Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq into backup-archive-permissions

05b518aa · Jacob Vosmaer · 097a8952 · 8bda4337 · 05b518aa · 05b518aa
Commit 05b518aa authored Jul 29, 2015 by Jacob Vosmaer
111 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
 Please view this file on the master branch, on stable branches it's out of date.

 v 7.14.0 (unreleased)
+  - Upgrade gitlab_git to version 7.2.6 to fix Error 500 when creating network graphs (Stan Hu)
+  - Fix URL used for refreshing notes if relative_url is present (Bartłomiej Święcki)
+  - Fix commit data retrieval when branch name has single quotes (Stan Hu)
+  - Fix Error 500 when browsing projects with no HEAD (Stan Hu)
+  - Add rake task 'gitlab:update_commit_count' (Daniel Gerhardt)
  - Fix full screen mode for snippet comments (Daniel Gerhardt)
  - Fix 404 error in files view after deleting the last file in a repository (Stan Hu)
+  - Fix the "Reload with full diff" URL button (Stan Hu)
  - Fix label read access for unauthenticated users (Daniel Gerhardt)
  - Fix access to disabled features for unauthenticated users (Daniel Gerhardt)
  - Fix OAuth provider bug where GitLab would not go return to the redirect_uri after sign-in (Stan Hu)
@@ -14,7 +20,22 @@ v 7.14.0 (unreleased)
  - Allow custom backup archive permissions

 v 7.13.0 (unreleased)
+  - Add fetch command to the MR page
+  - Fix bug causing Bitbucket importer to crash when OAuth application had been removed.
+
+v 7.13.1
+  - Fix: Label modifications are not reflected in existing notes and in the issue list
+  - Fix: Label not shown in the Issue list, although it's set through web interface
+  - Fix: Group/project references are linked incorrectly
+  - Improve documentation
+  - Fix of migration: Check if session_expire_delay column exists before adding the column
+  - Fix: ActionView::Template::Error
+  - Fix: "Create Merge Request" isn't always shown in event for newly pushed branch
+  - Fix bug causing "Remove source-branch" option not to work for merge requests from the same project.
+
+v 7.13.0
  - Remove repository graph log to fix slow cache updates after push event (Stan Hu)
+  - Return comments in created order in merge request API (Stan Hu)
  - Only enable HSTS header for HTTPS and port 443 (Stan Hu)
  - Fix user autocomplete for unauthenticated users accessing public projects (Stan Hu)
  - Fix redirection to home page URL for unauthorized users (Daniel Gerhardt)
@@ -68,6 +89,7 @@ v 7.12.2
  - Faster automerge check and merge itself when source and target branches are in same repository
  - Audit log for user authentication
  - Fix transferring of project to another group using the API.
+  - Allow custom label to be set for authentication providers.

 v 7.12.1
  - Fix error when deleting a user who has projects (Stan Hu)

--- a/Gemfile
+++ b/Gemfile
@@ -38,7 +38,7 @@ gem "browser", '~> 0.8.0'

 # Extracting information from a git repository
 # Provide access to Gitlab::Git library
-gem "gitlab_git", '~> 7.2.5'
+gem "gitlab_git", '~> 7.2.6'

 # Ruby/Rack Git Smart-HTTP Server Handler
 # GitLab fork with a lot of changes (improved thread-safety, better memory usage etc)
@@ -272,4 +272,3 @@ end
 gem "newrelic_rpm"

 gem 'octokit', '3.7.0'
-gem "rugments", "~> 1.0.0.beta8"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -271,7 +271,7 @@ GEM
      mime-types (~> 1.19)
    gitlab_emoji (0.1.0)
      gemojione (~> 2.0)
-    gitlab_git (7.2.5)
+    gitlab_git (7.2.6)
      activesupport (~> 4.0)
      charlock_holmes (~> 0.6)
      gitlab-linguist (~> 3.0)
@@ -288,7 +288,7 @@ GEM
      github-markup (~> 1.3.1)
      gollum-grit_adapter (~> 0.1, >= 0.1.1)
      nokogiri (~> 1.6.4)
-      rouge (~> 1.7.4)
+      rouge (~> 1.9)
      sanitize (~> 2.1.0)
      stringex (~> 2.5.1)
    gon (5.0.1)
@@ -536,7 +536,7 @@ GEM
      netrc (~> 0.7)
    rinku (1.7.3)
    rotp (1.6.1)
-    rouge (1.7.7)
+    rouge (1.9.1)
    rqrcode (0.4.2)
    rqrcode-rails3 (0.1.7)
      rqrcode (>= 0.4.2)
@@ -579,7 +579,6 @@ GEM
    rubyntlm (0.5.0)
    rubypants (0.2.0)
    rugged (0.22.2)
-    rugments (1.0.0.beta8)
    safe_yaml (1.0.4)
    sanitize (2.1.0)
      nokogiri (>= 1.4.4)
@@ -784,7 +783,7 @@ DEPENDENCIES
  gitlab-grack (~> 2.0.2)
  gitlab-linguist (~> 3.0.1)
  gitlab_emoji (~> 0.1)
-  gitlab_git (~> 7.2.5)
+  gitlab_git (~> 7.2.6)
  gitlab_meta (= 7.0)
  gitlab_omniauth-ldap (= 1.2.1)
  gollum-lib (~> 4.0.2)
@@ -836,7 +835,6 @@ DEPENDENCIES
  rqrcode-rails3
  rspec-rails (~> 3.3.0)
  rubocop (= 0.28.0)
-  rugments (~> 1.0.0.beta8)
  sanitize (~> 2.0)
  sass-rails (~> 4.0.5)
  sdoc

--- a/app/assets/images/authbuttons/bitbucket_64.png
+++ b/app/assets/images/authbuttons/bitbucket_64.png
--- a/app/assets/images/auth_buttons/github_64.png
+++ b/app/assets/images/auth_buttons/github_64.png
--- a/app/assets/images/auth_buttons/gitlab_64.png
+++ b/app/assets/images/auth_buttons/gitlab_64.png
--- a/app/assets/images/authbuttons/google_64.png
+++ b/app/assets/images/authbuttons/google_64.png
--- a/app/assets/images/authbuttons/twitter_64.png
+++ b/app/assets/images/authbuttons/twitter_64.png
--- a/app/assets/images/authbuttons/github_64.png
+++ b/app/assets/images/authbuttons/github_64.png
--- a/app/assets/images/authbuttons/gitlab_64.png
+++ b/app/assets/images/authbuttons/gitlab_64.png
--- a/app/assets/javascripts/application.js.coffee
+++ b/app/assets/javascripts/application.js.coffee
@@ -164,9 +164,10 @@ $ ->
  $('.account-box').hover -> $(@).toggleClass('hover')

  # Commit show suppressed diff
-  $(".diff-content").on "click", ".supp_diff_link", ->
-    $(@).next('table').show()
-    $(@).remove()
+  $(document).on 'click', '.diff-content .js-show-suppressed-diff', ->
+    $container = $(@).parent()
+    $container.next('table').show()
+    $container.remove()

  $('.navbar-toggle').on 'click', ->
    $('.header-content .title').toggle()

--- a/app/assets/javascripts/diff.js.coffee
+++ b/app/assets/javascripts/diff.js.coffee
@@ -31,6 +31,10 @@ class @Diff
        bottom: unfoldBottom
        offset: offset
        unfold: unfold
+        # indent is used to compensate for single space indent to fit
+        # '+' and '-' prepended to diff lines,
+        # see https://gitlab.com/gitlab-org/gitlab-ce/issues/707
+        indent: 1

      $.get(link, params, (response) =>
        target.parent().replaceWith(response)

--- a/app/assets/javascripts/merge_request_tabs.js.coffee
+++ b/app/assets/javascripts/merge_request_tabs.js.coffee
@@ -49,12 +49,6 @@ class @MergeRequestTabs
    # Store the `location` object, allowing for easier stubbing in tests
    @_location = location

-    switch @opts.action
-      when 'commits'
-        @commitsLoaded = true
-      when 'diffs'
-        @diffsLoaded = true
-
    @bindEvents()
    @activateTab(@opts.action)

@@ -102,7 +96,7 @@ class @MergeRequestTabs
    action = 'notes' if action == 'show'

    # Remove a trailing '/commits' or '/diffs'
-    new_state = @_location.pathname.replace(/\/(commits|diffs)\/?$/, '')
+    new_state = @_location.pathname.replace(/\/(commits|diffs)(\.html)?\/?$/, '')

    # Append the new action if we're on a tab other than 'notes'
    unless action == 'notes'
@@ -133,7 +127,7 @@ class @MergeRequestTabs
    return if @diffsLoaded

    @_get
-      url: "#{source}.json"
+      url: "#{source}.json" + @_location.search
      success: (data) =>
        document.getElementById('diffs').innerHTML = data.html
        @diffsLoaded = true

--- a/app/assets/javascripts/notes.js.coffee
+++ b/app/assets/javascripts/notes.js.coffee
@@ -10,7 +10,6 @@ class @Notes

  constructor: (notes_url, note_ids, last_fetched_at, view) ->
    @notes_url = notes_url
-    @notes_url = gon.relative_url_root + @notes_url if gon.relative_url_root?
    @note_ids = note_ids
    @last_fetched_at = last_fetched_at
    @view = view

--- a/app/assets/stylesheets/generic/common.scss
+++ b/app/assets/stylesheets/generic/common.scss
@@ -184,7 +184,7 @@ li.note {
  }
 }

-.supp_diff_link,
+.show-suppressed-diff,
 .show-all-commits {
  cursor: pointer;
 }

--- a/app/assets/stylesheets/pages/diff.scss
+++ b/app/assets/stylesheets/pages/diff.scss
@@ -65,6 +65,17 @@
      color: #777;
    }

+    .suppressed-container {
+      padding: ($padding-base-vertical + 5px) $padding-base-horizontal;
+      text-align: center;
+
+      // "Changes suppressed. Click to show." link
+      .show-suppressed-diff {
+        font-size: 110%;
+        font-weight: bold;
+      }
+    }
+
    table {
      width: 100%;
      font-family: $monospace_font;

--- a/app/assets/stylesheets/pages/notes.scss
+++ b/app/assets/stylesheets/pages/notes.scss
@@ -37,7 +37,7 @@ ul.notes {
      font-size: 13px;

      a {
-        @extend .cgray;        
+        @extend .cgray;

