kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

Browse source
This commit is contained in:
GitLab Bot 2021-11-02 15:12:22 +00:00
parent d67ccb290a
commit 125c8a6a81
15 changed files with 253 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/assets/javascripts/environments/components/rollback_modal_manager.vue
View file

@ -15,7 +15,6 @@ export default {
data() {
return {
environment: null,
retryPath: '',
visible: false,
};
},
@ -35,9 +34,9 @@ export default {
name: environmentName,
commitShortSha,
commitUrl,
retryUrl: retryPath,
isLastDeployment: parseBoolean(isLastDeployment),
};
this.retryPath = retryPath;
this.visible = true;
});
});
@ -51,7 +50,5 @@ export default {
v-model="visible"
:environment="environment"
:has-multiple-commits="false"
:retry-url="retryPath"
/>
<div v-else></div>
</template>

22
app/controllers/concerns/gitlab_recaptcha.rb Normal file
View file

@ -0,0 +1,22 @@
# frozen_string_literal: true
module GitlabRecaptcha
extend ActiveSupport::Concern
include Recaptcha::Verify
include RecaptchaHelper
def load_recaptcha
recaptcha_enabled? && Gitlab::Recaptcha.load_configurations!
end
def check_recaptcha
return unless load_recaptcha
return if verify_recaptcha
flash[:alert] = _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
flash.delete :recaptcha_error
self.resource = resource_class.new
render action: 'new'
end
end

10
app/controllers/confirmations_controller.rb
View file

@ -2,6 +2,10 @@
class ConfirmationsController < Devise::ConfirmationsController
include AcceptsPendingInvitations
include GitlabRecaptcha
prepend_before_action :check_recaptcha, only: :create
before_action :load_recaptcha, only: :new
feature_category :users
@ -31,6 +35,12 @@ class ConfirmationsController < Devise::ConfirmationsController
end
end
def check_recaptcha
return unless resource_params[:email].present?
super
end
def after_sign_in(resource)
after_sign_in_path_for(resource)
end

10
app/controllers/passwords_controller.rb
View file

@ -1,8 +1,12 @@
# frozen_string_literal: true
class PasswordsController < Devise::PasswordsController
include GitlabRecaptcha
skip_before_action :require_no_authentication, only: [:edit, :update]
prepend_before_action :check_recaptcha, only: :create
before_action :load_recaptcha, only: :new
before_action :resource_from_email, only: [:create]
before_action :check_password_authentication_available, only: [:create]
before_action :throttle_reset, only: [:create]
@ -59,6 +63,12 @@ class PasswordsController < Devise::PasswordsController
alert: _("Password authentication is unavailable.")
end
def check_recaptcha
return unless resource_params[:email].present?
super
end
def throttle_reset
return unless resource && resource.recently_sent_password_reset?

3
app/helpers/recaptcha_helper.rb
View file

@ -1,9 +1,10 @@
# frozen_string_literal: true
module RecaptchaHelper
def show_recaptcha_sign_up?
def recaptcha_enabled?
!!Gitlab::Recaptcha.enabled?
end
alias_method :show_recaptcha_sign_up?, :recaptcha_enabled?
end
RecaptchaHelper.prepend_mod

7
app/views/devise/confirmations/new.html.haml
View file

@ -7,7 +7,12 @@
.form-group
= f.label :email
= f.email_field :email, class: "form-control gl-form-input", required: true, title: _('Please provide a valid email address.'), value: nil
.clearfix
%div
- if recaptcha_enabled?
= recaptcha_tags nonce: content_security_policy_nonce
.gl-mt-5
= f.submit _("Resend"), class: 'gl-button btn btn-confirm'
.clearfix.prepend-top-20

7
app/views/devise/passwords/new.html.haml
View file

@ -8,7 +8,12 @@
= f.email_field :email, class: "form-control gl-form-input", required: true, value: params[:user_email], autofocus: true, title: _('Please provide a valid email address.')
.form-text.text-muted
= _('Requires your primary GitLab email address.')
.clearfix
%div
- if recaptcha_enabled?
= recaptcha_tags nonce: content_security_policy_nonce
.gl-mt-5
= f.submit _("Reset password"), class: "gl-button btn-confirm btn"
.clearfix.prepend-top-20

