to create or delete
+the SQL database it needs to import data into ('gitlabhq_production').
+All existing data will be either erased (SQL) or moved to a separate
+directory (repositories, uploads).
+
+If some or all of your GitLab users are using two-factor authentication
+(2FA) then you must also make sure to restore
+`/etc/gitlab/gitlab-secrets.json` (Omnibus) or `/home/git/gitlab/.secret`
+(installations from source). Note that you need to run `gitlab-ctl
+reconfigure` after changing `gitlab-secrets.json`.
+
### Installation from source
```
diff --git a/spec/controllers/tree_controller_spec.rb b/spec/controllers/projects/tree_controller_spec.rb
index e09caf5df13..53915856357 100644
--- a/spec/controllers/tree_controller_spec.rb
+++ b/spec/controllers/projects/tree_controller_spec.rb
@@ -8,9 +8,6 @@ describe Projects::TreeController do
sign_in(user)
project.team << [user, :master]
-
- allow(project).to receive(:branches).and_return(['master', 'foo/bar/baz'])
- allow(project).to receive(:tags).and_return(['v1.0.0', 'v2.0.0'])
controller.instance_variable_set(:@project, project)
end
@@ -44,6 +41,32 @@ describe Projects::TreeController do
let(:id) { 'invalid-branch/encoding/' }
it { is_expected.to respond_with(:not_found) }
end
+
+ context "valid empty branch, invalid path" do
+ let(:id) { 'empty-branch/invalid-path/' }
+ it { is_expected.to respond_with(:not_found) }
+ end
+
+ context "valid empty branch" do
+ let(:id) { 'empty-branch' }
+ it { is_expected.to respond_with(:success) }
+ end
+
+ context "invalid SHA commit ID" do
+ let(:id) { 'ff39438/.gitignore' }
+ it { is_expected.to respond_with(:not_found) }
+ end
+
+ context "valid SHA commit ID" do
+ let(:id) { '6d39438' }
+ it { is_expected.to respond_with(:success) }
+ end
+
+ context "valid SHA commit ID with path" do
+ let(:id) { '6d39438/.gitignore' }
+ it { expect(response.status).to eq(302) }
+ end
+
end
describe 'GET show with blob path' do
diff --git a/spec/requests/api/branches_spec.rb b/spec/requests/api/branches_spec.rb
index cb6e5e89625..5c1b58535cc 100644
--- a/spec/requests/api/branches_spec.rb
+++ b/spec/requests/api/branches_spec.rb
@@ -14,10 +14,13 @@ describe API::API, api: true do
describe "GET /projects/:id/repository/branches" do
it "should return an array of project branches" do
+ project.repository.expire_cache
+
get api("/projects/#{project.id}/repository/branches", user)
expect(response.status).to eq(200)
expect(json_response).to be_an Array
- expect(json_response.first['name']).to eq(project.repository.branch_names.first)
+ branch_names = json_response.map { |x| x['name'] }
+ expect(branch_names).to match_array(project.repository.branch_names)
end
end
diff --git a/spec/support/test_env.rb b/spec/support/test_env.rb
index 8bdd6b43cdd..dcf2a9e2ce5 100644
--- a/spec/support/test_env.rb
+++ b/spec/support/test_env.rb
@@ -5,6 +5,7 @@ module TestEnv
# When developing the seed repository, comment out the branch you will modify.
BRANCH_SHA = {
+ 'empty-branch' => '7efb185',
'flatten-dir' => 'e56497b',
'feature' => '0b4bc9a',
'feature_conflict' => 'bb5206f',
@@ -14,9 +15,13 @@ module TestEnv
'master' => '5937ac0'
}
- FORKED_BRANCH_SHA = BRANCH_SHA.merge({
- 'add-submodule-version-bump' => '3f547c08'
- })
+ # gitlab-test-fork is a fork of gitlab-fork, but we don't necessarily
+ # need to keep all the branches in sync.
+ # We currently only need a subset of the branches
+ FORKED_BRANCH_SHA = {
+ 'add-submodule-version-bump' => '3f547c08',
+ 'master' => '5937ac0'
+ }
# Test environment
#
View Lorry Controller Status