        &:hover {
          text-decoration: underline;
@@ -105,6 +105,8 @@ ul.notes {
        }

        hr {
+          // Darken 'whitesmoke' a bit to make it more visible in note bodies
+          border-color: darken(#F5F5F5, 8%);
          margin: 10px 0;
        }
      }

--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -299,14 +299,14 @@ class ApplicationController < ActionController::Base
  end

  def github_import_enabled?
-    OauthHelper.enabled_oauth_providers.include?(:github)
+    Gitlab::OAuth::Provider.enabled?(:github)
  end

  def gitlab_import_enabled?
-    OauthHelper.enabled_oauth_providers.include?(:gitlab)
+    Gitlab::OAuth::Provider.enabled?(:gitlab)
  end

  def bitbucket_import_enabled?
-    OauthHelper.enabled_oauth_providers.include?(:bitbucket) && Gitlab::BitbucketImport.public_key.present?
+    Gitlab::OAuth::Provider.enabled?(:bitbucket) && Gitlab::BitbucketImport.public_key.present?
  end
 end
--- a/app/controllers/import/bitbucket_controller.rb
+++ b/app/controllers/import/bitbucket_controller.rb
@@ -3,6 +3,7 @@ class Import::BitbucketController < Import::BaseController
  before_action :bitbucket_auth, except: :callback

  rescue_from OAuth::Error, with: :bitbucket_unauthorized
+  rescue_from Gitlab::BitbucketImport::Client::Unauthorized, with: :bitbucket_unauthorized

  def callback
    request_token = session.delete(:oauth_request_token)

--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -72,10 +72,11 @@ class OmniauthCallbacksController < Devise::OmniauthCallbacksController
      end
    end
  rescue Gitlab::OAuth::SignupDisabledError => e
-    message = "Signing in using your #{oauth['provider']} account without a pre-existing GitLab account is not allowed."
+    label = Gitlab::OAuth::Provider.label_for(oauth['provider'])
+    message = "Signing in using your #{label} account without a pre-existing GitLab account is not allowed."

    if current_application_settings.signup_enabled?
-      message << " Create a GitLab account first, and then connect it to your #{oauth['provider']} account."
+      message << " Create a GitLab account first, and then connect it to your #{label} account."
    end

    flash[:notice] = message

--- a/app/controllers/projects/refs_controller.rb
+++ b/app/controllers/projects/refs_controller.rb
 class Projects::RefsController < Projects::ApplicationController
  include ExtractsPath
+  include TreeHelper

  before_action :require_non_empty_project
  before_action :assign_ref_vars
@@ -60,6 +61,11 @@ class Projects::RefsController < Projects::ApplicationController
      }
    end

+    if @logs.present?
+      @log_url = namespace_project_tree_url(@project.namespace, @project, tree_join(@ref, @path || '/'))
+      @more_log_url = logs_file_namespace_project_ref_path(@project.namespace, @project, @ref, @path || '', offset: (@offset +  @limit))
+    end
+
    respond_to do |format|
      format.html { render_404 }
      format.js

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -90,7 +90,7 @@ class SessionsController < Devise::SessionsController
    # Prevent alert from popping up on the first page shown after authentication.
    flash[:alert] = nil 
    
-    redirect_to omniauth_authorize_path(:user, provider.to_sym)
+    redirect_to user_omniauth_authorize_path(provider.to_sym)
  end

  def valid_otp_attempt?(user)

--- a/app/helpers/auth_helper.rb
+++ b/app/helpers/auth_helper.rb
+module AuthHelper
+  PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2).freeze
+  FORM_BASED_PROVIDERS = [/\Aldap/, 'kerberos'].freeze
+
+  def ldap_enabled?
+    Gitlab.config.ldap.enabled
+  end
+
+  def provider_has_icon?(name)
+    PROVIDERS_WITH_ICONS.include?(name.to_s)
+  end
+
+  def auth_providers
+    Gitlab::OAuth::Provider.providers
+  end
+
+  def label_for_provider(name)
+    Gitlab::OAuth::Provider.label_for(name)
+  end
+
+  def form_based_provider?(name)
+    FORM_BASED_PROVIDERS.any? { |pattern| pattern === name.to_s }
+  end
+
+  def form_based_providers
+    auth_providers.select { |provider| form_based_provider?(provider) }
+  end
+
+  def button_based_providers
+    auth_providers.reject { |provider| form_based_provider?(provider) }
+  end
+
+  def provider_image_tag(provider, size = 64)
+    label = label_for_provider(provider)
+
+    if provider_has_icon?(provider)
+      file_name = "#{provider.to_s.split('_').first}_#{size}.png"
+
+      image_tag(image_path("auth_buttons/#{file_name}"), alt: label, title: "Sign in with #{label}")
+    else
+      label
+    end
+  end
+
+  def auth_active?(provider)
+    current_user.identities.exists?(provider: provider.to_s)
+  end
+
+  extend self
+end
--- a/app/helpers/blob_helper.rb
+++ b/app/helpers/blob_helper.rb
 module BlobHelper
  def highlight(blob_name, blob_content, nowrap: false, continue: false)
-    @formatter ||= Rugments::Formatters::HTML.new(
+    @formatter ||= Rouge::Formatters::HTMLGitlab.new(
      nowrap: nowrap,
      cssclass: 'code highlight',
      lineanchors: true,
@@ -8,11 +8,11 @@ module BlobHelper
    )

    begin
-      @lexer ||= Rugments::Lexer.guess(filename: blob_name, source: blob_content).new
+      @lexer ||= Rouge::Lexer.guess(filename: blob_name, source: blob_content).new
      result = @formatter.format(@lexer.lex(blob_content, continue: continue)).html_safe
    rescue
-      lexer = Rugments::Lexers::PlainText
-      result = @formatter.format(lexer.lex(blob_content)).html_safe
+      @lexer = Rouge::Lexers::PlainText
+      result = @formatter.format(@lexer.lex(blob_content)).html_safe
    end

    result

--- a/app/helpers/emails_helper.rb
+++ b/app/helpers/emails_helper.rb
@@ -31,8 +31,8 @@ module EmailsHelper
  end

  def color_email_diff(diffcontent)
-    formatter = Rugments::Formatters::HTML.new(cssclass: "highlight", inline_theme: :github)
-    lexer = Rugments::Lexers::Diff.new
+    formatter = Rouge::Formatters::HTML.new(css_class: 'highlight', inline_theme: 'github')
+    lexer = Rouge::Lexers::Diff
    raw formatter.format(lexer.lex(diffcontent))
  end


--- a/app/helpers/oauth_helper.rb
+++ b/app/helpers/oauth_helper.rb
-module OauthHelper
-  def ldap_enabled?
-    Gitlab.config.ldap.enabled
-  end
-
-  def default_providers
-    [:twitter, :github, :gitlab, :bitbucket, :google_oauth2, :ldap]
-  end
-
-  def enabled_oauth_providers
-    Devise.omniauth_providers
-  end
-
-  def enabled_social_providers
-    enabled_oauth_providers.select do |name|
-      [:saml, :twitter, :gitlab, :github, :bitbucket, :google_oauth2].include?(name.to_sym)
-    end
-  end
-
-  def additional_providers
-    enabled_oauth_providers.reject{|provider| provider.to_s.starts_with?('ldap')}
-  end
-
-  def oauth_image_tag(provider, size = 64)
-    file_name = "#{provider.to_s.split('_').first}_#{size}.png"
-    image_tag(image_path("authbuttons/#{file_name}"), alt: "Sign in with #{provider.to_s.titleize}")
-  end
-
-  def oauth_active?(provider)
-    current_user.identities.exists?(provider: provider.to_s)
-  end
-
-  extend self
-end
--- a/app/helpers/profile_helper.rb
+++ b/app/helpers/profile_helper.rb
-module ProfileHelper
-  def show_profile_username_tab?
-    current_user.can_change_username?
-  end
-
-  def show_profile_social_tab?
-    enabled_social_providers.any?
-  end
-
-  def show_profile_remove_tab?
-    signup_enabled?
-  end
-end
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -278,7 +278,8 @@ module ProjectsHelper
  end

  def readme_cache_key
-    [@project.id, @project.commit.sha, "readme"].join('-')
+    sha = @project.commit.try(:sha) || 'nil'
+    [@project.id, sha, "readme"].join('-')
  end

  def round_commit_count(project)

--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -140,12 +140,13 @@ class Ability
        :create_project_snippet,
        :update_issue,
        :admin_issue,
-        :admin_label,
+        :admin_label
      ]
    end

    def project_dev_rules
      project_report_rules + [
+        :admin_merge_request,
        :create_merge_request,
        :create_wiki,
        :push_code

--- a/app/models/concerns/issuable.rb
+++ b/app/models/concerns/issuable.rb
@@ -159,6 +159,16 @@ module Issuable
    end
  end

+  # Convert this Issuable class name to a format usable by Ability definitions
+  #
+  # Examples:
+  #
+  #   issuable.class           # => MergeRequest
+  #   issuable.to_ability_name # => "merge_request"
+  def to_ability_name
+    self.class.to_s.underscore
+  end
+
  private

  def filter_superceded_votes(votes, notes)

--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -235,6 +235,10 @@ class MergeRequest < ActiveRecord::Base
      execute(self, commit_message)
  end

+  def remove_source_branch?
+    self.should_remove_source_branch && !self.source_project.root_ref?(self.source_branch) && !self.for_fork?
+  end
+
  def open?
    opened? || reopened?
  end

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -274,6 +274,10 @@ class User < ActiveRecord::Base
            value: login.to_s.downcase).first
    end

+    def find_by_username!(username)
+      find_by!('lower(username) = ?', username.downcase)
+    end
+
    def by_username_or_id(name_or_id)
      where('users.username = ? OR users.id = ?', name_or_id.to_s, name_or_id.to_i).first
    end

--- a/app/services/files/base_service.rb
+++ b/app/services/files/base_service.rb
@@ -39,7 +39,7 @@ module Files

    def after_commit(sha, branch)
      commit = repository.commit(sha)
-      full_ref = 'refs/heads/' + branch
+      full_ref = "#{Gitlab::Git::BRANCH_REF_PREFIX}#{branch}"
      old_sha = commit.parent_id || Gitlab::Git::BLANK_SHA
      GitPushService.new.execute(project, current_user, old_sha, sha, full_ref)
    end

--- a/app/services/issuable_base_service.rb
+++ b/app/services/issuable_base_service.rb
@@ -27,8 +27,10 @@ class IssuableBaseService < BaseService
      old_branch, new_branch)
  end

