This prevents a MITM attack where attacker could
still access Git repository if any jobs were
running long enough.

It consists of two parts:

1. Redirecting users to the configured external storage
1. Allowing the external storage to request the static object(s)
   on behalf of the user by means of specific tokens

Part of https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6829

Because we don't have any destroy callbacks (or other logic
triggered on event destroy), there is no reason for deleting events
inefficiently one by one, instead we can use :delete_all.

Adam Hegyi authored 5 years ago and Andreas Brandl committed 5 years ago

This change sets NOT NULL constraint to users.private profile.

closes https://gitlab.com/gitlab-org/gitlab-ce/issues/57538

Removed unused method for name setter method

Devise checks before updating any of the authentication_keys if it
needs to clear the reset_password_tokens.

This should fix:
https://gitlab.com/gitlab-org/gitlab-ce/issues/42733 (Weak
authentication and session management)

These are not required because MySQL is not
supported anymore

When a user's notification email is set for a group, we
should use that for pipeline emails

Adam Hegyi authored 5 years ago and Mayra Cabrera committed 5 years ago

- Background migration for changing null values to false
- Set false as default value for private_profile DB column

Instead of setting the name of the namespace to the user's username,
set it to the user's name.

This is more consistent with how we name the routes:
The route-name of a namespace is the human name of the routable. In
the case of a user-namespace, this is the owner's name.

When we change a user's name (both on create and update), we now also
update the namespace-name to the user's name. This will make sure that
if we also correctly update all the nested routes.

The introduction of the in-memory cache for application settings had a
side effect of making it harder to invalidate changes when the settings
occur. We now bypass the cache because it's possible the admin enabled
the usage ping, and we don't want to annoy the user again if they
already set the value.

To avoid causing significant load on the system, we add an extra check
to ensure the user is an admin. and we don't want to annoy the user
again if they already set the value. This is a bit of hack, but the
alternative would be to put in a more complex cache invalidation
step. Since this call only gets called in the uncommon situation where
the user is an admin and the only user in the instance, this shouldn't
cause too much load on the system.

Disabled password authentication for the users registered using
omniauth-ultraauth strategy

Backports https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10161
(code out of ee/ folder).

Truncate existing users names which exceed 128 characters
Include test for truncating users names

Adds `# frozen_string_literal: true` to spec/models ruby files

Ruby 2.6 introduced `Enumerable#filter`, which takes no arguments.
Attempting to call `filter` on an `ActiveRecord::Relation` with a scope
will fail with a `wrong number of arguments (given 1, expected 0)`
message because the `Enumerable#filter` implementation overrides the
delegated `ActiveRecord::Relation#filter` method.

To make Admin::UsersController compatible with Ruby 2.6, rename
`User.filter` to `User.filter_items`.

These are backend changes.
Use Vue for the import feature UI for "githubish"
providers (GitHub and Gitea).
Add "Go to project" button after a successful import.
Use CI-style status icons and improve spacing of the
table and its component.
Adds ETag polling to the github and gitea import
jobs endpoint.

Group guests will only be displayed merge requests to
projects they have a access level to, higher than Reporter.

Visible projects will still display the merge requests to Guests

Group guests will only be displayed merge requests to
projects they have a access level to, higher than Reporter.

Visible projects will still display the merge requests to Guests

- we now use the hierarchy class also for epics
- also rename supports_nested_groups? into supports_nested_objects?
  - move it to a concern

This commit adds a name to each release, defaulting it to tag name,
keeps track of the SHA when a new release is created and tracks the
current user as release author.

It gathers list of file paths to delete before destroying
the parent object. Then after the parent_object is destroyed
these paths are scheduled for deletion asynchronously.

Carrierwave needed associated model for deleting upload file.
To avoid this requirement, simple Fog/File layer is used directly
for file deletion, this allows us to use just a simple list of paths.

Resolve "Can add an existing group member into a group project with new permissions but permissions are not overridden"

Private commit emails were introduced in !22560, but some parts of
GitLab were not updated to take account of them. This commit adds
support in places that were missed.

The private commit email is automatically generated in the format:
id-username@noreply.HOSTNAME

GitLab instance admins are able to change the HOSTNAME portion,
that defaults to Gitlab's hostname, to whatever they prefer.

Pass the 'non_archived' flag to finder methods