Add latest changes from gitlab-org/gitlab@master

.gitlab/ci/pages.gitlab-ci.yml

@@ -5,7 +5,7 @@ pages:
     - .default-cache
     - .pages:rules
   stage: pages
-  dependencies: ["coverage", "karma", "gitlab:assets:compile pull-cache"]
+  dependencies: ["rspec:coverage", "karma", "gitlab:assets:compile pull-cache"]
   script:
     - mv public/ .public/
     - mkdir public/

.gitlab/ci/rails.gitlab-ci.yml

@@ -202,7 +202,7 @@ gitlab:setup:
     paths:
       - log/development.log
-coverage:
+rspec:coverage:
   extends:
     - .rails-job-base
     - .rails:rules:ee-and-foss

CHANGELOG-EE.md

 Please view this file on the master branch, on stable branches it's out of date.
+## 12.8.5
+
+- No changes.
+
 ## 12.8.4
 - No changes.

app/models/snippet.rb

@@ -302,6 +302,10 @@ class Snippet < ApplicationRecord
     field != :content || MarkupHelper.gitlab_markdown?(file_name)
   end
+  def hexdigest
+    Digest::SHA256.hexdigest("#{title}#{description}#{created_at}#{updated_at}")
+  end
+
   class << self
     # Searches for snippets with a matching title or file name.
     #

app/models/snippet_repository.rb

@@ -18,6 +18,12 @@ class SnippetRepository < ApplicationRecord
     end
   end
+  def create_file(user, path, content, **options)
+    options[:actions] = transform_file_entries([{ file_path: path, content: content }])
+
+    capture_git_error { repository.multi_action(user, **options) }
+  end
+
   def multi_files_action(user, files = [], **options)
     return if files.nil? || files.empty?

app/services/projects/import_export/export_service.rb

@@ -42,7 +42,7 @@ module Projects
       end
       def exporters
-        [version_saver, avatar_saver, project_tree_saver, uploads_saver, repo_saver, wiki_repo_saver, lfs_saver]
+        [version_saver, avatar_saver, project_tree_saver, uploads_saver, repo_saver, wiki_repo_saver, lfs_saver, snippets_repo_saver]
       end
       def version_saver
@@ -73,6 +73,10 @@ module Projects
         Gitlab::ImportExport::LfsSaver.new(project: project, shared: shared)
       end
+      def snippets_repo_saver
+        Gitlab::ImportExport::SnippetsRepoSaver.new(current_user: current_user, project: project, shared: shared)
+      end
+
       def cleanup
         FileUtils.rm_rf(shared.archive_path) if shared&.archive_path
       end

app/views/layouts/nav/sidebar/_project.html.haml

@@ -143,7 +143,7 @@
           - issue_tracker = @project.external_issue_tracker
           = link_to issue_tracker.issue_tracker_path, class: 'shortcuts-external_tracker' do
             .nav-icon-container
-              = sprite_icon('issue-external')
+              = sprite_icon('external-link')
             %span.nav-item-name
               = issue_tracker.title
           %ul.sidebar-sub-level-items.is-fly-out-only
@@ -319,7 +319,7 @@
         = nav_link do
           = link_to external_wiki_url, class: 'shortcuts-external_wiki' do
             .nav-icon-container
-              = sprite_icon('issue-external')
+              = sprite_icon('external-link')
             %span.nav-item-name
               = _('External Wiki')
           %ul.sidebar-sub-level-items.is-fly-out-only

changelogs/unreleased/198323-migrate-snippet-mentions-to-db-table.yml

----
-title: Migrate mentions for snippet and snippet notes to snippet_user_mentions DB
-  table
-merge_request: 23783
-author:
-type: changed

changelogs/unreleased/208827-replace-issue-external-icon-with-external-link.yml

+---
+title: Replace issue-external icon with external-link
+merge_request: 208827
+author:
+type: other

changelogs/unreleased/fj-39201-import-export-project-snippets.yml

+---
+title: Import/Export snippet repositories
+merge_request: 24150
+author:
+type: added

db/post_migrate/20200127111953_cleanup_empty_snippet_user_mentions.rb

-# frozen_string_literal: true
-
-class CleanupEmptySnippetUserMentions < ActiveRecord::Migration[5.2]
-  DOWNTIME = false
-  BATCH_SIZE = 10_000
-
-  class SnippetUserMention < ActiveRecord::Base
-    include EachBatch
-
-    self.table_name = 'snippet_user_mentions'
-  end
-
-  def up
-    # cleanup snippet user mentions with no actual mentions,
-    # re https://gitlab.com/gitlab-org/gitlab/-/merge_requests/24586#note_285982468
-    SnippetUserMention
-      .where(mentioned_users_ids: nil)
-      .where(mentioned_groups_ids: nil)
-      .where(mentioned_projects_ids: nil)
-      .each_batch(of: BATCH_SIZE) do |batch|
-      batch.delete_all
-    end
-  end
-
-  def down
-    # no-op
-  end
-end

db/post_migrate/20200127131953_migrate_snippet_mentions_to_db.rb

-# frozen_string_literal: true
-
-class MigrateSnippetMentionsToDb < ActiveRecord::Migration[5.2]
-  include Gitlab::Database::MigrationHelpers
-
-  DOWNTIME = false
-  DELAY = 2.minutes.to_i
-  BATCH_SIZE = 10_000
-  MIGRATION = 'UserMentions::CreateResourceUserMention'
-
-  JOIN = "LEFT JOIN snippet_user_mentions on snippets.id = snippet_user_mentions.snippet_id"
-  QUERY_CONDITIONS = "(description like '%@%' OR title like '%@%') AND snippet_user_mentions.snippet_id IS NULL"
-
-  disable_ddl_transaction!
-
-  class Snippet < ActiveRecord::Base
-    include EachBatch
-
-    self.table_name = 'snippets'
-  end
-
-  def up
-    Snippet
-      .joins(JOIN)
-      .where(QUERY_CONDITIONS)
-      .each_batch(of: BATCH_SIZE) do |batch, index|
-      range = batch.pluck(Arel.sql('MIN(snippets.id)'), Arel.sql('MAX(snippets.id)')).first
-      migrate_in(index * DELAY, MIGRATION, ['Snippet', JOIN, QUERY_CONDITIONS, false, *range])
-    end
-  end
-
-  def down
-    # no-op
-  end
-end

db/post_migrate/20200127141953_add_temporary_snippet_notes_with_mentions_index.rb

-# frozen_string_literal: true
-
-class AddTemporarySnippetNotesWithMentionsIndex < ActiveRecord::Migration[5.2]
-  include Gitlab::Database::MigrationHelpers
-
-  DOWNTIME = false
-  INDEX_NAME = 'snippet_mentions_temp_index'
-  INDEX_CONDITION = "note LIKE '%@%'::text AND notes.noteable_type = 'Snippet'"
-
-  disable_ddl_transaction!
-
-  def up
-    # create temporary index for notes with mentions, may take well over 1h
-    add_concurrent_index(:notes, :id, where: INDEX_CONDITION, name: INDEX_NAME)
-  end
-
-  def down
-    remove_concurrent_index(:notes, :id, where: INDEX_CONDITION, name: INDEX_NAME)
-  end
-end

db/post_migrate/20200127151953_migrate_snippet_notes_mentions_to_db.rb

-# frozen_string_literal: true
-
-class MigrateSnippetNotesMentionsToDb < ActiveRecord::Migration[5.2]
-  include Gitlab::Database::MigrationHelpers
-
-  DOWNTIME = false
-  DELAY = 2.minutes.to_i
-  BATCH_SIZE = 10_000
-  MIGRATION = 'UserMentions::CreateResourceUserMention'
-
-  INDEX_CONDITION = "note LIKE '%@%'::text AND notes.noteable_type = 'Snippet'"
-  QUERY_CONDITIONS = "#{INDEX_CONDITION} AND snippet_user_mentions.snippet_id IS NULL"
-  JOIN = 'INNER JOIN snippets ON snippets.id = notes.noteable_id LEFT JOIN snippet_user_mentions ON notes.id = snippet_user_mentions.note_id'
-
-  disable_ddl_transaction!
-
-  class Note < ActiveRecord::Base
-    include EachBatch
-
-    self.table_name = 'notes'
-  end
-
-  def up
-    Note
-      .joins(JOIN)
-      .where(QUERY_CONDITIONS)
-      .each_batch(of: BATCH_SIZE) do |batch, index|
-      range = batch.pluck(Arel.sql('MIN(notes.id)'), Arel.sql('MAX(notes.id)')).first
-      migrate_in(index * DELAY, MIGRATION, ['Snippet', JOIN, QUERY_CONDITIONS, true, *range])
-    end
-  end
-
-  def down
-    # no-op
-    # temporary index is to be dropped in a different migration in an upcoming release:
-    # https://gitlab.com/gitlab-org/gitlab/issues/196842
-  end
-end

db/schema.rb

@@ -2838,7 +2838,6 @@ ActiveRecord::Schema.define(version: 2020_03_04_160823) do
     t.index ["discussion_id"], name: "index_notes_on_discussion_id"
     t.index ["id"], name: "design_mentions_temp_index", where: "((note ~~ '%@%'::text) AND ((noteable_type)::text = 'DesignManagement::Design'::text))"
     t.index ["id"], name: "epic_mentions_temp_index", where: "((note ~~ '%@%'::text) AND ((noteable_type)::text = 'Epic'::text))"
-    t.index ["id"], name: "snippet_mentions_temp_index", where: "((note ~~ '%@%'::text) AND ((noteable_type)::text = 'Snippet'::text))"
     t.index ["line_code"], name: "index_notes_on_line_code"
     t.index ["note"], name: "index_notes_on_note_trigram", opclass: :gin_trgm_ops, using: :gin
     t.index ["note"], name: "tmp_idx_on_promoted_notes", where: "(((noteable_type)::text = 'Issue'::text) AND (system IS TRUE) AND (note ~~ 'promoted to epic%'::text))"

doc/user/group/saml_sso/index.md

@@ -234,6 +234,29 @@ Recommended `NameID` value: `OneLogin ID`.
 Set parameters according to the [assertions table](#assertions).
+### Additional setup options
+
+GitLab [isn't limited to the SAML providers listed above](#my-identity-provider-isnt-listed) but your Identity Provider may require additional configuration, such as the following:
+
+| Field | Value | Notes |
+|-------|-------|-------|
+| SAML Profile | Web browser SSO profile | GitLab uses SAML to sign users in via their browser. We don't make requests direct to the Identity Provider. |
+| SAML Request Binding | HTTP Redirect | GitLab (the service provider) redirects users to your Identity Provider with a base64 encoded `SAMLRequest` HTTP parameter. |
+| SAML Response Binding | HTTP POST | Your Identity Provider responds to users with an HTTP form including the `SAMLResponse`, which a user's browser submits back to GitLab. |
+| Sign SAML Response | Yes | We require this to prevent tampering. |
+| X509 Certificate in response | Yes | This is used to sign the response and checked against the provided fingerprint. |
+| Fingerprint Algorithm | SHA-1  | We need a SHA-1 hash of the certificate used to sign the SAML Response. |
+| Signature Algorithm | SHA-1/SHA-256/SHA-384/SHA-512 | Also known as the Digest Method, this can be specified in the SAML response. It determines how a response is signed. |
+| Encrypt SAML Assertion | No | TLS is used between your Identity Provider, the user's browser, and GitLab. |
+| Sign SAML Assertion | Optional | We don't require Assertions to be signed. We validate their integrity by requiring the whole response to be signed. |
+| Check SAML Request Signature | No | GitLab does not sign SAML requests, but does check the signature on the SAML response. |
+| Default RelayState | Optional | The URL users should end up on after signing in via a button on your Identity Provider. |
+| NameID Format | `Persistent` | See [details above](#nameid-format). |
+| Additional URLs | | You may need to use the `Identifier` or `Assertion consumer service URL` in other fields on some providers. |
+| Single Sign Out URL | | Not supported |
+
+If the information information you need isn't listed above you may wish to check our [troubleshooting docs below](#i-need-additional-information-to-configure-my-identity-provider).
+
 ## Linking SAML to your existing GitLab.com account
 To link SAML to your existing GitLab.com account:
@@ -320,3 +343,20 @@ To change which identity you sign in with, you can [unlink the previous SAML ide
 Getting both of these errors at the same time suggests the NameID capitalization provided by the Identity Provider didn't exactly match the previous value for that user.
 This can be prevented by configuring the [NameID](#nameid) to return a consistent value. Fixing this for an individual user involves [unlinking SAML in the GitLab account](#unlinking-accounts), although this will cause group membership and Todos to be lost.
+
+### My identity provider isn't listed
+
+Not a problem, the SAML standard means that a wide range of identity providers will work with GitLab. Unfortunately we aren't familiar with all of them so can only offer support configuring the [listed providers](#providers).
+
+### I need additional information to configure my identity provider
+
+Many SAML terms can vary between providers. It is possible that the information you are looking for is listed under another name.
+
+For more information, start with your Identity Provider's documentation. Look for their options and examples to see how they configure SAML. This can provide hints on what you'll need to configure GitLab to work with these providers.
+
+It can also help to look at our [more detailed docs for self-managed GitLab](../../../integration/saml.md).
+SAML configuration for GitLab.com is mostly the same as for self-managed instances.
+However, self-managed GitLab instances use a configuration file that supports more options as described in the external [OmniAuth SAML documentation](https://github.com/omniauth/omniauth-saml/).
+Internally that uses the [`ruby-saml` library](https://github.com/onelogin/ruby-saml), so we sometimes check there to verify low level details of less commonly used options.
+
+It can also help to compare the XML response from your provider with our [example XML used for internal testing](https://gitlab.com/gitlab-org/gitlab/blob/master/ee/spec/fixtures/saml/response.xml).

doc/user/profile/account/two_factor_authentication.md

@@ -110,6 +110,7 @@ the **Download codes** button for storage in a safe place. If you choose to
 download them, the file will be called `gitlab-recovery-codes.txt`.
 If you lose the recovery codes or just want to generate new ones, you can do so
+from the [two-factor authentication account settings page](#regenerate-2fa-recovery-codes) or
 [using SSH](#generate-new-recovery-codes-using-ssh).
 ## Logging in with 2FA Enabled

lib/api/api.rb

@@ -45,7 +45,7 @@ module API
     before do
       Gitlab::ApplicationContext.push(
-        user: -> { current_user },
+        user: -> { @current_user },
         project: -> { @project },
         namespace: -> { @group },
         caller_id: route.origin

lib/gitlab/background_migration/user_mentions/models/snippet.rb

-# frozen_string_literal: true
-# rubocop:disable Style/Documentation
-
-module Gitlab
-  module BackgroundMigration
-    module UserMentions
-      module Models
-        class Snippet < ActiveRecord::Base
-          include Concerns::IsolatedMentionable
-          include Concerns::MentionableMigrationMethods
-          include CacheMarkdownField
-
-          attr_mentionable :title, pipeline: :single_line
-          attr_mentionable :description
-          cache_markdown_field :title, pipeline: :single_line
-          cache_markdown_field :description
-
-          self.table_name = 'snippets'
-          self.inheritance_column = :_type_disabled
-
-          belongs_to :author, class_name: "User"
-          belongs_to :project
-
-          def self.user_mention_model
-            Gitlab::BackgroundMigration::UserMentions::Models::SnippetUserMention
-          end
-
-          def user_mention_model
-            self.class.user_mention_model
-          end
-
-          def user_mention_resource_id
-            id
-          end
-
-          def user_mention_note_id
-            'NULL'
-          end
-        end
-      end
-    end
-  end
-end

lib/gitlab/background_migration/user_mentions/models/snippet_user_mention.rb

-# frozen_string_literal: true
-# rubocop:disable Style/Documentation
-
-module Gitlab
-  module BackgroundMigration
-    module UserMentions
-      module Models
-        class SnippetUserMention < ActiveRecord::Base
-          self.table_name = 'snippet_user_mentions'
-
-          def self.resource_foreign_key
-            :snippet_id
-          end
-        end
-      end
-    end
-  end
-end