-  def filter_params
-    unless can?(current_user, :admin_issue, project)
+  def filter_params(issuable_ability_name = :issue)
+    ability = :"admin_#{issuable_ability_name}"
+
+    unless can?(current_user, ability, project)
      params.delete(:milestone_id)
      params.delete(:label_ids)
      params.delete(:assignee_id)

--- a/app/services/issues/base_service.rb
+++ b/app/services/issues/base_service.rb
@@ -10,6 +10,10 @@ module Issues

    private

+    def filter_params
+      super(:issue)
+    end
+
    def execute_hooks(issue, action = 'open')
      issue_data = hook_data(issue, action)
      issue.project.execute_hooks(issue_data, :issue_hooks)

--- a/app/services/merge_requests/auto_merge_service.rb
+++ b/app/services/merge_requests/auto_merge_service.rb
@@ -37,6 +37,14 @@ module MergeRequests
        # Merge local branches using rugged instead of satellites
        if sha = commit
          after_commit(sha, merge_request.target_branch)
+
+          if merge_request.remove_source_branch?
+            DeleteBranchService.new(merge_request.source_project, current_user).execute(merge_request.source_branch)
+          end
+
+          true
+        else
+          false
        end
      end
    end
@@ -55,7 +63,7 @@ module MergeRequests

    def after_commit(sha, branch)
      commit = repository.commit(sha)
-      full_ref = 'refs/heads/' + branch
+      full_ref = "#{Gitlab::Git::BRANCH_REF_PREFIX}#{branch}"
      old_sha = commit.parent_id || Gitlab::Git::BLANK_SHA
      GitPushService.new.execute(project, current_user, old_sha, sha, full_ref)
    end

--- a/app/services/merge_requests/base_service.rb
+++ b/app/services/merge_requests/base_service.rb
@@ -20,5 +20,11 @@ module MergeRequests
        merge_request.project.execute_services(merge_data, :merge_request_hooks)
      end
    end
+
+    private
+
+    def filter_params
+      super(:merge_request)
+    end
  end
 end
--- a/app/services/projects/create_service.rb
+++ b/app/services/projects/create_service.rb
@@ -85,6 +85,8 @@ module Projects

      @project.create_wiki if @project.wiki_enabled?

+      @project.build_missing_services
+
      event_service.create_project(@project, current_user)
      system_hook_service.execute_hooks_for(@project, :create)


--- a/app/views/admin/identities/_form.html.haml
+++ b/app/views/admin/identities/_form.html.haml
@@ -8,7 +8,8 @@
  .form-group
    = f.label :provider, class: 'control-label'
    .col-sm-10
-      = f.select :provider, Gitlab::OAuth::Provider.names, { allow_blank: false }, class: 'form-control'
+      - values = Gitlab::OAuth::Provider.providers.map { |name| ["#{Gitlab::OAuth::Provider.label_for(name)} (#{name})", name] }
+      = f.select :provider, values, { allow_blank: false }, class: 'form-control'
  .form-group
    = f.label :extern_uid, "Identifier", class: 'control-label'
    .col-sm-10

--- a/app/views/admin/identities/_identity.html.haml
+++ b/app/views/admin/identities/_identity.html.haml
 %tr
  %td
-    = identity.provider
+    = "#{Gitlab::OAuth::Provider.label_for(identity.provider)} (#{identity.provider})"
  %td
    = identity.extern_uid
  %td

--- a/app/views/devise/sessions/_new_ldap.html.haml
+++ b/app/views/devise/sessions/_new_ldap.html.haml
@@ -6,4 +6,4 @@
      %label{for: "remember_me"}
        = check_box_tag :remember_me, '1', false, id: 'remember_me'
        %span Remember me
-  = button_tag "#{server['label']} Sign in", class: "btn-save btn"
+  = button_tag "Sign in", class: "btn-save btn"
--- a/app/views/devise/shared/_omniauth_box.html.haml
+++ b/app/views/devise/shared/_omniauth_box.html.haml
 %p
  %span.light
    Sign in with &nbsp;
-  - providers = additional_providers
+  - providers = button_based_providers
  - providers.each do |provider|
    %span.light
-      - if default_providers.include?(provider)
-        = link_to oauth_image_tag(provider), omniauth_authorize_path(resource_name, provider), method: :post, class: 'oauth-image-link'
-      - else
-        = link_to provider.to_s.titleize, omniauth_authorize_path(resource_name, provider), method: :post, class: "btn", "data-no-turbolink" => "true"
+      - has_icon = provider_has_icon?(provider)
+      = link_to provider_image_tag(provider), user_omniauth_authorize_path(provider), method: :post, class: (has_icon ? 'oauth-image-link' : 'btn'), "data-no-turbolink" => "true"
--- a/app/views/devise/shared/_signin_box.html.haml
+++ b/app/views/devise/shared/_signin_box.html.haml
@@ -6,7 +6,7 @@
    .login-heading
      %h3 Sign in
  .login-body
-    - if ldap_enabled?
+    - if form_based_providers.any?
      %ul.nav.nav-tabs
        - @ldap_servers.each_with_index do |server, i|
          %li{class: (:active if i.zero?)}

--- a/app/views/events/_event.html.haml
+++ b/app/views/events/_event.html.haml
@@ -8,11 +8,10 @@
        = image_tag avatar_icon(event.author_email, 24), class: "avatar s24", alt:''
        = render "events/event/created_project", event: event
    - else
-      = cache event do
-        = image_tag avatar_icon(event.author_email, 24), class: "avatar s24", alt:''
-        - if event.push?
-          = render "events/event/push", event: event
-        - elsif event.commented?
-          = render "events/event/note", event: event
-        - else
-          = render "events/event/common", event: event
+      = image_tag avatar_icon(event.author_email, 24), class: "avatar s24", alt:''
+      - if event.push?
+        = render "events/event/push", event: event
+      - elsif event.commented?
+        = render "events/event/note", event: event
+      - else
+        = render "events/event/common", event: event
--- a/app/views/layouts/notify.html.haml
+++ b/app/views/layouts/notify.html.haml
@@ -33,7 +33,7 @@
      = yield
    %div.footer{style: "margin-top: 10px;"}
      %p
-        \—
+        &mdash;
        %br
        - if @target_url
          #{link_to "View it on GitLab", @target_url}

--- a/app/views/profiles/accounts/show.html.haml
+++ b/app/views/profiles/accounts/show.html.haml
@@ -59,22 +59,22 @@
          %div
            = link_to 'Enable Two-factor Authentication', new_profile_two_factor_auth_path, class: 'btn btn-success'

-  - if show_profile_social_tab?
+  - if button_based_providers.any?
    .panel.panel-default
      .panel-heading
        Connected Accounts
      .panel-body
        .oauth-buttons.append-bottom-10
          %p Click on icon to activate signin with one of the following services
-          - enabled_social_providers.each do |provider|
+          - button_based_providers.each do |provider|
            .btn-group
-              = link_to oauth_image_tag(provider), omniauth_authorize_path(User, provider),
-                method: :post, class: "btn btn-lg #{'active' if oauth_active?(provider)}"
-              - if oauth_active?(provider)
+              = link_to provider_image_tag(provider), user_omniauth_authorize_path(provider), method: :post, class: "btn btn-lg #{'active' if auth_active?(provider)}", "data-no-turbolink" => "true"
+                  
+              - if auth_active?(provider)
                = link_to unlink_profile_account_path(provider: provider), method: :delete, class: 'btn btn-lg' do
                  = icon('close')

-  - if show_profile_username_tab?
+  - if current_user.can_change_username?
    .panel.panel-warning.update-username
      .panel-heading
        Change Username
@@ -94,7 +94,7 @@
          %div
            = f.submit 'Save username', class: "btn btn-warning"

-  - if show_profile_remove_tab?
+  - if signup_enabled?
    .panel.panel-danger.remove-account
      .panel-heading
        Remove account

--- a/app/views/profiles/two_factor_auths/new.html.haml
+++ b/app/views/profiles/two_factor_auths/new.html.haml
@@ -5,7 +5,7 @@
  Download the Google Authenticator application from App Store for iOS or Google
  Play for Android and scan this code.

-  More information is available in the #{link_to('documentation', help_page_path('workflow', 'two_factor_authentication'))}.
+  More information is available in the #{link_to('documentation', help_page_path('profile', 'two_factor_authentication'))}.

 %hr


--- a/app/views/projects/blob/diff.html.haml
+++ b/app/views/projects/blob/diff.html.haml
@@ -11,7 +11,7 @@
      %td.old_line.diff-line-num{data: {linenumber: line_old}}
        = link_to raw(line_old), "#"
      %td.new_line= link_to raw(line_new) , "#"
-      %td.line_content.noteable_line= line
+      %td.line_content.noteable_line= ' ' * @form.indent + line

  - if @form.unfold? && @form.bottom? && @form.to < @blob.loc
    %tr.line_holder{ id: @form.to }

--- a/app/views/projects/diffs/_text_file.html.haml
+++ b/app/views/projects/diffs/_text_file.html.haml
 - too_big = diff_file.diff_lines.count > Commit::DIFF_SAFE_LINES
 - if too_big
-  %a.supp_diff_link Changes suppressed. Click to show
+  .suppressed-container
+    %a.show-suppressed-diff.js-show-suppressed-diff Changes suppressed. Click to show.

