Commit 1ccf61bd authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/gitlab@master

parent 68f1860e
# frozen_string_literal: true # frozen_string_literal: true
class NoteUserEntity < UserEntity class NoteUserEntity < UserEntity
expose :gitlab_employee?, as: :is_gitlab_employee, if: ->(user, options) { ::Feature.enabled?(:gitlab_employee_badge) && user.gitlab_employee? }
unexpose :web_url unexpose :web_url
end end
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
.bs-callout.bs-callout-danger .bs-callout.bs-callout-danger
- relative_url_link = 'https://docs.gitlab.com/ee/user/admin_area/settings/protected_paths.html#migrate-settings-from-gitlab-123-and-earlier' - relative_url_link = 'https://docs.gitlab.com/ee/user/admin_area/settings/protected_paths.html#migrate-settings-from-gitlab-123-and-earlier'
- relative_url_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: relative_url_link } - relative_url_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: relative_url_link }
= _("Omnibus Protected Paths throttle is active. From 12.4, Omnibus throttle is deprecated and will be removed in a future release. Please read the %{relative_url_link_start}Migrating Protected Paths documentation%{relative_url_link_end}.").html_safe % { relative_url_link_start: relative_url_link_start, relative_url_link_end: '</a>'.html_safe } = _("Omnibus Protected Paths throttle is active, and takes priority over these settings. From 12.4, Omnibus throttle is deprecated and will be removed in a future release. Please read the %{relative_url_link_start}Migrating Protected Paths documentation%{relative_url_link_end}.").html_safe % { relative_url_link_start: relative_url_link_start, relative_url_link_end: '</a>'.html_safe }
.form-group .form-group
.form-check .form-check
......
...@@ -42,7 +42,7 @@ ...@@ -42,7 +42,7 @@
%button.btn.btn-default.js-settings-toggle{ type: 'button' } %button.btn.btn-default.js-settings-toggle{ type: 'button' }
= expanded_by_default? ? _('Collapse') : _('Expand') = expanded_by_default? ? _('Collapse') : _('Expand')
%p %p
= _('Configure paths to be protected by Rack Attack. A web server restart is required after changing these settings.') = _('Configure paths to be protected by Rack Attack.')
.settings-content .settings-content
= render 'protected_paths' = render 'protected_paths'
......
...@@ -120,7 +120,7 @@ module Secpick ...@@ -120,7 +120,7 @@ module Secpick
options[:branch] = branch options[:branch] = branch
end end
opts.on('-s', '--sha abcd', 'SHA or SHA range to cherry pick') do |sha| opts.on('-s', '--sha abcd', 'SHA or SHA range to cherry pick (optional, defaults to current)') do |sha|
options[:sha] = sha options[:sha] = sha
end end
...@@ -155,6 +155,7 @@ module Secpick ...@@ -155,6 +155,7 @@ module Secpick
parser.parse! parser.parse!
options[:sha] ||= `git rev-parse HEAD`
options[:branch] ||= `git rev-parse --abbrev-ref HEAD` options[:branch] ||= `git rev-parse --abbrev-ref HEAD`
options[:remote] ||= DEFAULT_REMOTE options[:remote] ||= DEFAULT_REMOTE
......
...@@ -387,7 +387,7 @@ Parameters: ...@@ -387,7 +387,7 @@ Parameters:
| `group_id_for_saml` | No | ID of group where SAML has been configured | | `group_id_for_saml` | No | ID of group where SAML has been configured |
| `linkedin` | No | LinkedIn | | `linkedin` | No | LinkedIn |
| `location` | No | User's location | | `location` | No | User's location |
| `name` | No | Name | | `name` | Yes | Name |
| `organization` | No | Organization name | | `organization` | No | Organization name |
| `password` | No | Password | | `password` | No | Password |
| `private_profile` | No | User's profile is private - true, false (default), or null (will be converted to false) | | `private_profile` | No | User's profile is private - true, false (default), or null (will be converted to false) |
......
...@@ -24,6 +24,7 @@ similarly mitigated by a rate limit. ...@@ -24,6 +24,7 @@ similarly mitigated by a rate limit.
- [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md). - [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md).
- [Rate limits on raw endpoints](../user/admin_area/settings/rate_limits_on_raw_endpoints.md) - [Rate limits on raw endpoints](../user/admin_area/settings/rate_limits_on_raw_endpoints.md)
- [Protected paths](../user/admin_area/settings/protected_paths.md).
## Rack Attack initializer ## Rack Attack initializer
......
...@@ -4,7 +4,11 @@ type: reference ...@@ -4,7 +4,11 @@ type: reference
# Protected paths **(CORE ONLY)** # Protected paths **(CORE ONLY)**
GitLab protects the following paths with Rack Attack by default: Rate limiting is a common technique used to improve the security and durability
of a web application. For more details, see
[Rate limits](../../../security/rate_limits.md).
