Merge branch 'ce-to-ee-2018-03-27' into 'master'

CE upstream - 2018-03-27 12:27 UTC Closes #4171, #4163, #3370, and #2841 See merge request gitlab-org/gitlab-ee!5129

Merge branch 'ce-to-ee-2018-03-27' into 'master'
CE upstream - 2018-03-27 12:27 UTC Closes #4171, #4163, #3370, and #2841 See merge request gitlab-org/gitlab-ee!5129
ab0cd688 · Dmitriy Zaporozhets · ebd83f3c · fc11e519 · ab0cd688 · ab0cd688
Commit ab0cd688 authored Mar 27, 2018 by Dmitriy Zaporozhets
19 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -52,6 +52,7 @@ gem 'omniauth-shibboleth', '~> 1.2.0'
 gem 'omniauth-twitter', '~> 1.4'
 gem 'omniauth_crowd', '~> 2.2.0'
 gem 'omniauth-authentiq', '~> 0.3.1'
+gem 'omniauth-jwt', '~> 0.0.2'
 gem 'rack-oauth2', '~> 1.2.1'
 gem 'jwt', '~> 1.5.6'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -584,6 +584,9 @@ GEM
      multi_json (~> 1.3)
      omniauth (>= 1.1.1)
      omniauth-oauth2 (>= 1.3.1)
+    omniauth-jwt (0.0.2)
+      jwt
+      omniauth (~> 1.1)
    omniauth-kerberos (0.3.0)
      omniauth-multipassword
      timfel-krb5-auth (~> 0.8)
@@ -1153,6 +1156,7 @@ DEPENDENCIES
  omniauth-github (~> 1.1.1)
  omniauth-gitlab (~> 1.0.2)
  omniauth-google-oauth2 (~> 0.5.2)
+  omniauth-jwt (~> 0.0.2)
  omniauth-kerberos (~> 0.3.0)
  omniauth-oauth2-generic (~> 0.2.2)
  omniauth-saml (~> 1.10)

--- a/app/controllers/root_controller.rb
+++ b/app/controllers/root_controller.rb
@@ -42,6 +42,10 @@ class RootController < Dashboard::ProjectsController
      redirect_to(dashboard_groups_path)
    when 'todos'
      redirect_to(dashboard_todos_path)
+    when 'issues'
+      redirect_to(issues_dashboard_path(assignee_id: current_user.id))
+    when 'merge_requests'
+      redirect_to(merge_requests_dashboard_path(assignee_id: current_user.id))
    end
  end

--- a/app/helpers/preferences_helper.rb
+++ b/app/helpers/preferences_helper.rb
@@ -9,12 +9,14 @@ module PreferencesHelper
  # Maps `dashboard` values to more user-friendly option text
  DASHBOARD_CHOICES = {
-    projects: 'Your Projects (default)',
+    projects: _("Your Projects (default)"),
-    stars:    'Starred Projects',
+    stars:    _("Starred Projects"),
-    project_activity: "Your Projects' Activity",
+    project_activity: _("Your Projects' Activity"),
-    starred_project_activity: "Starred Projects' Activity",
+    starred_project_activity: _("Starred Projects' Activity"),
-    groups: "Your Groups",
+    groups: _("Your Groups"),
-    todos: "Your Todos"
+    todos: _("Your Todos"),
+    issues: _("Assigned Issues"),
+    merge_requests: _("Assigned Merge Requests")
  }.with_indifferent_access.freeze
  # Returns an Array usable by a select field for more user-friendly option text

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -189,7 +189,7 @@ class User < ActiveRecord::Base
  # User's Dashboard preference
  # Note: When adding an option, it MUST go on the end of the array.
-  enum dashboard: [:projects, :stars, :project_activity, :starred_project_activity, :groups, :todos]
+  enum dashboard: [:projects, :stars, :project_activity, :starred_project_activity, :groups, :todos, :issues, :merge_requests]
  # User's Project preference
  # Note: When adding an option, it MUST go on the end of the array.

