8 files changed, 77 insertions, 15 deletions

diff --git a/app/controllers/admin/background_jobs_controller.rb b/app/controllers/admin/background_jobs_controller.rb
index f2b8277efea..4c1d0df4110 100644
--- a/app/controllers/admin/background_jobs_controller.rb
+++ b/app/controllers/admin/background_jobs_controller.rb
@@ -1,6 +1,6 @@
 class Admin::BackgroundJobsController < Admin::ApplicationController
   def show
-    ps_output, _ = Gitlab::Popen.popen(%W(ps -U #{Settings.gitlab.user} -o euser,pid,pcpu,pmem,stat,start,command))
+    ps_output, _ = Gitlab::Popen.popen(%W(ps -U #{Settings.gitlab.user} -o pid,pcpu,pmem,stat,start,command))
     @sidekiq_processes = ps_output.split("\n").grep(/sidekiq/)
   end
 end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 9ed46c23942..5f8b2da06f8 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -6,6 +6,7 @@ class ApplicationController < ActionController::Base
   before_filter :check_password_expiration
   around_filter :set_current_user_for_thread
   before_filter :add_abilities
+  before_filter :ldap_security_check
   before_filter :dev_tools if Rails.env == 'development'
   before_filter :default_headers
   before_filter :add_gon_variables
@@ -179,11 +180,30 @@ class ApplicationController < ActionController::Base
     end
   end
 
+  def ldap_security_check
+    if current_user && current_user.requires_ldap_check?
+      gitlab_ldap_access do |access|
+        if access.allowed?(current_user)
+          current_user.last_credential_check_at = Time.now
+          current_user.save
+        else
+          sign_out current_user
+          flash[:alert] = "Access denied for your LDAP account."
+          redirect_to new_user_session_path
+        end
+      end
+    end
+  end
+
   def event_filter
     filters = cookies['event_filter'].split(',') if cookies['event_filter'].present?
     @event_filter ||= EventFilter.new(filters)
   end
 
+  def gitlab_ldap_access(&block)
+    Gitlab::LDAP::Access.open { |access| block.call(access) }
+  end
+
   # JSON for infinite scroll via Pager object
   def pager_json(partial, count)
     html = render_to_string(
diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
index a74e97ac253..233b91680f6 100644
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -22,6 +22,8 @@ class DashboardController < ApplicationController
 
     @last_push = current_user.recent_push
 
+    @publicish_project_count = Project.publicish(current_user).count
+
     respond_to do |format|
       format.html
       format.json { pager_json("events/_events", @events.count) }
diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb
new file mode 100644
index 00000000000..988ede3007b
--- /dev/null
+++ b/app/controllers/passwords_controller.rb
@@ -0,0 +1,18 @@
+class PasswordsController < Devise::PasswordsController
+
+  def create
+    email = resource_params[:email]
+    resource_found = resource_class.find_by_email(email)
+    if resource_found && resource_found.ldap_user?
+      flash[:alert] = "Cannot reset password for LDAP user."
+      respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name)) and return
+    end
+
+    self.resource = resource_class.send_reset_password_instructions(resource_params)
+    if successfully_sent?(resource)
+      respond_with({}, :location => after_sending_reset_password_instructions_path_for(resource_name))
+    else
+      respond_with(resource)
+    end
+  end
+end
diff --git a/app/controllers/profiles/keys_controller.rb b/app/controllers/profiles/keys_controller.rb
index b4f14e649e2..6713cd7c8c7 100644
--- a/app/controllers/profiles/keys_controller.rb
+++ b/app/controllers/profiles/keys_controller.rb
@@ -41,7 +41,7 @@ class Profiles::KeysController < ApplicationController
       begin
         user = User.find_by_username(params[:username])
         if user.present?
-          render text: user.all_ssh_keys.join("\n")
+          render text: user.all_ssh_keys.join("\n"), content_type: "text/plain"
         else
           render_404 and return
         end
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index f1c0336e6ea..e181a0ec7fa 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -5,7 +5,7 @@ class ProjectsController < ApplicationController
 
   # Authorize
   before_filter :authorize_read_project!, except: [:index, :new, :create]
-  before_filter :authorize_admin_project!, only: [:edit, :update, :destroy, :transfer, :archive, :unarchive]
+  before_filter :authorize_admin_project!, only: [:edit, :update, :destroy, :transfer, :archive, :unarchive, :retry_import]
   before_filter :require_non_empty_project, only: [:blob, :tree, :graph]
 
   layout 'navless', only: [:new, :create, :fork]
@@ -21,16 +21,9 @@ class ProjectsController < ApplicationController
 
   def create
     @project = ::Projects::CreateService.new(current_user, params[:project]).execute
+    flash[:notice] = 'Project was successfully created.' if @project.saved?
 
     respond_to do |format|
-      flash[:notice] = 'Project was successfully created.' if @project.saved?
-      format.html do
-        if @project.saved?
-          redirect_to @project
-        else
-          render "new"
-        end
-      end
       format.js
     end
   end
@@ -55,6 +48,11 @@ class ProjectsController < ApplicationController
   end
 
   def show
+    if @project.import_in_progress?
+      redirect_to import_project_path(@project)
+      return
+    end
+
     return authenticate_user! unless @project.public? || current_user
 
     limit = (params[:limit] || 20).to_i
@@ -67,9 +65,7 @@ class ProjectsController < ApplicationController
         if @project.empty_repo?
           render "projects/empty", layout: user_layout
         else
-          if current_user
-            @last_push = current_user.recent_push(@project.id)
-          end
+          @last_push = current_user.recent_push(@project.id) if current_user
           render :show, layout: user_layout
         end
       end
@@ -77,6 +73,28 @@ class ProjectsController < ApplicationController
     end
   end
 
+  def import
+    if project.import_finished?
+      redirect_to @project
+      return
+    end
+  end
+
+  def retry_import
+    unless @project.import_failed?
+      redirect_to import_project_path(@project)
+    end
+
+    @project.import_url = params[:project][:import_url]
+
+    if @project.save
+      @project.reload
+      @project.import_retry
+    end
+
+    redirect_to import_project_path(@project)
+  end
+
   def destroy
     return access_denied! unless can?(current_user, :remove_project, project)
 
@@ -106,7 +124,7 @@ class ProjectsController < ApplicationController
 
   def autocomplete_sources
     @suggestions = {
-      emojis: Emoji.names,
+      emojis: Emoji.names.map { |e| { name: e, path: view_context.image_url("emoji/#{e}.png") } },
       issues: @project.issues.select([:iid, :title, :description]),
       mergerequests: @project.merge_requests.select([:iid, :title, :description]),
       members: @project.team.members.sort_by(&:username).map { |user| { username: user.username, name: user.name } }
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index c1648d6c387..8df84e9884a 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -7,6 +7,7 @@ class SearchController < ApplicationController
 
     if @project
       return access_denied! unless can?(current_user, :download_code, @project)
+
       @search_results = Search::ProjectService.new(@project, current_user, params).execute
     else
       @search_results = Search::GlobalService.new(current_user, params).execute
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index e54a968326f..0dd941a48e2 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -19,6 +19,9 @@ class SnippetsController < ApplicationController
 
   def user_index
     @user = User.find_by(username: params[:username])
+
+    render_404 and return unless @user
+
     @snippets = @user.snippets.fresh.non_expired
 
     if @user == current_user