As in documentation.

Fixes: #58180.

Also remove the requirement between domain_blacklist_enabled and domain_blacklist.

* Limits raw requests to 300 per minute and per raw path.
* Add a new attribute to ApplicationSettings so user can change this
value on their instance.
* Uses Gitlab::ActionRateLimiter to limit the raw requests.
* Add a new method into ActionRateLimiter to log the event into auth.log

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/48717

vshushlin authored 5 years ago and Nick Thomas committed 5 years ago

* remove feature flag for admin settings
* remove feature flag for domain settings

The /admin panel will now always return an uncached
application setting to ensure it always has the most
current info.

Updating multiple application settings panels through
a single action causes the incorrect action to be shown
when there are errors.  Instead, make each panel action
handle both updating and display.

vshushlin authored 5 years ago and Nick Thomas committed 5 years ago

Part of adding Let's Encrypt certificates for pages domains

Add acme-client gem

Client is being initialized by private key stored in secrets.yml
Let's Encrypt account is being created lazily.
If it's already created, Acme::Client just gets account_kid by
calling new_account method

Make Let's Encrypt client an instance
Wrap order and challenge classes

Store Let's Encrypt account email in application settings
Also add explicit terms of service consent

Imre (Admin) authored 5 years ago and Andreas Brandl committed 5 years ago

Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE

This reverts merge request !26823

Imre (Admin) authored 5 years ago and Andreas Brandl committed 5 years ago

Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE

- Update PO file

This replaces the repository param.
This allows more flexiblity as sometimes we have highlight content
not related to repository. Sometimes we know ahead of time the language
of the content. Lastly language determination seems better fit as a
logic in the Blob class.
`repository` param is only used to determine the language, which seems
to be the responsiblity of Blob.

This icommit adds several changes related to the same topic
- resetting a Runner registration token:

1. On Project settings page it adds a button for resetting the
   registration token and it removes the Runner token field
   that was confusing all GitLab users.

2. On Group settings page it adds the same button for resetting
   the registration token.

3. On Admin Runners settings page it moves the button to the same
   place as in Project and Group settings and it changes slightly
   the page layout to make it more similar to Group and Project
   setting pages.

4. It refactorizes a little the partial that prints runner
   registration description. Thanks to this Project, Group
   and Admin settings of the Runner are re-using the same
   code to generate the button.

5. Updates the translations of changed text.

We remove this feature as it never worked properly

Enables frozen string for the following:

* app/controllers/*.rb
* app/controllers/admin/**/*.rb
* app/controllers/boards/**/*.rb
* app/controllers/ci/**/*.rb
* app/controllers/concerns/**/*.rb

Partially addresses #47424.

Signed-off-by: Rémy Coutable <remy@rymai.me>

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

If form does not have import sources checkboxes we should not reset
import sources to empty. This fixes issue when import sources got reset
after user modifies unrelated settings section like GitLab pages

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

The `RAILS5=1 rspec spec/controllers/admin/application_settings_controller_spec.rb`
command throws the error:

Failures:

  1) Admin::ApplicationSettingsController PUT #update falls back to defaults when settings are omitted
      Failure/Error: import_sources = params[:application_setting][:import_sources]

      NoMethodError:
        undefined method `[]' for nil:NilClass
      # ./app/controllers/admin/application_settings_controller.rb:62:in `application_setting_params'

This commit fixes it.

See merge request gitlab-org/gitlab-ee!3323

Backported as part of authorized_keys in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/16014

Originally branch 'mk-toggle-writing-to-auth-keys-1631'

See merge request !2004

Squashed commits:
Add authorized_keys_enabled to Application Settings
Ensure default settings are exposed in UI
Without this change, `authorized_keys_enabled` is unchecked when it is nil, even if it should be checked by default.
Add “Speed up SSH operations” documentation
Clarify the reasons for disabling writes
Add "How to go back" section
Tweak copy
Update Application Setting screenshot

`allowed_key_types` is removed and the `minimum_<type>_bits` fields are
renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies
that the key type is disabled.

This also feeds through to the UI - checkboxes per key type are out, inline
selection of "forbidden" and "allowed" (i.e., no restrictions) are in.

As with the previous model, unknown key types are disallowed, even if the
underlying ssh daemon happens to support them. The defaults have also been
changed from the lowest known bit size to "no restriction". So if someone
does happen to have a 768-bit RSA key, it will continue to work on upgrade, at
least until the administrator restricts them.