Add latest changes from gitlab-org/gitlab@master

5ee120f4 · GitLab Bot · 72721699 · 5ee120f4 · 5ee120f4 · 5ee120f4
Commit 5ee120f4 authored 5 years ago by GitLab Bot
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
-1.86.0
+1.87.0
--- a/Gemfile
+++ b/Gemfile
@@ -26,8 +26,8 @@ gem 'marginalia', '~> 1.8.0'
  
 # Authentication libraries
 gem 'devise', '~> 4.6'
-gem 'doorkeeper', '~> 4.4.3'
-gem 'doorkeeper-openid_connect', '~> 1.5'
+gem 'doorkeeper', '~> 5.0.2'
+gem 'doorkeeper-openid_connect', '~> 1.6.3'
 gem 'omniauth', '~> 1.8'
 gem 'omniauth-auth0', '~> 2.0.0'
 gem 'omniauth-azure-oauth2', '~> 0.0.9'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -243,10 +243,10 @@ GEM
    docile (1.3.1)
    domain_name (0.5.20180417)
      unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (4.4.3)
+    doorkeeper (5.0.2)
      railties (>= 4.2)
-    doorkeeper-openid_connect (1.5.0)
-      doorkeeper (~> 4.3)
+    doorkeeper-openid_connect (1.6.3)
+      doorkeeper (>= 5.0, < 5.2)
      json-jwt (~> 1.6)
    ed25519 (1.2.4)
    elasticsearch (6.8.0)
@@ -1197,8 +1197,8 @@ DEPENDENCIES
  diff_match_patch (~> 0.1.0)
  diffy (~> 3.1.0)
  discordrb-webhooks-blackst0ne (~> 3.3)
-  doorkeeper (~> 4.4.3)
-  doorkeeper-openid_connect (~> 1.5)
+  doorkeeper (~> 5.0.2)
+  doorkeeper-openid_connect (~> 1.6.3)
  ed25519 (~> 1.2)
  elasticsearch-api (~> 6.8)
  elasticsearch-model (~> 6.1)

--- a/app/assets/javascripts/monitoring/components/charts/time_series.vue
+++ b/app/assets/javascripts/monitoring/components/charts/time_series.vue
@@ -14,6 +14,7 @@ import {
  lineWidths,
  symbolSizes,
  dateFormats,
+  chartColorValues,
 } from '../../constants';
 import { makeDataSeries } from '~/helpers/monitor_helper';
 import { graphDataValidatorForValues } from '../../utils';
@@ -124,7 +125,7 @@ export default {
      // Transforms & supplements query data to render appropriate labels & styles
      // Input: [{ queryAttributes1 }, { queryAttributes2 }]
      // Output: [{ seriesAttributes1 }, { seriesAttributes2 }]
-      return this.graphData.metrics.reduce((acc, query) => {
+      return this.graphData.metrics.reduce((acc, query, i) => {
        const { appearance } = query;
        const lineType =
          appearance && appearance.line && appearance.line.type
@@ -145,7 +146,7 @@ export default {
          lineStyle: {
            type: lineType,
            width: lineWidth,
-            color: this.primaryColor,
+            color: chartColorValues[i % chartColorValues.length],
          },
          showSymbol: false,
          areaStyle: this.graphData.type === 'area-chart' ? areaStyle : undefined,

--- a/app/assets/javascripts/monitoring/constants.js
+++ b/app/assets/javascripts/monitoring/constants.js
@@ -70,6 +70,13 @@ export const colorValues = {
  anomalyAreaColor: '#1f78d1',
 };
  
+export const chartColorValues = [
+  '#1f78d1', // $blue-500 (see variables.scss)
+  '#1aaa55', // $green-500
+  '#fc9403', // $orange-500
+  '#6d49cb', // $purple
+];
+
 export const lineTypes = {
  default: 'solid',
 };

--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@@ -8,6 +8,10 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
  include Gitlab::Experimentation::ControllerConcern
  include InitializesCurrentUserMode
  
+  # Defined by the `Doorkeeper::ApplicationsController` and is redundant as we call `authenticate_user!` below. Not
+  # defining or skipping this will result in a `403` response to all requests.
+  skip_before_action :authenticate_admin!
+
  prepend_before_action :verify_user_oauth_applications_enabled, except: :index
  prepend_before_action :authenticate_user!
  before_action :add_gon_variables

