Merge branch 'ce-to-ee' into 'master'

CE to EE Fixes gitlab/gitlabhq#2330 See merge request !396

Merge branch 'ce-to-ee' into 'master'
4ecaf573 · 🚄 Job van der Voort 🚀 · 4fe6b3d7 · 1af8b1e4 · 4ecaf573 · 4ecaf573
Commit 4ecaf573 authored 9 years ago by 🚄 Job van der Voort 🚀
--- a/CHANGELOG
+++ b/CHANGELOG
 Please view this file on the master branch, on stable branches it's out of date.
  
 v 7.11.0 (unreleased)
+  - Fix broken view when viewing history of a file that includes a path that used to be another file (Stan Hu)
  - Don't show duplicate deploy keys
  - Fix commit time being displayed in the wrong timezone in some cases (Hannes Rosenögger)
  - Make the first branch pushed to an empty repository the default HEAD (Stan Hu)
@@ -42,6 +43,9 @@ v 7.11.0 (unreleased)
  - Task lists are now usable in comments, and will show up in Markdown previews.
  - Fix bug where avatar filenames were not actually deleted from the database during removal (Stan Hu)
  - Fix bug where Slack service channel was not saved in admin template settings. (Stan Hu)
+  - Protect OmniAuth request phase against CSRF.
+  -
+  -
  - Move snippets UI to fluid layout
  - Improve UI for sidebar. Increase separation between navigation and content
  - Improve new project command options (Ben Bodenmiller)
@@ -56,6 +60,12 @@ v 7.11.0 (unreleased)
  - Add "Create Merge Request" buttons to commits and branches pages and push event.
  - Show user roles by comments.
  - Fix automatic blocking of auto-created users from Active Directory.
+  - Call merge request web hook for each new commits (Arthur Gautier)
+  - Use SIGKILL by default in Sidekiq::MemoryKiller
+  - Fix mentioning of private groups.
+  - Add style for <kbd> element in markdown
+  - Spin spinner icon next to "Checking for CI status..." on MR page.
+  - Fix reference links in dashboard activity and ATOM feeds.
  
 v 7.10.2
  - Fix CI links on MR page

--- a/GITLAB_SHELL_VERSION
+++ b/GITLAB_SHELL_VERSION
-2.6.2
+2.6.3
--- a/Gemfile
+++ b/Gemfile
@@ -23,7 +23,7 @@ gem "pg", group: :postgres
 # Auth
 gem "devise", '3.2.4'
 gem "devise-async", '0.9.0'
-gem 'omniauth', "~> 1.1.3"
+gem 'omniauth', "~> 1.2.2"
 gem 'omniauth-google-oauth2'
 gem 'omniauth-twitter'
 gem 'omniauth-github'
@@ -44,7 +44,7 @@ gem "browser"
  
 # Extracting information from a git repository
 # Provide access to Gitlab::Git library
-gem "gitlab_git", '~> 7.1.11'
+gem "gitlab_git", '~> 7.1.12'
  
 # Ruby/Rack Git Smart-HTTP Server Handler
 gem 'gitlab-grack', '~> 2.0.2', require: 'grack'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -226,7 +226,7 @@ GEM
      mime-types (~> 1.19)
    gitlab_emoji (0.1.0)
      gemojione (~> 2.0)
-    gitlab_git (7.1.11)
+    gitlab_git (7.1.12)
      activesupport (~> 4.0)
      charlock_holmes (~> 0.6)
      gitlab-linguist (~> 3.0)
@@ -363,9 +363,9 @@ GEM
      rack (~> 1.2)
    octokit (3.7.0)
      sawyer (~> 0.6.0, >= 0.5.3)
-    omniauth (1.1.4)
-      hashie (>= 1.2, < 3)
-      rack
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
    omniauth-bitbucket (0.0.2)
      multi_json (~> 1.7)
      omniauth (~> 1.1)
@@ -725,7 +725,7 @@ DEPENDENCIES
  gitlab-license (~> 0.0.2)
  gitlab-linguist (~> 3.0.1)
  gitlab_emoji (~> 0.1)
-  gitlab_git (~> 7.1.11)
+  gitlab_git (~> 7.1.12)
  gitlab_meta (= 7.0)
  gitlab_omniauth-ldap (= 1.2.1)
  gollum-lib (~> 4.0.2)
@@ -754,7 +754,7 @@ DEPENDENCIES
  newrelic_rpm
  nprogress-rails
  octokit (= 3.7.0)
-  omniauth (~> 1.1.3)
+  omniauth (~> 1.2.2)
  omniauth-bitbucket
  omniauth-github
  omniauth-gitlab