 %table.text-file{class: "#{'hide' if too_big}"}
  - last_line = 0

--- a/app/views/projects/diffs/_warning.html.haml
+++ b/app/views/projects/diffs/_warning.html.haml
@@ -3,7 +3,7 @@
    Too many changes to show.
    .pull-right
      - unless diff_hard_limit_enabled?
-        = link_to "Reload with full diff", url_for(params.merge(force_show_diff: true)), class: "btn btn-sm btn-warning"
+        = link_to "Reload with full diff", url_for(params.merge(force_show_diff: true, format: :html)), class: "btn btn-sm btn-warning"

      - if current_controller?(:commit) or current_controller?(:merge_requests)
        - if current_controller?(:commit)

--- a/app/views/projects/issues/_issue.html.haml
+++ b/app/views/projects/issues/_issue.html.haml
@@ -3,43 +3,42 @@
    .issue-check
      = check_box_tag dom_id(issue,"selected"), nil, false, 'data-id' => issue.id, class: "selected_issue"

-  = cache issue do
-    .issue-title
-      %span.issue-title-text
-        = link_to_gfm issue.title, issue_path(issue), class: "row_title"
-      .issue-labels
-        - issue.labels.each do |label|
-          = link_to_label(label, project: issue.project)
-      .pull-right.light
-        - if issue.closed?
-          %span
-            CLOSED
-        - if issue.assignee
-          = link_to_member(@project, issue.assignee, name: false)
-        - note_count = issue.notes.user.count
-        - if note_count > 0
-          &nbsp;
-          %span
-            %i.fa.fa-comments
-            = note_count
-        - else
-          &nbsp;
-          %span.issue-no-comments
-            %i.fa.fa-comments
-            = 0
-
-    .issue-info
-      = "#{issue.to_reference} opened #{time_ago_with_tooltip(issue.created_at, placement: 'bottom')} by #{link_to_member(@project, issue.author, avatar: false)}".html_safe
-      - if issue.votes_count > 0
-        = render 'votes/votes_inline', votable: issue
-      - if issue.milestone
+  .issue-title
+    %span.issue-title-text
+      = link_to_gfm issue.title, issue_path(issue), class: "row_title"
+    .issue-labels
+      - issue.labels.each do |label|
+        = link_to_label(label, project: issue.project)
+    .pull-right.light
+      - if issue.closed?
+        %span
+          CLOSED
+      - if issue.assignee
+        = link_to_member(@project, issue.assignee, name: false)
+      - note_count = issue.notes.user.count
+      - if note_count > 0
        &nbsp;
        %span
-          %i.fa.fa-clock-o
-          = issue.milestone.title
-      - if issue.tasks?
-        %span.task-status
-          = issue.task_status
+          %i.fa.fa-comments
+          = note_count
+      - else
+        &nbsp;
+        %span.issue-no-comments
+          %i.fa.fa-comments
+          = 0
+
+  .issue-info
+    = "#{issue.to_reference} opened #{time_ago_with_tooltip(issue.created_at, placement: 'bottom')} by #{link_to_member(@project, issue.author, avatar: false)}".html_safe
+    - if issue.votes_count > 0
+      = render 'votes/votes_inline', votable: issue
+    - if issue.milestone
+      &nbsp;
+      %span
+        %i.fa.fa-clock-o
+        = issue.milestone.title
+    - if issue.tasks?
+      %span.task-status
+        = issue.task_status

-      .pull-right.issue-updated-at
-        %small updated #{time_ago_with_tooltip(issue.updated_at, placement: 'bottom', html_class: 'issue_update_ago')}
+    .pull-right.issue-updated-at
+      %small updated #{time_ago_with_tooltip(issue.updated_at, placement: 'bottom', html_class: 'issue_update_ago')}
--- a/app/views/projects/merge_requests/_show.html.haml
+++ b/app/views/projects/merge_requests/_show.html.haml
@@ -66,11 +66,9 @@
    #notes.notes.tab-pane.voting_notes
      = render "projects/merge_requests/discussion"
    #commits.commits.tab-pane
-      - if current_page?(action: 'commits')
-        = render "projects/merge_requests/show/commits"
+      - # This tab is always loaded via AJAX
    #diffs.diffs.tab-pane
-      - if current_page?(action: 'diffs')
-        = render "projects/merge_requests/show/diffs"
+      - # This tab is always loaded via AJAX

  .mr-loading-status
    = spinner

--- a/app/views/projects/notes/_edit_form.html.haml
+++ b/app/views/projects/notes/_edit_form.html.haml
@@ -3,10 +3,7 @@
    = note_target_fields(note)
    = render layout: 'projects/md_preview', locals: { preview_class: 'note-text' } do
      = render 'projects/zen', f: f, attr: :note, classes: 'note_text js-note-text js-task-list-field'
-
-      .comment-hints.clearfix
-        .pull-left #{link_to 'Markdown ', help_page_path('markdown', 'markdown'),{ target: '_blank', tabindex: -1 }}
-        .pull-right #{link_to 'Attach a file', '#', class: 'markdown-selector', tabindex: -1 }
+      = render 'projects/notes/hints'

    .note-form-actions
      .buttons

--- a/app/views/projects/notes/_form.html.haml
+++ b/app/views/projects/notes/_form.html.haml
@@ -8,18 +8,8 @@
  = f.hidden_field :noteable_type

  = render layout: 'projects/md_preview', locals: { preview_class: "note-text", referenced_users: true } do
-    = render 'projects/zen', f: f, attr: :note,
-      classes: 'note_text js-note-text'
-
-    .comment-hints.clearfix
-      .pull-left
-        = link_to "Markdown ", help_page_path("markdown", "markdown"),{ target: '_blank', tabindex: -1 }
-        tip:
-        = random_markdown_tip
-      .pull-right
-        = link_to '#', class: 'markdown-selector', tabindex: -1 do
-          Attach a file
-          = icon('paperclip')
+    = render 'projects/zen', f: f, attr: :note, classes: 'note_text js-note-text'
+    = render 'projects/notes/hints'
    .error-alert

  .note-form-actions

--- a/app/views/projects/notes/_hints.html.haml
+++ b/app/views/projects/notes/_hints.html.haml
+.comment-hints.clearfix
+  .pull-left
+    = link_to 'Markdown', help_page_path('markdown', 'markdown'), target: '_blank', tabindex: -1
+    tip:
+    = random_markdown_tip
+  .pull-right
+    = link_to '#', class: 'markdown-selector', tabindex: -1 do
+      = icon('paperclip')
+      Attach a file
--- a/app/views/projects/notes/_note.html.haml
+++ b/app/views/projects/notes/_note.html.haml
@@ -56,10 +56,9 @@


      .note-body{class: note_editable?(note) ? 'js-task-list-container' : ''}
-        = cache [note, 'markdown', user_color_scheme_class] do
-          .note-text
-            = preserve do
-              = markdown(note.note, {no_header_anchors: true})
+        .note-text
+          = preserve do
+            = markdown(note.note, {no_header_anchors: true})
        = render 'projects/notes/edit_form', note: note

      - if note.attachment.url

--- a/app/views/projects/refs/logs_tree.js.haml
+++ b/app/views/projects/refs/logs_tree.js.haml
@@ -11,9 +11,11 @@
 - if @logs.present?
  :plain
    var current_url = location.href.replace(/\/?$/, '/');
-    var log_url = '#{namespace_project_tree_url(@project.namespace, @project, tree_join(@ref, @path || '/'))}'.replace(/\/?$/, '/');
+    var log_url = "#{escape_javascript(@log_url)}".replace(/\/?$/, '/');
+
    if(current_url == log_url) {
-      // Load 10 more commit log for each file in tree
+      // Load more commit logs for each file in tree
      // if we still on the same page
-      ajaxGet('#{logs_file_namespace_project_ref_path(@project.namespace, @project, @ref, @path || '', offset: (@offset +  @limit))}');
+      var url = "#{escape_javascript(@more_log_url)}";
+      ajaxGet(url);
    }
--- a/app/views/projects/tree/_tree.html.haml
+++ b/app/views/projects/tree/_tree.html.haml
@@ -49,5 +49,5 @@
 :javascript
  // Load last commit log for each file in tree
  $('#tree-slider').waitForImages(function() {
-    ajaxGet('#{@logs_path}');
+    ajaxGet("#{escape_javascript(@logs_path)}");
  });
--- a/app/views/projects/wikis/show.html.haml
+++ b/app/views/projects/wikis/show.html.haml
@@ -3,6 +3,10 @@
 %h3.page-title
  = @page.title
  = render 'main_links'
+
+.wiki-last-edit-by
+  Last edited by #{@page.commit.author.name} #{time_ago_with_tooltip(@page.commit.authored_date)}
+
 - if @page.historical?
  .warning_message
    This is an old version of this page.
@@ -16,6 +20,6 @@
      = render_wiki_content(@page)

 %hr
-
 .wiki-last-edit-by
  Last edited by #{@page.commit.author.name} #{time_ago_with_tooltip(@page.commit.authored_date)}
+
--- a/app/views/shared/issuable/_context.html.haml
+++ b/app/views/shared/issuable/_context.html.haml
@@ -8,7 +8,7 @@
      - else
        none
    .issuable-context-selectbox
-      - if can?(current_user, :"admin_#{issuable.class.to_s.underscore}", @project)
+      - if can?(current_user, :"admin_#{issuable.to_ability_name}", @project)
        = users_select_tag("#{issuable.class.table_name.singularize}[assignee_id]", placeholder: 'Select assignee', class: 'custom-form-control js-select2 js-assignee', selected: issuable.assignee_id, project: @target_project, null_user: true)

  %div.prepend-top-20.clearfix
@@ -24,7 +24,7 @@
      - else
        none
    .issuable-context-selectbox
-      - if can?(current_user, :"admin_#{issuable.class.to_s.underscore}", @project)
+      - if can?(current_user, :"admin_#{issuable.to_ability_name}", @project)
        = f.select(:milestone_id, milestone_options(issuable), { include_blank: 'Select milestone' }, {class: 'select2 select2-compact js-select2 js-milestone'})
        = hidden_field_tag :issuable_context
        = f.submit class: 'btn hide'

--- a/app/views/shared/issuable/_form.html.haml
+++ b/app/views/shared/issuable/_form.html.haml
@@ -38,7 +38,7 @@
      .clearfix
      .error-alert
  %hr
- if can?(current_user, :admin_issue, @project)
+- if can?(current_user, :"admin_#{issuable.to_ability_name}", @project)
  .form-group
    .issue-assignee
      = f.label :assignee_id, class: 'control-label' do

--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -209,20 +209,29 @@ production: &base
    # arguments, followed by optional 'args' which can be either a hash or an array.
    # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
    providers:
-      # - { name: 'google_oauth2', app_id: 'YOUR_APP_ID',
+      # - { name: 'google_oauth2', 
+      #     label: 'Google',
+      #     app_id: 'YOUR_APP_ID', 
      #     app_secret: 'YOUR_APP_SECRET',
      #     args: { access_type: 'offline', approval_prompt: '' } }
-      # - { name: 'twitter', app_id: 'YOUR_APP_ID',
-      #     app_secret: 'YOUR_APP_SECRET'}
-      # - { name: 'github', app_id: 'YOUR_APP_ID',
+      # - { name: 'twitter', 
+      #     app_id: 'YOUR_APP_ID', 
+      #     app_secret: 'YOUR_APP_SECRET' }
+      # - { name: 'github', 
+      #     label: 'GitHub',
+      #     app_id: 'YOUR_APP_ID', 
      #     app_secret: 'YOUR_APP_SECRET',
      #     args: { scope: 'user:email' } }
-      # - { name: 'gitlab', app_id: 'YOUR_APP_ID',
+      # - { name: 'gitlab', 
+      #     label: 'GitLab.com',
+      #     app_id: 'YOUR_APP_ID', 
      #     app_secret: 'YOUR_APP_SECRET',
      #     args: { scope: 'api' } }
-      # - { name: 'bitbucket', app_id: 'YOUR_APP_ID',
-      #     app_secret: 'YOUR_APP_SECRET'}
-      # - { name: 'saml',
+      # - { name: 'bitbucket', 
+      #     app_id: 'YOUR_APP_ID', 
+      #     app_secret: 'YOUR_APP_SECRET' }
+      # - { name: 'saml', 
+      #     label: 'Our SAML Provider',
      #     args: {
      #             assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
      #             idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',

--- a/db/migrate/20150609141121_add_session_expire_delay_for_application_settings.rb
+++ b/db/migrate/20150609141121_add_session_expire_delay_for_application_settings.rb
 class AddSessionExpireDelayForApplicationSettings < ActiveRecord::Migration
  def change
-    add_column :application_settings, :session_expire_delay, :integer, default: 10080, null: false
+    unless column_exists?(:application_settings, :session_expire_delay)
+      add_column :application_settings, :session_expire_delay, :integer, default: 10080, null: false
+    end
  end
-end
\ No newline at end of file
+end
--- a/doc/gitlab-basics/README.md
+++ b/doc/gitlab-basics/README.md
@@ -2,7 +2,7 @@

 Step-by-step guides on the basics of working with Git and GitLab.

