Commit a6a0792e authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce

parents 8ba83cba 7081ab1e
Please view this file on the master branch, on stable branches it's out of date. Please view this file on the master branch, on stable branches it's out of date.
v 7.13.0 (unreleased) v 7.13.0 (unreleased)
- Fix external issue tracker hook/test for HTTPS URLs (Daniel Gerhardt)
- Remove link leading to a 404 error in Deploy Keys page (Stan Hu)
- Add support for unlocking users in admin settings (Stan Hu)
- Fix order of issues imported form GitHub (Hiroyuki Sato) - Fix order of issues imported form GitHub (Hiroyuki Sato)
- Bump rugments to 1.0.0beta8 to fix C prototype function highlighting (Jonathon Reinhart) - Bump rugments to 1.0.0beta8 to fix C prototype function highlighting (Jonathon Reinhart)
- Fix Merge Request webhook to properly fire "merge" action when accepted from the web UI - Fix Merge Request webhook to properly fire "merge" action when accepted from the web UI
...@@ -29,6 +32,8 @@ v 7.13.0 (unreleased) ...@@ -29,6 +32,8 @@ v 7.13.0 (unreleased)
- Reporter role can manage issue tracker now: edit any issue, set assignee or milestone and manage labels - Reporter role can manage issue tracker now: edit any issue, set assignee or milestone and manage labels
- Better performance for pages with events list, issues list and commits list - Better performance for pages with events list, issues list and commits list
- Faster automerge check and merge itself when source and target branches are in same repository - Faster automerge check and merge itself when source and target branches are in same repository
- Correctly show anonymous authorized applications under Profile > Applications.
- Query Optimization in MySQL.
v 7.12.1 v 7.12.1
- Fix error when deleting a user who has projects (Stan Hu) - Fix error when deleting a user who has projects (Stan Hu)
...@@ -44,12 +49,10 @@ v 7.12.0 ...@@ -44,12 +49,10 @@ v 7.12.0
- Disable changing of target branch in new merge request page when a branch has already been specified (Stan Hu) - Disable changing of target branch in new merge request page when a branch has already been specified (Stan Hu)
- Fix post-receive errors on a push when an external issue tracker is configured (Stan Hu) - Fix post-receive errors on a push when an external issue tracker is configured (Stan Hu)
- Update oauth button logos for Twitter and Google to recommended assets - Update oauth button logos for Twitter and Google to recommended assets
- Fix hooks for web based events with external issue references (Daniel Gerhardt)
- Update browser gem to version 0.8.0 for IE11 support (Stan Hu) - Update browser gem to version 0.8.0 for IE11 support (Stan Hu)
- Fix timeout when rendering file with thousands of lines. - Fix timeout when rendering file with thousands of lines.
- Add "Remember me" checkbox to LDAP signin form. - Add "Remember me" checkbox to LDAP signin form.
- Add session expiration delay configuration through UI application settings - Add session expiration delay configuration through UI application settings
- Fix external issue tracker hook/test for HTTPS URLs (Daniel Gerhardt)
- Don't notify users mentioned in code blocks or blockquotes. - Don't notify users mentioned in code blocks or blockquotes.
- Omit link to generate labels if user does not have access to create them (Stan Hu) - Omit link to generate labels if user does not have access to create them (Stan Hu)
- Show warning when a comment will add 10 or more people to the discussion. - Show warning when a comment will add 10 or more people to the discussion.
......
...@@ -2,6 +2,10 @@ source "https://rubygems.org" ...@@ -2,6 +2,10 @@ source "https://rubygems.org"
gem 'rails', '4.1.11' gem 'rails', '4.1.11'
# Specify a sprockets version due to security issue
# See https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
gem 'sprockets', '~> 2.12.3'
# Default values for AR models # Default values for AR models
gem "default_value_for", "~> 3.0.0" gem "default_value_for", "~> 3.0.0"
...@@ -181,7 +185,7 @@ gem 'mousetrap-rails' ...@@ -181,7 +185,7 @@ gem 'mousetrap-rails'
# Detect and convert string character encoding # Detect and convert string character encoding
gem 'charlock_holmes' gem 'charlock_holmes'
gem "sass-rails", '~> 4.0.2' gem "sass-rails", '~> 4.0.5'
gem "coffee-rails" gem "coffee-rails"
gem "uglifier" gem "uglifier"
gem 'turbolinks', '~> 2.5.0' gem 'turbolinks', '~> 2.5.0'
...@@ -234,6 +238,12 @@ group :development, :test do ...@@ -234,6 +238,12 @@ group :development, :test do
gem 'rubocop', '0.28.0', require: false gem 'rubocop', '0.28.0', require: false
gem 'spinach-rails' gem 'spinach-rails'
