15 files changed, 241 insertions, 9 deletions

diff --git a/lib/api/api.rb b/lib/api/api.rb
index 073471b4c4d..5139e869c71 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -154,6 +154,7 @@ module API
     mount ::API::ProjectHooks
     mount ::API::Projects
     mount ::API::ProjectMilestones
+    mount ::API::ProjectSnapshots
     mount ::API::ProjectSnippets
     mount ::API::ProtectedBranches
     mount ::API::Repositories
diff --git a/lib/api/helpers/notes_helpers.rb b/lib/api/helpers/notes_helpers.rb
index cd91df1ecd8..b74b8149834 100644
--- a/lib/api/helpers/notes_helpers.rb
+++ b/lib/api/helpers/notes_helpers.rb
@@ -64,8 +64,10 @@ module API
         authorize! :create_note, noteable
 
         parent = noteable_parent(noteable)
+
         if opts[:created_at]
-          opts.delete(:created_at) unless current_user.admin? || parent.owner == current_user
+          opts.delete(:created_at) unless
+            current_user.admin? || parent.owned_by?(current_user)
         end
 
         project = parent if parent.is_a?(Project)
diff --git a/lib/api/helpers/project_snapshots_helpers.rb b/lib/api/helpers/project_snapshots_helpers.rb
new file mode 100644
index 00000000000..94798a8cb51
--- /dev/null
+++ b/lib/api/helpers/project_snapshots_helpers.rb
@@ -0,0 +1,25 @@
+module API
+  module Helpers
+    module ProjectSnapshotsHelpers
+      def authorize_read_git_snapshot!
+        authenticated_with_full_private_access!
+      end
+
+      def send_git_snapshot(repository)
+        header(*Gitlab::Workhorse.send_git_snapshot(repository))
+      end
+
+      def snapshot_project
+        user_project
+      end
+
+      def snapshot_repository
+        if to_boolean(params[:wiki])
+          snapshot_project.wiki.repository
+        else
+          snapshot_project.repository
+        end
+      end
+    end
+  end
+end
diff --git a/lib/api/project_snapshots.rb b/lib/api/project_snapshots.rb
new file mode 100644
index 00000000000..71005acc587
--- /dev/null
+++ b/lib/api/project_snapshots.rb
@@ -0,0 +1,19 @@
+module API
+  class ProjectSnapshots < Grape::API
+    helpers ::API::Helpers::ProjectSnapshotsHelpers
+
+    before { authorize_read_git_snapshot! }
+
+    resource :projects do
+      desc 'Download a (possibly inconsistent) snapshot of a repository' do
+        detail 'This feature was introduced in GitLab 10.7'
+      end
+      params do
+        optional :wiki, type: Boolean, desc: 'Set to true to receive the wiki repository'
+      end
+      get ':id/snapshot' do
+        send_git_snapshot(snapshot_repository)
+      end
+    end
+  end
+end
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index 51b3b0459f3..8871792060b 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -74,6 +74,11 @@ module API
 
         present options[:with].prepare_relation(projects, options), options
       end
+
+      def translate_params_for_compatibility(params)
+        params[:builds_enabled] = params.delete(:jobs_enabled) if params.key?(:jobs_enabled)
+        params
+      end
     end
 
     resource :users, requirements: API::PROJECT_ENDPOINT_REQUIREMENTS do
@@ -123,7 +128,7 @@ module API
       end
       post do
         attrs = declared_params(include_missing: false)
-        attrs[:builds_enabled] = attrs.delete(:jobs_enabled) if attrs.key?(:jobs_enabled)
+        attrs = translate_params_for_compatibility(attrs)
         project = ::Projects::CreateService.new(current_user, attrs).execute
 
         if project.saved?
@@ -155,6 +160,7 @@ module API
         not_found!('User') unless user
 
         attrs = declared_params(include_missing: false)
+        attrs = translate_params_for_compatibility(attrs)
         project = ::Projects::CreateService.new(user, attrs).execute
 
         if project.saved?
@@ -276,7 +282,7 @@ module API
         authorize! :rename_project, user_project if attrs[:name].present?
         authorize! :change_visibility_level, user_project if attrs[:visibility].present?
 
-        attrs[:builds_enabled] = attrs.delete(:jobs_enabled) if attrs.key?(:jobs_enabled)
+        attrs = translate_params_for_compatibility(attrs)
 
         result = ::Projects::UpdateService.new(user_project, current_user, attrs).execute
 
diff --git a/lib/api/users.rb b/lib/api/users.rb
index 3920171205f..14b8a796c8e 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -77,7 +77,7 @@ module API
         authenticated_as_admin! if params[:external].present? || (params[:extern_uid].present? && params[:provider].present?)
 
         unless current_user&.admin?
-          params.except!(:created_after, :created_before, :order_by, :sort)
+          params.except!(:created_after, :created_before, :order_by, :sort, :two_factor)
         end
 
         users = UsersFinder.new(current_user, params).execute
diff --git a/lib/gitlab.rb b/lib/gitlab.rb
index f6629982512..0a167104bf4 100644
--- a/lib/gitlab.rb
+++ b/lib/gitlab.rb
@@ -1,9 +1,20 @@
-require_dependency 'gitlab/git'
+require_dependency 'settings'
+require_dependency 'gitlab/popen'
 
 module Gitlab
+  def self.root
+    Pathname.new(File.expand_path('..', __dir__))
+  end
+
+  def self.config
+    Settings
+  end
+
   COM_URL = 'https://gitlab.com'.freeze
   APP_DIRS_PATTERN = %r{^/?(app|config|ee|lib|spec|\(\w*\))}
   SUBDOMAIN_REGEX = %r{\Ahttps://[a-z0-9]+\.gitlab\.com\z}
+  VERSION = File.read(root.join("VERSION")).strip.freeze
+  REVISION = Gitlab::Popen.popen(%W(#{config.git.bin_path} log --pretty=format:%h -n 1)).first.chomp.freeze
 
   def self.com?
     # Check `gl_subdomain?` as well to keep parity with gitlab.com
diff --git a/lib/gitlab/git.rb b/lib/gitlab/git.rb
index c9abea90d21..e85e87a54af 100644
--- a/lib/gitlab/git.rb
+++ b/lib/gitlab/git.rb
@@ -1,3 +1,5 @@
+require_dependency 'gitlab/encoding_helper'
+
 module Gitlab
   module Git
     # The ID of empty tree.
diff --git a/lib/gitlab/wiki/committer_with_hooks.rb b/lib/gitlab/git/committer_with_hooks.rb
index 19f0b3814fd..a8a59f998cd 100644
--- a/lib/gitlab/wiki/committer_with_hooks.rb
+++ b/lib/gitlab/git/committer_with_hooks.rb
@@ -1,5 +1,5 @@
 module Gitlab
-  module Wiki
+  module Git
     class CommitterWithHooks < Gollum::Committer
       attr_reader :gl_wiki
 
@@ -9,6 +9,9 @@ module Gitlab
       end
 
       def commit
+        # TODO: Remove after 10.8
+        return super unless allowed_to_run_hooks?
+
         result = Gitlab::Git::OperationService.new(git_user, gl_wiki.repository).with_branch(
           @wiki.ref,
           start_branch_name: @wiki.ref
@@ -24,6 +27,11 @@ module Gitlab
 
       private
 
+      # TODO: Remove after 10.8
+      def allowed_to_run_hooks?
+        @options[:user_id] != 0 && @options[:username].present?
+      end
+
       def git_user
         @git_user ||= Gitlab::Git::User.new(@options[:username],
                                             @options[:name],
diff --git a/lib/gitlab/git/repository.rb b/lib/gitlab/git/repository.rb
index 3124c426f97..5a6e2e0b937 100644
--- a/lib/gitlab/git/repository.rb
+++ b/lib/gitlab/git/repository.rb
@@ -1258,6 +1258,10 @@ module Gitlab
         true
       end
 
+      def create_from_snapshot(url, auth)
+        gitaly_repository_client.create_from_snapshot(url, auth)
+      end
+
       def rebase(user, rebase_id, branch:, branch_sha:, remote_repository:, remote_branch:)
         gitaly_migrate(:rebase) do |is_enabled|
           if is_enabled
diff --git a/lib/gitlab/git/wiki.rb b/lib/gitlab/git/wiki.rb
index 821436911ab..84a26fe4a6f 100644
--- a/lib/gitlab/git/wiki.rb
+++ b/lib/gitlab/git/wiki.rb
@@ -290,7 +290,7 @@ module Gitlab
       end
 
       def committer_with_hooks(commit_details)
-        Gitlab::Wiki::CommitterWithHooks.new(self, commit_details.to_h)
+        Gitlab::Git::CommitterWithHooks.new(self, commit_details.to_h)
       end
 
       def with_committer_with_hooks(commit_details, &block)
diff --git a/lib/gitlab/gitaly_client/repository_service.rb b/lib/gitlab/gitaly_client/repository_service.rb
index 39057beefba..bf5a491e28d 100644
--- a/lib/gitlab/gitaly_client/repository_service.rb
+++ b/lib/gitlab/gitaly_client/repository_service.rb
@@ -235,6 +235,22 @@ module Gitlab
         )
       end
 
+      def create_from_snapshot(http_url, http_auth)
+        request = Gitaly::CreateRepositoryFromSnapshotRequest.new(
+          repository: @gitaly_repo,
+          http_url: http_url,
+          http_auth: http_auth
+        )
+
+        GitalyClient.call(
+          @storage,
+          :repository_service,
+          :create_repository_from_snapshot,
+          request,
+          timeout: GitalyClient.default_timeout
+        )
+      end
+
       def write_ref(ref_path, ref, old_ref, shell)
         request = Gitaly::WriteRefRequest.new(
           repository: @gitaly_repo,
diff --git a/lib/gitlab/import_export/import_export.yml b/lib/gitlab/import_export/import_export.yml
index cd840bd5b01..ec91c02dbe7 100644
--- a/lib/gitlab/import_export/import_export.yml
+++ b/lib/gitlab/import_export/import_export.yml
@@ -27,8 +27,6 @@ project_tree:
   - :releases
   - project_members:
     - :user
-  - lfs_file_locks:
-    - :user
   - merge_requests:
     - notes:
       - :author
diff --git a/lib/gitlab/workhorse.rb b/lib/gitlab/workhorse.rb
index 153cb2a8bb1..1f060de657d 100644
--- a/lib/gitlab/workhorse.rb
+++ b/lib/gitlab/workhorse.rb
@@ -81,6 +81,20 @@ module Gitlab
         ]
       end
 
+      def send_git_snapshot(repository)
+        params = {
+          'GitalyServer' => gitaly_server_hash(repository),
+          'GetSnapshotRequest' => Gitaly::GetSnapshotRequest.new(
+            repository: repository.gitaly_repository
+          ).to_json
+        }
+
+        [
+          SEND_DATA_HEADER,
+          "git-snapshot:#{encode(params)}"
+        ]
+      end
+
       def send_git_diff(repository, diff_refs)
         params = if Gitlab::GitalyClient.feature_enabled?(:workhorse_send_git_diff, status: Gitlab::GitalyClient::MigrationStatus::OPT_OUT)
                    {
diff --git a/lib/settings.rb b/lib/settings.rb
new file mode 100644
index 00000000000..69d637761ea
--- /dev/null
+++ b/lib/settings.rb
@@ -0,0 +1,126 @@
+require 'settingslogic'
+
+class Settings < Settingslogic
+  source ENV.fetch('GITLAB_CONFIG') { Pathname.new(File.expand_path('..', __dir__)).join('config/gitlab.yml') }
+  namespace ENV.fetch('GITLAB_ENV') { Rails.env }
+
+  class << self
+    def gitlab_on_standard_port?
+      on_standard_port?(gitlab)
+    end
+
+    def host_without_www(url)
+      host(url).sub('www.', '')
+    end
+
+    def build_gitlab_ci_url
+      custom_port =
+        if on_standard_port?(gitlab)
+          nil
+        else
+          ":#{gitlab.port}"
+        end
+
+      [
+        gitlab.protocol,
+        "://",
+        gitlab.host,
+        custom_port,
+        gitlab.relative_url_root
+      ].join('')
+    end
+
+    def build_pages_url
+      base_url(pages).join('')
+    end
+
+    def build_gitlab_shell_ssh_path_prefix
+      user_host = "#{gitlab_shell.ssh_user}@#{gitlab_shell.ssh_host}"
+
+      if gitlab_shell.ssh_port != 22
+        "ssh://#{user_host}:#{gitlab_shell.ssh_port}/"
+      else
+        if gitlab_shell.ssh_host.include? ':'
+          "[#{user_host}]:"
+        else
+          "#{user_host}:"
+        end
+      end
+    end
+
+    def build_base_gitlab_url
+      base_url(gitlab).join('')
+    end
+
+    def build_gitlab_url
+      (base_url(gitlab) + [gitlab.relative_url_root]).join('')
+    end
+
+    # check that values in `current` (string or integer) is a contant in `modul`.
+    def verify_constant_array(modul, current, default)
+      values = default || []
+      unless current.nil?
+        values = []
+        current.each do |constant|
+          values.push(verify_constant(modul, constant, nil))
+        end
+        values.delete_if { |value| value.nil? }
+      end
+
+      values
+    end
+
+    # check that `current` (string or integer) is a contant in `modul`.
+    def verify_constant(modul, current, default)
+      constant = modul.constants.find { |name| modul.const_get(name) == current }
+      value = constant.nil? ? default : modul.const_get(constant)
+      if current.is_a? String
+        value = modul.const_get(current.upcase) rescue default
+      end
+
+      value
+    end
+
+    def absolute(path)
+      File.expand_path(path, Rails.root)
+    end
+
+    private
+
+    def base_url(config)
+      custom_port = on_standard_port?(config) ? nil : ":#{config.port}"
+
+      [
+        config.protocol,
+        "://",
+        config.host,
+        custom_port
+      ]
+    end
+
+    def on_standard_port?(config)
+      config.port.to_i == (config.https ? 443 : 80)
+    end
+
+    # Extract the host part of the given +url+.
+    def host(url)
+      url = url.downcase
+      url = "http://#{url}" unless url.start_with?('http')
+
+      # Get rid of the path so that we don't even have to encode it
+      url_without_path = url.sub(%r{(https?://[^/]+)/?.*}, '\1')
+
+      URI.parse(url_without_path).host
+    end
+
+    # Runs every minute in a random ten-minute period on Sundays, to balance the
+    # load on the server receiving these pings. The usage ping is safe to run
+    # multiple times because of a 24 hour exclusive lock.
+    def cron_for_usage_ping
+      hour = rand(24)
+      minute = rand(6)
+
+      "#{minute}0-#{minute}9 #{hour} * * 0"
+    end
+  end
+end