Add latest changes from gitlab-org/gitlab@master

app/assets/javascripts/boards/components/boards_selector.vue

@@ -315,8 +315,7 @@ export default {
           <gl-dropdown-item
             v-if="showDelete"
-            class="text-danger"
-            data-qa-selector="delete_board_button"
+            class="text-danger js-delete-board"
             @click.prevent="showPage('delete')"
           >
             {{ s__('IssueBoards|Delete board') }}

app/finders/keys_finder.rb

+# frozen_string_literal: true
+class KeysFinder
+  InvalidFingerprint = Class.new(StandardError)
+  GitLabAccessDeniedError = Class.new(StandardError)
+
+  FINGERPRINT_ATTRIBUTES = {
+    'sha256' => 'fingerprint_sha256',
+    'md5' => 'fingerprint'
+  }.freeze
+
+  def initialize(current_user, params)
+    @current_user = current_user
+    @params = params
+  end
+
+  def execute
+    raise GitLabAccessDeniedError unless current_user.admin?
+    raise InvalidFingerprint unless valid_fingerprint_param?
+
+    Key.where(fingerprint_query).first # rubocop: disable CodeReuse/ActiveRecord
+  end
+
+  private
+
+  attr_reader :current_user, :params
+
+  def valid_fingerprint_param?
+    if fingerprint_type == "sha256"
+      Base64.decode64(fingerprint).length == 32
+    else
+      fingerprint =~ /^(\h{2}:){15}\h{2}/
+    end
+  end
+
+  def fingerprint_query
+    fingerprint_attribute = FINGERPRINT_ATTRIBUTES[fingerprint_type]
+
+    Key.arel_table[fingerprint_attribute].eq(fingerprint)
+  end
+
+  def fingerprint_type
+    if params[:fingerprint].start_with?(/sha256:|SHA256:/)
+      "sha256"
+    else
+      "md5"
+    end
+  end
+
+  def fingerprint
+    if fingerprint_type == "sha256"
+      params[:fingerprint].gsub(/sha256:|SHA256:/, "")
+    else
+      params[:fingerprint]
+    end
+  end
+end

app/models/concerns/sha256_attribute.rb

+# frozen_string_literal: true
+
+module Sha256Attribute
+  extend ActiveSupport::Concern
+
+  class_methods do
+    def sha256_attribute(name)
+      return if ENV['STATIC_VERIFICATION']
+
+      validate_binary_column_exists!(name) unless Rails.env.production?
+
+      attribute(name, Gitlab::Database::Sha256Attribute.new)
+    end
+
+    # This only gets executed in non-production environments as an additional check to ensure
+    # the column is the correct type.  In production it should behave like any other attribute.
+    # See https://gitlab.com/gitlab-org/gitlab/merge_requests/5502 for more discussion
+    def validate_binary_column_exists!(name)
+      return unless database_exists?
+
+      unless table_exists?
+        warn "WARNING: sha256_attribute #{name.inspect} is invalid since the table doesn't exist - you may need to run database migrations"
+        return
+      end
+
+      column = columns.find { |c| c.name == name.to_s }
+
+      unless column
+        warn "WARNING: sha256_attribute #{name.inspect} is invalid since the column doesn't exist - you may need to run database migrations"
+        return
+      end
+
+      unless column.type == :binary
+        raise ArgumentError.new("sha256_attribute #{name.inspect} is invalid since the column type is not :binary")
+      end
+    rescue => error
+      Gitlab::AppLogger.error "Sha256Attribute initialization: #{error.message}"
+      raise
+    end
+
+    def database_exists?
+      ApplicationRecord.connection
+
+      true
+    rescue
+      false
+    end
+  end
+end

app/models/key.rb

@@ -5,6 +5,9 @@ require 'digest/md5'
 class Key < ApplicationRecord
   include AfterCommitQueue
   include Sortable
+  include Sha256Attribute
+
+  sha256_attribute :fingerprint_sha256
   belongs_to :user
@@ -34,6 +37,8 @@ class Key < ApplicationRecord
   after_destroy :post_destroy_hook
   after_destroy :refresh_user_cache
+  alias_attribute :fingerprint_md5, :fingerprint
+
   def self.regular_keys
     where(type: ['Key', nil])
   end
@@ -114,10 +119,12 @@ class Key < ApplicationRecord
   def generate_fingerprint
     self.fingerprint = nil
+    self.fingerprint_sha256 = nil
     return unless public_key.valid?
-    self.fingerprint = public_key.fingerprint
+    self.fingerprint_md5 = public_key.fingerprint
+    self.fingerprint_sha256 = public_key.fingerprint("SHA256").gsub("SHA256:", "")
   end
   def key_meets_restrictions