# rest-client is a coveralls dependency and not used directly in GitLab, but
# we specify a version here to pick up some security fixes.
# See https://github.com/rest-client/rest-client/issues/369
# and http://www.osvdb.org/show/osvdb/117461
gem 'rest-client', '~> 1.8.0'
# Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826) # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
gem 'minitest', '~> 5.3.0' gem 'minitest', '~> 5.3.0'
......
...@@ -113,12 +113,12 @@ GEM ...@@ -113,12 +113,12 @@ GEM
colorize (0.5.8) colorize (0.5.8)
columnize (0.9.0) columnize (0.9.0)
connection_pool (2.1.0) connection_pool (2.1.0)
coveralls (0.7.0) coveralls (0.8.2)
multi_json (~> 1.3) json (~> 1.8)
rest-client rest-client (>= 1.6.8, < 2)
simplecov (>= 0.7) simplecov (~> 0.10.0)
term-ansicolor term-ansicolor (~> 1.3)
thor thor (~> 0.19.1)
crack (0.4.2) crack (0.4.2)
safe_yaml (~> 1.0.0) safe_yaml (~> 1.0.0)
creole (0.3.8) creole (0.3.8)
...@@ -149,6 +149,8 @@ GEM ...@@ -149,6 +149,8 @@ GEM
diff-lcs (1.2.5) diff-lcs (1.2.5)
diffy (3.0.3) diffy (3.0.3)
docile (1.1.5) docile (1.1.5)
domain_name (0.5.24)
unf (>= 0.0.5, < 1.0.0)
doorkeeper (2.1.3) doorkeeper (2.1.3)
railties (>= 3.2) railties (>= 3.2)
dotenv (0.9.0) dotenv (0.9.0)
...@@ -322,6 +324,8 @@ GEM ...@@ -322,6 +324,8 @@ GEM
html-pipeline (1.11.0) html-pipeline (1.11.0)
activesupport (>= 2) activesupport (>= 2)
nokogiri (~> 1.4) nokogiri (~> 1.4)
http-cookie (1.0.2)
domain_name (~> 0.5)
http_parser.rb (0.5.3) http_parser.rb (0.5.3)
httparty (0.13.3) httparty (0.13.3)
json (~> 1.8) json (~> 1.8)
...@@ -377,6 +381,7 @@ GEM ...@@ -377,6 +381,7 @@ GEM
net-scp (1.2.1) net-scp (1.2.1)
net-ssh (>= 2.6.5) net-ssh (>= 2.6.5)
net-ssh (2.9.2) net-ssh (2.9.2)
netrc (0.10.3)
newrelic_rpm (3.9.4.245) newrelic_rpm (3.9.4.245)
nokogiri (1.6.6.2) nokogiri (1.6.6.2)
mini_portile (~> 0.6.0) mini_portile (~> 0.6.0)
...@@ -525,8 +530,10 @@ GEM ...@@ -525,8 +530,10 @@ GEM
request_store (1.0.5) request_store (1.0.5)
rerun (0.10.0) rerun (0.10.0)
listen (~> 2.7, >= 2.7.3) listen (~> 2.7, >= 2.7.3)
rest-client (1.6.7) rest-client (1.8.0)
mime-types (>= 1.16) http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 3.0)
netrc (~> 0.7)
rinku (1.7.3) rinku (1.7.3)
rotp (1.6.1) rotp (1.6.1)
rouge (1.7.7) rouge (1.7.7)
...@@ -577,10 +584,10 @@ GEM ...@@ -577,10 +584,10 @@ GEM
sanitize (2.1.0) sanitize (2.1.0)
nokogiri (>= 1.4.4) nokogiri (>= 1.4.4)
sass (3.2.19) sass (3.2.19)
sass-rails (4.0.3) sass-rails (4.0.5)
railties (>= 4.0.0, < 5.0) railties (>= 4.0.0, < 5.0)
sass (~> 3.2.0) sass (~> 3.2.2)
sprockets (~> 2.8, <= 2.11.0) sprockets (~> 2.8, < 3.0)
sprockets-rails (~> 2.0) sprockets-rails (~> 2.0)
