From 4a74182b5ec28ae7914d9790c41424fe1e9de240 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 23 Dec 2021 21:10:52 +0000
Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master

---
 ...te_application_settings_protected_paths.rb | 58 +++++++++++++++++++
 db/schema_migrations/20211215182006           |  1 +
 db/structure.sql                              |  2 +-
 .../compliance/license_compliance/index.md    |  1 -
 doc/user/project/repository/mirror/push.md    |  2 +-
 .../formatters/test_stats_formatter.rb        |  4 +-
 ...plication_settings_protected_paths_spec.rb | 46 +++++++++++++++
 7 files changed, 109 insertions(+), 5 deletions(-)
 create mode 100644 db/migrate/20211215182006_update_application_settings_protected_paths.rb
 create mode 100644 db/schema_migrations/20211215182006
 create mode 100644 spec/migrations/update_application_settings_protected_paths_spec.rb

diff --git a/db/migrate/20211215182006_update_application_settings_protected_paths.rb b/db/migrate/20211215182006_update_application_settings_protected_paths.rb
new file mode 100644
index 00000000000..f1c1dde55e0
--- /dev/null
+++ b/db/migrate/20211215182006_update_application_settings_protected_paths.rb
@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+class UpdateApplicationSettingsProtectedPaths < Gitlab::Database::Migration[1.0]
+  REMOVE_PROTECTED_PATHS = [
+    '/oauth/authorize',
+    '/oauth/token'
+  ].freeze
+
+  NEW_DEFAULT_PROTECTED_PATHS = [
+    '/users/password',
+    '/users/sign_in',
+    '/api/v3/session.json',
+    '/api/v3/session',
+    '/api/v4/session.json',
+    '/api/v4/session',
+    '/users',
+    '/users/confirmation',
+    '/unsubscribes/',
+    '/import/github/personal_access_token',
+    '/admin/session'
+  ].freeze
+
+  OLD_DEFAULT_PROTECTED_PATHS = (NEW_DEFAULT_PROTECTED_PATHS + REMOVE_PROTECTED_PATHS).freeze
+
+  class ApplicationSetting < ActiveRecord::Base
+    self.table_name = 'application_settings'
+  end
+
+  def up
+    change_column_default(:application_settings, :protected_paths, NEW_DEFAULT_PROTECTED_PATHS)
+
+    ApplicationSetting.reset_column_information
+
+    ApplicationSetting.where.not(protected_paths: nil).each do |application_setting|
+      paths_to_remove = application_setting.protected_paths & REMOVE_PROTECTED_PATHS
+
+      next if paths_to_remove.empty?
+
+      updated_protected_paths = application_setting.protected_paths - paths_to_remove
+      application_setting.update!(protected_paths: updated_protected_paths)
+    end
+  end
+
+  def down
+    change_column_default(:application_settings, :protected_paths, OLD_DEFAULT_PROTECTED_PATHS)
+
+    ApplicationSetting.reset_column_information
+
+    ApplicationSetting.where.not(protected_paths: nil).each do |application_setting|
+      paths_to_add = REMOVE_PROTECTED_PATHS - application_setting.protected_paths
+
+      next if paths_to_add.empty?
+
+      updated_protected_paths = application_setting.protected_paths + paths_to_add
+      application_setting.update!(protected_paths: updated_protected_paths)
+    end
+  end
+end
diff --git a/db/schema_migrations/20211215182006 b/db/schema_migrations/20211215182006
new file mode 100644
index 00000000000..480a1e2369b
--- /dev/null
+++ b/db/schema_migrations/20211215182006
@@ -0,0 +1 @@
+ead2a1b13438514bb97bea3f1656f9bac352a8c733d9f808b2405685bce91e00
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index b800dc80abe..a1274387cf3 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -10298,7 +10298,7 @@ CREATE TABLE application_settings (
     throttle_protected_paths_enabled boolean DEFAULT false NOT NULL,
     throttle_protected_paths_requests_per_period integer DEFAULT 10 NOT NULL,
     throttle_protected_paths_period_in_seconds integer DEFAULT 60 NOT NULL,
-    protected_paths character varying(255)[] DEFAULT '{/users/password,/users/sign_in,/api/v3/session.json,/api/v3/session,/api/v4/session.json,/api/v4/session,/users,/users/confirmation,/unsubscribes/,/import/github/personal_access_token,/admin/session,/oauth/authorize,/oauth/token}'::character varying[],
+    protected_paths character varying(255)[] DEFAULT '{/users/password,/users/sign_in,/api/v3/session.json,/api/v3/session,/api/v4/session.json,/api/v4/session,/users,/users/confirmation,/unsubscribes/,/import/github/personal_access_token,/admin/session}'::character varying[],
     throttle_incident_management_notification_enabled boolean DEFAULT false NOT NULL,
     throttle_incident_management_notification_period_in_seconds integer DEFAULT 3600,
     throttle_incident_management_notification_per_period integer DEFAULT 3600,
diff --git a/doc/user/compliance/license_compliance/index.md b/doc/user/compliance/license_compliance/index.md
index f89165e7e2d..bdf1b0d74b4 100644
--- a/doc/user/compliance/license_compliance/index.md
+++ b/doc/user/compliance/license_compliance/index.md
@@ -92,7 +92,6 @@ The reported licenses might be incomplete or inaccurate.
 | Objective-C, Swift | [Carthage](https://github.com/Carthage/Carthage), [CocoaPods](https://cocoapods.org/) v0.39 and below |
 | Elixir     | [Mix](https://elixir-lang.org/getting-started/mix-otp/introduction-to-mix.html)                               |
 | C++/C      | [Conan](https://conan.io/)                                                                                    |
-| Scala      | [sbt](https://www.scala-sbt.org/)                                                                             |
 | Rust       | [Cargo](https://crates.io)                                                                                    |
 | PHP        | [Composer](https://getcomposer.org/)                                                                          |
 