-* [Start using Git on the commandline](start-using-git.md)
+* [Start using Git on the command line](start-using-git.md)

 * [Create and add your SSH Keys](create-your-ssh-keys.md)

@@ -17,3 +17,5 @@ Step-by-step guides on the basics of working with Git and GitLab.
 * [Create a branch](create-branch.md)

 * [Fork a project](fork-project.md)
+
+* [Add a file](add-file.md)
--- a/doc/gitlab-basics/add-file.md
+++ b/doc/gitlab-basics/add-file.md
+# How to add a file
+
+You can create a file in your [shell](command-line-commands.md) or in GitLab.
+
+To create a file in GitLab, sign in to [GitLab.com](https://gitlab.com).
+
+Select a project on the right side of your screen:
+
+![Select a project](basicsimages/select_project.png)
+
+It's a good idea to [create a branch](create-branch.md), but it's not necessary.
+
+Go to the directory where you'd like to add the file and click on the "+" sign next to the name of the project and directory:
+
+![Create a file](basicsimages/create_file.png)
+
+Name your file (you can't add spaces, so you can use hyphens or underscores). Don't forget to include the markup language you'd like to use :
+
+![File name](basicsimages/file_name.png)
+
+Add all the information that you'd like to include in your file:
+
+![Add information](basicsimages/white_space.png)
+
+Add a commit message based on what you just added and then click on "commit changes":
+
+![Commit changes](basicsimages/commit_changes.png)
+
+### Note
+Besides its regular files, every directory needs a README.md or README.html file which works like an index, telling
+what the directory is about. It's the first document you'll find when you open a directory.
--- a/doc/integration/gitlab_actions.png
+++ b/doc/integration/gitlab_actions.png
--- a/doc/integration/gitlab_buttons_in_gmail.md
+++ b/doc/integration/gitlab_buttons_in_gmail.md
-# GitLab buttons in Gmail
-
-GitLab supports [Google actions in email](https://developers.google.com/gmail/markup/actions/actions-overview).
-
-If correctly setup, emails that require an action will be marked in Gmail.
-
-![gitlab_actions](gitlab_actions.png)
-
-To get this functioning, you need to be registered with Google.
-[See how to register with Google in this document.](https://developers.google.com/gmail/markup/registering-with-google)
-
-To aid the registering with Google, GitLab offers a rake task that will send an email to Google whitelisting email address from your GitLab server.
-
-To check what would be sent to the Google email address, run the rake task:
-
-```bash
-bundle exec rake gitlab:mail_google_schema_whitelisting RAILS_ENV=production
-```
-
-**This will not send the email but give you the output of how the mail will look.**
-
-Copy the output of the rake task to [Google email markup tester](https://www.google.com/webmasters/markup-tester/u/0/) and press "Validate".
-
-If you receive "No errors detected" message from the tester you can send the email using:
-
-```bash
-bundle exec rake gitlab:mail_google_schema_whitelisting RAILS_ENV=production SEND=true
-```
--- a/doc/integration/omniauth.md
+++ b/doc/integration/omniauth.md
@@ -84,7 +84,7 @@ Existing users can enable OmniAuth for specific providers after the account is c
 1. Sign in normally - whether standard sign in, LDAP, or another OmniAuth provider.
 1. Go to profile settings (the silhouette icon in the top right corner).
 1. Select the "Account" tab.
-1. Under "Social Accounts" select the desired OmniAuth provider, such as Twitter.
+1. Under "Connected Accounts" select the desired OmniAuth provider, such as Twitter.
 1. The user will be redirected to the provider. Once the user authorized GitLab they will be redirected back to GitLab.

 The chosen OmniAuth provider is now active and can be used to sign in to GitLab from then on.

--- a/doc/permissions/permissions.md
+++ b/doc/permissions/permissions.md
@@ -17,6 +17,7 @@ If a user is a GitLab administrator they receive all permissions.
 | Create code snippets                  |         | ✓          | ✓           | ✓        | ✓      |
 | Manage issue tracker                  |         | ✓          | ✓           | ✓        | ✓      |
 | Manage labels                         |         | ✓          | ✓           | ✓        | ✓      |
+| Manage merge requests                 |         |            | ✓           | ✓        | ✓      |
 | Create new merge request              |         |            | ✓           | ✓        | ✓      |
 | Create new branches                   |         |            | ✓           | ✓        | ✓      |
 | Push to non-protected branches        |         |            | ✓           | ✓        | ✓      |

--- a/doc/release/monthly.md
+++ b/doc/release/monthly.md
@@ -68,7 +68,7 @@ Xth: (2 working days before the 22nd)
 Xth: (1 working day before the 22nd)

 - [ ] Merge CE stable into EE stable
- [ ] Create (hopefully final) CE, EE, CI release candidates (#LINK)
+- [ ] Create CE, EE, CI release candidates (#LINK) (hopefully final ones with the same commit as the release tomorrow) 
 - [ ] Create Omnibus tags and build packages for the latest release candidates
 - [ ] Update GitLab.com with the latest RC (#LINK)
 - [ ] Update ci.gitLab.com with the latest RC (#LINK)
@@ -81,10 +81,10 @@ workday to quickly fix any issues.