--- a/app/assets/stylesheets/base/mixins.scss
+++ b/app/assets/stylesheets/base/mixins.scss
@@ -73,6 +73,22 @@
    padding: 0;
  }
  
+  kbd {
+    display: inline-block;
+    padding: 3px 5px;
+    font-size: 11px;
+    line-height: 10px;
+    color: #555;
+    vertical-align: middle;
+    background-color: #FCFCFC;
+    border-width: 1px;
+    border-style: solid;
+    border-color: #CCC #CCC #BBB;
+    border-image: none;
+    border-radius: 3px;
+    box-shadow: 0px -1px 0px #BBB inset;
+  }
+
  h1 {
    margin-top: 45px;
    font-size: 2.5em;

--- a/app/assets/stylesheets/pages/notes.scss
+++ b/app/assets/stylesheets/pages/notes.scss
@@ -33,7 +33,16 @@ ul.notes {
      &:before {
        content: "\00b7";
      }
+
      font-size: 13px;
+
+      a {
+        @extend .cgray;        
+
+        &:hover {
+          text-decoration: underline;
+        }
+      }
    }
    .author {
      color: #333;
@@ -47,7 +56,7 @@ ul.notes {
  
    .note-role {
      float: right;
-      margin-top: 2px;
+      margin-top: 1px;
      border: 1px solid #bbb;
      background-color: transparent;
      color: #999;
@@ -142,31 +151,23 @@ ul.notes {
  
 .discussion,
 .note {
-  &.note:hover {
-    .note-actions { display: block; }
-    .note-actions + .note-role { display: none; }
-  }
-  .discussion-header:hover {
-    .discussion-actions { display: block; }
-  }
-
  .discussion-actions,
  .note-actions {
-    display: none;
    float: right;
-
-    i.fa {
-      font-size: 16px;
-      line-height: 16px;
-      vertical-align: middle;
-    }
+    margin-left: 10px;
  
    a {
      margin-left: 5px;
  
-      @extend .cgray;
+      color: #999;
+
+      i.fa {
+        font-size: 16px;
+        line-height: 16px;
+      }
  
      &:hover {
+        @extend .cgray;
        &.danger { @extend .cred; }
      }
    }

--- a/app/assets/stylesheets/pages/projects.scss
+++ b/app/assets/stylesheets/pages/projects.scss
@@ -218,6 +218,10 @@ ul.nav.nav-projects-tabs {
      color: #555;
    }
  
+    .actions {
+      margin-top: 10px;
+    }
+
    .nav-pills a {
      padding: 10px;
    }

--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -43,6 +43,7 @@ def application_setting_params
      :default_project_visibility,
      :default_snippet_visibility,
      :restricted_signup_domains_raw,
+      :version_check_enabled,
      restricted_visibility_levels: [],
    )
  end

--- a/app/controllers/omniauth_callbacks_controller.rb
+++ b/app/controllers/omniauth_callbacks_controller.rb
@@ -73,8 +73,15 @@ def handle_omniauth
        redirect_to omniauth_error_path(oauth['provider'], error: error_message) and return
      end
    end
-  rescue Gitlab::OAuth::ForbiddenAction => e
-    flash[:notice] = e.message
+  rescue Gitlab::OAuth::SignupDisabledError => e
+    message = "Signing in using your #{oauth['provider']} account without a pre-existing GitLab account is not allowed."
+
+    if current_application_settings.signup_enabled?
+      message << " Create a GitLab account first, and then connect it to your #{oauth['provider']} account."
+    end
+
+    flash[:notice] = message
+    
    redirect_to new_user_session_path
  end
  

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
 class SessionsController < Devise::SessionsController
-  prepend_before_action :authenticate_with_two_factor, only: [:create]
+  include AuthenticatesWithTwoFactor
  
-  # This action comes from DeviseController, but because we call `sign_in`
-  # manually inside `authenticate_with_two_factor`, not skipping this action
-  # would cause a "You are already signed in." error message to be shown upon
-  # successful login.
-  skip_before_action :require_no_authentication, only: [:create]
+  prepend_before_action :authenticate_with_two_factor, only: [:create]
  
  def new
    redirect_path =
@@ -74,9 +70,7 @@ def authenticate_with_two_factor
      end
    else
      if user && user.valid_password?(user_params[:password])
-        # Save the user's ID to session so we can ask for a one-time password
-        session[:otp_user_id] = user.id
-        render :two_factor and return
+        prompt_for_two_factor(user)
      end
    end
  end

--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -330,12 +330,20 @@ def state_filters_text_for(entity, project)
  
    count =
      if project.nil?
-        ""
+        nil
      elsif current_controller?(:issues)
-        " (#{project.issues.send(entity).count})"
+        project.issues.send(entity).count
      elsif current_controller?(:merge_requests)
-        " (#{project.merge_requests.send(entity).count})"
+        project.merge_requests.send(entity).count
      end
-    "#{entity_title}#{count}"
+
+    html = content_tag :span, entity_title
+
+    if count.present?
+      html += " "
+      html += content_tag :span, number_with_delimiter(count), class: 'badge'
+    end
+
+    html.html_safe
  end
 end
--- a/app/helpers/events_helper.rb
+++ b/app/helpers/events_helper.rb
@@ -168,8 +168,8 @@ def event_note_title_html(event)
    end
  end
  
-  def event_note(text)
-    text = first_line_in_markdown(text, 150)
+  def event_note(text, options = {})
+    text = first_line_in_markdown(text, 150, options)
    sanitize(text, tags: %w(a img b pre code p span))
  end
  
@@ -189,7 +189,7 @@ def event_to_atom(xml, event)
        xml.id      "tag:#{request.host},#{event.created_at.strftime("%Y-%m-%d")}:#{event.id}"
        xml.link    href: event_link
        xml.title   truncate(event_title, length: 80)
-        xml.updated event.created_at.strftime("%Y-%m-%dT%H:%M:%SZ")
+        xml.updated event.created_at.strftime("%Y-%m-%dT%H:%M:%S%Z")
        xml.media   :thumbnail, width: "40", height: "40", url: avatar_icon(event.author_email)
        xml.author do |author|
          xml.name event.author_name

--- a/app/helpers/gitlab_markdown_helper.rb
+++ b/app/helpers/gitlab_markdown_helper.rb
@@ -19,7 +19,7 @@ def link_to_gfm(body, url, html_options = {})
                     escape_once(body)
                   end
  
-    gfm_body = gfm(escaped_body, @project, html_options)
+    gfm_body = gfm(escaped_body, {}, html_options)
  
    gfm_body.gsub!(%r{<a.*?>.*?</a>}m) do |match|
      "</a>#{match}#{link_to("", url, html_options)[0..-5]}" # "</a>".length +1
@@ -32,11 +32,13 @@ def markdown(text, options={})
    unless @markdown && options == @options
      @options = options
  
-      # see https://github.com/vmg/redcarpet#darling-i-packed-you-a-couple-renderers-for-lunch
-      rend = Redcarpet::Render::GitlabHTML.new(self, user_color_scheme_class, {
+      options.merge!(
        # Handled further down the line by Gitlab::Markdown::SanitizationFilter
        escape_html: false
-      }.merge(options))
+      )
+
+      # see https://github.com/vmg/redcarpet#darling-i-packed-you-a-couple-renderers-for-lunch
+      rend = Redcarpet::Render::GitlabHTML.new(self, user_color_scheme_class, options)
  
      # see https://github.com/vmg/redcarpet#and-its-like-really-simple-to-use
      @markdown = Redcarpet::Markdown.new(rend,
@@ -58,8 +60,8 @@ def markdown(text, options={})
  # as Markdown.  HTML tags in the parsed output are not counted toward the
  # +max_chars+ limit.  If the length limit falls within a tag's contents, then
  # the tag contents are truncated without removing the closing tag.
-  def first_line_in_markdown(text, max_chars = nil)
-    md = markdown(text).strip
+  def first_line_in_markdown(text, max_chars = nil, options = {})
+    md = markdown(text, options).strip
  
    truncate_visible(md, max_chars || md.length) if md.present?
  end
@@ -72,146 +74,6 @@ def render_wiki_content(wiki_page)
    end
  end
  
-  # TODO (rspeicher): This should be its own filter
-  def create_relative_links(text)
-    paths = extract_paths(text)
-
-    paths.uniq.each do |file_path|
-      # If project does not have repository
-      # its nothing to rebuild
-      #
-      # TODO: pass project variable to markdown helper instead of using
-      # instance variable. Right now it generates invalid path for pages out
-      # of project scope. Example: search results where can be rendered markdown
-      # from different projects
-      if @repository && @repository.exists? && !@repository.empty?
-        new_path = rebuild_path(file_path)
-        # Finds quoted path so we don't replace other mentions of the string
-        # eg. "doc/api" will be replaced and "/home/doc/api/text" won't
-        text.gsub!("\"#{file_path}\"", "\"/#{new_path}\"")
-      end
-    end
-
-    text
-  end
-
-  def extract_paths(text)
-    links = substitute_links(text)
-    image_links = substitute_image_links(text)
-    links + image_links
-  end
-
-  def substitute_links(text)
-    links = text.scan(/<a href=\"([^"]*)\">/)
-    relative_links = links.flatten.reject{ |link| link_to_ignore? link }
-    relative_links
-  end
-
-  def substitute_image_links(text)
-    links = text.scan(/<img src=\"([^"]*)\"/)
-    relative_links = links.flatten.reject{ |link| link_to_ignore? link }
-    relative_links
-  end
-
-  def link_to_ignore?(link)
-    if link =~ /\A\#\w+/
-      # ignore anchors like <a href="#my-header">
-      true
-    else
-      ignored_protocols.map{ |protocol| link.include?(protocol) }.any?
-    end
-  end
-
-  def ignored_protocols
-    ["http://","https://", "ftp://", "mailto:", "smb://"]
-  end
-
-  def rebuild_path(file_path)
-    file_path = file_path.dup
-    file_path.gsub!(/(#.*)/, "")
-    id = $1 || ""
-    file_path = relative_file_path(file_path)
-    file_path = sanitize_slashes(file_path)
-
-    [
-      Gitlab.config.gitlab.relative_url_root,
-      @project.path_with_namespace,
-      path_with_ref(file_path),
-      file_path
-    ].compact.join("/").gsub(/\A\/*|\/*\z/, '') + id
-  end
-
-  def sanitize_slashes(path)
-    path[0] = "" if path.start_with?("/")
-    path.chop if path.end_with?("/")
-    path
-  end
-
-  def relative_file_path(path)
-    requested_path = @path
-    nested_path = build_nested_path(path, requested_path)
-    return nested_path if file_exists?(nested_path)
-    path
-  end
-
-  # Covering a special case, when the link is referencing file in the same directory eg:
-  # If we are at doc/api/README.md and the README.md contains relative links like [Users](users.md)
-  # this takes the request path(doc/api/README.md), and replaces the README.md with users.md so the path looks like doc/api/users.md
-  # If we are at doc/api and the README.md shown in below the tree view
-  # this takes the request path(doc/api) and adds users.md so the path looks like doc/api/users.md
-  def build_nested_path(path, request_path)
-    return request_path if path == ""
-    return path unless request_path
-    if local_path(request_path) == "tree"
-      base = request_path.split("/").push(path)
-      base.join("/")
-    else
-      base = request_path.split("/")
-      base.pop
-      base.push(path).join("/")
-    end
-  end
-
-  # Checks if the path exists in the repo
-  # eg. checks if doc/README.md exists, if not then link to blob
-  def path_with_ref(path)
-    if file_exists?(path)
-      "#{local_path(path)}/#{correct_ref}"
-    else
-      "blob/#{correct_ref}"
-    end
-  end
-
-  def file_exists?(path)
-    return false if path.nil?
-    @repository.blob_at(current_sha, path).present? || @repository.tree(current_sha, path).entries.any?
-  end
-
-  # Check if the path is pointing to a directory(tree) or a file(blob)
-  # eg. doc/api is directory and doc/README.md is file
-  def local_path(path)
-    return "tree" if @repository.tree(current_sha, path).entries.any?
-    return "raw" if @repository.blob_at(current_sha, path).image?
-    "blob"
-  end
-
-  def current_sha
-    if @commit
-      @commit.id
-    elsif @repository && !@repository.empty?
-      if @ref
-        @repository.commit(@ref).try(:sha)
-      else
-        @repository.head_commit.sha
-      end
-    end
-  end
-
-  # We will assume that if no ref exists we can point to master
-  def correct_ref
-    @ref ? @ref : "master"
-  end
-
  private
  