app/services/git/base_hooks_service.rb

@@ -163,7 +163,7 @@ module Git
     end
     def logger
-      if Sidekiq.server?
+      if Gitlab::Runtime.sidekiq?
         Sidekiq.logger
       else
         # This service runs in Sidekiq, so this shouldn't ever be

app/views/profiles/keys/_key_details.html.haml

@@ -17,11 +17,21 @@
   .col-md-8
     = form_errors(@key, type: 'key') unless @key.valid?
-    %p
-      %span.light= _('Fingerprint:')
-      %code.key-fingerprint= @key.fingerprint
     %pre.well-pre
       = @key.key
+    .card
+      .card-header
+        = _('Fingerprints')
+      %ul.content-list
+        %li
+          %span.light= 'MD5:'
+          %code.key-fingerprint= @key.fingerprint
+        - if @key.fingerprint_sha256.present?
+          %li
+            %span.light= 'SHA256:'
+            %code.key-fingerprint= @key.fingerprint_sha256
+
+
   .col-md-12
     .float-right
       - if @key.can_delete?

changelogs/unreleased/feat-ssh-sha256.yml

+---
+title: add sha256 fingerprint to keys model, view and extend users API to search user via fingerprint
+merge_request: 19860
+author: Roger Meier
+type: added

config/application.rb

@@ -22,6 +22,7 @@ module Gitlab
     require_dependency Rails.root.join('lib/gitlab/current_settings')
     require_dependency Rails.root.join('lib/gitlab/middleware/read_only')
     require_dependency Rails.root.join('lib/gitlab/middleware/basic_health_check')
+    require_dependency Rails.root.join('lib/gitlab/runtime')
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration should go into files in config/initializers
@@ -255,7 +256,7 @@ module Gitlab
     caching_config_hash[:compress] = false
     caching_config_hash[:namespace] = Gitlab::Redis::Cache::CACHE_NAMESPACE
     caching_config_hash[:expires_in] = 2.weeks # Cache should not grow forever
-    if Sidekiq.server? || defined?(::Puma) # threaded context
+    if Gitlab::Runtime.multi_threaded?
       caching_config_hash[:pool_size] = Gitlab::Redis::Cache.pool_size
       caching_config_hash[:pool_timeout] = 1
     end

config/environments/development.rb

@@ -46,7 +46,7 @@ Rails.application.configure do
   # Do not log asset requests
   config.assets.quiet = true
-  config.allow_concurrency = defined?(::Puma)
+  config.allow_concurrency = Gitlab::Runtime.multi_threaded?
   # BetterErrors live shell (REPL) on every stack frame
   BetterErrors::Middleware.allow_ip!("127.0.0.1/0")

config/environments/production.rb

@@ -75,5 +75,5 @@ Rails.application.configure do
   config.eager_load = true
-  config.allow_concurrency = defined?(::Puma)
+  config.allow_concurrency = Gitlab::Runtime.multi_threaded?
 end

config/initializers/0_runtime_identify.rb

+# frozen_string_literal: true
+
+begin
+  Gitlab::AppLogger.info("Runtime: #{Gitlab::Runtime.name}")
+rescue => e
+  message = <<-NOTICE
+  \n!! RUNTIME IDENTIFICATION FAILED: #{e}
+  Runtime based configuration settings may not work properly.
+  If you continue to see this error, please file an issue via
+  https://gitlab.com/gitlab-org/gitlab/issues/new
+  NOTICE
+  Gitlab::AppLogger.error(message)
+end

config/initializers/1_settings.rb

@@ -364,7 +364,7 @@ Gitlab.ee do
   # To ensure acceptable performance we only allow feature to be used with
   # multithreaded web-server Puma. This will be removed once download logic is moved
   # to GitLab workhorse
-  Settings.dependency_proxy['enabled'] = false unless defined?(::Puma)
+  Settings.dependency_proxy['enabled'] = false unless Gitlab::Runtime.puma?
 end
 #

config/initializers/7_prometheus_metrics.rb

@@ -4,11 +4,11 @@ require 'prometheus/client'
 def prometheus_default_multiproc_dir
   return unless Rails.env.development? || Rails.env.test?
-  if Sidekiq.server?
+  if Gitlab::Runtime.sidekiq?
     Rails.root.join('tmp/prometheus_multiproc_dir/sidekiq')
-  elsif defined?(Unicorn::Worker)
+  elsif Gitlab::Runtime.unicorn?
     Rails.root.join('tmp/prometheus_multiproc_dir/unicorn')
-  elsif defined?(::Puma)
+  elsif Gitlab::Runtime.puma?
     Rails.root.join('tmp/prometheus_multiproc_dir/puma')
   else
     Rails.root.join('tmp/prometheus_multiproc_dir')
@@ -55,9 +55,9 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled?
   Gitlab::Cluster::LifecycleEvents.on_master_start do
     ::Prometheus::Client.reinitialize_on_pid_change(force: true)
-    if defined?(::Unicorn)
+    if Gitlab::Runtime.unicorn?
       Gitlab::Metrics::Samplers::UnicornSampler.instance(Settings.monitoring.unicorn_sampler_interval).start
-    elsif defined?(::Puma)
+    elsif Gitlab::Runtime.puma?
       Gitlab::Metrics::Samplers::PumaSampler.instance(Settings.monitoring.puma_sampler_interval).start
     end
@@ -65,7 +65,7 @@ if !Rails.env.test? && Gitlab::Metrics.prometheus_metrics_enabled?
   end
 end
-if defined?(::Unicorn) || defined?(::Puma)
+if Gitlab::Runtime.app_server?
   Gitlab::Cluster::LifecycleEvents.on_master_start do
     Gitlab::Metrics::Exporter::WebExporter.instance.start
   end

config/initializers/active_record_lifecycle.rb

@@ -2,7 +2,7 @@
 # Don't handle sidekiq configuration as it
 # has its own special active record configuration here
-if defined?(ActiveRecord::Base) && !Sidekiq.server?
+if defined?(ActiveRecord::Base) && !Gitlab::Runtime.sidekiq?
   Gitlab::Cluster::LifecycleEvents.on_worker_start do
     ActiveSupport.on_load(:active_record) do
       ActiveRecord::Base.establish_connection

config/initializers/cluster_events_before_phased_restart.rb

@@ -5,10 +5,8 @@
 #
 # Follow-up the issue: https://gitlab.com/gitlab-org/gitlab/issues/34107
-if defined?(::Puma)
+if Gitlab::Runtime.puma?
   Puma::Cluster.prepend(::Gitlab::Cluster::Mixins::PumaCluster)
-end
-
-if defined?(::Unicorn::HttpServer)
+elsif Gitlab::Runtime.unicorn?
   Unicorn::HttpServer.prepend(::Gitlab::Cluster::Mixins::UnicornHttpServer)
 end

config/initializers/database_config.rb

@@ -2,7 +2,7 @@
 # when running on puma, scale connection pool size with the number
 # of threads per worker process
-if defined?(::Puma)
+if Gitlab::Runtime.puma?
   db_config = Gitlab::Database.config ||
       Rails.application.config.database_configuration[Rails.env]
   puma_options = Puma.cli_config.options

config/initializers/lograge.rb

 # Only use Lograge for Rails
-unless Sidekiq.server?
+unless Gitlab::Runtime.sidekiq?
   filename = File.join(Rails.root, 'log', "#{Rails.env}_json.log")
   Rails.application.configure do

config/initializers/rack_timeout.rb

@@ -9,7 +9,7 @@
 # and it's used only as the last resort. In such case this termination is
 # logged and we should fix the potential timeout issue in the code itself.
-if defined?(::Puma) && !Rails.env.test?
+if Gitlab::Runtime.puma? && !Rails.env.test?
   require 'rack/timeout/base'
   Gitlab::Application.configure do |config|

config/initializers/tracing.rb

@@ -13,7 +13,7 @@ if Labkit::Tracing.enabled?
   end
   # Instrument Sidekiq server calls when running Sidekiq server
-  if Sidekiq.server?
+  if Gitlab::Runtime.sidekiq?
     Sidekiq.configure_server do |config|
       config.server_middleware do |chain|
         chain.add Labkit::Tracing::Sidekiq::ServerMiddleware

config/initializers/validate_puma.rb

 # frozen_string_literal: true
-if defined?(::Puma) && ::Puma.cli_config.options[:workers].to_i.zero?
+if Gitlab::Runtime.puma? && ::Puma.cli_config.options[:workers].to_i.zero?
   raise 'Puma is only supported in Cluster-mode: workers > 0'
 end