--- a/changelogs/unreleased/43512-add-support-for-omniauth-jwt-provider.yml
+++ b/changelogs/unreleased/43512-add-support-for-omniauth-jwt-provider.yml
+---
+title: Adds support for OmniAuth JWT provider
+merge_request: 17774
+author:
+type: added
--- a/changelogs/unreleased/dashboard-view-user-choices-issues-merge-requests.yml
+++ b/changelogs/unreleased/dashboard-view-user-choices-issues-merge-requests.yml
+---
+title: Add 'Assigned Issues' and 'Assigned Merge Requests' as dashboard view choices for users
+merge_request: 17860
+author: Elias Werberich
+type: added
--- a/changelogs/unreleased/workhorse-gitaly-mandatory.yml
+++ b/changelogs/unreleased/workhorse-gitaly-mandatory.yml
+---
+title: Make all workhorse gitaly calls opt-out
+merge_request: 18002
+author:
+type: other
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -610,7 +610,17 @@ production: &base
      # - { name: 'twitter',
      #     app_id: 'YOUR_APP_ID',
      #     app_secret: 'YOUR_APP_SECRET' }
-      #
+      # - { name: 'jwt',
+      #     app_secret: 'YOUR_APP_SECRET',
+      #     args: {
+      #             algorithm: 'HS256',
+      #             uid_claim: 'email',
+      #             required_claims: ["name", "email"],
+      #             info_map: { name: "name", email: "email" },
+      #             auth_url: 'https://example.com/',
+      #             valid_within: nil,
+      #           }
+      #   }
      # - { name: 'saml',
      #     label: 'Our SAML Provider',
      #     groups_attribute: 'Groups',
@@ -891,6 +901,17 @@ test:
      - { name: 'twitter',
          app_id: 'YOUR_APP_ID',
          app_secret: 'YOUR_APP_SECRET' }
+      - { name: 'jwt',
+          app_secret: 'YOUR_APP_SECRET',
+          args: {
+                  algorithm: 'HS256',
+                  uid_claim: 'email',
+                  required_claims: ["name", "email"],
+                  info_map: { name: "name", email: "email" },
+                  auth_url: 'https://example.com/',
+                  valid_within: nil,
+                }
+        }
      - { name: 'auth0',
          args: {
            client_id: 'YOUR_AUTH0_CLIENT_ID',

--- a/doc/administration/auth/jwt.md
+++ b/doc/administration/auth/jwt.md
+# JWT OmniAuth provider
+To enable the JWT OmniAuth provider, you must register your application with JWT.
+JWT will provide you with a secret key for you to use.
+1.  On your GitLab server, open the configuration file.
+    For Omnibus GitLab:
+    ```sh
+    sudo editor /etc/gitlab/gitlab.rb
+    ```
+    For installations from source:
+    ```sh
+    cd /home/git/gitlab
+    sudo -u git -H editor config/gitlab.yml
+    ```
+1.  See [Initial OmniAuth Configuration](../../integration/omniauth.md#initial-omniauth-configuration) for initial settings.
+1.  Add the provider configuration.
+    For Omnibus GitLab:
+    ```ruby
+    gitlab_rails['omniauth_providers'] = [
+      { name: 'jwt',
+        app_secret: 'YOUR_APP_SECRET',
+        args: {
+                algorithm: 'HS256',
+                uid_claim: 'email',
+                required_claims: ["name", "email"],
+                info_maps: { name: "name", email: "email" },
+                auth_url: 'https://example.com/',
+                valid_within: nil,
+              }
+      }
+    ]
+    ```
+    For installation from source:
+    ```
+    - { name: 'jwt',
+        app_secret: 'YOUR_APP_SECRET',
+        args: {
+                algorithm: 'HS256',
+                uid_claim: 'email',
+                required_claims: ["name", "email"],
+                info_map: { name: "name", email: "email" },
+                auth_url: 'https://example.com/',
+                valid_within: nil,
+              }
+      }
+    ```
+    NOTE: **Note:** For more information on each configuration option refer to
+    the [OmniAuth JWT usage documentation](https://github.com/mbleigh/omniauth-jwt#usage).
+1.  Change `YOUR_APP_SECRET` to the client secret and set `auth_url` to your redirect URL.
+1.  Save the configuration file.
+1.  [Reconfigure GitLab][] or [restart GitLab][] for the changes to take effect if you
+    installed GitLab via Omnibus or from source respectively.
+On the sign in page there should now be a JWT icon below the regular sign in form.
+Click the icon to begin the authentication process. JWT will ask the user to
+sign in and authorize the GitLab application. If everything goes well, the user
+will be redirected to GitLab and will be signed in.
+[reconfigure GitLab]: ../restart_gitlab.md#omnibus-gitlab-reconfigure
+[restart GitLab]: ../restart_gitlab.md#installations-from-source
--- a/doc/integration/omniauth.md
+++ b/doc/integration/omniauth.md
@@ -32,6 +32,7 @@ contains some settings that are common for all providers.
 - [Auth0](auth0.md)
 - [Authentiq](../administration/auth/authentiq.md)
 - [OAuth2Generic](oauth2_generic.md)
+- [JWT](../administration/auth/jwt.md)
 ## Initial OmniAuth Configuration

--- a/doc/user/profile/preferences.md
+++ b/doc/user/profile/preferences.md
@@ -41,7 +41,7 @@ select few, the amount of activity on the default Dashboard page can be
 overwhelming. Changing this setting allows you to redefine what your default
 dashboard will be.
-You have 6 options here that you can use for your default dashboard view:
+You have 8 options here that you can use for your default dashboard view:
 - Your projects (default)
 - Starred projects
@@ -49,6 +49,8 @@ You have 6 options here that you can use for your default dashboard view:
 - Starred projects' activity
 - Your groups
 - Your [Todos]
+- Assigned Issues
+- Assigned Merge Requests
 ### Project home page content

--- a/doc/user/project/clusters/index.md
+++ b/doc/user/project/clusters/index.md
@@ -71,7 +71,7 @@ You need Master [permissions] and above to access the Kubernetes page.
 To add an existing Kubernetes cluster to your project:
 1. Navigate to your project's **CI/CD > Kubernetes** page.
-1. Click on **Add Kuberntes cluster**.
+1. Click on **Add Kubernetes cluster**.
 1. Click on **Add an existing Kubernetes cluster** and fill in the details:
    - **Kubernetes cluster name** (required) - The name you wish to give the cluster.
    - **Environment scope** (required)- The
@@ -101,7 +101,7 @@ To add an existing Kubernetes cluster to your project:
      - If you or someone created a secret specifically for the project, usually
        with limited permissions, the secret's namespace and project namespace may
        be the same.
-1. Finally, click the **Create Kuberntes cluster** button.
+1. Finally, click the **Create Kubernetes cluster** button.
 After a few moments, your cluster should be created. If something goes wrong,
 you will be notified.

--- a/lib/gitlab/workhorse.rb
+++ b/lib/gitlab/workhorse.rb
@@ -44,7 +44,7 @@ module Gitlab
      end
      def send_git_blob(repository, blob)
-        params = if Gitlab::GitalyClient.feature_enabled?(:workhorse_raw_show)
+        params = if Gitlab::GitalyClient.feature_enabled?(:workhorse_raw_show, Gitlab::GitalyClient::MigrationStatus::OPT_OUT)
                   {
                     'GitalyServer' => gitaly_server_hash(repository),
                     'GetBlobRequest' => {
@@ -72,7 +72,7 @@ module Gitlab
        params = repository.archive_metadata(ref, Gitlab.config.gitlab.repository_downloads_path, format)
        raise "Repository or ref not found" if params.empty?
-        if Gitlab::GitalyClient.feature_enabled?(:workhorse_archive)
+        if Gitlab::GitalyClient.feature_enabled?(:workhorse_archive, Gitlab::GitalyClient::MigrationStatus::OPT_OUT)
          params.merge!(
            'GitalyServer' => gitaly_server_hash(repository),
            'GitalyRepository' => repository.gitaly_repository.to_h
@@ -89,7 +89,7 @@ module Gitlab
      end
      def send_git_diff(repository, diff_refs)
-        params = if Gitlab::GitalyClient.feature_enabled?(:workhorse_send_git_diff)
+        params = if Gitlab::GitalyClient.feature_enabled?(:workhorse_send_git_diff, Gitlab::GitalyClient::MigrationStatus::OPT_OUT)
                   {
                     'GitalyServer' => gitaly_server_hash(repository),
                     'RawDiffRequest' => Gitaly::RawDiffRequest.new(
@@ -107,7 +107,7 @@ module Gitlab
      end
      def send_git_patch(repository, diff_refs)
-        params = if Gitlab::GitalyClient.feature_enabled?(:workhorse_send_git_patch)
+        params = if Gitlab::GitalyClient.feature_enabled?(:workhorse_send_git_patch, Gitlab::GitalyClient::MigrationStatus::OPT_OUT)
                   {
                     'GitalyServer' => gitaly_server_hash(repository),
                     'RawPatchRequest' => Gitaly::RawPatchRequest.new(

--- a/spec/controllers/root_controller_spec.rb
+++ b/spec/controllers/root_controller_spec.rb
@@ -90,6 +90,30 @@ describe RootController do
        end
      end
+      context 'who has customized their dashboard setting for assigned issues' do
+        before do
+          user.dashboard = 'issues'
+        end
+        it 'redirects to their assigned issues' do
+          get :index
+          expect(response).to redirect_to issues_dashboard_path(assignee_id: user.id)
+        end
+      end
+      context 'who has customized their dashboard setting for assigned merge requests' do
+        before do
+          user.dashboard = 'merge_requests'
+        end
+        it 'redirects to their assigned merge requests' do
+          get :index
+          expect(response).to redirect_to merge_requests_dashboard_path(assignee_id: user.id)
+        end
+      end
      context 'who uses the default dashboard setting' do
        it 'renders the default dashboard' do
          get :index

--- a/spec/features/projects/hook_logs/user_reads_log_spec.rb
+++ b/spec/features/projects/hook_logs/user_reads_log_spec.rb
+require 'spec_helper'
+feature 'Hook logs' do
+  given(:web_hook_log) { create(:web_hook_log, response_body: '<script>') }
+  given(:project) { web_hook_log.web_hook.project }
+  given(:user) { create(:user) }
+  before do
+    project.add_master(user)
+    sign_in(user)
+  end
+  scenario 'user reads log without getting XSS' do
+    visit(
+      project_hook_hook_log_path(
+        project, web_hook_log.web_hook, web_hook_log))
+    expect(page).to have_content('<script>')
+  end
+end
--- a/spec/helpers/preferences_helper_spec.rb
+++ b/spec/helpers/preferences_helper_spec.rb
@@ -21,7 +21,9 @@ describe PreferencesHelper do
        ["Your Projects' Activity", 'project_activity'],
        ["Starred Projects' Activity", 'starred_project_activity'],
        ["Your Groups", 'groups'],
-        ["Your Todos", 'todos']
+        ["Your Todos", 'todos'],
+        ["Assigned Issues", 'issues'],
+        ["Assigned Merge Requests", 'merge_requests']
      ]
    end
  end

--- a/spec/lib/gitlab/workhorse_spec.rb
+++ b/spec/lib/gitlab/workhorse_spec.rb
@@ -55,7 +55,7 @@ describe Gitlab::Workhorse do
      end
    end
-    context 'when Gitaly workhorse_archive feature is disabled', :skip_gitaly_mock do
+    context 'when Gitaly workhorse_archive feature is disabled', :disable_gitaly do
      it 'sets the header correctly' do
        key, command, params = decode_workhorse_header(subject)
@@ -100,7 +100,7 @@ describe Gitlab::Workhorse do
      end
    end
-    context 'when Gitaly workhorse_send_git_patch feature is disabled', :skip_gitaly_mock do
+    context 'when Gitaly workhorse_send_git_patch feature is disabled', :disable_gitaly do
      it 'sets the header correctly' do
        key, command, params = decode_workhorse_header(subject)
@@ -173,7 +173,7 @@ describe Gitlab::Workhorse do
      end
    end
-    context 'when Gitaly workhorse_send_git_diff feature is disabled', :skip_gitaly_mock do
+    context 'when Gitaly workhorse_send_git_diff feature is disabled', :disable_gitaly do
      it 'sets the header correctly' do
        key, command, params = decode_workhorse_header(subject)
@@ -455,7 +455,7 @@ describe Gitlab::Workhorse do
      end
    end
-    context 'when Gitaly workhorse_raw_show feature is disabled', :skip_gitaly_mock do
+    context 'when Gitaly workhorse_raw_show feature is disabled', :disable_gitaly do
      it 'sets the header correctly' do
        key, command, params = decode_workhorse_header(subject)

--- a/spec/services/clusters/create_service_spec.rb
+++ b/spec/services/clusters/create_service_spec.rb
@@ -81,6 +81,8 @@ describe Clusters::CreateService do
    end
    context 'when project has a cluster' do
+      include_context 'valid params'
      let!(:cluster) { create(:cluster, :provided_by_gcp, :production_environment, projects: [project]) }
      before do