  # Return +text+, truncated to +max_chars+ characters, excluding any HTML

--- a/app/helpers/version_check_helper.rb
+++ b/app/helpers/version_check_helper.rb
+module VersionCheckHelper
+  def version_status_badge
+    if Rails.env.production?
+      image_tag VersionCheck.new.url
+    end
+  end
+end
--- a/app/models/concerns/mentionable.rb
+++ b/app/models/concerns/mentionable.rb
@@ -42,10 +42,10 @@ def has_mentioned?(target)
    SystemNoteService.cross_reference_exists?(target, local_reference)
  end
  
-  def mentioned_users(current_user = nil, p = project)
+  def mentioned_users(current_user = nil)
    return [] if mentionable_text.blank?
  
-    ext = Gitlab::ReferenceExtractor.new(p, current_user)
+    ext = Gitlab::ReferenceExtractor.new(self.project, current_user)
    ext.analyze(mentionable_text)
    ext.users.uniq
  end

--- a/app/models/concerns/participable.rb
+++ b/app/models/concerns/participable.rb
@@ -40,7 +40,7 @@ def participants(current_user = self.author)
      meth = method(attr)
  
      value = 
-        if meth.arity == 1
+        if meth.arity == 1 || meth.arity == -1
          meth.call(current_user)
        else
          meth.call

--- a/app/services/merge_requests/refresh_service.rb
+++ b/app/services/merge_requests/refresh_service.rb
@@ -10,6 +10,7 @@ def execute(oldrev, newrev, ref)
  
      close_merge_requests
      reload_merge_requests
+      execute_mr_web_hooks
      comment_mr_with_commits
  
      true
@@ -88,6 +89,20 @@ def comment_mr_with_commits
      end
    end
  
+    # Call merge request webhook with update branches
+    def execute_mr_web_hooks
+      merge_requests = @project.origin_merge_requests.opened
+        .where(source_branch: @branch_name)
+        .to_a
+      merge_requests += @fork_merge_requests.where(source_branch: @branch_name)
+        .to_a
+      merge_requests = filter_merge_requests(merge_requests)
+
+      merge_requests.each do |merge_request|
+        execute_hooks(merge_request, 'update')
+      end
+    end
+
    def filter_merge_requests(merge_requests)
      merge_requests.uniq.select(&:source_project)
    end

--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -32,6 +32,12 @@
            = f.check_box :twitter_sharing_enabled, :'aria-describedby' => 'twitter_help_block'
            %strong Twitter enabled
          %span.help-block#twitter_help_block Show users a button to share their newly created public or internal projects on twitter
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :version_check_enabled do
+            = f.check_box :version_check_enabled
+            Version check enabled
  %fieldset
    %legend Misc
    .form-group

--- a/app/views/admin/dashboard/index.html.haml
+++ b/app/views/admin/dashboard/index.html.haml
@@ -56,7 +56,12 @@
        %span.light.pull-right
          = boolean_to_icon Gitlab.config.omniauth.enabled
    .col-md-4
-      %h4 Components
+      %h4
+        Components
+        - if current_application_settings.version_check_enabled
+          .pull-right
+            = version_status_badge
+
      %hr
      %p
        GitLab

--- a/app/views/devise/shared/_omniauth_box.html.haml
+++ b/app/views/devise/shared/_omniauth_box.html.haml
@@ -5,6 +5,6 @@
  - providers.each do |provider|
    %span.light
      - if default_providers.include?(provider)
-        = link_to oauth_image_tag(provider), omniauth_authorize_path(resource_name, provider), class: 'oauth-image-link'
+        = link_to oauth_image_tag(provider), omniauth_authorize_path(resource_name, provider), method: :post, class: 'oauth-image-link'
      - else
-        = link_to provider.to_s.titleize, omniauth_authorize_path(resource_name, provider), class: "btn", "data-no-turbolink" => "true"
+        = link_to provider.to_s.titleize, omniauth_authorize_path(resource_name, provider), method: :post, class: "btn", "data-no-turbolink" => "true"