 - [ ] Merge CE stable into EE stable (#LINK)
 - [ ] Create the 'x.y.0' tag with the [release tools](https://dev.gitlab.org/gitlab/release-tools) (#LINK)
- [ ] BEFORE 11AM CET Create and push omnibus tags for x.y.0 (will auto-release the packages) (#LINK)
- [ ] BEFORE 12AM CET Publish the release blog post (#LINK)
+- [ ] Try to do before 11AM CET: Create and push omnibus tags for x.y.0 (will auto-release the packages) (#LINK)
+- [ ] Try to do before 12AM CET: Publish the release blog post (#LINK)
 - [ ] Tweet about the release (blog post) (#LINK)
- [ ] Schedule a second tweet of the release announcement at 6PM CET / 9AM PST
+- [ ] Schedule a second tweet of the release announcement with the same text at 6PM CET / 9AM PST

 ```

@@ -220,4 +220,4 @@ Consider creating a post on Hacker News.

 ## Create a WIP blogpost for the next release

-Create a WIP blogpost using [release blog template](https://gitlab.com/gitlab-com/www-gitlab-com/blob/master/doc/release_blog_template.md).
+Create a WIP blogpost using [release blog template](https://gitlab.com/gitlab-com/www-gitlab-com/blob/master/doc/release_blog_template.md).
\ No newline at end of file
--- a/doc/workflow/importing/README.md
+++ b/doc/workflow/importing/README.md
@@ -6,4 +6,7 @@
 4. [SVN](migrating_from_svn.md)

 ### Note
-* If you'd like to migrate from a self-hosted GitLab instance to GitLab.com, you can copy your repos by changing the remote and pushing to the new server; but issues and merge requests can't be imported.
\ No newline at end of file
+* If you'd like to migrate from a self-hosted GitLab instance to GitLab.com, you can copy your repos by changing the remote and pushing to the new server; but issues and merge requests can't be imported.
+
+* Repositories are imported to GitLab via HTTP. 
+If the repository is too large, it can timeout. We have a soft limit of 10GB.
--- a/features/project/source/browse_files.feature
+++ b/features/project/source/browse_files.feature
@@ -158,3 +158,10 @@ Feature: Project Source Browse Files
    Given I visit project source page for "6d394385cf567f80a8fd85055db1ab4c5295806f"
    And I click on ".gitignore" file in repo
    Then I don't see the permalink link
+
+  @javascript
+  Scenario: I browse code with single quotes in the ref
+    Given I switch ref to 'test'
+    And I see the ref 'test' has been selected
+    And I visit the 'test' tree
+    Then I see the commit data
--- a/features/steps/admin/users.rb
+++ b/features/steps/admin/users.rb
@@ -3,6 +3,14 @@ class Spinach::Features::AdminUsers < Spinach::FeatureSteps
  include SharedPaths
  include SharedAdmin

+  before do
+    allow(Devise).to receive(:omniauth_providers).and_return([:twitter, :twitter_updated])
+  end
+
+  after do
+    allow(Devise).to receive(:omniauth_providers).and_call_original
+  end
+
  step 'I should see all users' do
    User.all.each do |user|
      expect(page).to have_content user.name
@@ -121,7 +129,6 @@ class Spinach::Features::AdminUsers < Spinach::FeatureSteps
  end

  step 'I visit "Pete" identities page in admin' do
-    allow(Gitlab::OAuth::Provider).to receive(:names).and_return(%w(twitter twitter_updated))
    visit admin_user_identities_path(@user)
  end


--- a/features/steps/project/source/browse_files.rb
+++ b/features/steps/project/source/browse_files.rb
@@ -193,6 +193,23 @@ class Spinach::Features::ProjectSourceBrowseFiles < Spinach::FeatureSteps
    FileUtils.rm_f(File.join(@project.repository.path, 'hooks', 'pre-receive'))
  end

+  step "I switch ref to 'test'" do
+    select "'test'", from: 'ref'
+  end
+
+  step "I see the ref 'test' has been selected" do
+    expect(page).to have_selector '.select2-chosen', text: "'test'"
+  end
+
+  step "I visit the 'test' tree" do
+    visit namespace_project_tree_path(@project.namespace, @project, "'test'")
+  end
+
+  step 'I see the commit data' do
+    expect(page).to have_css('.tree-commit-link', visible: true)
+    expect(page).not_to have_content('Loading commit data...')
+  end
+
  private

  def set_new_content

--- a/lib/api/merge_requests.rb
+++ b/lib/api/merge_requests.rb
@@ -229,7 +229,7 @@ module API

        authorize! :read_merge_request, merge_request

-        present paginate(merge_request.notes), with: Entities::MRNote
+        present paginate(merge_request.notes.fresh), with: Entities::MRNote
      end

      # Post comment to merge request

--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@@ -26,7 +26,12 @@ module Grack
      auth!

      if project && authorized_request?
-        @app.call(env)
+        if ENV['GITLAB_GRACK_AUTH_ONLY'] == '1'
+          # Tell gitlab-git-http-server the request is OK, and what the GL_ID is
+          render_grack_auth_ok
+        else
+          @app.call(env)
+        end
      elsif @user.nil? && !@gitlab_ci
        unauthorized
      else
@@ -174,6 +179,10 @@ module Grack
      end
    end

+    def render_grack_auth_ok
+      [200, { "Content-Type" => "application/json" }, [JSON.dump({ 'GL_ID' => Gitlab::ShellEnv.gl_id(@user) })]]
+    end
+
    def render_not_found
      [404, { "Content-Type" => "text/plain" }, ["Not Found"]]
    end

--- a/lib/gitlab/backend/shell_env.rb
+++ b/lib/gitlab/backend/shell_env.rb
@@ -7,7 +7,7 @@ module Gitlab
    def set_env(user)
      # Set GL_ID env variable
      if user
-        ENV['GL_ID'] = "user-#{user.id}"
+        ENV['GL_ID'] = gl_id(user)
      end
    end

@@ -15,5 +15,14 @@ module Gitlab
      # Reset GL_ID env variable
      ENV['GL_ID'] = nil
    end
+
+    def gl_id(user)
+      if user.present?
+        "user-#{user.id}"
+      else
+        # This empty string is used in the render_grack_auth_ok method
+        ""
+      end
+    end
  end
 end
--- a/lib/gitlab/bitbucket_import/client.rb
+++ b/lib/gitlab/bitbucket_import/client.rb
 module Gitlab
  module BitbucketImport
    class Client
+      class Unauthorized < StandardError; end
+
      attr_reader :consumer, :api

      def initialize(access_token = nil, access_token_secret = nil)
@@ -46,23 +48,23 @@ module Gitlab
      end

      def user
-        JSON.parse(api.get("/api/1.0/user").body)
+        JSON.parse(get("/api/1.0/user").body)
      end

      def issues(project_identifier)
-        JSON.parse(api.get("/api/1.0/repositories/#{project_identifier}/issues").body)
+        JSON.parse(get("/api/1.0/repositories/#{project_identifier}/issues").body)
      end

      def issue_comments(project_identifier, issue_id)
-        JSON.parse(api.get("/api/1.0/repositories/#{project_identifier}/issues/#{issue_id}/comments").body)
+        JSON.parse(get("/api/1.0/repositories/#{project_identifier}/issues/#{issue_id}/comments").body)
      end

      def project(project_identifier)
-        JSON.parse(api.get("/api/1.0/repositories/#{project_identifier}").body)
+        JSON.parse(get("/api/1.0/repositories/#{project_identifier}").body)
      end

      def find_deploy_key(project_identifier, key)
-        JSON.parse(api.get("/api/1.0/repositories/#{project_identifier}/deploy-keys").body).find do |deploy_key|
+        JSON.parse(get("/api/1.0/repositories/#{project_identifier}/deploy-keys").body).find do |deploy_key|
          deploy_key["key"].chomp == key.chomp
        end
      end
@@ -82,11 +84,18 @@ module Gitlab
      end

      def projects
-        JSON.parse(api.get("/api/1.0/user/repositories").body).select { |repo| repo["scm"] == "git" }
+        JSON.parse(get("/api/1.0/user/repositories").body).select { |repo| repo["scm"] == "git" }
      end

      private

+      def get(url)
+        response = api.get(url)
+        raise Unauthorized if (400..499).include?(response.code.to_i)
+
+        response
+      end
+
      def config
        Gitlab.config.omniauth.providers.find { |provider| provider.name == "bitbucket"}
      end

--- a/lib/gitlab/o_auth/provider.rb
+++ b/lib/gitlab/o_auth/provider.rb
 module Gitlab
  module OAuth
    class Provider
-      def self.names
-        providers = []
+      def self.providers
+        Devise.omniauth_providers
+      end

-        Gitlab.config.ldap.servers.values.each do |server|
-          providers << server['provider_name']
-        end
+      def self.enabled?(name)
+        providers.include?(name.to_sym)
+      end

-        Gitlab.config.omniauth.providers.each do |provider|
-          providers << provider['name']
+      def self.ldap_provider?(name)
+        name.to_s.start_with?('ldap')
+      end
+
+      def self.config_for(name)
+        name = name.to_s
+        if ldap_provider?(name)
+          Gitlab::LDAP::Config.new(name).options
+        else
+          Gitlab.config.omniauth.providers.find { |provider| provider.name == name }
        end
+      end

-        providers
+      def self.label_for(name)
+        config = config_for(name)
+        (config && config['label']) || name.to_s.titleize
      end
    end
  end

--- a/lib/gitlab/satellite/merge_action.rb
+++ b/lib/gitlab/satellite/merge_action.rb
@@ -33,7 +33,7 @@ module Gitlab
            merge_repo.git.push(default_options, :origin, merge_request.target_branch)

            # remove source branch
-            if merge_request.should_remove_source_branch && !project.root_ref?(merge_request.source_branch) && !merge_request.for_fork?
+            if merge_request.remove_source_branch?
              # will raise CommandFailed when push fails
              merge_repo.git.push(default_options, :origin, ":#{merge_request.source_branch}")
            end

--- a/lib/redcarpet/render/gitlab_html.rb
+++ b/lib/redcarpet/render/gitlab_html.rb
@@ -22,10 +22,10 @@ class Redcarpet::Render::GitlabHTML < Redcarpet::Render::HTML
    ERB::Util.html_escape_once(text)
  end

-  # Stolen from Rugments::Plugins::Redcarpet as this module is not required
-  # from Rugments's gem root.
+  # Stolen from Rouge::Plugins::Redcarpet as this module is not required
+  # from Rouge's gem root.
  def block_code(code, language)
-    lexer = Rugments::Lexer.find_fancy(language, code) || Rugments::Lexers::PlainText
+    lexer = Rouge::Lexer.find_fancy(language, code) || Rouge::Lexers::PlainText

    # XXX HACK: Redcarpet strips hard tabs out of code blocks,
    # so we assume you're not using leading spaces that aren't tabs,
@@ -34,7 +34,7 @@ class Redcarpet::Render::GitlabHTML < Redcarpet::Render::HTML
      code.gsub!(/^    /, "\t")
    end

-    formatter = Rugments::Formatters::HTML.new(
+    formatter = Rouge::Formatters::HTMLGitlab.new(
      cssclass: "code highlight #{@color_scheme} #{lexer.tag}"
    )
    formatter.format(lexer.lex(code))

--- a/lib/rouge/formatters/html_gitlab.rb
+++ b/lib/rouge/formatters/html_gitlab.rb
+require 'cgi'
+
+module Rouge
+  module Formatters
+    class HTMLGitlab < Rouge::Formatter
+      tag 'html_gitlab'
+
+      # Creates a new <tt>Rouge::Formatter::HTMLGitlab</tt> instance.
+      #
+      # [+nowrap+]          If set to True, don't wrap the output at all, not
+      #                     even inside a <tt><pre></tt> tag (default: false).
+      # [+cssclass+]        CSS class for the wrapping <tt><div></tt> tag
+      #                     (default: 'highlight').
+      # [+linenos+]         If set to 'table', output line numbers as a table
+      #                     with two cells, one containing the line numbers,
+      #                     the other the whole code. This is copy paste friendly,
+      #                     but may cause alignment problems with some browsers
+      #                     or fonts. If set to 'inline', the line numbers will
+      #                     be integrated in the <tt><pre></tt> tag that contains
+      #                     the code (default: nil).
+      # [+linenostart+]     The line number for the first line (default: 1).
+      # [+lineanchors+]     If set to true the formatter will wrap each output
+      #                     line in an anchor tag with a name of L-linenumber.