sawyer (0.6.0) sawyer (0.6.0)
addressable (~> 2.3.5) addressable (~> 2.3.5)
...@@ -608,11 +615,11 @@ GEM ...@@ -608,11 +615,11 @@ GEM
ice_cube (= 0.11.1) ice_cube (= 0.11.1)
sidekiq (>= 3.0.0) sidekiq (>= 3.0.0)
simple_oauth (0.1.9) simple_oauth (0.1.9)
simplecov (0.9.0) simplecov (0.10.0)
docile (~> 1.1.0) docile (~> 1.1.0)
multi_json json (~> 1.8)
simplecov-html (~> 0.8.0) simplecov-html (~> 0.10.0)
simplecov-html (0.8.0) simplecov-html (0.10.0)
sinatra (1.4.4) sinatra (1.4.4)
rack (~> 1.4) rack (~> 1.4)
rack-protection (~> 1.4) rack-protection (~> 1.4)
...@@ -637,12 +644,12 @@ GEM ...@@ -637,12 +644,12 @@ GEM
spring (>= 0.9.1) spring (>= 0.9.1)
spring-commands-teaspoon (0.0.2) spring-commands-teaspoon (0.0.2)
spring (>= 0.9.1) spring (>= 0.9.1)
sprockets (2.11.0) sprockets (2.12.4)
hike (~> 1.2) hike (~> 1.2)
multi_json (~> 1.0) multi_json (~> 1.0)
rack (~> 1.0) rack (~> 1.0)
tilt (~> 1.1, != 1.3.0) tilt (~> 1.1, != 1.3.0)
sprockets-rails (2.3.1) sprockets-rails (2.3.2)
actionpack (>= 3.0) actionpack (>= 3.0)
activesupport (>= 3.0) activesupport (>= 3.0)
sprockets (>= 2.8, < 4.0) sprockets (>= 2.8, < 4.0)
...@@ -657,8 +664,8 @@ GEM ...@@ -657,8 +664,8 @@ GEM
teaspoon-jasmine (2.2.0) teaspoon-jasmine (2.2.0)
teaspoon (>= 1.0.0) teaspoon (>= 1.0.0)
temple (0.6.7) temple (0.6.7)
term-ansicolor (1.2.2) term-ansicolor (1.3.2)
tins (~> 0.8) tins (~> 1.0)
terminal-table (1.4.5) terminal-table (1.4.5)
test_after_commit (0.2.2) test_after_commit (0.2.2)
thin (1.6.1) thin (1.6.1)
...@@ -680,7 +687,7 @@ GEM ...@@ -680,7 +687,7 @@ GEM
mime-types (~> 1.19) mime-types (~> 1.19)
multi_json (~> 1.7) multi_json (~> 1.7)
twitter-stream (~> 0.1) twitter-stream (~> 0.1)
tins (0.13.1) tins (1.5.4)
trollop (2.1.2) trollop (2.1.2)
turbolinks (2.5.3) turbolinks (2.5.3)
coffee-rails coffee-rails
...@@ -826,12 +833,13 @@ DEPENDENCIES ...@@ -826,12 +833,13 @@ DEPENDENCIES
redis-rails redis-rails
request_store request_store
rerun (~> 0.10.0) rerun (~> 0.10.0)
rest-client (~> 1.8.0)
rqrcode-rails3 rqrcode-rails3
rspec-rails (~> 3.3.0) rspec-rails (~> 3.3.0)
rubocop (= 0.28.0) rubocop (= 0.28.0)
rugments (~> 1.0.0.beta8) rugments (~> 1.0.0.beta8)
sanitize (~> 2.0) sanitize (~> 2.0)
sass-rails (~> 4.0.2) sass-rails (~> 4.0.5)
sdoc sdoc
seed-fu seed-fu
select2-rails select2-rails
...@@ -849,6 +857,7 @@ DEPENDENCIES ...@@ -849,6 +857,7 @@ DEPENDENCIES
spring-commands-rspec (~> 1.0.0) spring-commands-rspec (~> 1.0.0)
spring-commands-spinach (~> 1.0.0) spring-commands-spinach (~> 1.0.0)
spring-commands-teaspoon (~> 0.0.2) spring-commands-teaspoon (~> 0.0.2)
sprockets (~> 2.12.3)
stamp stamp
state_machine state_machine
task_list (= 1.0.2) task_list (= 1.0.2)
......
