Merge branch 'master' into ui/dashboard-new-issue

15925290 · Douwe Maan · 0c3f70ac · 51ed5225 · 15925290 · 15925290
Commit 15925290 authored Dec 08, 2015 by Douwe Maan
67 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
 Please view this file on the master branch, on stable branches it's out of date.

 v 8.3.0 (unreleased)
+  - Fix API setting of 'public' attribute to false will make a project private (Stan Hu)
+  - Handle and report SSL errors in Web hook test (Stan Hu)
  - Fix: Assignee selector is empty when 'Unassigned' is selected (Jose Corcuera)
  - Fix 500 error when update group member permission
  - Trim leading and trailing whitespace of milestone and issueable titles (Jose Corcuera)
@@ -13,7 +15,9 @@ v 8.3.0 (unreleased)
  - Add API endpoint to fetch merge request commits list
  - Expose events API with comment information and author info
  - Fix: Ensure "Remove Source Branch" button is not shown when branch is being deleted. #3583
+  - Fix 500 error when creating a merge request that removes a submodule
  - Run custom Git hooks when branch is created or deleted.
+  - Fix bug when simultaneously accepting multiple MRs results in MRs that are of "merged" status, but not merged to the target branch

 v 8.2.3
  - Fix application settings cache not expiring after changes (Stan Hu)

--- a/Gemfile
+++ b/Gemfile
@@ -99,7 +99,7 @@ gem 'org-ruby',      '~> 0.9.12'
 gem 'creole',        '~> 0.5.0'
 gem 'wikicloth',     '0.8.1'
 gem 'asciidoctor',   '~> 1.5.2'
-gem 'net-ssh',       '~> 3.0.1'
+gem 'rouge',         '~> 1.10.1'

 # Diffs
 gem 'diffy', '~> 3.0.3'
@@ -120,8 +120,8 @@ gem 'acts-as-taggable-on', '~> 3.4'

 # Background jobs
 gem 'sinatra', '~> 1.4.4', require: nil
-gem 'sidekiq', '3.3.0'
-gem 'sidetiq', '~> 0.6.3'
+gem 'sidekiq', '~> 3.5.0'
+gem 'sidekiq-cron', '~> 0.3.0'

 # HTTP requests
 gem "httparty", '~> 0.13.3'
@@ -205,6 +205,7 @@ gem 'raphael-rails',      '~> 2.1.2'
 gem 'request_store',      '~> 1.2.0'
 gem 'select2-rails',      '~> 3.5.9'
 gem 'virtus',             '~> 1.0.1'
+gem 'net-ssh',            '~> 3.0.1'

 group :development do
  gem "foreman"

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -117,8 +117,23 @@ GEM
      activemodel (>= 3.2.0)
      activesupport (>= 3.2.0)
      json (>= 1.7)
-    celluloid (0.16.0)
-      timers (~> 4.0.0)
+    celluloid (0.17.2)
+      celluloid-essentials
+      celluloid-extras
+      celluloid-fsm
+      celluloid-pool
+      celluloid-supervision
+      timers (>= 4.1.1)
+    celluloid-essentials (0.20.5)
+      timers (>= 4.1.1)
+    celluloid-extras (0.20.5)
+      timers (>= 4.1.1)
+    celluloid-fsm (0.20.5)
+      timers (>= 4.1.1)
+    celluloid-pool (0.20.5)
+      timers (>= 4.1.1)
+    celluloid-supervision (0.20.5)
+      timers (>= 4.1.1)
    charlock_holmes (0.7.3)
    chunky_png (1.3.5)
    cliver (0.3.2)
@@ -299,7 +314,7 @@ GEM
      posix-spawn (~> 0.3)
    gitlab_emoji (0.2.0)
      gemojione (~> 2.1)
-    gitlab_git (7.2.20)
+    gitlab_git (7.2.21)
      activesupport (~> 4.0)
      charlock_holmes (~> 0.7.3)
      github-linguist (~> 4.7.0)
@@ -370,7 +385,6 @@ GEM
      multi_xml (>= 0.5.2)
    httpclient (2.7.0.1)
    i18n (0.7.0)
-    ice_cube (0.11.1)
    ice_nine (0.11.1)
    inflecto (0.0.2)
    ipaddress (0.8.0)
@@ -641,6 +655,7 @@ GEM
      sexp_processor (~> 4.1)
    rubyntlm (0.5.2)
    rubypants (0.2.0)
+    rufus-scheduler (3.1.10)
    rugged (0.23.3)
    safe_yaml (1.0.4)
    sanitize (2.1.0)
@@ -668,16 +683,15 @@ GEM
      rack
    shoulda-matchers (2.8.0)
      activesupport (>= 3.0.0)
-    sidekiq (3.3.0)
-      celluloid (>= 0.16.0)
-      connection_pool (>= 2.0.0)
-      json
-      redis (>= 3.0.6)
-      redis-namespace (>= 1.3.1)
-    sidetiq (0.6.3)
-      celluloid (>= 0.14.1)
-      ice_cube (= 0.11.1)
-      sidekiq (>= 3.0.0)
+    sidekiq (3.5.3)
+      celluloid (~> 0.17.2)
+      connection_pool (~> 2.2, >= 2.2.0)
+      json (~> 1.0)
+      redis (~> 3.2, >= 3.2.1)
+      redis-namespace (~> 1.5, >= 1.5.2)
+    sidekiq-cron (0.3.1)
+      rufus-scheduler (>= 2.0.24)
+      sidekiq (>= 2.17.3)
    simple_oauth (0.1.9)
    simplecov (0.10.0)
      docile (~> 1.1.0)
@@ -743,7 +757,7 @@ GEM
    thor (0.19.1)
    thread_safe (0.3.5)
    tilt (1.4.1)
-    timers (4.0.4)
+    timers (4.1.1)
      hitimes
    timfel-krb5-auth (0.8.3)
    tinder (1.10.1)
@@ -926,6 +940,7 @@ DEPENDENCIES
  request_store (~> 1.2.0)
  rerun (~> 0.10.0)
  responders (~> 2.0)
+  rouge (~> 1.10.1)
  rqrcode-rails3 (~> 0.1.7)
  rspec-rails (~> 3.3.0)
  rubocop (~> 0.28.0)
@@ -938,8 +953,8 @@ DEPENDENCIES
  settingslogic (~> 2.0.9)
  sham_rack
  shoulda-matchers (~> 2.8.0)
-  sidekiq (= 3.3.0)
-  sidetiq (~> 0.6.3)
+  sidekiq (~> 3.5.0)
+  sidekiq-cron (~> 0.3.0)
  simplecov (~> 0.10.0)
  sinatra (~> 1.4.4)
  six (~> 0.2.0)

--- a/README.md
+++ b/README.md
@@ -80,7 +80,7 @@ There are a lot of [third-party applications integrating with GitLab](https://ab

 ## GitLab release cycle

-Since 2011 a minor or major version of GitLab is released on the 22nd of every month. Patch and security releases are published when needed. New features are detailed on the [blog](https://about.gitlab.com/blog/) and in the [changelog](CHANGELOG). For more information about the release process see the [release documentation](https://gitlab.com/gitlab-org/gitlab-ce/tree/master/doc/release). Features that will likely be in the next releases can be found on the [feature request forum](http://feedback.gitlab.com/forums/176466-general) with the status [started](http://feedback.gitlab.com/forums/176466-general/status/796456) and [completed](http://feedback.gitlab.com/forums/176466-general/status/796457).
+For more information about the release process see the [release documentation](http://doc.gitlab.com/ce/release/).

 ## Upgrading


--- a/app/assets/javascripts/notes.js.coffee
+++ b/app/assets/javascripts/notes.js.coffee
@@ -369,8 +369,8 @@ class @Notes
    note = $(this).closest(".note")
    note.find(".note-attachment").remove()
    note.find(".note-body > .note-text").show()
-    note.find(".js-note-attachment-delete").hide()
-    note.find(".note-edit-form").hide()
+    note.find(".note-header").show()
+    note.find(".current-note-edit-form").remove()

  ###
  Called when clicking on the "reply" button for a diff line.

--- a/app/controllers/projects/hooks_controller.rb
+++ b/app/controllers/projects/hooks_controller.rb
@@ -25,13 +25,12 @@ class Projects::HooksController < Projects::ApplicationController

  def test
    if !@project.empty_repo?
-      status = TestHookService.new.execute(hook, current_user)
+      status, message = TestHookService.new.execute(hook, current_user)

      if status
        flash[:notice] = 'Hook successfully executed.'
      else
-        flash[:alert] = 'Hook execution failed. '\
-                        'Ensure hook URL is correct and service is up.'
+        flash[:alert] = "Hook execution failed: #{message}"
      end
    else
      flash[:alert] = 'Hook execution failed. Ensure the project has commits.'

--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -10,15 +10,13 @@ class Projects::RawController < Projects::ApplicationController
    @blob = @repository.blob_at(@commit.id, @path)

    if @blob
-      type = get_blob_type
-
      headers['X-Content-Type-Options'] = 'nosniff'

-      send_data(
-        @blob.data,
-        type: type,
-        disposition: 'inline'
-      )
+      if @blob.lfs_pointer?
+        send_lfs_object
+      else
+        stream_data
+      end
    else
      render_404
    end
@@ -35,4 +33,33 @@ class Projects::RawController < Projects::ApplicationController
      'application/octet-stream'
    end
  end
+
+  def stream_data
+    type = get_blob_type
+
+    send_data(
+      @blob.data,
+      type: type,
+      disposition: 'inline'
+    )
+  end
+
+  def send_lfs_object
+    lfs_object = find_lfs_object
+
+    if lfs_object && lfs_object.project_allowed_access?(@project)
+      send_file lfs_object.file.path, filename: @blob.name, disposition: 'attachment'
+    else
+      render_404
+    end
+  end
+
+  def find_lfs_object
+    lfs_object = LfsObject.find_by_oid(@blob.lfs_oid)
+    if lfs_object && lfs_object.file.exists?
+      lfs_object
+    else
+      nil
+    end
+  end
 end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -209,7 +209,7 @@ module ApplicationHelper
      title: time.in_time_zone.stamp('Aug 21, 2011 9:23pm'),
      data: { toggle: 'tooltip', placement: placement, container: 'body' }

-    element += javascript_tag "$('.js-timeago').timeago()" unless skip_js
+    element += javascript_tag "$('.js-timeago').last().timeago()" unless skip_js

    element
  end

--- a/app/helpers/blob_helper.rb
+++ b/app/helpers/blob_helper.rb
@@ -30,7 +30,7 @@ module BlobHelper
        nil
      end

-    if blob && blob.text?
+    if blob_viewable?(blob)
      text = 'Edit'
      after = options[:after] || ''
      from_mr = options[:from_merge_request_id]
@@ -71,4 +71,16 @@ module BlobHelper
  def blob_icon(mode, name)
    icon("#{file_type_icon_class('file', mode, name)} fw")
  end
+
+  def blob_viewable?(blob)
+    blob && blob.text? && !blob.lfs_pointer?
+  end
+
+  def blob_size(blob)
+    if blob.lfs_pointer?
+      blob.lfs_size
+    else
+      blob.size
+    end
+  end
 end
--- a/app/helpers/tree_helper.rb
+++ b/app/helpers/tree_helper.rb
@@ -54,6 +54,10 @@ module TreeHelper
    ::Gitlab::GitAccess.new(current_user, project).can_push_to_branch?(ref)
  end

+  def can_delete_or_replace?(blob)
+    allowed_tree_edit? && !blob.lfs_pointer?
+  end
+
  def tree_breadcrumbs(tree, max_links = 2)
    if @path.present?
      part_path = ""

--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -43,12 +43,12 @@ class ApplicationSetting < ActiveRecord::Base

  validates :home_page_url,
    allow_blank: true,
-    format: { with: /\A#{URI.regexp(%w(http https))}\z/, message: "should be a valid url" },
+    url: true,
    if: :home_page_url_column_exist

  validates :after_sign_out_path,
    allow_blank: true,
-    format: { with: /\A#{URI.regexp(%w(http https))}\z/, message: "should be a valid url" }
+    url: true

  validates :admin_notification_email,
    allow_blank: true,

--- a/app/models/broadcast_message.rb
+++ b/app/models/broadcast_message.rb
@@ -16,12 +16,12 @@
 class BroadcastMessage < ActiveRecord::Base
  include Sortable

-  validates :message, presence: true
+  validates :message,   presence: true
  validates :starts_at, presence: true
-  validates :ends_at, presence: true
+  validates :ends_at,   presence: true

-  validates :color, format: { with: /\A\#[0-9A-Fa-f]{3}{1,2}+\Z/ }, allow_blank: true
-  validates :font,  format: { with: /\A\#[0-9A-Fa-f]{3}{1,2}+\Z/ }, allow_blank: true
+  validates :color, allow_blank: true, color: true
+  validates :font,  allow_blank: true, color: true

  def self.current
    where("ends_at > :now AND starts_at < :now", now: Time.zone.now).last

--- a/app/models/ci/web_hook.rb
+++ b/app/models/ci/web_hook.rb
@@ -20,8 +20,7 @@ module Ci
    # HTTParty timeout
    default_timeout 10

-    validates :url, presence: true,
-                    format: { with: URI::regexp(%w(http https)), message: "should be a valid url" }
+    validates :url, presence: true, url: true

    def execute(data)
      parsed_url = URI.parse(url)

--- a/app/models/hooks/web_hook.rb
+++ b/app/models/hooks/web_hook.rb
@@ -31,37 +31,38 @@ class WebHook < ActiveRecord::Base
  # HTTParty timeout
  default_timeout Gitlab.config.gitlab.webhook_timeout

-  validates :url, presence: true,
-                  format: { with: /\A#{URI.regexp(%w(http https))}\z/, message: "should be a valid url" }
+  validates :url, presence: true, url: true

  def execute(data, hook_name)
    parsed_url = URI.parse(url)
    if parsed_url.userinfo.blank?
-      WebHook.post(url,
-                   body: data.to_json,
-                   headers: {
-                     "Content-Type" => "application/json",
-                     "X-Gitlab-Event" => hook_name.singularize.titleize
-                   },
-                   verify: enable_ssl_verification)
+      response = WebHook.post(url,
+                              body: data.to_json,
+                              headers: {
+                                  "Content-Type" => "application/json",
+                                  "X-Gitlab-Event" => hook_name.singularize.titleize
+                              },
+                              verify: enable_ssl_verification)
    else
      post_url = url.gsub("#{parsed_url.userinfo}@", "")
      auth = {
        username: URI.decode(parsed_url.user),
        password: URI.decode(parsed_url.password),
      }
-      WebHook.post(post_url,
-                   body: data.to_json,
-                   headers: {
-                     "Content-Type" => "application/json",
-                     "X-Gitlab-Event" => hook_name.singularize.titleize
-                   },
-                   verify: enable_ssl_verification,
-                   basic_auth: auth)
+      response = WebHook.post(post_url,
+                              body: data.to_json,
+                              headers: {
+                                  "Content-Type" => "application/json",
+                                  "X-Gitlab-Event" => hook_name.singularize.titleize
+                              },
+                              verify: enable_ssl_verification,
+                              basic_auth: auth)
    end
-  rescue SocketError, Errno::ECONNRESET, Errno::ECONNREFUSED, Net::OpenTimeout => e
+
+    [response.code == 200, ActionView::Base.full_sanitizer.sanitize(response.to_s)]
+  rescue SocketError, OpenSSL::SSL::SSLError, Errno::ECONNRESET, Errno::ECONNREFUSED, Net::OpenTimeout => e
    logger.error("WebHook Error => #{e}")
-    false
+    [false, e.to_s]
  end

  def async_execute(data, hook_name)

--- a/app/models/label.rb
+++ b/app/models/label.rb
@@ -27,9 +27,7 @@ class Label < ActiveRecord::Base
  has_many :label_links, dependent: :destroy
  has_many :issues, through: :label_links, source: :target, source_type: 'Issue'

-  validates :color,
-            format: { with: /\A#[0-9A-Fa-f]{6}\Z/ },
-            allow_blank: false
+  validates :color, color: true, allow_blank: false
  validates :project, presence: true, unless: Proc.new { |service| service.template? }

  # Don't allow '?', '&', and ',' for label titles

--- a/app/models/lfs_object.rb
+++ b/app/models/lfs_object.rb
@@ -5,4 +5,16 @@ class LfsObject < ActiveRecord::Base
  validates :oid, presence: true, uniqueness: true

  mount_uploader :file, LfsObjectUploader
+
+  def storage_project(project)
+    if project && project.forked?
+      storage_project(project.forked_from_project)
+    else
+      project
+    end
+  end
+
+  def project_allowed_access?(project)
+    projects.exists?(storage_project(project).id)
+  end
 end
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -23,19 +23,17 @@ class Namespace < ActiveRecord::Base

  validates :owner, presence: true, unless: ->(n) { n.type == "Group" }
  validates :name,
-    presence: true, uniqueness: true,
    length: { within: 0..255 },
-    format: { with: Gitlab::Regex.namespace_name_regex,
-              message: Gitlab::Regex.namespace_name_regex_message }
+    namespace_name: true,
+    presence: true,
+    uniqueness: true

  validates :description, length: { within: 0..255 }
  validates :path,
-    uniqueness: { case_sensitive: false },
-    presence: true,
    length: { within: 1..255 },
-    exclusion: { in: Gitlab::Blacklist.path },
-    format: { with: Gitlab::Regex.namespace_regex,
-              message: Gitlab::Regex.namespace_regex_message }
+    namespace: true,
+    presence: true,
+    uniqueness: { case_sensitive: false }

  delegate :name, to: :owner, allow_nil: true, prefix: true


--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -44,7 +44,7 @@ class Note < ActiveRecord::Base
  validates :note, :project, presence: true
  validates :note, uniqueness: { scope: [:author, :noteable_type, :noteable_id] }, if: ->(n) { n.is_award }
  validates :note, inclusion: { in: Emoji.emojis_names }, if: ->(n) { n.is_award }
-  validates :line_code, format: { with: /\A[a-z0-9]+_\d+_\d+\Z/ }, allow_blank: true
+  validates :line_code, line_code: true, allow_blank: true
  # Attachments are deprecated and are handled by Markdown uploader
  validates :attachment, file_size: { maximum: :max_attachment_size }


--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -152,7 +152,7 @@ class Project < ActiveRecord::Base
  validates_uniqueness_of :name, scope: :namespace_id
  validates_uniqueness_of :path, scope: :namespace_id
  validates :import_url,
-    format: { with: /\A#{URI.regexp(%w(ssh git http https))}\z/, message: 'should be a valid url' },
+    url: { protocols: %w(ssh git http https) },
    if: :external_import?
  validates :star_count, numericality: { greater_than_or_equal_to: 0 }
  validate :check_limit, on: :create

--- a/app/models/project_services/bamboo_service.rb
+++ b/app/models/project_services/bamboo_service.rb
@@ -23,10 +23,7 @@ class BambooService < CiService

  prop_accessor :bamboo_url, :build_key, :username, :password

-  validates :bamboo_url,
-    presence: true,
-    format: { with: /\A#{URI.regexp}\z/ },
-    if: :activated?
+  validates :bamboo_url, presence: true, url: true, if: :activated?
  validates :build_key, presence: true, if: :activated?
  validates :username,
    presence: true,
@@ -84,7 +81,7 @@ class BambooService < CiService
  def supported_events
    %w(push)
  end
-  
+
  def build_info(sha)
    url = URI.parse("#{bamboo_url}/rest/api/latest/result?label=#{sha}")


--- a/app/models/project_services/drone_ci_service.rb
+++ b/app/models/project_services/drone_ci_service.rb
@@ -19,14 +19,11 @@
 #

 class DroneCiService < CiService
-  
+
  prop_accessor :drone_url, :token, :enable_ssl_verification
-  validates :drone_url,
-    presence: true,
-    format: { with: /\A#{URI.regexp(%w(http https))}\z/, message: "should be a valid url" }, if: :activated?
-  validates :token,
-    presence: true,
-    if: :activated?
+
+  validates :drone_url, presence: true, url: true, if: :activated?
+  validates :token, presence: true, if: :activated?

  after_save :compose_service_hook, if: :activated?