--- a/app/controllers/oauth/token_info_controller.rb
+++ b/app/controllers/oauth/token_info_controller.rb
+# frozen_string_literal: true
+
+class Oauth::TokenInfoController < Doorkeeper::TokenInfoController
+  def show
+    if doorkeeper_token && doorkeeper_token.accessible?
+      token_json = doorkeeper_token.as_json
+
+      # maintain backwards compatibility
+      render json: token_json.merge(
+        'scopes'             => token_json[:scope],
+        'expires_in_seconds' => token_json[:expires_in]
+      ), status: :ok
+    else
+      error = Doorkeeper::OAuth::ErrorResponse.new(name: :invalid_request)
+      response.headers.merge!(error.headers)
+      render json: error.body, status: error.status
+    end
+  end
+end
--- a/changelogs/unreleased/DFredell-master-patch-45053.yml
+++ b/changelogs/unreleased/DFredell-master-patch-45053.yml
+---
+title: Add a link to the variable priority override section from triggers page
+merge_request: 25264
+author: DFredell
+type: other
--- a/changelogs/unreleased/gitaly-version-v1.87.0.yml
+++ b/changelogs/unreleased/gitaly-version-v1.87.0.yml
+---
+title: Upgrade to Gitaly v1.87.0
+merge_request: 25370
+author:
+type: changed
--- a/changelogs/unreleased/jhyson-doorkeeper_upgrade_5.yml
+++ b/changelogs/unreleased/jhyson-doorkeeper_upgrade_5.yml
+---
+title: Upgrade Doorkeeper to 5.0.2
+merge_request: 21173
+author:
+type: security
--- a/changelogs/unreleased/jivanvl-address-missing-colors-chart-panels.yml
+++ b/changelogs/unreleased/jivanvl-address-missing-colors-chart-panels.yml
+---
+title: Add missing colors on the monitoring dashboards
+merge_request: 24921
+author:
+type: fixed
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -113,53 +113,3 @@ Doorkeeper.configure do
  
  base_controller '::Gitlab::BaseDoorkeeperController'
 end
-
-# Monkey patch to avoid creating new applications if the scope of the
-# app created does not match the complete list of scopes of the configured app.
-# It also prevents the OAuth authorize application window to appear every time.
-
-# Remove after we upgrade the doorkeeper gem from version 4.x
-if Doorkeeper.gem_version > Gem::Version.new('5.0.0')
-  raise "Doorkeeper was upgraded, please remove the monkey patch in #{__FILE__}"
-end
-
-module Doorkeeper
-  module AccessTokenMixin
-    module ClassMethods
-      def matching_token_for(application, resource_owner_or_id, scopes)
-        resource_owner_id =
-          if resource_owner_or_id.respond_to?(:to_key)
-            resource_owner_or_id.id
-          else
-            resource_owner_or_id
-          end
-
-        tokens = authorized_tokens_for(application.try(:id), resource_owner_id)
-        tokens.detect do |token|
-          scopes_match?(token.scopes, scopes, application.try(:scopes))
-        end
-      end
-
-      def scopes_match?(token_scopes, param_scopes, app_scopes)
-        return true if token_scopes.empty? && param_scopes.empty?
-
-        (token_scopes.sort == param_scopes.sort) &&
-          Doorkeeper::OAuth::Helpers::ScopeChecker.valid?(
-            param_scopes.to_s,
-            Doorkeeper.configuration.scopes,
-            app_scopes)
-      end
-
-      def authorized_tokens_for(application_id, resource_owner_id)
-        ordered_by(:created_at, :desc)
-          .where(application_id: application_id,
-                 resource_owner_id: resource_owner_id,
-                 revoked_at: nil)
-      end
-
-      def last_authorized_token_for(application_id, resource_owner_id)
-        authorized_tokens_for(application_id, resource_owner_id).first
-      end
-    end
-  end
-end
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -24,7 +24,8 @@ Rails.application.routes.draw do
  use_doorkeeper do
    controllers applications: 'oauth/applications',
                authorized_applications: 'oauth/authorized_applications',
-                authorizations: 'oauth/authorizations'
+                authorizations: 'oauth/authorizations',
+                token_info: 'oauth/token_info'
  end
  
  # This prefixless path is required because Jira gets confused if we set it up with a path

--- a/doc/api/applications.md
+++ b/doc/api/applications.md
@@ -59,7 +59,7 @@ GET /applications
 Example request:
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/applications
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/applications
 ```
  
 Example response:

--- a/doc/api/discussions.md
+++ b/doc/api/discussions.md
@@ -111,7 +111,7 @@ GET /projects/:id/issues/:issue_iid/discussions
 ```
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/discussions
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/discussions
 ```
  
 ### Get single issue discussion item
@@ -131,7 +131,7 @@ Parameters:
 | `discussion_id` | integer        | yes      | The ID of a discussion item |
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/discussions/6a9c1750b37d513a43987b574953fceb50b03ce7
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/discussions/6a9c1750b37d513a43987b574953fceb50b03ce7
 ```
  
 ### Create new issue thread
@@ -319,7 +319,7 @@ GET /projects/:id/snippets/:snippet_id/discussions
 ```
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/snippets/11/discussions
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/snippets/11/discussions
 ```
  
 ### Get single snippet discussion item
@@ -526,7 +526,7 @@ GET /groups/:id/epics/:epic_id/discussions
 ```
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/5/epics/11/discussions
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/5/epics/11/discussions
 ```
  
 ### Get single epic discussion item
@@ -786,7 +786,7 @@ Diff comments contain also position:
 ```
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/discussions
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/discussions
 ```
  
 ### Get single merge request discussion item
@@ -806,7 +806,7 @@ Parameters:
 | `discussion_id`     | integer        | yes      | The ID of a discussion item |
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/discussions/6a9c1750b37d513a43987b574953fceb50b03ce7
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/discussions/6a9c1750b37d513a43987b574953fceb50b03ce7
 ```
  
 ### Create new merge request thread
@@ -1079,7 +1079,7 @@ Diff comments contain also position:
 ```
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/commits/11/discussions
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/commits/11/discussions
 ```
  
 ### Get single commit discussion item
@@ -1099,7 +1099,7 @@ Parameters:
 | `discussion_id`     | integer        | yes      | The ID of a discussion item |
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/commits/11/discussions/6a9c1750b37d513a43987b574953fceb50b03ce7
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/commits/11/discussions/6a9c1750b37d513a43987b574953fceb50b03ce7
 ```
  
 ### Create new commit thread

--- a/doc/api/issues.md
+++ b/doc/api/issues.md
@@ -1401,7 +1401,7 @@ GET /projects/:id/issues/:issue_iid/time_stats
 | `issue_iid` | integer | yes      | The internal ID of a project's issue |
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/93/time_stats
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/93/time_stats
 ```
  
 Example response:
@@ -1429,7 +1429,7 @@ GET /projects/:id/issues/:issue_id/related_merge_requests
 | `issue_iid` | integer | yes      | The internal ID of a project's issue |
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/1/issues/11/related_merge_requests
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/1/issues/11/related_merge_requests
 ```
  
 Example response:
@@ -1658,7 +1658,7 @@ GET /projects/:id/issues/:issue_iid/participants
 | `issue_iid` | integer | yes      | The internal ID of a project's issue |
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/93/participants
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/93/participants
 ```
  
 Example response:
@@ -1702,7 +1702,7 @@ GET /projects/:id/issues/:issue_iid/user_agent_detail
 | `issue_iid` | integer | yes      | The internal ID of a project's issue |
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/93/user_agent_detail
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/93/user_agent_detail
 ```
  
 Example response:

--- a/doc/api/merge_requests.md
+++ b/doc/api/merge_requests.md
@@ -1632,7 +1632,7 @@ PUT /projects/:id/merge_requests/:merge_request_iid/rebase
 | `skip_ci`           | boolean | no       | Set to `true` to skip creating a CI pipeline |
  
 ```shell
-curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/76/merge_requests/1/rebase
+curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/76/merge_requests/1/rebase
 ```
  
 This is an asynchronous request. The API will return a `202 Accepted` response
@@ -2410,7 +2410,7 @@ GET /projects/:id/merge_requests/:merge_request_iid/time_stats
 | `merge_request_iid` | integer | yes      | The internal ID of the merge request |
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/93/time_stats
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/93/time_stats
 ```
  
 Example response:

--- a/doc/api/notes.md
+++ b/doc/api/notes.md
@@ -80,7 +80,7 @@ GET /projects/:id/issues/:issue_iid/notes?sort=asc&order_by=updated_at
 ```
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/notes
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/notes
 ```
  
 ### Get single issue note
@@ -98,7 +98,7 @@ Parameters:
 - `note_id` (required) - The ID of an issue note
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/notes/1
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/issues/11/notes/1
 ```
  
 ### Create new issue note
@@ -178,7 +178,7 @@ GET /projects/:id/snippets/:snippet_id/notes?sort=asc&order_by=updated_at
 | `order_by`          | string           | no         | Return snippet notes ordered by `created_at` or `updated_at` fields. Default is `created_at`
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/snippets/11/notes
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/snippets/11/notes
 ```
  
 ### Get single snippet note
@@ -215,7 +215,7 @@ Parameters:
 ```
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/snippets/11/notes/11
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/snippets/11/notes/11
 ```
  
 ### Create new snippet note
@@ -296,7 +296,7 @@ GET /projects/:id/merge_requests/:merge_request_iid/notes?sort=asc&order_by=upda
 | `order_by`          | string           | no         | Return merge request notes ordered by `created_at` or `updated_at` fields. Default is `created_at`
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/notes
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/notes
 ```
  
 ### Get single merge request note
@@ -337,7 +337,7 @@ Parameters:
 ```
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/notes/1
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/5/merge_requests/11/notes/1
 ```
  
 ### Create new merge request note
@@ -415,7 +415,7 @@ GET /groups/:id/epics/:epic_id/notes?sort=asc&order_by=updated_at
 | `order_by`          | string           | no         | Return epic notes ordered by `created_at` or `updated_at` fields. Default is `created_at` |
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/5/epics/11/notes
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/5/epics/11/notes
 ```
  
 ### Get single epic note
@@ -454,7 +454,7 @@ Parameters:
 ```
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/5/epics/11/notes/1
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/groups/5/epics/11/notes/1
 ```
  
 ### Create new epic note

--- a/doc/api/oauth2.md
+++ b/doc/api/oauth2.md
@@ -102,7 +102,7 @@ CAUTION: **Important:**
 Avoid using this flow for applications that store data outside of the GitLab
 instance. If you do, make sure to verify `application id` associated with the
 access token before granting access to the data
-(see [`/oauth/token/info`](https://github.com/doorkeeper-gem/doorkeeper/wiki/API-endpoint-descriptions-and-examples#get----oauthtokeninfo)).
+(see [`/oauth/token/info`](#retrieving-the-token-info)).
  
 Unlike the web flow, the client receives an `access token` immediately as a
 result of the authorization request. The flow does not use the client secret
@@ -212,3 +212,34 @@ or you can put the token to the Authorization header:
 ```
 curl --header "Authorization: Bearer OAUTH-TOKEN" https://gitlab.example.com/api/v4/user
 ```
+
+## Retrieving the Token Info
+
+To verify the details of a token you can call the `token/info` endpoint. This is provided from the doorkeeper gem (see [`/oauth/token/info`](https://github.com/doorkeeper-gem/doorkeeper/wiki/API-endpoint-descriptions-and-examples#get----oauthtokeninfo)).
+
+You will need to supply the access token, either as a parameter
+
+```
+GET https://gitlab.example.com/oauth/token/info?access_token=OAUTH-TOKEN
+```
+
+Or in the Authorization header:
+
+```
+curl --header "Authorization: Bearer OAUTH-TOKEN" https://gitlab.example.com/oauth/token/info
+```
+
+You will receive the following in response:
+
+```json
+{
+    "resource_owner_id": 1,
+    "scope": ["api"],
+    "expires_in": null,
+    "application": {"uid": "1cb242f495280beb4291e64bee2a17f330902e499882fe8e1e2aa875519cab33"},
+    "created_at": 1575890427
+}
+```
+
+CAUTION: **Deprecated fields:**
+The fields `scopes` and `expires_in_seconds` are also included in the response. They are aliases for `scope` and `expires_in` respectively and have been included to prevent breaking changes introduced in [doorkeeper 5.0.2](https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions#from-4x-to-5x). Please don't rely on these fields as they will be removed in a later release.
--- a/doc/api/project_snippets.md
+++ b/doc/api/project_snippets.md
@@ -177,7 +177,7 @@ Parameters:
 Example request:
  
 ```shell
-curl --request GET https://gitlab.com/api/v4/projects/:id/snippets/:snippet_id/raw \
+curl https://gitlab.com/api/v4/projects/:id/snippets/:snippet_id/raw \
     --header "PRIVATE-TOKEN: <your_access_token>"
 ```
  
@@ -199,7 +199,7 @@ GET /projects/:id/snippets/:snippet_id/user_agent_detail
 Example request:
  
 ```shell
-curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/1/snippets/2/user_agent_detail
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/1/snippets/2/user_agent_detail
 ```
  
 Example response: