- 05 Oct, 2016 10 commits
-
-
Douwe Maan authored
Prevent claiming associated model IDs via import On the import side, we should be careful not to use any IDs as part of the JSON file that could have been manipulated. Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/20821 Things we already do (__before__ this fix): 1. Remove all primary keys 1. **Always** reassign some of the foreign keys, such as ALL project IDs and user IDs (so it would be difficult to impersonate or try to gain access to another project) 1. Ignore/reject attributes that do not exist in the model 1. If someone reassigns a foreign key `submodel_id`, and that object has another json as the submodel, the new submodel will reassign the `submodel_id` to the newly created submodel ID. Things we should do: 1. Remove/nullify any other foreign keys that we don't reassign (checked this, and there aren't many, fortunately. In fact, I don't think much harm can be done at all - at the moment). See merge request !1985 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Fix project deletion when feature visibility is set to private Projects that are destroyed are put in the pending_delete state. The ProjectDestroyWorker checks whether the current user has access, but since the ProjectFeature class uses the default scope of the Project, it will not be able to find the right project. This was a regression in 8.12 that caused the following stack trace: ``` NoMethodError: undefined method `team' for nil:NilClass from app/models/project_feature.rb:62:in `get_permission' from app/models/project_feature.rb:34:in `feature_available?' from app/models/project.rb:21:in `feature_available?' from app/policies/project_policy.rb:170:in `disabled_features!' from app/policies/project_policy.rb:29:in `rules' from app/policies/base_policy.rb:82:in `block in abilities' from app/policies/base_policy.rb:113:in `collect_rules' from app/policies/base_policy.rb:82:in `abilities' from app/policies/base_policy.rb:50:in `abilities' from app/models/ability.rb:64:in `uncached_allowed' from app/models/ability.rb:58:in `allowed' from app/models/ability.rb:49:in `allowed?' from app/services/base_service.rb:11:in `can?' from lib/gitlab/metrics/instrumentation.rb:155:in `block in can?' from lib/gitlab/metrics/method_call.rb:23:in `measure' from lib/gitlab/metrics/instrumentation.rb:155:in `can?' from app/services/projects/destroy_service.rb:18:in `execute' ``` Closes #22948 See merge request !6688 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Restrict failed login attempts from users with 2FA enabled. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/19799. See merge request !6668 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Sean McGivern authored
Skip wiki creation when GitHub project has wiki enabled ## What does this MR do? When importing a repository from if the repository has wiki, we should not create the default wiki. Otherwise the GitHub importer will fail because the wiki repository already exist. This bug was introduced here https://gitlab.com/gitlab-org/gitlab-ce/commit/892dea67717c0efbd6a28f7639f34535ec0a8747 ## Are there points in the code the reviewer needs to double check? No. ## Why was this MR needed? GitLab fails to import GitHub Wiki. ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [X] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [X] Added for this feature/bug - [ ] All builds are passing - [X] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [X] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Fixes #22225 See merge request !6665 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Jacob Schatz authored
Fix lint-doc error ## What does this MR do? Removes duplicate changelog versions to fix lint-doc error (https://gitlab.com/gitlab-org/gitlab-ce/builds/4621603) See merge request !6623 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Sean McGivern authored
Fix bug when trying to cache closed issues from external issue trackers fixes #22446 See merge request !6619 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Patricio Cano authored
Fix race condition on LFS Token ## What does this MR do? Fixes a race condition that can be triggered if the token expires right after we retrieve it, but before we can set the new expiry time. https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6551#note_16190569 Thanks for catching this so quickly @jacobvosmaer-gitlab cc @DouweM See merge request !6592 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Fatih Acet authored
Changed compare dropdowns to dropdowns with search input ## What does this MR do? This changes the compare dropdowns from text inputs, that when clicked, open a dropdown of branches/tags to dropdowns that have a dropdown toggle and an isolated search input. ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? This was needed to fix the poor UX highlighted in #22221, where opening the dropdown showed an initially filtered set of results because the dropdown toggle was the dropdown filter itself. The compare page is always loaded with `master` as each branch/tag selection, so when opening the dropdown, it would only show results matching `master`. ## Screenshots (if relevant) ![2016-09-27_18.28.10](/uploads/0ea1d91cb592c6e140ed62c336e77227/2016-09-27_18.28.10.gif) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #22221 See merge request !6550 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Annabel Dunstone Gray authored
Fix build sidebar build details padding ## What does this MR do? Removes a `.block-first` overriding declaration that was added to fix the coverage padding and moved the padding that fixes the coverage block to a `.block.coverage` declaration. ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? The build sidebar build details had too much padding as seen in #22529. ## Screenshots (if relevant) ![Screen_Shot_2016-09-24_at_19.38.40](/uploads/2c11a71f3022909fe8a5d1e983445667/Screen_Shot_2016-09-24_at_19.38.40.png) ![Screen_Shot_2016-09-24_at_19.39.06](/uploads/482af29f4bb7e284469466da59901087/Screen_Shot_2016-09-24_at_19.39.06.png) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #22529 See merge request !6506 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Fatih Acet authored
Fix tooltip text when Copy to cliboard is clicked ## What does this MR do? Fixes #22022 to change tooltip text to "Copied!" when the "Copy to clipboard" button is clicked. ## Are there points in the code the reviewer needs to double check? Line 29 in app/assets/javascripts/copy_to_clipboard.js ## Why was this MR needed? There was a regression that prevents tooltip change on button click for Copy to clipboard. ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [x] API support added - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #22022 See merge request !6294 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 29 Sep, 2016 5 commits
-
-
Ruben Davila authored
-
Ruben Davila authored
-
Rémy Coutable authored
-
Douwe Maan authored
Bump Gitlab Shell to support low IO priority for storage moves ## What does this MR do? Bump Gitlab Shell to support low IO priority for storage moves ## Are there points in the code the reviewer needs to double check? No ## Why was this MR needed? We need this shell enhancement to continue to move projects in production ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? https://gitlab.com/gitlab-com/infrastructure/issues/443 See merge request !6525
-
Rémy Coutable authored
-
- 28 Sep, 2016 23 commits
-
-
Alejandro Rodríguez authored
-
Ruben Davila authored
-
Jacob Schatz authored
Pass the full project path for resolve buttons ## What does this MR do? The full project path is passed from the HTML into the JS rather than the resolve button JS generating the URL based on the the namespaces. @smcgivern @stanhu Do we have anyway of adding tests for installs with relative URLs? ## What are the relevant issue numbers? Closes #21704 See merge request !6129
-
Fatih Acet authored
Fixed awards dropdown search text from repeating ## What does this MR do? Thanks @zeiv for this! >This fixes #20463 by adding the .emoji-search class to the "Search results" h5 element. AwardsHandler.prototype.setupSearch() was trying to remove the element before creating a new one, but wasn't because the it was attempting to select it with the .emoji-search class, which wasn't being added. ## Are there points in the code the reviewer needs to double check? >I don't believe so. ## Why was this MR needed? >See #20463 _(and #22525)_ ## Screenshots (if relevant) ![2016-09-23_15.56.04](/uploads/b421400a08b3d9fa32c577e7d8952504/2016-09-23_15.56.04.gif) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #22525 See merge request !6498
-
Douwe Maan authored
Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called ## What does this MR do? Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called, instead return the saved token if one is present. This was causing a lot of 401s, leading to 403s, as state in #22527 As it turns out, when pushing a lot of LFS objects, the LFS client was calling `git-lfs-authenticate` in the middle of the request again. This caused the `lfs_token` to be regenerated. The problem lies in that the LFS client was not aware of this change, and was still using the old token. This caused all subsequent requests to fail with a 401 error. Since HTTP Auth is protected by Rack Attack, this 401s where immediately flagged and resulted in the IP of the user being banned. With this change, GitLab returns the value stored in Redis, if one is present, thus if the LFS client calls `git-lfs-authenticate` again during the request, the auth header will remain unchanged, allowing all subsequent requests to continue without issues. ## What are the relevant issue numbers? Fixes #22527 cc @SeanPackham @jacobvosmaer-gitlab See merge request !6551
-
Robert Speicher authored
Escape HTML nodes in builds commands in ci linter This MR removes call to `simple_format` that behaves like `String#html_safe`, thus it passes unescaped HTML tags to the view. Closes #22541 See merge request !2001
-
Douwe Maan authored
API: disable rails session auth for non-GET/HEAD requests Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22435 See merge request !1999 Conflicts: app/assets/javascripts/labels_select.js
-
Douwe Maan authored
Set a restrictive CORS policy for the API Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22450 See merge request !1998
-
Rémy Coutable authored
Enforce the fork_project permission in Projects::CreateService Projects::ForkService delegates to this service almost entirely, but needed one small change so it would propagate create errors correctly. CreateService#execute needs significant refactoring; it is now right at the complexity limit set by Rubocop. I avoided doing so in this commit to keep the diff as small as possible. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/18028 See merge request !1996
-
Rémy Coutable authored
Fix duplicate master entries in the mr versions dropdown ## What does this MR do? Fixes bug when "master" was duplicated per each mr version in the dropdown Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22519, Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22715 See merge request !6567
-
Jacob Schatz authored
Changed to v-cloak attr to hash rocket and string 'true' ## What does this MR do? Changed to v-cloak attr to hash rocket and string 'true' ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? Maybe it's killing `master`?