@@ -58,16 +55,16 @@ class DroneCiService < CiService
  end

  def merge_request_status_path(iid, sha = nil, ref = nil)
-    url = [drone_url, 
-           "gitlab/#{project.namespace.path}/#{project.path}/pulls/#{iid}", 
+    url = [drone_url,
+           "gitlab/#{project.namespace.path}/#{project.path}/pulls/#{iid}",
           "?access_token=#{token}"]

    URI.join(*url).to_s
  end

  def commit_status_path(sha, ref)
-    url = [drone_url, 
-           "gitlab/#{project.namespace.path}/#{project.path}/commits/#{sha}", 
+    url = [drone_url,
+           "gitlab/#{project.namespace.path}/#{project.path}/commits/#{sha}",
           "?branch=#{URI::encode(ref.to_s)}&access_token=#{token}"]

    URI.join(*url).to_s
@@ -114,15 +111,15 @@ class DroneCiService < CiService
  end

  def merge_request_page(iid, sha, ref)
-    url = [drone_url, 
+    url = [drone_url,
           "gitlab/#{project.namespace.path}/#{project.path}/redirect/pulls/#{iid}"]

    URI.join(*url).to_s
  end

  def commit_page(sha, ref)
-    url = [drone_url, 
-           "gitlab/#{project.namespace.path}/#{project.path}/redirect/commits/#{sha}", 
+    url = [drone_url,
+           "gitlab/#{project.namespace.path}/#{project.path}/redirect/commits/#{sha}",
           "?branch=#{URI::encode(ref.to_s)}"]

    URI.join(*url).to_s
@@ -163,10 +160,10 @@ class DroneCiService < CiService
  end

  def push_valid?(data)
-    opened_merge_requests = project.merge_requests.opened.where(source_project_id: project.id, 
+    opened_merge_requests = project.merge_requests.opened.where(source_project_id: project.id,
                                                                source_branch: Gitlab::Git.ref_name(data[:ref]))

-    opened_merge_requests.empty? && data[:total_commits_count] > 0 && 
+    opened_merge_requests.empty? && data[:total_commits_count] > 0 &&
      !Gitlab::Git.blank_ref?(data[:after])
  end


--- a/app/models/project_services/external_wiki_service.rb
+++ b/app/models/project_services/external_wiki_service.rb
@@ -22,10 +22,8 @@ class ExternalWikiService < Service
  include HTTParty

  prop_accessor :external_wiki_url
-  validates :external_wiki_url,
-            presence: true,
-            format: { with: /\A#{URI.regexp}\z/ },
-            if: :activated?
+
+  validates :external_wiki_url, presence: true, url: true, if: :activated?

  def title
    'External Wiki'

--- a/app/models/project_services/teamcity_service.rb
+++ b/app/models/project_services/teamcity_service.rb
@@ -23,16 +23,16 @@ class TeamcityService < CiService

  prop_accessor :teamcity_url, :build_type, :username, :password

-  validates :teamcity_url,
-    presence: true,
-    format: { with: /\A#{URI.regexp}\z/ }, if: :activated?
+  validates :teamcity_url, presence: true, url: true, if: :activated?
  validates :build_type, presence: true, if: :activated?
  validates :username,
    presence: true,
-    if: ->(service) { service.password? }, if: :activated?
+    if: ->(service) { service.password? },
+    if: :activated?
  validates :password,
    presence: true,
-    if: ->(service) { service.username? }, if: :activated?
+    if: ->(service) { service.username? },
+    if: :activated?

  attr_accessor :response


--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -100,11 +100,11 @@ class Repository
  end

  def find_branch(name)
-    branches.find { |branch| branch.name == name }
+    raw_repository.branches.find { |branch| branch.name == name }
  end

  def find_tag(name)
-    tags.find { |tag| tag.name == name }
+    raw_repository.tags.find { |tag| tag.name == name }
  end

  def add_branch(user, branch_name, target)

--- a/app/models/sent_notification.rb
+++ b/app/models/sent_notification.rb
@@ -21,7 +21,7 @@ class SentNotification < ActiveRecord::Base
  validates :reply_key, uniqueness: true
  validates :noteable_id, presence: true, unless: :for_commit?
  validates :commit_id, presence: true, if: :for_commit?
-  validates :line_code, format: { with: /\A[a-z0-9]+_\d+_\d+\Z/ }, allow_blank: true
+  validates :line_code, line_code: true, allow_blank: true

  class << self
    def reply_key

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -148,11 +148,9 @@ class User < ActiveRecord::Base
  validates :bio, length: { maximum: 255 }, allow_blank: true
  validates :projects_limit, presence: true, numericality: { greater_than_or_equal_to: 0 }
  validates :username,
+    namespace: true,
    presence: true,
-    uniqueness: { case_sensitive: false },
-    exclusion: { in: Gitlab::Blacklist.path },
-    format: { with: Gitlab::Regex.namespace_regex,
-              message: Gitlab::Regex.namespace_regex_message }
+    uniqueness: { case_sensitive: false }

  validates :notification_level, inclusion: { in: Notification.notification_levels }, presence: true
  validate :namespace_uniq, if: ->(user) { user.username_changed? }

--- a/app/validators/color_validator.rb
+++ b/app/validators/color_validator.rb
+# ColorValidator
+#
+# Custom validator for web color codes. It requires the leading hash symbol and
+# will accept RGB triplet or hexadecimal formats.
+#
+# Example:
+#
+#   class User < ActiveRecord::Base
+#     validates :background_color, allow_blank: true, color: true
+#   end
+#
+class ColorValidator < ActiveModel::EachValidator
+  PATTERN = /\A\#[0-9A-Fa-f]{3}{1,2}+\Z/.freeze
+
+  def validate_each(record, attribute, value)
+    unless value =~ PATTERN
+      record.errors.add(attribute, "must be a valid color code")
+    end
+  end
+end
--- a/lib/email_validator.rb
+++ b/lib/email_validator.rb
+# EmailValidator
+#
 # Based on https://github.com/balexand/email_validator
 #
 # Extended to use only strict mode with following allowed characters:
@@ -6,15 +8,10 @@
 # See http://www.remote.org/jochen/mail/info/chars.html
 #
 class EmailValidator < ActiveModel::EachValidator
-  @@default_options = {}
-
-  def self.default_options
-    @@default_options
-  end
+  PATTERN = /\A\s*([-a-z0-9+._']{1,64})@((?:[-a-z0-9]+\.)+[a-z]{2,})\s*\z/i.freeze

  def validate_each(record, attribute, value)
-    options = @@default_options.merge(self.options)
-    unless value =~ /\A\s*([-a-z0-9+._']{1,64})@((?:[-a-z0-9]+\.)+[a-z]{2,})\s*\z/i
+    unless value =~ PATTERN
      record.errors.add(attribute, options[:message] || :invalid)
    end
  end

