Skip to content

G
gitlab-ce
Commit 1ccf61bd authored by GitLab Bot's avatar GitLab Bot
Browse files
Options

Add latest changes from gitlab-org/gitlab@master

parent 68f1860e
Hide whitespace changes
Inline Side-by-side
Showing with 82 additions and 86 deletions
app/serializers/note_user_entity.rb
View file @ 1ccf61bd
# frozen_string_literal: true
class NoteUserEntity < UserEntity
expose :gitlab_employee?, as: :is_gitlab_employee, if: ->(user, options) { ::Feature.enabled?(:gitlab_employee_badge) && user.gitlab_employee? }
unexpose :web_url
end
app/views/admin/application_settings/_protected_paths.html.haml
View file @ 1ccf61bd
......@@ -6,7 +6,7 @@
.bs-callout.bs-callout-danger
- relative_url_link = 'https://docs.gitlab.com/ee/user/admin_area/settings/protected_paths.html#migrate-settings-from-gitlab-123-and-earlier'
- relative_url_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: relative_url_link }
= _("Omnibus Protected Paths throttle is active. From 12.4, Omnibus throttle is deprecated and will be removed in a future release. Please read the %{relative_url_link_start}Migrating Protected Paths documentation%{relative_url_link_end}.").html_safe % { relative_url_link_start: relative_url_link_start, relative_url_link_end: '</a>'.html_safe }
= _("Omnibus Protected Paths throttle is active, and takes priority over these settings. From 12.4, Omnibus throttle is deprecated and will be removed in a future release. Please read the %{relative_url_link_start}Migrating Protected Paths documentation%{relative_url_link_end}.").html_safe % { relative_url_link_start: relative_url_link_start, relative_url_link_end: '</a>'.html_safe }
.form-group
.form-check
......
app/views/admin/application_settings/network.html.haml
View file @ 1ccf61bd
......@@ -42,7 +42,7 @@
%button.btn.btn-default.js-settings-toggle{ type: 'button' }
= expanded_by_default? ? _('Collapse') : _('Expand')
%p
= _('Configure paths to be protected by Rack Attack. A web server restart is required after changing these settings.')
= _('Configure paths to be protected by Rack Attack.')
.settings-content
= render 'protected_paths'
......
bin/secpick
View file @ 1ccf61bd
......@@ -120,7 +120,7 @@ module Secpick
options[:branch] = branch
end
opts.on('-s', '--sha abcd', 'SHA or SHA range to cherry pick') do |sha|
opts.on('-s', '--sha abcd', 'SHA or SHA range to cherry pick (optional, defaults to current)') do |sha|
options[:sha] = sha
end
......@@ -155,6 +155,7 @@ module Secpick
parser.parse!
options[:sha] ||= `git rev-parse HEAD`
options[:branch] ||= `git rev-parse --abbrev-ref HEAD`
options[:remote] ||= DEFAULT_REMOTE
......
doc/api/users.md
View file @ 1ccf61bd
......@@ -387,7 +387,7 @@ Parameters:
| `group_id_for_saml` | No | ID of group where SAML has been configured |
| `linkedin` | No | LinkedIn |
| `location` | No | User's location |
| `name` | No | Name |
| `name` | Yes | Name |
| `organization` | No | Organization name |
| `password` | No | Password |
| `private_profile` | No | User's profile is private - true, false (default), or null (will be converted to false) |
......
doc/security/rate_limits.md
View file @ 1ccf61bd
......@@ -24,6 +24,7 @@ similarly mitigated by a rate limit.
- [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md).
- [Rate limits on raw endpoints](../user/admin_area/settings/rate_limits_on_raw_endpoints.md)
- [Protected paths](../user/admin_area/settings/protected_paths.md).
## Rack Attack initializer
......
doc/user/admin_area/settings/protected_paths.md
View file @ 1ccf61bd
......@@ -4,7 +4,11 @@ type: reference
# Protected paths **(CORE ONLY)**
GitLab protects the following paths with Rack Attack by default:
Rate limiting is a common technique used to improve the security and durability
of a web application. For more details, see
[Rate limits](../../../security/rate_limits.md).
GitLab rate limits the following paths with Rack Attack by default:
```plaintext
'/users/password',
......
doc/user/group/saml_sso/index.md
View file @ 1ccf61bd
......@@ -8,7 +8,7 @@ type: reference, howto
SAML on GitLab.com allows users to be added to a group. Those users can then sign in to GitLab.com. If such users don't already have an account on the GitLab instance, they can create one when signing in for the first time.
If you follow our guidance to automate user provisioning using [SCIM](scim_setup.md) or [group managed accounts](#group-managed-accounts), you do not need to create such accounts manually.
If you follow our guidance to automate user provisioning using [SCIM](scim_setup.md) or [group-managed accounts](#group-managed-accounts), you do not need to create such accounts manually.
User synchronization for GitLab.com is partially supported using [SCIM](scim_setup.md).
......@@ -86,6 +86,15 @@ Since use of the group-managed account requires the use of SSO, users of group-m
- The user will be unable to access the group (their credentials will no longer work on the identity provider when prompted to SSO).
- Contributions in the group (e.g. issues, merge requests) will remain intact.
##### Feature flag
Currently the group-managed accounts feature is behind a feature flag: `group_managed_accounts`. The flag is disabled by default.
To activate the feature, ask a GitLab administrator with Rails console access to run:
```ruby
Feature.enable(:group_managed_accounts)
```
##### Credentials inventory for Group-managed accounts **(ULTIMATE)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/38133) in GitLab 12.8.
......
lib/api/entities/discussion.rb
View file @ 1ccf61bd
......@@ -5,7 +5,7 @@ module API
class Discussion < Grape::Entity
expose :id
expose :individual_note?, as: :individual_note
expose :notes, using: Entities::NoteWithGitlabEmployeeBadge
expose :notes, using: Entities::Note
end
end
end
lib/api/entities/note_with_gitlab_employee_badge.rb deleted 100644 → 0
View file @ 68f1860e
# frozen_string_literal: true
module API
module Entities
class NoteWithGitlabEmployeeBadge < Note
expose :author, using: Entities::UserWithGitlabEmployeeBadge
expose :resolved_by, using: Entities::UserWithGitlabEmployeeBadge, if: ->(note, options) { note.resolvable? }
end
end
end
lib/api/entities/user_with_gitlab_employee_badge.rb deleted 100644 → 0
View file @ 68f1860e
# frozen_string_literal: true
module API
module Entities
class UserWithGitlabEmployeeBadge < UserBasic
expose :gitlab_employee?, as: :is_gitlab_employee, if: ->(user, options) { ::Feature.enabled?(:gitlab_employee_badge) && user.gitlab_employee? }
end
end
end
locale/gitlab.pot
View file @ 1ccf61bd
......@@ -5172,7 +5172,7 @@ msgstr ""
msgid "Configure limits on the number of inbound alerts able to be sent to a project."
msgstr ""
msgid "Configure paths to be protected by Rack Attack. A web server restart is required after changing these settings."
msgid "Configure paths to be protected by Rack Attack."
msgstr ""
msgid "Configure repository mirroring."
......@@ -13652,7 +13652,7 @@ msgstr ""
msgid "OmniAuth"
msgstr ""
msgid "Omnibus Protected Paths throttle is active. From 12.4, Omnibus throttle is deprecated and will be removed in a future release. Please read the %{relative_url_link_start}Migrating Protected Paths documentation%{relative_url_link_end}."
msgid "Omnibus Protected Paths throttle is active, and takes priority over these settings. From 12.4, Omnibus throttle is deprecated and will be removed in a future release. Please read the %{relative_url_link_start}Migrating Protected Paths documentation%{relative_url_link_end}."
msgstr ""
msgid "On track"
......