+      #                     This allows easy linking to certain lines
+      #                     (default: false).
+      # [+lineanchorsid+]   If lineanchors is true the name of the anchors can
+      #                     be changed with lineanchorsid to e.g. foo-linenumber
+      #                     (default: 'L').
+      # [+anchorlinenos+]   If set to true, will wrap line numbers in <tt><a></tt>
+      #                     tags. Used in combination with linenos and lineanchors
+      #                     (default: false).
+      # [+inline_theme+]    Inline CSS styles for the <pre> tag (default: false).
+      def initialize(
+          nowrap: false,
+          cssclass: 'highlight',
+          linenos: nil,
+          linenostart: 1,
+          lineanchors: false,
+          lineanchorsid: 'L',
+          anchorlinenos: false,
+          inline_theme: nil
+        )
+        @nowrap = nowrap
+        @cssclass = cssclass
+        @linenos = linenos
+        @linenostart = linenostart
+        @lineanchors = lineanchors
+        @lineanchorsid = lineanchorsid
+        @anchorlinenos = anchorlinenos
+        @inline_theme = Theme.find(@inline_theme).new if @inline_theme.is_a?(String)
+      end
+
+      def render(tokens)
+        case @linenos
+        when 'table'
+          render_tableized(tokens)
+        when 'inline'
+          render_untableized(tokens)
+        else
+          render_untableized(tokens)
+        end
+      end
+
+      alias_method :format, :render
+
+      private
+
+      def render_untableized(tokens)
+        data = process_tokens(tokens)
+
+        html = ''
+        html << "<pre class=\"#{@cssclass}\"><code>" unless @nowrap
+        html << wrap_lines(data[:code])
+        html << "</code></pre>\n" unless @nowrap
+        html
+      end
+
+      def render_tableized(tokens)
+        data = process_tokens(tokens)
+
+        html = ''
+        html << "<div class=\"#{@cssclass}\">" unless @nowrap
+        html << '<table><tbody>'
+        html << "<td class=\"linenos\"><pre>"
+        html << wrap_linenos(data[:numbers])
+        html << '</pre></td>'
+        html << "<td class=\"lines\"><pre><code>"
+        html << wrap_lines(data[:code])
+        html << '</code></pre></td>'
+        html << '</tbody></table>'
+        html << '</div>' unless @nowrap
+        html
+      end
+
+      def process_tokens(tokens)
+        num_lines = 0
+        last_val = ''
+        rendered = ''
+
+        tokens.each do |tok, val|
+          last_val = val
+          num_lines += val.scan(/\n/).size
+          rendered << span(tok, val)
+        end
+
+        numbers = (@linenostart..num_lines + @linenostart - 1).to_a
+
+        { numbers: numbers, code: rendered }
+      end
+
+      def wrap_linenos(numbers)
+        if @anchorlinenos
+          numbers.map! do |number|
+            "<a href=\"##{@lineanchorsid}#{number}\">#{number}</a>"
+          end
+        end
+        numbers.join("\n")
+      end
+
+      def wrap_lines(rendered)
+        if @lineanchors
+          lines = rendered.split("\n")
+          lines = lines.each_with_index.map do |line, index|
+            number = index + @linenostart
+
+            if @linenos == 'inline'
+              "<a name=\"L#{number}\"></a>" \
+              "<span class=\"linenos\">#{number}</span>" \
+              "<span id=\"#{@lineanchorsid}#{number}\" class=\"line\">#{line}" \
+              '</span>'
+            else
+              "<span id=\"#{@lineanchorsid}#{number}\" class=\"line\">#{line}" \
+              '</span>'
+            end
+          end
+          lines.join("\n")
+        else
+          if @linenos == 'inline'
+            lines = rendered.split("\n")
+            lines = lines.each_with_index.map do |line, index|
+              number = index + @linenostart
+              "<span class=\"linenos\">#{number}</span>#{line}"
+            end
+            lines.join("\n")
+          else
+            rendered
+          end
+        end
+      end
+
+      def span(tok, val)
+        # http://stackoverflow.com/a/1600584/2587286
+        val = CGI.escapeHTML(val)
+
+        if tok.shortname.empty?
+          val
+        else
+          if @inline_theme
+            rules = @inline_theme.style_for(tok).rendered_rules
+            "<span style=\"#{rules.to_a.join(';')}\">#{val}</span>"
+          else
+            "<span class=\"#{tok.shortname}\">#{val}</span>"
+          end
+        end
+      end
+    end
+  end
+end
--- a/lib/support/nginx/gitlab
+++ b/lib/support/nginx/gitlab
@@ -38,6 +38,11 @@ upstream gitlab {
  server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0;
 }

+## Experimental: gitlab-git-http-server
+# upstream gitlab-git-http-server {
+#   server localhost:8181;
+# }
+
 ## Normal HTTP host
 server {
  ## Either remove "default_server" from the listen line below, 
@@ -109,6 +114,26 @@ server {
    proxy_pass http://gitlab;
  }

+  ## Experimental: send Git HTTP traffic to gitlab-git-http-server instead of Unicorn
+  # location ~ [-\/\w\.]+\.git\/ {
+  #   ## If you use HTTPS make sure you disable gzip compression
+  #   ## to be safe against BREACH attack.
+  #   # gzip off;
+
+  #   ## https://github.com/gitlabhq/gitlabhq/issues/694
+  #   ## Some requests take more than 30 seconds.
+  #   proxy_read_timeout      300;
+  #   proxy_connect_timeout   300;
+  #   proxy_redirect          off;
+
+  #   proxy_set_header    Host                $http_host;
+  #   proxy_set_header    X-Real-IP           $remote_addr;
+  #   proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+  #   proxy_set_header    X-Forwarded-Proto   $scheme;
+
+  #   proxy_pass http://gitlab-git-http-server;
+  # }
+
  ## Enable gzip compression as per rails guide:
  ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
  ## WARNING: If you are using relative urls remove the block below

--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -42,6 +42,11 @@ upstream gitlab {
  server unix:/home/git/gitlab/tmp/sockets/gitlab.socket fail_timeout=0;
 }

+## Experimental: gitlab-git-http-server
+# upstream gitlab-git-http-server {
+#   server localhost:8181;
+# }
+
 ## Redirects all HTTP traffic to the HTTPS host
 server {
  ## Either remove "default_server" from the listen line below, 
@@ -156,6 +161,26 @@ server {
    proxy_pass http://gitlab;
  }

+  ## Experimental: send Git HTTP traffic to gitlab-git-http-server instead of Unicorn
+  # location ~ [-\/\w\.]+\.git\/ {
+  #   ## If you use HTTPS make sure you disable gzip compression
+  #   ## to be safe against BREACH attack.
+  #   gzip off;
+
+  #   ## https://github.com/gitlabhq/gitlabhq/issues/694
+  #   ## Some requests take more than 30 seconds.
+  #   proxy_read_timeout      300;
+  #   proxy_connect_timeout   300;
+  #   proxy_redirect          off;
+
+  #   proxy_set_header    Host                $http_host;
+  #   proxy_set_header    X-Real-IP           $remote_addr;
+  #   proxy_set_header    X-Forwarded-Ssl     on;
+  #   proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+  #   proxy_set_header    X-Forwarded-Proto   $scheme;
+  #   proxy_pass http://gitlab-git-http-server;
+  # }
+
  ## Enable gzip compression as per rails guide:
  ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
  ## WARNING: If you are using relative urls remove the block below

--- a/lib/tasks/gitlab/mail_google_schema_whitelisting.rake
+++ b/lib/tasks/gitlab/mail_google_schema_whitelisting.rake
-require "#{Rails.root}/app/helpers/emails_helper"
-require 'action_view/helpers'
-extend ActionView::Helpers
-
-include ActionView::Context
-include EmailsHelper
-
-namespace :gitlab do
-  desc "Email google whitelisting email with example email for actions in inbox"
-  task mail_google_schema_whitelisting: :environment do
-    subject = "Rails | Implemented feature"
-    url = "#{Gitlab.config.gitlab.url}/base/rails-project/issues/#{rand(1..100)}#note_#{rand(10..1000)}"
-    schema = email_action(url)
-    body = email_template(schema, url)
-    mail = Notify.test_email("schema.whitelisting+sample@gmail.com", subject, body.html_safe)
-    if send_now
-      mail.deliver
-    else
-      puts "WOULD SEND:"
-    end
-    puts mail
-  end
-
-  def email_template(schema, url)
-    "<html lang='en'>
-      <head>
-        <meta content='text/html; charset=utf-8' http-equiv='Content-Type'>
-          <title>
-            GitLab
-          </title>
-        </meta>
-      </head>
-      <style>
-        img {
-          max-width: 100%;
-          height: auto;
-        }
-        p.details {
-          font-style:italic;
-          color:#777
-        }
-        .footer p {
-          font-size:small;
-          color:#777
-        }
-      </style>
-      <body>
-        <div class='content'>
-          <div>
-           <p>I like it :+1: </p>
-          </div>
-        </div>
-
-        <div class='footer' style='margin-top: 10px;'>
-          <p>
-          <br>
-            <a href=\"#{url}\">View it on GitLab</a>
-            You're receiving this notification because you are a member of the Base / Rails Project project team.
-            #{schema}
-          </p>
-        </div>
-      </body>
-    </html>"
-  end
-
-  def send_now
-    if ENV['SEND'] == "true"
-      true
-    else
-      false
-    end
-  end
-end
--- a/lib/tasks/gitlab/update_commit_count.rake
+++ b/lib/tasks/gitlab/update_commit_count.rake
+namespace :gitlab do
+  desc "GitLab | Update commit count for projects"
+  task update_commit_count: :environment do
+    projects = Project.where(commit_count: 0)
+    puts "#{projects.size} projects need to be updated. This might take a while."
+    ask_to_continue unless ENV['force'] == 'yes'
+
+    projects.find_each(batch_size: 100) do |project|
+      print "#{project.name_with_namespace.yellow} ... "
+
+      unless project.repo_exists?
+        puts "skipping, because the repo is empty".magenta
+        next
+      end
+
+      project.update_commit_count
+      puts project.commit_count.to_s.green
+    end
+  end
+end
--- a/lib/unfold_form.rb
+++ b/lib/unfold_form.rb
@@ -8,4 +8,5 @@ class UnfoldForm
  attribute :bottom, Boolean
  attribute :unfold, Boolean, default: true
  attribute :offset, Integer
+  attribute :indent, Integer, default: 0
 end
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
 require 'spec_helper'

 describe UsersController do
-  let(:user)    { create(:user, username: 'user1', name: 'User 1', email: 'user1@gitlab.com') }
-
-  before do
-    sign_in(user)
-  end
+  let(:user) { create(:user) }

  describe 'GET #show' do
-    render_views
+    it 'is case-insensitive' do
+      user = create(:user, username: 'CamelCaseUser')
+      sign_in(user)
+
+      get :show, username: user.username.downcase

-    it 'renders the show template' do
-      get :show, username: user.username
-      expect(response.status).to eq(200)
-      expect(response).to render_template('show')
+      expect(response).to be_success
+    end
+
+    context 'with rendered views' do
+      render_views
+
+      it 'renders the show template' do
+        sign_in(user)
+
+        get :show, username: user.username
+
+        expect(response).to be_success
+        expect(response).to render_template('show')
+      end
    end
  end

  describe 'GET #calendar' do
    it 'renders calendar' do
+      sign_in(user)
+
      get :calendar, username: user.username
+
      expect(response).to render_template('calendar')
    end
  end
@@ -30,6 +43,8 @@ describe UsersController do

    before do
      allow_any_instance_of(User).to receive(:contributed_projects_ids).and_return([project.id])
+
+      sign_in(user)
      project.team << [user, :developer]
    end


--- a/spec/features/admin/security_spec.rb
+++ b/spec/features/admin/security_spec.rb
 require 'spec_helper'

 describe "Admin::Projects", feature: true  do