1
doc/user/group/value_stream_analytics/index.md
View file

@ -27,6 +27,7 @@ To view group-level Value Stream Analytics:
Value Stream Analytics at the group level includes data for the selected group and its subgroups.
NOTE:
[Project-level Value Stream Analytics](../../analytics/value_stream_analytics.md) is also available.
## Default stages

4
lib/gitlab/application_rate_limiter.rb
View file

@ -11,6 +11,8 @@ module Gitlab
# redirect_to(edit_project_path(@project), status: :too_many_requests)
# end
class ApplicationRateLimiter
InvalidKeyError = Class.new(StandardError)
def initialize(key, **options)
@key = key
@options = options
@ -69,7 +71,7 @@ module Gitlab
#
# @return [Boolean] Whether or not a request should be throttled
def throttled?(key, **options)
return unless rate_limits[key]
raise InvalidKeyError unless rate_limits[key]
return if scoped_user_in_allowlist?(options)

41
spec/controllers/confirmations_controller_spec.rb
View file

@ -123,4 +123,45 @@ RSpec.describe ConfirmationsController do
end
end
end
describe '#create' do
let(:user) { create(:user) }
subject(:perform_request) { post(:create, params: { user: { email: user.email } }) }
context 'when reCAPTCHA is disabled' do
before do
stub_application_setting(recaptcha_enabled: false)
end
it 'successfully sends password reset when reCAPTCHA is not solved' do
perform_request
expect(response).to redirect_to(dashboard_projects_path)
end
end
context 'when reCAPTCHA is enabled' do
before do
stub_application_setting(recaptcha_enabled: true)
end
it 'displays an error when the reCAPTCHA is not solved' do
Recaptcha.configuration.skip_verify_env.delete('test')
perform_request
expect(response).to render_template(:new)
expect(flash[:alert]).to include 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'
end
it 'successfully sends password reset when reCAPTCHA is solved' do
Recaptcha.configuration.skip_verify_env << 'test'
perform_request
expect(response).to redirect_to(dashboard_projects_path)
end
end
end
end

43
spec/controllers/passwords_controller_spec.rb
View file

@ -91,4 +91,47 @@ RSpec.describe PasswordsController do
end
end
end
describe '#create' do
let(:user) { create(:user) }
subject(:perform_request) { post(:create, params: { user: { email: user.email } }) }
context 'when reCAPTCHA is disabled' do
before do
stub_application_setting(recaptcha_enabled: false)
end
it 'successfully sends password reset when reCAPTCHA is not solved' do
perform_request
expect(response).to redirect_to(new_user_session_path)
expect(flash[:notice]).to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'
end
end
context 'when reCAPTCHA is enabled' do
before do
stub_application_setting(recaptcha_enabled: true)
end
it 'displays an error when the reCAPTCHA is not solved' do
Recaptcha.configuration.skip_verify_env.delete('test')
perform_request
expect(response).to render_template(:new)
expect(flash[:alert]).to include 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'
end
it 'successfully sends password reset when reCAPTCHA is solved' do
Recaptcha.configuration.skip_verify_env << 'test'
perform_request
expect(response).to redirect_to(new_user_session_path)
expect(flash[:notice]).to include 'If your email address exists in our database, you will receive a password recovery link at your email address in a few minutes.'
end
end
end
end

2
spec/features/merge_request/user_assigns_themselves_spec.rb
View file

@ -15,7 +15,7 @@ RSpec.describe 'Merge request > User assigns themselves' do
visit project_merge_request_path(project, merge_request)
end
it 'updates related issues', :js do
it 'updates related issues', :js, quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/343006' do
click_link 'Assign yourself to these issues'
expect(page).to have_content '2 issues have been assigned to you'