GitLab rate limits the following paths with Rack Attack by default:
```plaintext ```plaintext
'/users/password', '/users/password',
......
...@@ -8,7 +8,7 @@ type: reference, howto ...@@ -8,7 +8,7 @@ type: reference, howto
SAML on GitLab.com allows users to be added to a group. Those users can then sign in to GitLab.com. If such users don't already have an account on the GitLab instance, they can create one when signing in for the first time. SAML on GitLab.com allows users to be added to a group. Those users can then sign in to GitLab.com. If such users don't already have an account on the GitLab instance, they can create one when signing in for the first time.
If you follow our guidance to automate user provisioning using [SCIM](scim_setup.md) or [group managed accounts](#group-managed-accounts), you do not need to create such accounts manually. If you follow our guidance to automate user provisioning using [SCIM](scim_setup.md) or [group-managed accounts](#group-managed-accounts), you do not need to create such accounts manually.
User synchronization for GitLab.com is partially supported using [SCIM](scim_setup.md). User synchronization for GitLab.com is partially supported using [SCIM](scim_setup.md).
...@@ -86,6 +86,15 @@ Since use of the group-managed account requires the use of SSO, users of group-m ...@@ -86,6 +86,15 @@ Since use of the group-managed account requires the use of SSO, users of group-m
- The user will be unable to access the group (their credentials will no longer work on the identity provider when prompted to SSO). - The user will be unable to access the group (their credentials will no longer work on the identity provider when prompted to SSO).
- Contributions in the group (e.g. issues, merge requests) will remain intact. - Contributions in the group (e.g. issues, merge requests) will remain intact.
##### Feature flag
Currently the group-managed accounts feature is behind a feature flag: `group_managed_accounts`. The flag is disabled by default.
To activate the feature, ask a GitLab administrator with Rails console access to run:
```ruby
Feature.enable(:group_managed_accounts)
```
##### Credentials inventory for Group-managed accounts **(ULTIMATE)** ##### Credentials inventory for Group-managed accounts **(ULTIMATE)**
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/38133) in GitLab 12.8. > [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/38133) in GitLab 12.8.
......
...@@ -5,7 +5,7 @@ module API ...@@ -5,7 +5,7 @@ module API
class Discussion < Grape::Entity class Discussion < Grape::Entity
expose :id expose :id
expose :individual_note?, as: :individual_note expose :individual_note?, as: :individual_note
expose :notes, using: Entities::NoteWithGitlabEmployeeBadge expose :notes, using: Entities::Note
end end
end end
end end
# frozen_string_literal: true
module API
module Entities
class NoteWithGitlabEmployeeBadge < Note
expose :author, using: Entities::UserWithGitlabEmployeeBadge
expose :resolved_by, using: Entities::UserWithGitlabEmployeeBadge, if: ->(note, options) { note.resolvable? }
end
end
end
# frozen_string_literal: true
module API
module Entities
class UserWithGitlabEmployeeBadge < UserBasic
expose :gitlab_employee?, as: :is_gitlab_employee, if: ->(user, options) { ::Feature.enabled?(:gitlab_employee_badge) && user.gitlab_employee? }
end
end
end
...@@ -5172,7 +5172,7 @@ msgstr "" ...@@ -5172,7 +5172,7 @@ msgstr ""
msgid "Configure limits on the number of inbound alerts able to be sent to a project." msgid "Configure limits on the number of inbound alerts able to be sent to a project."
msgstr "" msgstr ""
msgid "Configure paths to be protected by Rack Attack. A web server restart is required after changing these settings." msgid "Configure paths to be protected by Rack Attack."
msgstr "" msgstr ""
msgid "Configure repository mirroring." msgid "Configure repository mirroring."
...@@ -13652,7 +13652,7 @@ msgstr "" ...@@ -13652,7 +13652,7 @@ msgstr ""
msgid "OmniAuth" msgid "OmniAuth"
msgstr "" msgstr ""
msgid "Omnibus Protected Paths throttle is active. From 12.4, Omnibus throttle is deprecated and will be removed in a future release. Please read the %{relative_url_link_start}Migrating Protected Paths documentation%{relative_url_link_end}." msgid "Omnibus Protected Paths throttle is active, and takes priority over these settings. From 12.4, Omnibus throttle is deprecated and will be removed in a future release. Please read the %{relative_url_link_start}Migrating Protected Paths documentation%{relative_url_link_end}."
msgstr "" msgstr ""
msgid "On track" msgid "On track"
......
