To make it more clear to developers that the entity exposes the
application secret, define a separate entity that only should be used
when the secret is needed (probably only on creation).

Jan Christophersen authored 7 years ago and James Lopez committed 7 years ago

Resolve "Projects API: filter 'with_issues_enabled=true' returns projects with 'issues_enabled=false'"

Adds sorting to deployments API through the `order_by` and sort
`fields`.

[10.3] Migrate `can_push` column from `keys` to `deploy_keys_project`

See merge request gitlab/gitlabhq!2276

(cherry picked from commit f6ca52d31bac350a23938e0aebf717c767b4710c)

1f2bd3c0 Backport to 10.3

Merge branch 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-3'

Filter out sensitive fields from the project services API

See merge request gitlab/gitlabhq!2281

(cherry picked from commit 476f2576444632f2a9a61b4cead9c1077f2c81d7)

2bcbbda0 Filter out sensitive fields from the project services API

Enables project milestone deletion via DELETE /projects/:id/milestones/:milestone_id

see https://gitlab.com/gitlab-org/gitlab-ce/issues/42025

The N+1 issue was caused by loading the job_artifacts_archive for each
job (build) individually. Including that in the builds
AssociationRelation fixed the issue.

This will enable admins to identify who actually made the API request.

Relates to #36960

Add find key by base64 key or fingerprint to the internal API

See merge request !250

Squashed changes:
Add unique index to fingerprint
Add new index to schema
Add internal api to get ssh key by fingerprint
Change API endpoint to authorized_keys
Add InsecureKeyFingerprint that calculates the fingerprint without shelling out
Add require for gitlab key fingerprint
Remove uniqueness of fingerprint index
Remove unique option from migration
Fix spec style in fingerprint test
Fix rubocop complain
Extract insecure key fingerprint to separate file
Change migration to support building index concurrently
Remove those hideous tabs

This removes all usage of soft removals except for the "pending delete"
system implemented for projects. This in turn simplifies all the query
plans of the models that used soft removals. Since we don't really use
soft removals for anything useful there's no point in keeping it around.

This _does_ mean that hard removals of issues (which only admins can do
if I'm not mistaken) can influence the "iid" values, but that code is
broken to begin with. More on this (and how to fix it) can be found in
https://gitlab.com/gitlab-org/gitlab-ce/issues/31114.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/37447

In some cases is prefered to manually create a ProjectWiki over using
Project#wiki. This is because Project#wiki always uses the #owner (which
is a User sometimes) as the
author of the wiki changes but sometimes the owner is a Group and it
doesn't respond to #username

On GitLab.com, there are write deploy keys with no associated users.
Pushes with these deploy keys end with an Error 500 since we attempt
to look up redirect message. If there is no user, don't attempt
to display a redirect message.

Closes #41466

+ Add support for the new separate channel and events settings
* Dry up chat notifications in the service properties definitions

Signed-off-by: Rémy Coutable <remy@rymai.me>

- Ensure that unwanted params are no passed to actual finder classes

Previously, this would include the entire User record in the update
hash, which was rendered in the response using `to_json`, erroneously
exposing every attribute of that record, including their (now removed)
private token.

Now we only include the user ID, and perform the lookup on-demand.