30
spec/features/users/confirmation_spec.rb Normal file
View file

@ -0,0 +1,30 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'User confirmation' do
describe 'resend confirmation instructions' do
context 'when recaptcha is enabled' do
before do
stub_application_setting(recaptcha_enabled: true)
allow(Gitlab::Recaptcha).to receive(:load_configurations!)
visit new_user_confirmation_path
end
it 'renders recaptcha' do
expect(page).to have_css('.g-recaptcha')
end
end
context 'when recaptcha is not enabled' do
before do
stub_application_setting(recaptcha_enabled: false)
visit new_user_confirmation_path
end
it 'does not render recaptcha' do
expect(page).not_to have_css('.g-recaptcha')
end
end
end
end

30
spec/features/users/password_spec.rb Normal file
View file

@ -0,0 +1,30 @@
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'User password' do
describe 'send password reset' do
context 'when recaptcha is enabled' do
before do
stub_application_setting(recaptcha_enabled: true)
allow(Gitlab::Recaptcha).to receive(:load_configurations!)
visit new_user_password_path
end
it 'renders recaptcha' do
expect(page).to have_css('.g-recaptcha')
end
end
context 'when recaptcha is not enabled' do
before do
stub_application_setting(recaptcha_enabled: false)
visit new_user_password_path
end
it 'does not render recaptcha' do
expect(page).not_to have_css('.g-recaptcha')
end
end
end
end

62
spec/lib/gitlab/application_rate_limiter_spec.rb
View file

@ -49,30 +49,62 @@ RSpec.describe Gitlab::ApplicationRateLimiter do
end
end
context 'when the key is an array of only ActiveRecord models' do
let(:scope) { [user, project] }
describe '.throttled?' do
context 'when the key is invalid' do
context 'is provided as a Symbol' do
context 'but is not defined in the rate_limits Hash' do
it 'raises an InvalidKeyError exception' do
key = :key_not_in_rate_limits_hash
let(:cache_key) do
"application_rate_limiter:test_action:user:#{user.id}:project:#{project.id}"
expect { subject.throttled?(key) }.to raise_error(Gitlab::ApplicationRateLimiter::InvalidKeyError)
end
end
end
context 'is provided as a String' do
context 'and is a String representation of an existing key in rate_limits Hash' do
it 'raises an InvalidKeyError exception' do
key = rate_limits.keys[0].to_s
expect { subject.throttled?(key) }.to raise_error(Gitlab::ApplicationRateLimiter::InvalidKeyError)
end
end
context 'but is not defined in any form in the rate_limits Hash' do
it 'raises an InvalidKeyError exception' do
key = 'key_not_in_rate_limits_hash'
expect { subject.throttled?(key) }.to raise_error(Gitlab::ApplicationRateLimiter::InvalidKeyError)
end
end
end
end
it_behaves_like 'action rate limiter'
end
context 'when the key is an array of only ActiveRecord models' do
let(:scope) { [user, project] }
context 'when they key a combination of ActiveRecord models and strings' do
let(:project) { create(:project, :public, :repository) }
let(:commit) { project.repository.commit }
let(:path) { 'app/controllers/groups_controller.rb' }
let(:scope) { [project, commit, path] }
let(:cache_key) do
"application_rate_limiter:test_action:user:#{user.id}:project:#{project.id}"
end
let(:cache_key) do
"application_rate_limiter:test_action:project:#{project.id}:commit:#{commit.sha}:#{path}"
it_behaves_like 'action rate limiter'
end
it_behaves_like 'action rate limiter'
context 'when they key a combination of ActiveRecord models and strings' do
let(:project) { create(:project, :public, :repository) }
let(:commit) { project.repository.commit }
let(:path) { 'app/controllers/groups_controller.rb' }
let(:scope) { [project, commit, path] }
let(:cache_key) do
"application_rate_limiter:test_action:project:#{project.id}:commit:#{commit.sha}:#{path}"
end
it_behaves_like 'action rate limiter'
end
end
describe '#log_request' do
describe '.log_request' do
let(:file_path) { 'master/README.md' }
let(:type) { :raw_blob_request_limit }
let(:fullpath) { "/#{project.full_path}/raw/#{file_path}" }