diff --git a/doc/user/project/repository/mirror/push.md b/doc/user/project/repository/mirror/push.md
index 498b8d063a9..221616bd41c 100644
--- a/doc/user/project/repository/mirror/push.md
+++ b/doc/user/project/repository/mirror/push.md
@@ -79,7 +79,7 @@ To configure a mirror from GitLab to GitHub:
 1. Create a [GitHub personal access token](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token)
    with `public_repo` selected.
 1. Enter a **Git repository URL** with this format:
-   `https://<your_github_username>@github.com/<your_github_group>/<your_github_project>.git`.
+   `https://<your_access_token>@github.com/<github_group>/<github_project>.git`.
 1. For **Password**, enter your GitHub personal access token.
 1. Select **Mirror repository**.
 
diff --git a/qa/qa/support/formatters/test_stats_formatter.rb b/qa/qa/support/formatters/test_stats_formatter.rb
index ede4f463825..7678cb8406c 100644
--- a/qa/qa/support/formatters/test_stats_formatter.rb
+++ b/qa/qa/support/formatters/test_stats_formatter.rb
@@ -125,11 +125,11 @@ module QA
           @merge_request ||= (!!env('CI_MERGE_REQUEST_IID') || !!env('TOP_UPSTREAM_MERGE_REQUEST_IID')).to_s
         end
 
-        # Test run type from staging, canary, preprod or production env
+        # Test run type from staging (`gstg`, `gstg-cny`, `gstg-ref`), canary, preprod or production env
         #
         # @return [String, nil]
         def run_type
-          return unless %w[staging canary preprod production].include?(project_name)
+          return unless %w[staging staging-canary staging-ref canary preprod production].include?(project_name)
 
           @run_type ||= begin
             test_subset = if env('NO_ADMIN') == 'true'
diff --git a/spec/migrations/update_application_settings_protected_paths_spec.rb b/spec/migrations/update_application_settings_protected_paths_spec.rb
new file mode 100644
index 00000000000..21879995f1b
--- /dev/null
+++ b/spec/migrations/update_application_settings_protected_paths_spec.rb
@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require_migration!
+
+RSpec.describe UpdateApplicationSettingsProtectedPaths, :aggregate_failures do
+  subject(:migration) { described_class.new }
+
+  let_it_be(:application_settings) { table(:application_settings) }
+  let_it_be(:oauth_paths) { %w[/oauth/authorize /oauth/token] }
+  let_it_be(:custom_paths) { %w[/foo /bar] }
+
+  let(:default_paths) { application_settings.column_defaults.fetch('protected_paths') }
+
+  before do
+    application_settings.create!(protected_paths: custom_paths)
+    application_settings.create!(protected_paths: custom_paths + oauth_paths)
+    application_settings.create!(protected_paths: custom_paths + oauth_paths.take(1))
+  end
+
+  describe '#up' do
+    before do
+      migrate!
+      application_settings.reset_column_information
+    end
+
+    it 'removes the OAuth paths from the default value and persisted records' do
+      expect(default_paths).not_to include(*oauth_paths)
+      expect(default_paths).to eq(described_class::NEW_DEFAULT_PROTECTED_PATHS)
+      expect(application_settings.all).to all(have_attributes(protected_paths: custom_paths))
+    end
+  end
+
+  describe '#down' do
+    before do
+      migrate!
+      schema_migrate_down!
+    end
+
+    it 'adds the OAuth paths to the default value and persisted records' do
+      expect(default_paths).to include(*oauth_paths)
+      expect(default_paths).to eq(described_class::OLD_DEFAULT_PROTECTED_PATHS)
+      expect(application_settings.all).to all(have_attributes(protected_paths: custom_paths + oauth_paths))
+    end
+  end
+end