...@@ -1390,6 +1390,61 @@ describe Projects::IssuesController do ...@@ -1390,6 +1390,61 @@ describe Projects::IssuesController do
expect(note_json['author']['status_tooltip_html']).to be_present expect(note_json['author']['status_tooltip_html']).to be_present
end end
context 'is_gitlab_employee attribute' do
subject { get :discussions, params: { namespace_id: project.namespace, project_id: project, id: issue.iid } }
before do
allow(Gitlab).to receive(:com?).and_return(true)
note_user = discussion.author
note_user.update(email: email)
note_user.confirm
end
shared_examples 'non inclusion of gitlab employee badge' do
it 'does not render the is_gitlab_employee attribute' do
subject
note_json = json_response.first['notes'].first
expect(note_json['author']['is_gitlab_employee']).to be nil
end
end
context 'when user is a gitlab employee' do
let(:email) { 'test@gitlab.com' }
it 'renders the is_gitlab_employee attribute' do
subject
note_json = json_response.first['notes'].first
expect(note_json['author']['is_gitlab_employee']).to be true
end
context 'when feature flag is disabled' do
before do
stub_feature_flags(gitlab_employee_badge: false)
end
it_behaves_like 'non inclusion of gitlab employee badge'
end
end
context 'when user is not a gitlab employee' do
let(:email) { 'test@example.com' }
it_behaves_like 'non inclusion of gitlab employee badge'
context 'when feature flag is disabled' do
before do
stub_feature_flags(gitlab_employee_badge: false)
end
it_behaves_like 'non inclusion of gitlab employee badge'
end
end
end
it 'does not cause an extra query for the status' do it 'does not cause an extra query for the status' do
control = ActiveRecord::QueryRecorder.new do control = ActiveRecord::QueryRecorder.new do
get :discussions, params: { namespace_id: project.namespace, project_id: project, id: issue.iid } get :discussions, params: { namespace_id: project.namespace, project_id: project, id: issue.iid }
......
...@@ -17,8 +17,7 @@ ...@@ -17,8 +17,7 @@
"path": { "type": "string" }, "path": { "type": "string" },
"name": { "type": "string" }, "name": { "type": "string" },
"username": { "type": "string" }, "username": { "type": "string" },
"status_tooltip_html": { "$ref": "../types/nullable_string.json" }, "status_tooltip_html": { "$ref": "../types/nullable_string.json" }
"is_gitlab_employee": { "type": "boolean" }
}, },
"additionalProperties": false "additionalProperties": false
} }
...@@ -55,58 +55,6 @@ RSpec.shared_examples 'with cross-reference system notes' do ...@@ -55,58 +55,6 @@ RSpec.shared_examples 'with cross-reference system notes' do
end end
RSpec.shared_examples 'discussions API' do |parent_type, noteable_type, id_name, can_reply_to_individual_notes: false| RSpec.shared_examples 'discussions API' do |parent_type, noteable_type, id_name, can_reply_to_individual_notes: false|
shared_examples 'is_gitlab_employee attribute presence' do
subject { get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", user) }
before do
allow(Gitlab).to receive(:com?).and_return(true)
user.update(email: email)
user.confirm
end
context 'when author is a gitlab employee' do
let(:email) { 'test@gitlab.com' }
it 'returns is_gitlab_employee as true' do
subject
expect(json_response.first["notes"].first["author"]['is_gitlab_employee']).to be true
end
end
shared_examples 'non inclusion of gitlab employee badge' do
it 'does not include is_gitlab_employee attribute' do
subject
expect(json_response.first["notes"].first["author"]).not_to have_key('is_gitlab_employee')
end
end
context 'when author is not a gitlab employee' do
let(:email) { 'test@example.com' }
it_behaves_like 'non inclusion of gitlab employee badge'
end
describe 'when feature flag is disabled' do
before do
stub_feature_flags(gitlab_employee_badge: false)
end
context 'when author is a gitlab employee' do
let(:email) { 'test@gitlab.com' }
it_behaves_like 'non inclusion of gitlab employee badge'
end
context 'when author is not a gitlab employee' do
let(:email) { 'test@example.com' }
it_behaves_like 'non inclusion of gitlab employee badge'
end
end
end
describe "GET /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions" do describe "GET /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions" do
it "returns an array of discussions" do it "returns an array of discussions" do
get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", user) get api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", user)
...@@ -130,8 +78,6 @@ RSpec.shared_examples 'discussions API' do |parent_type, noteable_type, id_name, ...@@ -130,8 +78,6 @@ RSpec.shared_examples 'discussions API' do |parent_type, noteable_type, id_name,
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
it_behaves_like 'is_gitlab_employee attribute presence'
end end
describe "GET /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions/:discussion_id" do describe "GET /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions/:discussion_id" do
...@@ -250,8 +196,6 @@ RSpec.shared_examples 'discussions API' do |parent_type, noteable_type, id_name, ...@@ -250,8 +196,6 @@ RSpec.shared_examples 'discussions API' do |parent_type, noteable_type, id_name,
end end
end end
end end
it_behaves_like 'is_gitlab_employee attribute presence'
end end
describe "POST /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions/:discussion_id/notes" do describe "POST /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions/:discussion_id/notes" do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment