diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/assets/javascripts/branches/components/delete_merged_branches.vue | 1 | ||||
-rw-r--r-- | app/controllers/application_controller.rb | 15 | ||||
-rw-r--r-- | app/controllers/omniauth_callbacks_controller.rb | 17 | ||||
-rw-r--r-- | app/graphql/resolvers/concerns/time_frame_arguments.rb | 42 | ||||
-rw-r--r-- | app/graphql/resolvers/milestones_resolver.rb | 2 | ||||
-rw-r--r-- | app/models/users/banned_user.rb | 2 | ||||
-rw-r--r-- | app/models/users/credit_card_validation.rb | 30 | ||||
-rw-r--r-- | app/policies/identity_provider_policy.rb | 4 | ||||
-rw-r--r-- | app/services/projects/create_service.rb | 3 | ||||
-rw-r--r-- | app/views/groups/new.html.haml | 11 |
10 files changed, 38 insertions, 89 deletions
diff --git a/app/assets/javascripts/branches/components/delete_merged_branches.vue b/app/assets/javascripts/branches/components/delete_merged_branches.vue index 73d7a59e67e..d9d8f1d742d 100644 --- a/app/assets/javascripts/branches/components/delete_merged_branches.vue +++ b/app/assets/javascripts/branches/components/delete_merged_branches.vue @@ -102,6 +102,7 @@ export default { category="tertiary" no-caret placement="right" + data-qa-selector="delete_merged_branches_dropdown_button" :items="dropdownItems" /> <gl-modal diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0767fadbe71..9749af08dca 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -29,7 +29,6 @@ class ApplicationController < ActionController::Base before_action :limit_session_time, if: -> { !current_user } before_action :authenticate_user!, except: [:route_not_found] before_action :enforce_terms!, if: :should_enforce_terms? - before_action :validate_user_service_ticket! before_action :check_password_expiration, if: :html_request? before_action :ldap_security_check before_action :default_headers @@ -326,20 +325,6 @@ class ApplicationController < ActionController::Base headers['Content-Disposition'] = "attachment; filename=\"#{csv_filename}\"" end - def validate_user_service_ticket! - return unless signed_in? && session[:service_tickets] - - valid = session[:service_tickets].all? do |provider, ticket| - Gitlab::Auth::OAuth::Session.valid?(provider, ticket) - end - - unless valid - session[:service_tickets] = nil - sign_out current_user - redirect_to new_user_session_path - end - end - def check_password_expiration return if session[:impersonator_id] || !current_user&.allow_password_authentication? diff --git a/app/controllers/omniauth_callbacks_controller.rb b/app/controllers/omniauth_callbacks_controller.rb index b9964e8ca01..a2e0670d7e1 100644 --- a/app/controllers/omniauth_callbacks_controller.rb +++ b/app/controllers/omniauth_callbacks_controller.rb @@ -10,7 +10,7 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController after_action :verify_known_sign_in - protect_from_forgery except: [:cas3, :failure] + AuthHelper.saml_providers, with: :exception, prepend: true + protect_from_forgery except: [:failure] + AuthHelper.saml_providers, with: :exception, prepend: true feature_category :system_access @@ -57,15 +57,6 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController redirect_unverified_saml_initiation end - def cas3 - ticket = params['ticket'] - if ticket - handle_service_ticket oauth['provider'], ticket - end - - handle_omniauth - end - def auth0 if oauth['uid'].blank? fail_auth0_login @@ -146,12 +137,6 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController redirect_to profile_account_path, notice: _('Authentication method updated') end - def handle_service_ticket(provider, ticket) - Gitlab::Auth::OAuth::Session.create provider, ticket - session[:service_tickets] ||= {} - session[:service_tickets][provider] = ticket - end - def build_auth_user(auth_user_class) auth_user_class.new(oauth) end diff --git a/app/graphql/resolvers/concerns/time_frame_arguments.rb b/app/graphql/resolvers/concerns/time_frame_arguments.rb index 87b7a96045c..c26898bb2f1 100644 --- a/app/graphql/resolvers/concerns/time_frame_arguments.rb +++ b/app/graphql/resolvers/concerns/time_frame_arguments.rb @@ -3,51 +3,15 @@ module TimeFrameArguments extend ActiveSupport::Concern - OVERLAPPING_TIMEFRAME_DESC = 'List items overlapping a time frame defined by startDate..endDate (if one date is provided, both must be present)' - included do - argument :start_date, Types::TimeType, - required: false, - description: OVERLAPPING_TIMEFRAME_DESC, - deprecated: { reason: 'Use timeframe.start', milestone: '13.5' } - - argument :end_date, Types::TimeType, - required: false, - description: OVERLAPPING_TIMEFRAME_DESC, - deprecated: { reason: 'Use timeframe.end', milestone: '13.5' } - argument :timeframe, Types::TimeframeInputType, required: false, description: 'List items overlapping the given timeframe.' end - # TODO: remove when the start_date and end_date arguments are removed - def validate_timeframe_params!(args) - return unless %i[start_date end_date timeframe].any? { |k| args[k].present? } - - # the timeframe is passed in as a TimeframeInputType - timeframe = args[:timeframe].to_h if args[:timeframe] - return if timeframe && %i[start_date end_date].all? { |k| args[k].nil? } - - error_message = - if timeframe.present? - "startDate and endDate are deprecated in favor of timeframe. Please use only timeframe." - elsif args[:start_date].nil? || args[:end_date].nil? - "Both startDate and endDate must be present." - elsif args[:start_date] > args[:end_date] - "startDate is after endDate" - end - - if error_message - raise Gitlab::Graphql::Errors::ArgumentError, error_message - end - end - def transform_timeframe_parameters(args) - if args[:timeframe] - args[:timeframe].to_h.transform_keys { |k| :"#{k}_date" } - else - args.slice(:start_date, :end_date) - end + return {} unless args[:timeframe] + + args[:timeframe].to_h.transform_keys { |k| :"#{k}_date" } end end diff --git a/app/graphql/resolvers/milestones_resolver.rb b/app/graphql/resolvers/milestones_resolver.rb index 25ff783b408..563c6594665 100644 --- a/app/graphql/resolvers/milestones_resolver.rb +++ b/app/graphql/resolvers/milestones_resolver.rb @@ -40,8 +40,6 @@ module Resolvers NON_STABLE_CURSOR_SORTS = %i[expired_last_due_date_asc expired_last_due_date_desc].freeze def resolve_with_lookahead(**args) - validate_timeframe_params!(args) - milestones = apply_lookahead(MilestonesFinder.new(milestones_finder_params(args)).execute) if non_stable_cursor_sort?(args[:sort]) diff --git a/app/models/users/banned_user.rb b/app/models/users/banned_user.rb index 466fc71f83a..8a62744c7d6 100644 --- a/app/models/users/banned_user.rb +++ b/app/models/users/banned_user.rb @@ -5,6 +5,8 @@ module Users self.primary_key = :user_id belongs_to :user + has_one :credit_card_validation, class_name: '::Users::CreditCardValidation', primary_key: 'user_id', + foreign_key: 'user_id', inverse_of: :banned_user validates :user, presence: true validates :user_id, uniqueness: { message: N_("banned user already exists") } diff --git a/app/models/users/credit_card_validation.rb b/app/models/users/credit_card_validation.rb index 272f31aa9ce..1b0fd8682db 100644 --- a/app/models/users/credit_card_validation.rb +++ b/app/models/users/credit_card_validation.rb @@ -7,6 +7,8 @@ module Users self.table_name = 'user_credit_card_validations' belongs_to :user + belongs_to :banned_user, class_name: '::Users::BannedUser', foreign_key: :user_id, + inverse_of: :credit_card_validation validates :holder_name, length: { maximum: 50 } validates :network, length: { maximum: 32 } @@ -14,18 +16,32 @@ module Users greater_than_or_equal_to: 0, less_than_or_equal_to: 9999 } + scope :by_banned_user, -> { joins(:banned_user) } + scope :similar_by_holder_name, ->(holder_name) do + if holder_name.present? + where('lower(holder_name) = lower(:value)', value: holder_name) + else + none + end + end + scope :similar_to, ->(credit_card_validation) do + where( + expiration_date: credit_card_validation.expiration_date, + last_digits: credit_card_validation.last_digits, + network: credit_card_validation.network + ) + end + def similar_records - self.class.where( - expiration_date: expiration_date, - last_digits: last_digits, - network: network - ).order(credit_card_validated_at: :desc).includes(:user) + self.class.similar_to(self).order(credit_card_validated_at: :desc).includes(:user) end def similar_holder_names_count - return 0 unless holder_name + self.class.similar_by_holder_name(holder_name).count + end - self.class.where('lower(holder_name) = lower(:value)', value: holder_name).count + def used_by_banned_user? + self.class.by_banned_user.similar_to(self).similar_by_holder_name(holder_name).exists? end end end diff --git a/app/policies/identity_provider_policy.rb b/app/policies/identity_provider_policy.rb index c539fc64d3f..1e748c78555 100644 --- a/app/policies/identity_provider_policy.rb +++ b/app/policies/identity_provider_policy.rb @@ -1,8 +1,8 @@ # frozen_string_literal: true class IdentityProviderPolicy < BasePolicy - desc "Provider is SAML or CAS3" - condition(:protected_provider, scope: :subject, score: 0) { %w(saml cas3).include?(@subject.to_s) } + desc "Provider is SAML" + condition(:protected_provider, scope: :subject, score: 0) { @subject.to_s == 'saml' } rule { anonymous }.prevent_all diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb index ac19f21ffc7..8ad2b0ac761 100644 --- a/app/services/projects/create_service.rb +++ b/app/services/projects/create_service.rb @@ -294,6 +294,9 @@ module Projects return if INTERNAL_IMPORT_SOURCES.include?(import_type) + # Skip validation when creating project from a built in template + return if @params[:import_export_upload].present? && import_type == 'gitlab_project' + unless ::Gitlab::CurrentSettings.import_sources&.include?(import_type) raise ImportSourceDisabledError, "#{import_type} import source is disabled" end diff --git a/app/views/groups/new.html.haml b/app/views/groups/new.html.haml index 1d306d4d3b8..88cb8d989fa 100644 --- a/app/views/groups/new.html.haml +++ b/app/views/groups/new.html.haml @@ -16,11 +16,6 @@ = render 'new_group_fields', f: f, group_name_id: 'create-group-name' #import-group-pane.tab-pane - - if import_sources_enabled? - = render 'import_group_from_another_instance_panel' - .gl-mt-7.gl-border-b-solid.gl-border-gray-100.gl-border-1 - = render 'import_group_from_file_panel' - - else - .nothing-here-block - %h4= s_('GroupsNew|No import options available') - %p= s_('GroupsNew|Contact an administrator to enable options for importing your group.') + = render 'import_group_from_another_instance_panel' + .gl-mt-7.gl-border-b-solid.gl-border-gray-100.gl-border-1 + = render 'import_group_from_file_panel' |