spec/controllers/projects/issues_controller_spec.rb
View file @ 1ccf61bd
......@@ -1390,6 +1390,61 @@ describe Projects::IssuesController do
expect(note_json['author']['status_tooltip_html']).to be_present
end
context 'is_gitlab_employee attribute' do
subject { get :discussions, params: { namespace_id: project.namespace, project_id: project, id: issue.iid } }
before do
allow(Gitlab).to receive(:com?).and_return(true)
note_user = discussion.author
note_user.update(email: email)
note_user.confirm
end
shared_examples 'non inclusion of gitlab employee badge' do
it 'does not render the is_gitlab_employee attribute' do
subject
note_json = json_response.first['notes'].first
expect(note_json['author']['is_gitlab_employee']).to be nil
end
end
context 'when user is a gitlab employee' do
let(:email) { 'test@gitlab.com' }
it 'renders the is_gitlab_employee attribute' do
subject
note_json = json_response.first['notes'].first
expect(note_json['author']['is_gitlab_employee']).to be true
end
context 'when feature flag is disabled' do
before do
stub_feature_flags(gitlab_employee_badge: false)
end
it_behaves_like 'non inclusion of gitlab employee badge'
end
end
context 'when user is not a gitlab employee' do
let(:email) { 'test@example.com' }
it_behaves_like 'non inclusion of gitlab employee badge'
context 'when feature flag is disabled' do
before do
stub_feature_flags(gitlab_employee_badge: false)
end
it_behaves_like 'non inclusion of gitlab employee badge'
end
end
end
it 'does not cause an extra query for the status' do
control = ActiveRecord::QueryRecorder.new do
get :discussions, params: { namespace_id: project.namespace, project_id: project, id: issue.iid }
......
spec/fixtures/api/schemas/entities/user.json
View file @ 1ccf61bd
......@@ -17,8 +17,7 @@
"path": { "type": "string" },
"name": { "type": "string" },
"username": { "type": "string" },
"status_tooltip_html": { "$ref": "../types/nullable_string.json" },
"is_gitlab_employee": { "type": "boolean" }
"status_tooltip_html": { "$ref": "../types/nullable_string.json" }
},
"additionalProperties": false
}
spec/support/shared_examples/requests/api/discussions_shared_examples.rb
View file @ 1ccf61bd
......@@ -55,58 +55,6 @@ RSpec.shared_examples 'with cross-reference system notes' do
end
RSpec.shared_examples 'discussions API' do |parent_type, noteable_type, id_name, can_reply_to_individual_notes: false|
shared_examples 'is_gitlab_employee attribute presence' do
subject { get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", user) }
before do
allow(Gitlab).to receive(:com?).and_return(true)
user.update(email: email)
user.confirm
end
context 'when author is a gitlab employee' do
let(:email) { 'test@gitlab.com' }
it 'returns is_gitlab_employee as true' do
subject
expect(json_response.first["notes"].first["author"]['is_gitlab_employee']).to be true
end
end
shared_examples 'non inclusion of gitlab employee badge' do
it 'does not include is_gitlab_employee attribute' do
subject
expect(json_response.first["notes"].first["author"]).not_to have_key('is_gitlab_employee')
end
end
context 'when author is not a gitlab employee' do
let(:email) { 'test@example.com' }
it_behaves_like 'non inclusion of gitlab employee badge'
end
describe 'when feature flag is disabled' do
before do
stub_feature_flags(gitlab_employee_badge: false)
end
context 'when author is a gitlab employee' do
let(:email) { 'test@gitlab.com' }
it_behaves_like 'non inclusion of gitlab employee badge'
end
context 'when author is not a gitlab employee' do
let(:email) { 'test@example.com' }
it_behaves_like 'non inclusion of gitlab employee badge'
end
end
end
describe "GET /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions" do
it "returns an array of discussions" do
get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", user)
......@@ -130,8 +78,6 @@ RSpec.shared_examples 'discussions API' do |parent_type, noteable_type, id_name,
expect(response).to have_gitlab_http_status(:not_found)
end
it_behaves_like 'is_gitlab_employee attribute presence'
end
describe "GET /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions/:discussion_id" do
......@@ -250,8 +196,6 @@ RSpec.shared_examples 'discussions API' do |parent_type, noteable_type, id_name,
end
end
end
it_behaves_like 'is_gitlab_employee attribute presence'
end
describe "POST /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions/:discussion_id/notes" do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7