--- a/app/validators/line_code_validator.rb
+++ b/app/validators/line_code_validator.rb
+# LineCodeValidator
+#
+# Custom validator for GitLab line codes.
+class LineCodeValidator < ActiveModel::EachValidator
+  PATTERN = /\A[a-z0-9]+_\d+_\d+\z/.freeze
+
+  def validate_each(record, attribute, value)
+    unless value =~ PATTERN
+      record.errors.add(attribute, "must be a valid line code")
+    end
+  end
+end
--- a/app/validators/namespace_name_validator.rb
+++ b/app/validators/namespace_name_validator.rb
+# NamespaceNameValidator
+#
+# Custom validator for GitLab namespace name strings.
+class NamespaceNameValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    unless value =~ Gitlab::Regex.namespace_name_regex
+      record.errors.add(attribute, Gitlab::Regex.namespace_name_regex_message)
+    end
+  end
+end
--- a/app/validators/namespace_validator.rb
+++ b/app/validators/namespace_validator.rb
+# NamespaceValidator
+#
+# Custom validator for GitLab namespace values.
+#
+# Values are checked for formatting and exclusion from a list of reserved path
+# names.
+class NamespaceValidator < ActiveModel::EachValidator
+  RESERVED = %w(
+    admin
+    all
+    assets
+    ci
+    dashboard
+    files
+    groups
+    help
+    hooks
+    issues
+    merge_requests
+    notes
+    profile
+    projects
+    public
+    repository
+    s
+    search
+    services
+    snippets
+    teams
+    u
+    unsubscribes
+    users
+  ).freeze
+
+  def validate_each(record, attribute, value)
+    unless value =~ Gitlab::Regex.namespace_regex
+      record.errors.add(attribute, Gitlab::Regex.namespace_regex_message)
+    end
+
+    if reserved?(value)
+      record.errors.add(attribute, "#{value} is a reserved name")
+    end
+  end
+
+  private
+
+  def reserved?(value)
+    RESERVED.include?(value)
+  end
+end
--- a/app/validators/url_validator.rb
+++ b/app/validators/url_validator.rb
+# UrlValidator
+#
+# Custom validator for URLs.
+#
+# By default, only URLs for the HTTP(S) protocols will be considered valid.
+# Provide a `:protocols` option to configure accepted protocols.
+#
+# Example:
+#
+#   class User < ActiveRecord::Base
+#     validates :personal_url, url: true
+#
+#     validates :ftp_url, url: { protocols: %w(ftp) }
+#
+#     validates :git_url, url: { protocols: %w(http https ssh git) }
+#   end
+#
+class UrlValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    unless valid_url?(value)
+      record.errors.add(attribute, "must be a valid URL")
+    end
+  end
+
+  private
+
+  def default_options
+    @default_options ||= { protocols: %w(http https) }
+  end
+
+  def valid_url?(value)
+    options = default_options.merge(self.options)
+
+    value =~ /\A#{URI.regexp(options[:protocols])}\z/
+  end
+end
--- a/app/views/projects/blob/_actions.html.haml
+++ b/app/views/projects/blob/_actions.html.haml
@@ -3,7 +3,7 @@
  = link_to 'Raw', namespace_project_raw_path(@project.namespace, @project, @id),
      class: 'btn btn-sm', target: '_blank'
  -# only show normal/blame view links for text files
-  - if @blob.text?
+  - if blob_viewable?(@blob)
    - if current_page? namespace_project_blame_path(@project.namespace, @project, @id)
      = link_to 'Normal View', namespace_project_blob_path(@project.namespace, @project, @id),
          class: 'btn btn-sm'
@@ -16,7 +16,7 @@
    = link_to 'Permalink', namespace_project_blob_path(@project.namespace, @project,
        tree_join(@commit.sha, @path)), class: 'btn btn-sm'

- if allowed_tree_edit?
+- if can_delete_or_replace?(@blob)
  .btn-group{ role: "group" }
    %button.btn.btn-default{ 'data-target' => '#modal-upload-blob', 'data-toggle' => 'modal' } Replace
    %button.btn.btn-remove{ 'data-target' => '#modal-remove-blob', 'data-toggle' => 'modal' } Delete
--- a/app/views/projects/blob/_blob.html.haml
+++ b/app/views/projects/blob/_blob.html.haml
@@ -29,10 +29,12 @@
      %strong
        = blob.name
      %small
-        = number_to_human_size(blob.size)
+        = number_to_human_size(blob_size(blob))
      .file-actions.hidden-xs
        = render "actions"
-    - if blob.text?
+    - if blob.lfs_pointer?
+      = render "download", blob: blob
+    - elsif blob.text?
      = render "text", blob: blob
    - elsif blob.image?
      = render "image", blob: blob

--- a/app/views/projects/blob/_download.html.haml
+++ b/app/views/projects/blob/_download.html.haml
@@ -4,4 +4,4 @@
      %h1.light
        %i.fa.fa-download
      %h4
-        Download (#{number_to_human_size blob.size})
+        Download (#{number_to_human_size blob_size(blob)})
--- a/app/views/projects/blob/show.html.haml
+++ b/app/views/projects/blob/show.html.haml
@@ -6,7 +6,7 @@
 %div#tree-holder.tree-holder
  = render 'blob', blob: @blob

- if allowed_tree_edit?
+- if can_delete_or_replace?(@blob)
  = render 'projects/blob/remove'

  - title = "Replace #{@blob.name}"

--- a/app/views/projects/diffs/_file.html.haml
+++ b/app/views/projects/diffs/_file.html.haml
@@ -3,9 +3,8 @@
    - if diff_file.diff.submodule?
      %span
        = icon('archive fw')
-        - submodule_item = project.repository.blob_at(@commit.id, diff_file.file_path)
        %strong
-          = submodule_link(submodule_item, @commit.id, project.repository)
+          = submodule_link(blob, @commit.id, project.repository)
    - else
      %span
        = blob_icon blob.mode, blob.name
@@ -25,7 +24,7 @@
            = "#{diff_file.diff.a_mode} → #{diff_file.diff.b_mode}"

      .diff-controls
-        - if blob.text?
+        - if blob_viewable?(blob)
          = link_to '#', class: 'js-toggle-diff-comments btn btn-sm active has_tooltip', title: "Toggle comments for this file" do
            %i.fa.fa-comments
          &nbsp;
@@ -40,7 +39,7 @@
  .diff-content.diff-wrap-lines
    -# Skipp all non non-supported blobs
    - return unless blob.respond_to?('text?')
-    - if blob.text?
+    - if blob_viewable?(blob)
      - if diff_view == 'parallel'
        = render "projects/diffs/parallel_view", diff_file: diff_file, project: project, blob: blob, index: i
      - else

--- a/app/workers/stuck_ci_builds_worker.rb
+++ b/app/workers/stuck_ci_builds_worker.rb
 class StuckCiBuildsWorker
  include Sidekiq::Worker
-  include Sidetiq::Schedulable

  BUILD_STUCK_TIMEOUT = 1.day

-  recurrence { daily }
-
  def perform
    Rails.logger.info 'Cleaning stuck builds'


--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
@@ -17,6 +17,12 @@ Sidekiq.configure_server do |config|
    chain.add Gitlab::SidekiqMiddleware::ArgumentsLogger if ENV['SIDEKIQ_LOG_ARGUMENTS']
    chain.add Gitlab::SidekiqMiddleware::MemoryKiller if ENV['SIDEKIQ_MEMORY_KILLER_MAX_RSS']
  end
+
+  # Sidekiq-cron: load recurring jobs from schedule.yml
+  schedule_file = 'config/schedule.yml'
+  if File.exists?(schedule_file)
+    Sidekiq::Cron::Job.load_from_hash YAML.load_file(schedule_file)
+  end
 end

 Sidekiq.configure_client do |config|

--- a/config/routes.rb
+++ b/config/routes.rb
 require 'sidekiq/web'
+require 'sidekiq/cron/web'
 require 'api/api'

 Rails.application.routes.draw do

--- a/config/schedule.yml
+++ b/config/schedule.yml
+# Here is a list of jobs that are scheduled to run periodically.
+# We use a UNIX cron notation to specify execution schedule.
+#
+# Please read here for more information:
+# https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
+
+stuck_ci_builds_worker:
+  cron: "0 0 * * *"
+  class: "StuckCiBuildsWorker"
+  queue: "default"
--- a/doc/ci/docker/using_docker_images.md
+++ b/doc/ci/docker/using_docker_images.md
@@ -190,7 +190,7 @@ This will create two service containers (MySQL and PostgreSQL).

 1. Create a build container and execute script in its context:
 ```
-$ cat build_script | docker run -n build -i -l mysql:service-mysql -l postgres:service-postgres ruby:2.1 /bin/bash
+$ docker run --name build -i --link=service-mysql:mysql --link=service-postgres:postgres ruby:2.1 /bin/bash < build_script
 ```
 This will create build container that has two service containers linked.
 The build_script is piped using STDIN to bash interpreter which executes the build script in container. 

--- a/doc/release/README.md
+++ b/doc/release/README.md
-GitLab has the following updates:
+## Release cycle
+
+Since 2011 a minor or major version of GitLab is released on the 22nd of every month. Patch and security releases are published when needed. New features are detailed on the [blog](https://about.gitlab.com/blog/) and in the [changelog](CHANGELOG).  Features that will likely be in the next releases can be found on the [direction page](https://about.gitlab.com/direction/).
+
+## Release process documentation

 - [Monthly release](monthly.md), every month on the 22nd.
 - [Patch release](patch.md), if there are serious regressions.

--- a/features/project/merge_requests/accept.feature
+++ b/features/project/merge_requests/accept.feature
@@ -8,10 +8,12 @@ Feature: Project Merge Requests Acceptance
    Given I am on the Merge Request detail page
    When I click on "Remove source branch" option
    And I click on Accept Merge Request
-    Then I should not see the Remove Source Branch button
+    Then I should see merge request merged
+    And I should not see the Remove Source Branch button

  @javascript
  Scenario: Accepting the Merge Request without removing the source branch
    Given I am on the Merge Request detail page
    When I click on Accept Merge Request
-    Then I should see the Remove Source Branch button
+    Then I should see merge request merged
+    And I should see the Remove Source Branch button
--- a/features/project/source/browse_files.feature
+++ b/features/project/source/browse_files.feature
@@ -221,3 +221,9 @@ Feature: Project Source Browse Files
    Given I switch ref to fix
    And I visit the fix tree
    Then I see the commit data for a directory with a leading dot
+
+  Scenario: I browse LFS object
+    Given I click on "files/lfs/lfs_object.iso" file in repo
+    Then I should see download link and object size
+    And I should not see lfs pointer details
+    And I should see buttons for allowed commands
--- a/features/steps/admin/labels.rb
+++ b/features/steps/admin/labels.rb
@@ -71,7 +71,7 @@ class Spinach::Features::AdminIssuesLabels < Spinach::FeatureSteps

  step 'I should see label color error message' do
    page.within '.label-form' do
-      expect(page).to have_content 'Color is invalid'
+      expect(page).to have_content 'Color must be a valid color code'
    end
  end


--- a/features/steps/project/hooks.rb
+++ b/features/steps/project/hooks.rb
@@ -70,8 +70,6 @@ class Spinach::Features::ProjectHooks < Spinach::FeatureSteps

  step 'I should see hook service down error message' do
    expect(page).to have_selector '.flash-alert',
-                              text: 'Hook execution failed. '\
-                                    'Ensure hook URL is correct and '\
-                                    'service is up.'
+                              text: 'Hook execution failed: Exception from'
  end
 end
--- a/features/steps/project/issues/labels.rb
+++ b/features/steps/project/issues/labels.rb
@@ -55,7 +55,7 @@ class Spinach::Features::ProjectIssuesLabels < Spinach::FeatureSteps

  step 'I should see label color error message' do
    page.within '.label-form' do
-      expect(page).to have_content 'Color is invalid'
+      expect(page).to have_content 'Color must be a valid color code'
    end
  end


--- a/features/steps/project/merge_requests/acceptance.rb
+++ b/features/steps/project/merge_requests/acceptance.rb
@@ -32,4 +32,8 @@ class Spinach::Features::ProjectMergeRequestsAcceptance < Spinach::FeatureSteps
  step 'I am signed in as a developer of the project' do
    login_as(@user)
  end
+
+  step 'I should see merge request merged' do
+    expect(page).to have_content('The changes were merged into')
+  end
 end
--- a/features/steps/project/source/browse_files.rb
+++ b/features/steps/project/source/browse_files.rb
@@ -305,6 +305,33 @@ class Spinach::Features::ProjectSourceBrowseFiles < Spinach::FeatureSteps
    expect(page).not_to have_content('Loading commit data...')
  end

+  step 'I click on "files/lfs/lfs_object.iso" file in repo' do
+    visit namespace_project_tree_path(@project.namespace, @project, "lfs")
+    click_link 'files'
+    click_link "lfs"
+    click_link "lfs_object.iso"
+  end
+
+  step 'I should see download link and object size' do
+    expect(page).to have_content 'Download (1.5 MB)'
+  end
+
+  step 'I should not see lfs pointer details' do
+    expect(page).not_to have_content 'version https://git-lfs.github.com/spec/v1'
+    expect(page).not_to have_content 'oid sha256:91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897'
+    expect(page).not_to have_content 'size 1575078'
+  end
+
+  step 'I should see buttons for allowed commands' do
+    expect(page).to have_content 'Raw'
+    expect(page).to have_content 'History'
+    expect(page).to have_content 'Permalink'
+    expect(page).not_to have_content 'Edit'
+    expect(page).not_to have_content 'Blame'
+    expect(page).not_to have_content 'Delete'
+    expect(page).not_to have_content 'Replace'
+  end
+
  private

  def set_new_content

--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -7,8 +7,12 @@ module API
      helpers do
        def map_public_to_visibility_level(attrs)
          publik = attrs.delete(:public)
-          publik = parse_boolean(publik)
-          attrs[:visibility_level] = Gitlab::VisibilityLevel::PUBLIC if !attrs[:visibility_level].present? && publik == true
+          if publik.present? && !attrs[:visibility_level].present?
+            publik = parse_boolean(publik)
+            # Since setting the public attribute to private could mean either
+            # private or internal, use the more conservative option, private.
+            attrs[:visibility_level] = (publik == true) ? Gitlab::VisibilityLevel::PUBLIC : Gitlab::VisibilityLevel::PRIVATE
+          end
          attrs
        end
      end

--- a/lib/gitlab/blacklist.rb
+++ b/lib/gitlab/blacklist.rb
-module Gitlab
-  module Blacklist
-    extend self
-
-    def path
-      %w(
-        admin
-        dashboard
-        files
-        groups
-        help
-        profile
-        projects
-        search
-        public
-        assets
-        u
-        s
-        teams
-        merge_requests
-        issues
-        users
-        snippets
-        services
-        repository
-        hooks
-        notes
-        unsubscribes
-        all
-        ci
-      )
-    end
-  end
-end
--- a/lib/gitlab/lfs/response.rb
+++ b/lib/gitlab/lfs/response.rb
@@ -220,7 +220,7 @@ module Gitlab

      def storage_project(project)
        if project.forked?
-          project.forked_from_project
+          storage_project(project.forked_from_project)
        else
          project
        end

--- a/spec/controllers/commit_controller_spec.rb
+++ b/spec/controllers/commit_controller_spec.rb
@@ -110,6 +110,26 @@ describe Projects::CommitController do
        expect(response.body).to match(/^diff --git/)
      end
    end
+
+    context 'commit that removes a submodule' do
+      render_views
+
+      let(:fork_project) { create(:forked_project_with_submodules) }
+      let(:commit) { fork_project.commit('remove-submodule') }
+
+      before do
+        fork_project.team << [user, :master]
+      end
+
+      it 'renders it' do
+        get(:show,
+            namespace_id: fork_project.namespace.to_param,
+            project_id: fork_project.to_param,
+            id: commit.id)
+
+        expect(response).to be_success
+      end
+    end
  end

  describe "#branches" do

--- a/spec/controllers/projects/merge_requests_controller_spec.rb
+++ b/spec/controllers/projects/merge_requests_controller_spec.rb
@@ -10,6 +10,30 @@ describe Projects::MergeRequestsController do
    project.team << [user, :master]
  end

+  describe '#new' do
+    context 'merge request that removes a submodule' do
+      render_views
+
+      let(:fork_project) { create(:forked_project_with_submodules) }
+
+      before do
+        fork_project.team << [user, :master]
+      end
+
+      it 'renders it' do
+        get :new,
+            namespace_id: fork_project.namespace.to_param,
+            project_id: fork_project.to_param,
+            merge_request: {
+              source_branch: 'remove-submodule',
+              target_branch: 'master'
+            }
+
+        expect(response).to be_success
+      end
+    end
+  end
+
  describe "#show" do
    shared_examples "export merge as" do |format|
      it "should generally work" do

--- a/spec/controllers/projects/raw_controller_spec.rb
+++ b/spec/controllers/projects/raw_controller_spec.rb
@@ -33,5 +33,39 @@ describe Projects::RawController do
        expect(response.header['Content-Type']).to eq('image/jpeg')
      end
    end
+
+    context 'lfs object' do
+      let(:id) { 'be93687/files/lfs/lfs_object.iso' }
+      let!(:lfs_object) { create(:lfs_object, oid: '91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897', size: '1575078') }
+
+      context 'when project has access' do
+        before do
+          public_project.lfs_objects << lfs_object
+          allow_any_instance_of(LfsObjectUploader).to receive(:exists?).and_return(true)
+          allow(controller).to receive(:send_file) { controller.render nothing: true }
+        end
+
+        it 'serves the file' do
+          expect(controller).to receive(:send_file).with("#{Gitlab.config.shared.path}/lfs-objects/91/ef/f75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897", filename: "lfs_object.iso", disposition: 'attachment')
+          get(:show,
+              namespace_id: public_project.namespace.to_param,
+              project_id: public_project.to_param,
+              id: id)
+
+          expect(response.status).to eq(200)
+        end
+      end
+
+      context 'when project does not have access' do
+        it 'does not serve the file' do
+          get(:show,
+              namespace_id: public_project.namespace.to_param,
+              project_id: public_project.to_param,
+              id: id)
+
+          expect(response.status).to eq(404)
+        end
+      end
+    end
  end
 end
--- a/spec/features/notes_on_merge_requests_spec.rb
+++ b/spec/features/notes_on_merge_requests_spec.rb
@@ -2,6 +2,7 @@ require 'spec_helper'

 describe 'Comments', feature: true do
  include RepoHelpers
+  include WaitForAjax

  describe 'On a merge request', js: true, feature: true do
    let!(:merge_request) { create(:merge_request) }
@@ -123,8 +124,8 @@ describe 'Comments', feature: true do
        it 'removes the attachment div and resets the edit form' do
          find('.js-note-attachment-delete').click
          is_expected.not_to have_css('.note-attachment')
-          expect(find('.current-note-edit-form', visible: false)).
-            not_to be_visible
+          is_expected.not_to have_css('.current-note-edit-form')
+          wait_for_ajax
        end
      end
    end

--- a/spec/helpers/application_helper_spec.rb
+++ b/spec/helpers/application_helper_spec.rb
@@ -278,7 +278,7 @@ describe ApplicationHelper do
      el = element.next_element

      expect(el.name).to eq 'script'
-      expect(el.text).to include "$('.js-timeago').timeago()"
+      expect(el.text).to include "$('.js-timeago').last().timeago()"
    end

    it 'allows the script tag to be excluded' do

--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -36,6 +36,22 @@ describe ApplicationSetting, models: true do

  it { expect(setting).to be_valid }

+  describe 'validations' do
+    let(:http)  { 'http://example.com' }
+    let(:https) { 'https://example.com' }
+    let(:ftp)   { 'ftp://example.com' }
+
+    it { is_expected.to allow_value(nil).for(:home_page_url) }
+    it { is_expected.to allow_value(http).for(:home_page_url) }
+    it { is_expected.to allow_value(https).for(:home_page_url) }
+    it { is_expected.not_to allow_value(ftp).for(:home_page_url) }
+
+    it { is_expected.to allow_value(nil).for(:after_sign_out_path) }
+    it { is_expected.to allow_value(http).for(:after_sign_out_path) }
+    it { is_expected.to allow_value(https).for(:after_sign_out_path) }
+    it { is_expected.not_to allow_value(ftp).for(:after_sign_out_path) }
+  end
+
  context 'restricted signup domains' do
    it 'set single domain' do
      setting.restricted_signup_domains_raw = 'example.com'

--- a/spec/models/broadcast_message_spec.rb
+++ b/spec/models/broadcast_message_spec.rb
@@ -20,6 +20,21 @@ describe BroadcastMessage do

  it { is_expected.to be_valid }

+  describe 'validations' do
+    let(:triplet) { '#000' }
+    let(:hex)     { '#AABBCC' }
+
+    it { is_expected.to allow_value(nil).for(:color) }
+    it { is_expected.to allow_value(triplet).for(:color) }
+    it { is_expected.to allow_value(hex).for(:color) }
+    it { is_expected.not_to allow_value('000').for(:color) }
+
+    it { is_expected.to allow_value(nil).for(:font) }
+    it { is_expected.to allow_value(triplet).for(:font) }
+    it { is_expected.to allow_value(hex).for(:font) }
+    it { is_expected.not_to allow_value('000').for(:font) }
+  end
+
  describe :current do
    it "should return last message if time match" do
      broadcast_message = create(:broadcast_message, starts_at: Time.now.yesterday, ends_at: Time.now.tomorrow)

--- a/spec/models/hooks/web_hook_spec.rb
+++ b/spec/models/hooks/web_hook_spec.rb
@@ -71,5 +71,11 @@ describe ProjectHook do

      expect { @project_hook.execute(@data, 'push_hooks') }.to raise_error(RuntimeError)
    end
+
+    it "handles SSL exceptions" do
+      expect(WebHook).to receive(:post).and_raise(OpenSSL::SSL::SSLError.new('SSL error'))
+
+      expect(@project_hook.execute(@data, 'push_hooks')).to eq([false, 'SSL error'])
+    end
  end
 end
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -91,7 +91,23 @@ describe User do
  end

  describe 'validations' do
-    it { is_expected.to validate_presence_of(:username) }
+    describe 'username' do
+      it 'validates presence' do
+        expect(subject).to validate_presence_of(:username)
+      end
+
+      it 'rejects blacklisted names' do
+        user = build(:user, username: 'dashboard')
+
+        expect(user).not_to be_valid
+        expect(user.errors.values).to eq [['dashboard is a reserved name']]
+      end
+
+      it 'validates uniqueness' do
+        expect(subject).to validate_uniqueness_of(:username)
+      end
+    end
+
    it { is_expected.to validate_presence_of(:projects_limit) }
    it { is_expected.to validate_numericality_of(:projects_limit) }
    it { is_expected.to allow_value(0).for(:projects_limit) }

--- a/spec/requests/api/labels_spec.rb
+++ b/spec/requests/api/labels_spec.rb
@@ -47,7 +47,7 @@ describe API::API, api: true  do
           name: 'Foo',
           color: '#FFAA'
      expect(response.status).to eq(400)
-      expect(json_response['message']['color']).to eq(['is invalid'])
+      expect(json_response['message']['color']).to eq(['must be a valid color code'])
    end

    it 'should return 400 for too long color code' do
@@ -55,7 +55,7 @@ describe API::API, api: true  do
           name: 'Foo',
           color: '#FFAAFFFF'
      expect(response.status).to eq(400)
-      expect(json_response['message']['color']).to eq(['is invalid'])
+      expect(json_response['message']['color']).to eq(['must be a valid color code'])
    end

    it 'should return 400 for invalid name' do
@@ -151,12 +151,12 @@ describe API::API, api: true  do
      expect(json_response['message']['title']).to eq(['is invalid'])
    end

-    it 'should return 400 for invalid name' do
+    it 'should return 400 when color code is too short' do
      put api("/projects/#{project.id}/labels", user),
          name: 'label1',
          color: '#FF'
      expect(response.status).to eq(400)
-      expect(json_response['message']['color']).to eq(['is invalid'])
+      expect(json_response['message']['color']).to eq(['must be a valid color code'])
    end

    it 'should return 400 for too long color code' do
@@ -164,7 +164,7 @@ describe API::API, api: true  do
           name: 'Foo',
           color: '#FFAAFFFF'
      expect(response.status).to eq(400)
-      expect(json_response['message']['color']).to eq(['is invalid'])
+      expect(json_response['message']['color']).to eq(['must be a valid color code'])
    end
  end
 end
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -742,6 +742,18 @@ describe API::API, api: true  do
        end
      end

+      it 'should update visibility_level from public to private' do
+        project3.update_attributes({ visibility_level: Gitlab::VisibilityLevel::PUBLIC })
+
+        project_param = { public: false }
+        put api("/projects/#{project3.id}", user), project_param
+        expect(response.status).to eq(200)
+        project_param.each_pair do |k, v|
+          expect(json_response[k.to_s]).to eq(v)
+        end
+        expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PRIVATE)
+      end
+
      it 'should not update name to existing name' do
        project_param = { name: project3.name }
        put api("/projects/#{project.id}", user), project_param

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -153,7 +153,7 @@ describe API::API, api: true  do
      expect(json_response['message']['projects_limit']).
        to eq(['must be greater than or equal to 0'])
      expect(json_response['message']['username']).
-        to eq([Gitlab::Regex.send(:namespace_regex_message)])
+        to eq([Gitlab::Regex.namespace_regex_message])
    end

    it "shouldn't available for non admin users" do
@@ -296,7 +296,7 @@ describe API::API, api: true  do
      expect(json_response['message']['projects_limit']).
        to eq(['must be greater than or equal to 0'])
      expect(json_response['message']['username']).
-        to eq([Gitlab::Regex.send(:namespace_regex_message)])
+        to eq([Gitlab::Regex.namespace_regex_message])
    end

    context "with existing user" do

--- a/spec/support/test_env.rb
+++ b/spec/support/test_env.rb
@@ -12,6 +12,7 @@ module TestEnv
    'fix'              => '48f0be4',
    'improve/awesome'  => '5937ac0',
    'markdown'         => '0ed8c6c',
+    'lfs'              => 'be93687',
    'master'           => '5937ac0',
    "'test'"           => 'e56497b',
  }
@@ -21,7 +22,8 @@ module TestEnv
  # We currently only need a subset of the branches
  FORKED_BRANCH_SHA = {
    'add-submodule-version-bump' => '3f547c08',
-    'master' => '5937ac0'
+    'master' => '5937ac0',
+    'remove-submodule' => '2a33e0c0'
  }

  # Test environment

--- a/spec/support/wait_for_ajax.rb
+++ b/spec/support/wait_for_ajax.rb
+module WaitForAjax
+  def wait_for_ajax
+    Timeout.timeout(Capybara.default_wait_time) do
+      loop until finished_all_ajax_requests?
+    end
+  end
+
+  def finished_all_ajax_requests?
+    page.evaluate_script('jQuery.active').zero?
+  end
+end