+  include AccessMatchers
+
  describe "GET /admin/projects" do
    subject { admin_namespaces_projects_path }


--- a/spec/features/security/dashboard_access_spec.rb
+++ b/spec/features/security/dashboard_access_spec.rb
 require 'spec_helper'

 describe "Dashboard access", feature: true  do
+  include AccessMatchers
+
  describe "GET /dashboard" do
    subject { dashboard_path }


--- a/spec/features/security/group/group_access_spec.rb
+++ b/spec/features/security/group/group_access_spec.rb
-require 'spec_helper'
-
-describe "Group access", feature: true  do
-  describe "GET /projects/new" do
-    it { expect(new_group_path).to be_allowed_for :admin }
-    it { expect(new_group_path).to be_allowed_for :user }
-    it { expect(new_group_path).to be_denied_for :visitor }
-  end
-
-  describe "Group" do
-    let(:group) { create(:group) }
-
-    let(:owner)   { create(:owner) }
-    let(:master)   { create(:user) }
-    let(:reporter) { create(:user) }
-    let(:guest)    { create(:user) }
-    let(:nonmember)  { create(:user) }
-
-    before do
-      group.add_user(owner, Gitlab::Access::OWNER)
-      group.add_user(master, Gitlab::Access::MASTER)
-      group.add_user(reporter, Gitlab::Access::REPORTER)
-      group.add_user(guest, Gitlab::Access::GUEST)
-    end
-
-    describe "GET /groups/:path" do
-      subject { group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/issues" do
-      subject { issues_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/merge_requests" do
-      subject { merge_requests_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/group_members" do
-      subject { group_group_members_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/edit" do
-      subject { edit_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_denied_for master }
-      it { is_expected.to be_denied_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_denied_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/projects" do
-      subject { projects_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_denied_for master }
-      it { is_expected.to be_denied_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_denied_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-  end
-end
--- a/spec/features/security/group/internal_group_access_spec.rb
+++ b/spec/features/security/group/internal_group_access_spec.rb
-require 'spec_helper'
-
-describe "Group with internal project access", feature: true  do
-  describe "Group" do
-    let(:group) { create(:group) }
-
-    let(:owner)   { create(:owner) }
-    let(:master)   { create(:user) }
-    let(:reporter) { create(:user) }
-    let(:guest)    { create(:user) }
-    let(:nonmember)  { create(:user) }
-
-    before do
-      group.add_user(owner, Gitlab::Access::OWNER)
-      group.add_user(master, Gitlab::Access::MASTER)
-      group.add_user(reporter, Gitlab::Access::REPORTER)
-      group.add_user(guest, Gitlab::Access::GUEST)
-
-      create(:project, :internal, group: group)
-    end
-
-    describe "GET /groups/:path" do
-      subject { group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/issues" do
-      subject { issues_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/merge_requests" do
-      subject { merge_requests_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/group_members" do
-      subject { group_group_members_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-
-    describe "GET /groups/:path/edit" do
-      subject { edit_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_denied_for master }
-      it { is_expected.to be_denied_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_denied_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-  end
-end
--- a/spec/features/security/group/mixed_group_access_spec.rb
+++ b/spec/features/security/group/mixed_group_access_spec.rb
-require 'spec_helper'
-
-describe "Group access", feature: true  do
-  describe "Group" do
-    let(:group) { create(:group) }
-
-    let(:owner)   { create(:owner) }
-    let(:master)   { create(:user) }
-    let(:reporter) { create(:user) }
-    let(:guest)    { create(:user) }
-    let(:nonmember)  { create(:user) }
-
-    before do
-      group.add_user(owner, Gitlab::Access::OWNER)
-      group.add_user(master, Gitlab::Access::MASTER)
-      group.add_user(reporter, Gitlab::Access::REPORTER)
-      group.add_user(guest, Gitlab::Access::GUEST)
-
-      create(:project, :internal, path: "internal_project", group: group)
-      create(:project, :public, path: "public_project", group: group)
-    end
-
-    describe "GET /groups/:path" do
-      subject { group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/issues" do
-      subject { issues_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/merge_requests" do
-      subject { merge_requests_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/group_members" do
-      subject { group_group_members_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/edit" do
-      subject { edit_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_denied_for master }
-      it { is_expected.to be_denied_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_denied_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-  end
-end
--- a/spec/features/security/group/public_group_access_spec.rb
+++ b/spec/features/security/group/public_group_access_spec.rb
-require 'spec_helper'
-
-describe "Group with public project access", feature: true  do
-  describe "Group" do
-    let(:group) { create(:group) }
-
-    let(:owner)   { create(:owner) }
-    let(:master)   { create(:user) }
-    let(:reporter) { create(:user) }
-    let(:guest)    { create(:user) }
-    let(:nonmember)  { create(:user) }
-
-    before do
-      group.add_user(owner, Gitlab::Access::OWNER)
-      group.add_user(master, Gitlab::Access::MASTER)
-      group.add_user(reporter, Gitlab::Access::REPORTER)
-      group.add_user(guest, Gitlab::Access::GUEST)
-
-      create(:project, :public, group: group)
-    end
-
-    describe "GET /groups/:path" do
-      subject { group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/issues" do
-      subject { issues_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/merge_requests" do
-      subject { merge_requests_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/group_members" do
-      subject { group_group_members_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_allowed_for master }
-      it { is_expected.to be_allowed_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_allowed_for guest }
-      it { is_expected.to be_allowed_for :user }
-      it { is_expected.to be_allowed_for :visitor }
-    end
-
-    describe "GET /groups/:path/edit" do
-      subject { edit_group_path(group) }
-
-      it { is_expected.to be_allowed_for owner }
-      it { is_expected.to be_denied_for master }
-      it { is_expected.to be_denied_for reporter }
-      it { is_expected.to be_allowed_for :admin }
-      it { is_expected.to be_denied_for guest }
-      it { is_expected.to be_denied_for :user }
-      it { is_expected.to be_denied_for :visitor }
-    end
-  end
-end
--- a/spec/features/security/group_access_spec.rb
+++ b/spec/features/security/group_access_spec.rb
--- a/spec/features/security/profile_access_spec.rb
+++ b/spec/features/security/profile_access_spec.rb
 require 'spec_helper'

 describe "Profile access", feature: true  do
-  before do
-    @u1 = create(:user)
-  end
-
-  describe "GET /login" do
-    it { expect(new_user_session_path).not_to be_not_found_for :visitor }
-  end
+  include AccessMatchers

  describe "GET /profile/keys" do
    subject { profile_keys_path }

-    it { is_expected.to be_allowed_for @u1 }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_denied_for :visitor }
@@ -21,7 +14,6 @@ describe "Profile access", feature: true  do
  describe "GET /profile" do
    subject { profile_path }

-    it { is_expected.to be_allowed_for @u1 }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_denied_for :visitor }
@@ -30,7 +22,6 @@ describe "Profile access", feature: true  do
  describe "GET /profile/account" do
    subject { profile_account_path }

-    it { is_expected.to be_allowed_for @u1 }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_denied_for :visitor }
@@ -39,7 +30,6 @@ describe "Profile access", feature: true  do
  describe "GET /profile/preferences" do
    subject { profile_preferences_path }

-    it { is_expected.to be_allowed_for @u1 }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_denied_for :visitor }
@@ -48,7 +38,6 @@ describe "Profile access", feature: true  do
  describe "GET /profile/audit_log" do
    subject { audit_log_profile_path }

-    it { is_expected.to be_allowed_for @u1 }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_denied_for :visitor }
@@ -57,7 +46,6 @@ describe "Profile access", feature: true  do
  describe "GET /profile/notifications" do
    subject { profile_notifications_path }

-    it { is_expected.to be_allowed_for @u1 }
    it { is_expected.to be_allowed_for :admin }
    it { is_expected.to be_allowed_for :user }
    it { is_expected.to be_denied_for :visitor }

--- a/spec/features/security/project/internal_access_spec.rb
+++ b/spec/features/security/project/internal_access_spec.rb
 require 'spec_helper'

 describe "Internal Project Access", feature: true  do
+  include AccessMatchers
+
  let(:project) { create(:project, :internal) }

  let(:master) { create(:user) }

--- a/spec/features/security/project/private_access_spec.rb
+++ b/spec/features/security/project/private_access_spec.rb
 require 'spec_helper'

 describe "Private Project Access", feature: true  do
+  include AccessMatchers
+
  let(:project) { create(:project) }

  let(:master)   { create(:user) }

--- a/spec/features/security/project/public_access_spec.rb
+++ b/spec/features/security/project/public_access_spec.rb
 require 'spec_helper'

 describe "Public Project Access", feature: true  do
+  include AccessMatchers
+
  let(:project) { create(:project) }

  let(:master) { create(:user) }
@@ -17,7 +19,6 @@ describe "Public Project Access", feature: true  do

    # readonly
    project.team << [reporter, :reporter]
-
  end

  describe "Project should be public" do

--- a/spec/helpers/auth_helper_spec.rb
+++ b/spec/helpers/auth_helper_spec.rb
+require "spec_helper"
+
+describe AuthHelper do
+  describe "button_based_providers" do
+    it 'returns all enabled providers' do
+      allow(helper).to receive(:auth_providers) { [:twitter, :github] }
+      expect(helper.button_based_providers).to include(*[:twitter, :github])
+    end
+
+    it 'does not return ldap provider' do
+      allow(helper).to receive(:auth_providers) { [:twitter, :ldapmain] }
+      expect(helper.button_based_providers).to include(:twitter)
+    end
+
+    it 'returns empty array' do
+      allow(helper).to receive(:auth_providers) { [] }
+      expect(helper.button_based_providers).to eq([])
+    end
+  end
+end
--- a/spec/helpers/oauth_helper_spec.rb
+++ b/spec/helpers/oauth_helper_spec.rb
--- a/spec/helpers/projects_helper_spec.rb
+++ b/spec/helpers/projects_helper_spec.rb
--- a/spec/javascripts/merge_request_tabs_spec.js.coffee
+++ b/spec/javascripts/merge_request_tabs_spec.js.coffee
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
--- a/spec/requests/api/merge_requests_spec.rb
+++ b/spec/requests/api/merge_requests_spec.rb
--- a/spec/services/projects/create_service_spec.rb
+++ b/spec/services/projects/create_service_spec.rb
--- a/spec/support/matchers.rb
+++ b/spec/support/matchers.rb
--- a/spec/support/matchers/access_matchers.rb
+++ b/spec/support/matchers/access_matchers.rb
--- a/spec/support/matchers/include_module.rb
+++ b/spec/support/matchers/include_module.rb
--- a/spec/support/matchers/is_within.rb
+++ b/spec/support/matchers/is_within.rb
--- a/spec/support/test_env.rb
+++ b/spec/support/test_env.rb