...@@ -19,3 +19,7 @@ ...@@ -19,3 +19,7 @@
height: 14em; height: 14em;
} }
} }
.gfm-commit, .gfm-commit_range {
font-family: $monospace_font;
}
...@@ -47,6 +47,14 @@ class Admin::UsersController < Admin::ApplicationController ...@@ -47,6 +47,14 @@ class Admin::UsersController < Admin::ApplicationController
end end
end end
def unlock
if user.unlock_access!
redirect_to :back, alert: "Successfully unlocked"
else
redirect_to :back, alert: "Error occurred. User was not unlocked"
end
end
def create def create
opts = { opts = {
force_random_password: true, force_random_password: true,
......
...@@ -4,7 +4,12 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio ...@@ -4,7 +4,12 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
layout 'profile' layout 'profile'
def destroy def destroy
if params[:token_id].present?
current_resource_owner.oauth_authorized_tokens.find(params[:token_id]).revoke
else
Doorkeeper::AccessToken.revoke_all_for(params[:id], current_resource_owner) Doorkeeper::AccessToken.revoke_all_for(params[:id], current_resource_owner)
end
redirect_to applications_profile_url, notice: I18n.t(:notice, scope: [:doorkeeper, :flash, :authorized_applications, :destroy]) redirect_to applications_profile_url, notice: I18n.t(:notice, scope: [:doorkeeper, :flash, :authorized_applications, :destroy])
end end
end end
...@@ -11,7 +11,8 @@ class ProfilesController < Profiles::ApplicationController ...@@ -11,7 +11,8 @@ class ProfilesController < Profiles::ApplicationController
def applications def applications
@applications = current_user.oauth_applications @applications = current_user.oauth_applications
@authorized_tokens = current_user.oauth_authorized_tokens @authorized_tokens = current_user.oauth_authorized_tokens
@authorized_apps = @authorized_tokens.map(&:application).uniq @authorized_anonymous_tokens = @authorized_tokens.reject(&:application)
@authorized_apps = @authorized_tokens.map(&:application).uniq - [nil]
end end
def update def update
......
...@@ -44,7 +44,7 @@ class Event < ActiveRecord::Base ...@@ -44,7 +44,7 @@ class Event < ActiveRecord::Base
after_create :reset_project_activity after_create :reset_project_activity
# Scopes # Scopes
scope :recent, -> { order("created_at DESC") } scope :recent, -> { order(created_at: :desc) }
scope :code_push, -> { where(action: PUSHED) } scope :code_push, -> { where(action: PUSHED) }
scope :in_projects, ->(project_ids) { where(project_id: project_ids).recent } scope :in_projects, ->(project_ids) { where(project_id: project_ids).recent }
scope :with_associations, -> { includes(project: :namespace) } scope :with_associations, -> { includes(project: :namespace) }
......
...@@ -16,7 +16,6 @@ ...@@ -16,7 +16,6 @@
- @deploy_keys.each do |deploy_key| - @deploy_keys.each do |deploy_key|
%tr %tr
%td %td
= link_to admin_deploy_key_path(deploy_key) do
%strong= deploy_key.title %strong= deploy_key.title
%td %td
%code.key-fingerprint= deploy_key.fingerprint %code.key-fingerprint= deploy_key.fingerprint
......
...@@ -93,6 +93,8 @@ ...@@ -93,6 +93,8 @@
= link_to 'Unblock', unblock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success" = link_to 'Unblock', unblock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success"
- else - else
= link_to 'Block', block_admin_user_path(user), data: {confirm: 'USER WILL BE BLOCKED! Are you sure?'}, method: :put, class: "btn btn-xs btn-warning" = link_to 'Block', block_admin_user_path(user), data: {confirm: 'USER WILL BE BLOCKED! Are you sure?'}, method: :put, class: "btn btn-xs btn-warning"
- if user.access_locked?
= link_to 'Unlock', unlock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success", data: { confirm: 'Are you sure?' }
- if user.can_be_removed? - if user.can_be_removed?