😕 ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? See merge request !6553 -
Jacob Schatz authored
Send ajax request for label update only if they are changed ## What does this MR do? At the moment we send requests to update the labels on issue even if nothing has been changed. This fixes that and only sends requests when something has actually been changed. The code gets the initial selected values based on the inputs & then compares that to the selected values when submitting. If they are equal, then no request is sent. ## What are the relevant issue numbers? Closes #19472 See merge request !5071
-
Rémy Coutable authored
Fixes issue with rails reserved keyword type exporting/importing services. The attribute `type`in services was being ignored by Import/Export. Added `type` as a method call in the export, as `type` gets ignored invoking `to_json`, manually adding this as a method in `import_export.yml` solves the problem. On a different note, I found assigning a title directly to `CustomIssueTrackerService` didn't play very well with `prop_accessor`: ```ruby > CustomIssueTrackerService.new(title: 'asdf') NoMethodError: undefined method `[]=' for nil:NilClass > CustomIssueTrackerService.new(title: nil) NoMethodError: undefined method `[]=' for nil:NilClass ``` This was also causing the Import/Export to failed... So I added a custom setter that fixed the problem. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22461 See merge request !6499 Conflicts: spec/lib/gitlab/import_export/project_tree_restorer_spec.rb
-
Robert Speicher authored
Fix snippets pagination ## What are the relevant issue numbers? Closes #22500 See merge request !6500
-
Fatih Acet authored
Fixed list issues not loading with spaces in filtered values ## What does this MR do? Vue resource is very kindly encoding our URL params when sending. However - we didn't actually want the `+` to be encoded because Rails reads that as a space, but doesn't read the encoded value as a space
😕 This converts the `+` into spaces👍 ## What are the relevant issue numbers? Closes #21920 See merge request !6258 -
Rémy Coutable authored
Replace deprecated Devise helper with new helper Closes #22357 See merge request !6462
-
Jacob Schatz authored
Added v-cloak to resolve disc button ## What does this MR do? Adds `v-cloak` to the `Resolve discussion` button to avoid handlebar syntax displaying before the component compiles. ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #22640 See merge request !6528
-
Douwe Maan authored
-
Douwe Maan authored
-
Rémy Coutable authored
Fix Import/Export milestone and 1to1 models issue Fix 1to1 relations on project failing to be importing and milestone ordering issue. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22585 See merge request !6521 Conflicts: spec/lib/gitlab/import_export/project_tree_restorer_spec.rb
-
Yorick Peterse authored
Fix IssuesController#show degradation including project on loaded notes See merge request !6540
-
Fatih Acet authored
Fix pipelines table headers ## What does this MR do? Removed stages loop for a single 'Stages' header. ## Are there points in the code the reviewer needs to double check? ## Why was this MR needed? The headers were messing the table up. Note the redundant headers and squished cells. ![Screen_Shot_2016-09-27_at_14.40.51](/uploads/331b08c30a4af59cefc460ab4f3c2a61/Screen_Shot_2016-09-27_at_14.40.51.png) ## Screenshots (if relevant) ![Screen_Shot_2016-09-27_at_14.39.04](/uploads/687895e9152d4fe8d8f3bfc1233af39b/Screen_Shot_2016-09-27_at_14.39.04.png) ## Does this MR meet the acceptance criteria? - [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [ ] API support added - Tests - [ ] Added for this feature/bug - [ ] All builds are passing - [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [ ] Branch has no merge conflicts with `master` (if you do - rebase it please) - [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? Closes #22472 See merge request !6542
-
Rémy Coutable authored
Be nice to Docker Clients talking to JWT/auth ## What does this MR do? Makes all errors returned by JWT endpoint to be docker-compatible. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22465 See merge request !6536
-
- 23 Sep, 2016 2 commits
-
-
Ruben Davila authored
-
Ruben Davila authored
-