= link_to 'Destroy', [:admin, user], data: { confirm: "USER #{user.name} WILL BE REMOVED! All tickets linked to this user will also be removed! Maybe block the user instead? Are you sure?" }, method: :delete, class: "btn btn-xs btn-remove" = link_to 'Destroy', [:admin, user], data: { confirm: "USER #{user.name} WILL BE REMOVED! All tickets linked to this user will also be removed! Maybe block the user instead? Are you sure?" }, method: :delete, class: "btn btn-xs btn-remove"
= paginate @users, theme: "gitlab" = paginate @users, theme: "gitlab"
...@@ -131,6 +131,14 @@ ...@@ -131,6 +131,14 @@
%li Owned groups will be left %li Owned groups will be left
%br %br
= link_to 'Block user', block_admin_user_path(@user), data: { confirm: 'USER WILL BE BLOCKED! Are you sure?' }, method: :put, class: "btn btn-warning" = link_to 'Block user', block_admin_user_path(@user), data: { confirm: 'USER WILL BE BLOCKED! Are you sure?' }, method: :put, class: "btn btn-warning"
- if @user.access_locked?
.panel.panel-info
.panel-heading
This account has been locked
.panel-body
%p This user has been temporarily locked due to excessive number of failed logins. You may manually unlock the account.
%br
= link_to 'Unlock user', unlock_admin_user_path(@user), method: :put, class: "btn btn-info", data: { confirm: 'Are you sure?' }
.panel.panel-danger .panel.panel-danger
.panel-heading .panel-heading
......
- submit_btn_css ||= 'btn btn-link btn-remove' - submit_btn_css ||= 'btn btn-link btn-remove'
= form_tag oauth_authorized_application_path(application) do - if defined?(token)
- path = oauth_authorized_application_path(0, token_id: token)
- else
- path = oauth_authorized_application_path(application)
= form_tag path do
%input{:name => "_method", :type => "hidden", :value => "delete"}/ %input{:name => "_method", :type => "hidden", :value => "delete"}/
= submit_tag 'Revoke', onclick: "return confirm('Are you sure?')", class: 'btn btn-link btn-remove btn-sm' = submit_tag 'Revoke', onclick: "return confirm('Are you sure?')", class: 'btn btn-link btn-remove btn-sm'
...@@ -56,5 +56,14 @@ ...@@ -56,5 +56,14 @@
%td= token.created_at %td= token.created_at
%td= token.scopes %td= token.scopes
%td= render 'doorkeeper/authorized_applications/delete_form', application: app %td= render 'doorkeeper/authorized_applications/delete_form', application: app
- @authorized_anonymous_tokens.each do |token|
%tr
%td
Anonymous
%div.help-block
%em Authorization was granted by entering your username and password in the application.
%td= token.created_at
%td= token.scopes
%td= render 'doorkeeper/authorized_applications/delete_form', token: token
- else - else
%p.light You dont have any authorized applications %p.light You dont have any authorized applications
...@@ -158,6 +158,7 @@ Gitlab::Application.routes.draw do ...@@ -158,6 +158,7 @@ Gitlab::Application.routes.draw do
put :team_update put :team_update
put :block put :block
put :unblock put :unblock
put :unlock
delete 'remove/:email_id', action: 'remove_email', as: 'remove_email' delete 'remove/:email_id', action: 'remove_email', as: 'remove_email'
end end
end end
......
...@@ -75,3 +75,8 @@ At a minimum the IdP *must* provide a claim containing the user's email address, ...@@ -75,3 +75,8 @@ At a minimum the IdP *must* provide a claim containing the user's email address,
On the sign in page there should now be a SAML button below the regular sign in form. Click the icon to begin the authentication process. If everything goes well the user will be returned to GitLab and will be signed in. On the sign in page there should now be a SAML button below the regular sign in form. Click the icon to begin the authentication process. If everything goes well the user will be returned to GitLab and will be signed in.
## Troubleshooting
If you see a "500 error" in GitLab when you are redirected back from the SAML sign in page, this likely indicates that GitLab could not get the email address for the SAML user.
Make sure the IdP provides a claim containing the user's email address, using claim name 'email' or 'mail'. The email will be used to automatically generate the GitLab username.
...@@ -21,4 +21,19 @@ describe Admin::UsersController do ...@@ -21,4 +21,19 @@ describe Admin::UsersController do
expect { User.find(user.id) }.to raise_exception(ActiveRecord::RecordNotFound) expect { User.find(user.id) }.to raise_exception(ActiveRecord::RecordNotFound)
end end
end end
describe 'PUT unlock/:id' do
let(:user) { create(:user) }
before do
request.env["HTTP_REFERER"] = "/"
user.lock_access!
end
it 'unlocks user' do
put :unlock, id: user.username
user.reload
expect(user.access_locked?).to be_falsey
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment