Add latest changes from gitlab-org/gitlab@13-2-stable-ee

37e3c3bb · GitLab Bot · b55baf59 · 37e3c3bb · 37e3c3bb · 37e3c3bb
23 changed file
--- a/app/assets/javascripts/jira_import/components/jira_import_app.vue
+++ b/app/assets/javascripts/jira_import/components/jira_import_app.vue
@@ -104,7 +104,6 @@ export default {
          variables: {
            input: {
              projectPath: this.projectPath,
-              startAt: 1,
            },
          },
        })

--- a/app/graphql/mutations/jira_import/import_users.rb
+++ b/app/graphql/mutations/jira_import/import_users.rb
@@ -19,10 +19,10 @@ module Mutations
               required: false,
               description: 'The index of the record the import should started at, default 0 (50 records returned)'

-      def resolve(project_path:, start_at:)
+      def resolve(project_path:, start_at: 0)
        project = authorized_find!(full_path: project_path)

-        service_response = ::JiraImport::UsersImporter.new(context[:current_user], project, start_at).execute
+        service_response = ::JiraImport::UsersImporter.new(context[:current_user], project, start_at.to_i).execute

        {
          jira_users: service_response.payload,

--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -262,7 +262,7 @@ module ApplicationSettingsHelper
      :login_recaptcha_protection_enabled,
      :receive_max_input_size,
      :repository_checks_enabled,
-      :repository_storages,
+      :repository_storages_weighted,
      :require_two_factor_authentication,
      :restricted_visibility_levels,
      :rsa_key_restriction,

--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -283,10 +283,6 @@ class ApplicationSetting < ApplicationRecord

  validates :allowed_key_types, presence: true

-  repository_storages_weighted_attributes.each do |attribute|
-    validates attribute, allow_nil: true, numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than_or_equal_to: 100 }
-  end
-
  validates_each :restricted_visibility_levels do |record, attr, value|
    value&.each do |level|
      unless Gitlab::VisibilityLevel.options.value?(level)

--- a/app/models/application_setting_implementation.rb
+++ b/app/models/application_setting_implementation.rb
@@ -451,6 +451,13 @@ module ApplicationSettingImplementation
    invalid = repository_storages_weighted.keys - Gitlab.config.repositories.storages.keys
    errors.add(:repository_storages_weighted, "can't include: %{invalid_storages}" % { invalid_storages: invalid.join(", ") }) unless
      invalid.empty?
+
+    repository_storages_weighted.each do |key, val|
+      next unless val.present?
+
+      errors.add(:"repository_storages_weighted_#{key}", "value must be an integer") unless val.is_a?(Integer)
+      errors.add(:"repository_storages_weighted_#{key}", "value must be between 0 and 100") unless val.between?(0, 100)
+    end
  end

  def terms_exist

--- a/changelogs/unreleased/232534-skip-running-unconfirm-migration-when-email-confirmation-is-off.yml
+++ b/changelogs/unreleased/232534-skip-running-unconfirm-migration-when-email-confirmation-is-off.yml
+---
+title: Skip mass unconfirming users when send_user_confirmation_email setting is off
+merge_request: 38024
+author:
+type: changed
--- a/changelogs/unreleased/cngo-fix-jira-import-users-startat.yml
+++ b/changelogs/unreleased/cngo-fix-jira-import-users-startat.yml
+---
+title: Fix JiraImportUsersInput startAt field
+merge_request: 37492
+author:
+type: fixed
--- a/changelogs/unreleased/jc-coerce-repository-storages-weighted-api.yml
+++ b/changelogs/unreleased/jc-coerce-repository-storages-weighted-api.yml
+---
+title: Coerce repository_storages_weighted, removes repository_storages
+merge_request: 36376
+author:
+type: fixed
--- a/changelogs/unreleased/show-email-unconfirmed-message-in-git-auth.yml
+++ b/changelogs/unreleased/show-email-unconfirmed-message-in-git-auth.yml
+---
+title: Provide better git error message when the user is unconfirmed
+merge_request: 37944
+author:
+type: fixed
--- a/db/post_migrate/20200615111857_unconfirm_wrongfully_verified_emails.rb
+++ b/db/post_migrate/20200615111857_unconfirm_wrongfully_verified_emails.rb
@@ -12,6 +12,10 @@ class UnconfirmWrongfullyVerifiedEmails < ActiveRecord::Migration[6.0]
  MIGRATION = 'WrongfullyConfirmedEmailUnconfirmer'
  EMAIL_INDEX_NAME = 'tmp_index_for_email_unconfirmation_migration'

+  class ApplicationSetting < ActiveRecord::Base
+    self.table_name = 'application_settings'
+  end
+
  class Email < ActiveRecord::Base
    include EachBatch
  end
@@ -19,6 +23,11 @@ class UnconfirmWrongfullyVerifiedEmails < ActiveRecord::Migration[6.0]
  def up
    add_concurrent_index :emails, :id, where: 'confirmed_at IS NOT NULL', name: EMAIL_INDEX_NAME

+    ApplicationSetting.reset_column_information
+
+    setting_record = ApplicationSetting.last
+    return unless setting_record&.send_user_confirmation_email
+
    queue_background_migration_jobs_by_range_at_intervals(Email,
                                                          MIGRATION,
                                                          INTERVAL,

--- a/doc/user/group/iterations/index.md
+++ b/doc/user/group/iterations/index.md
@@ -57,6 +57,13 @@ You need Developer [permissions](../../permissions.md) or higher to edit an iter

 To edit an iteration, click the three-dot menu (**{ellipsis_v}**) > **Edit iteration**.

+## Add an issue to an iteration
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/216158) in [GitLab Starter](https://about.gitlab.com/pricing/) 13.2.
+
+To learn how to add an issue to an iteration, see the steps in
+[Managing issues](../../project/issues/managing_issues.md#add-an-issue-to-an-iteration-starter).
+
 ## Disable Iterations **(CORE ONLY)**

 GitLab Iterations feature is deployed with a feature flag that is **enabled by default**.

--- a/doc/user/project/issues/managing_issues.md
+++ b/doc/user/project/issues/managing_issues.md
@@ -272,9 +272,18 @@ of your installation.

 ## Deleting issues

-> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/2982) in GitLab 8.6
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/2982) in GitLab 8.6.

 Users with [project owner permission](../../permissions.md) can delete an issue by
 editing it and clicking on the delete button.

 ![delete issue - button](img/delete_issue.png)
+
+## Add an issue to an iteration **(STARTER)**
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/216158) in [GitLab Starter](https://about.gitlab.com/pricing/) 13.2.
+
+To add an issue to an [iteration](../../group/iterations/index.md):
+
+1. In an issue sidebar, click **Edit** next to **Iteration**. A dropdown appears.
+1. Click an iteration you'd like to associate this issue with.
--- a/lib/api/settings.rb
+++ b/lib/api/settings.rb
@@ -114,8 +114,7 @@ module API
        requires :recaptcha_private_key, type: String, desc: 'Generate private key at http://www.google.com/recaptcha'
      end
      optional :repository_checks_enabled, type: Boolean, desc: "GitLab will periodically run 'git fsck' in all project and wiki repositories to look for silent disk corruption issues."
-      optional :repository_storages, type: Array[String], coerce_with: Validations::Types::CommaSeparatedToArray.coerce, desc: 'Storage paths for new projects'
-      optional :repository_storages_weighted, type: Hash, desc: 'Storage paths for new projects with a weighted value between 0 and 100'
+      optional :repository_storages_weighted, type: Hash, coerce_with: Validations::Types::HashOfIntegerValues.coerce, desc: 'Storage paths for new projects with a weighted value ranging from 0 to 100'
      optional :require_two_factor_authentication, type: Boolean, desc: 'Require all users to set up Two-factor authentication'
      given require_two_factor_authentication: ->(val) { val } do
        requires :two_factor_grace_period, type: Integer, desc: 'Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication'

--- a/lib/api/validations/types/hash_of_integer_values.rb
+++ b/lib/api/validations/types/hash_of_integer_values.rb
+# frozen_string_literal: true
+
+module API
+  module Validations
+    module Types
+      class HashOfIntegerValues
+        def self.coerce
+          lambda do |value|
+            case value
+            when Hash
+              value.transform_values(&:to_i)
+            else
+              value
+            end
+          end
+        end
+      end
+    end
+  end
+end
--- a/lib/gitlab/auth/user_access_denied_reason.rb
+++ b/lib/gitlab/auth/user_access_denied_reason.rb
@@ -17,6 +17,10 @@ module Gitlab
        when :deactivated
          "Your account has been deactivated by your administrator. "\
          "Please log back in from a web browser to reactivate your account at #{Gitlab.config.gitlab.url}"
+        when :unconfirmed
+          "Your primary email address is not confirmed. "\
+          "Please check your inbox for the confirmation instructions. "\
+          "In case the link is expired, you can request a new confirmation email at #{Rails.application.routes.url_helpers.new_user_confirmation_url}"
        else
          "Your account has been blocked."
        end
@@ -31,6 +35,8 @@ module Gitlab
          :terms_not_accepted
        elsif @user.deactivated?
          :deactivated
+        elsif !@user.confirmed?
+          :unconfirmed
        else
          :blocked
        end

--- a/lib/gitlab/background_migration/wrongfully_confirmed_email_unconfirmer.rb
+++ b/lib/gitlab/background_migration/wrongfully_confirmed_email_unconfirmer.rb
@@ -30,6 +30,7 @@ module Gitlab
            .where('emails.confirmed_at IS NOT NULL')
            .where('emails.confirmed_at = users.confirmed_at')
            .where('emails.email <> users.email')
+            .where('NOT EXISTS (SELECT 1 FROM user_synced_attributes_metadata WHERE user_id=users.id AND email_synced IS true)')
        end
      end


--- a/spec/frontend/jira_import/components/jira_import_app_spec.js
+++ b/spec/frontend/jira_import/components/jira_import_app_spec.js
@@ -306,7 +306,6 @@ describe('JiraImportApp', () => {
        variables: {
          input: {
            projectPath: 'gitlab-org/gitlab-test',
-            startAt: 1,
          },
        },
      };

--- a/spec/lib/gitlab/auth/user_access_denied_reason_spec.rb
+++ b/spec/lib/gitlab/auth/user_access_denied_reason_spec.rb
@@ -41,5 +41,13 @@ RSpec.describe Gitlab::Auth::UserAccessDeniedReason do

      it { is_expected.to eq "Your account has been deactivated by your administrator. Please log back in from a web browser to reactivate your account at #{Gitlab.config.gitlab.url}" }
    end
+
+    context 'when the user is unconfirmed' do
+      before do
+        user.update!(confirmed_at: nil)
+      end
+
+      it { is_expected.to match /Your primary email address is not confirmed/ }
+    end
  end
 end
--- a/spec/lib/gitlab/background_migration/wrongfully_confirmed_email_unconfirmer_spec.rb
+++ b/spec/lib/gitlab/background_migration/wrongfully_confirmed_email_unconfirmer_spec.rb
@@ -5,6 +5,7 @@ require 'spec_helper'
 RSpec.describe Gitlab::BackgroundMigration::WrongfullyConfirmedEmailUnconfirmer, schema: 20200615111857 do
  let(:users) { table(:users) }
  let(:emails) { table(:emails) }
+  let(:user_synced_attributes_metadata) { table(:user_synced_attributes_metadata) }
  let(:confirmed_at_2_days_ago) { 2.days.ago }
  let(:confirmed_at_3_days_ago) { 3.days.ago }
  let(:one_year_ago) { 1.year.ago }
@@ -14,6 +15,8 @@ RSpec.describe Gitlab::BackgroundMigration::WrongfullyConfirmedEmailUnconfirmer,
  let!(:user_does_not_need_migration) { users.create!(name: 'user3', email: 'test3@test.com', state: 'active', projects_limit: 1) }
  let!(:inactive_user) { users.create!(name: 'user4', email: 'test4@test.com', state: 'blocked', projects_limit: 1, confirmed_at: confirmed_at_3_days_ago, confirmation_sent_at: one_year_ago) }
  let!(:alert_bot_user) { users.create!(name: 'user5', email: 'test5@test.com', state: 'active', user_type: 2, projects_limit: 1, confirmed_at: confirmed_at_3_days_ago, confirmation_sent_at: one_year_ago) }
+  let!(:user_has_synced_email) { users.create!(name: 'user6', email: 'test6@test.com', state: 'active', projects_limit: 1, confirmed_at: confirmed_at_2_days_ago, confirmation_sent_at: one_year_ago) }
+  let!(:synced_attributes_metadata_for_user) { user_synced_attributes_metadata.create!(user_id: user_has_synced_email.id, email_synced: true) }

  let!(:bad_email_1) { emails.create!(user_id: user_needs_migration_1.id, email: 'other1@test.com', confirmed_at: confirmed_at_2_days_ago, confirmation_sent_at: one_year_ago) }
  let!(:bad_email_2) { emails.create!(user_id: user_needs_migration_2.id, email: 'other2@test.com', confirmed_at: confirmed_at_3_days_ago, confirmation_sent_at: one_year_ago) }
@@ -24,8 +27,10 @@ RSpec.describe Gitlab::BackgroundMigration::WrongfullyConfirmedEmailUnconfirmer,
  let!(:good_email_2) { emails.create!(user_id: user_needs_migration_2.id, email: 'other4@test.com', confirmed_at: nil) }
  let!(:good_email_3) { emails.create!(user_id: user_does_not_need_migration.id, email: 'other5@test.com', confirmed_at: confirmed_at_2_days_ago, confirmation_sent_at: one_year_ago) }

+  let!(:second_email_for_user_with_synced_email) { emails.create!(user_id: user_has_synced_email.id, email: 'other6@test.com', confirmed_at: confirmed_at_2_days_ago, confirmation_sent_at: one_year_ago) }
+
  subject do
-    email_ids = [bad_email_1, bad_email_2, good_email_1, good_email_2, good_email_3].map(&:id)
+    email_ids = [bad_email_1, bad_email_2, good_email_1, good_email_2, good_email_3, second_email_for_user_with_synced_email].map(&:id)

    described_class.new.perform(email_ids.min, email_ids.max)
  end
@@ -61,10 +66,12 @@ RSpec.describe Gitlab::BackgroundMigration::WrongfullyConfirmedEmailUnconfirmer,
    expect(user_does_not_need_migration.reload.confirmed_at).to be_nil
    expect(inactive_user.reload.confirmed_at).to be_within(1.second).of(confirmed_at_3_days_ago)
    expect(alert_bot_user.reload.confirmed_at).to be_within(1.second).of(confirmed_at_3_days_ago)
+    expect(user_has_synced_email.reload.confirmed_at).to be_within(1.second).of(confirmed_at_2_days_ago)

    expect(user_does_not_need_migration.reload.confirmation_sent_at).to be_nil
    expect(inactive_user.reload.confirmation_sent_at).to be_within(1.second).of(one_year_ago)
    expect(alert_bot_user.reload.confirmation_sent_at).to be_within(1.second).of(one_year_ago)
+    expect(user_has_synced_email.confirmation_sent_at).to be_within(1.second).of(one_year_ago)
  end

  it 'updates confirmation_sent_at column' do

--- a/spec/migrations/unconfirm_wrongfully_verified_emails_spec.rb
+++ b/spec/migrations/unconfirm_wrongfully_verified_emails_spec.rb
@@ -9,13 +9,47 @@ RSpec.describe UnconfirmWrongfullyVerifiedEmails do
    table(:emails).create!(email: 'test2@test.com', user_id: user.id)
  end

-  it 'enqueues WrongullyConfirmedEmailUnconfirmer job' do
-    Sidekiq::Testing.fake! do
-      migrate!
+  context 'when email confirmation is enabled' do
+    before do
+      table(:application_settings).create!(send_user_confirmation_email: true)
+    end
+
+    it 'enqueues WrongullyConfirmedEmailUnconfirmer job' do
+      Sidekiq::Testing.fake! do
+        migrate!
+
+        jobs = BackgroundMigrationWorker.jobs
+        expect(jobs.size).to eq(1)
+        expect(jobs.first["args"].first).to eq(Gitlab::BackgroundMigration::WrongfullyConfirmedEmailUnconfirmer.name.demodulize)
+      end
+    end
+  end
+
+  context 'when email confirmation is disabled' do
+    before do
+      table(:application_settings).create!(send_user_confirmation_email: false)
+    end
+
+    it 'does not enqueue WrongullyConfirmedEmailUnconfirmer job' do
+      Sidekiq::Testing.fake! do
+        migrate!
+
+        expect(BackgroundMigrationWorker.jobs.size).to eq(0)
+      end
+    end
+  end
+
+  context 'when email application setting record does not exist' do
+    before do
+      table(:application_settings).delete_all
+    end
+
+    it 'does not enqueue WrongullyConfirmedEmailUnconfirmer job' do
+      Sidekiq::Testing.fake! do
+        migrate!

-      jobs = BackgroundMigrationWorker.jobs
-      expect(jobs.size).to eq(1)
-      expect(jobs.first["args"].first).to eq(Gitlab::BackgroundMigration::WrongfullyConfirmedEmailUnconfirmer.name.demodulize)
+        expect(BackgroundMigrationWorker.jobs.size).to eq(0)
+      end
    end
  end
 end
--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -106,6 +106,7 @@ RSpec.describe ApplicationSetting do
    it { is_expected.not_to allow_value(false).for(:hashed_storage_enabled) }

    it { is_expected.not_to allow_value(101).for(:repository_storages_weighted_default) }
+    it { is_expected.to allow_value('90').for(:repository_storages_weighted_default) }
    it { is_expected.not_to allow_value(-1).for(:repository_storages_weighted_default) }
    it { is_expected.to allow_value(100).for(:repository_storages_weighted_default) }
    it { is_expected.to allow_value(0).for(:repository_storages_weighted_default) }

--- a/spec/requests/api/graphql/mutations/jira_import/import_users_spec.rb
+++ b/spec/requests/api/graphql/mutations/jira_import/import_users_spec.rb
@@ -8,15 +8,17 @@ RSpec.describe 'Importing Jira Users' do

  let_it_be(:user)    { create(:user) }
  let_it_be(:project) { create(:project) }
+  let(:importer) { instance_double(JiraImport::UsersImporter) }
  let(:project_path)  { project.full_path }
  let(:start_at)      { 7 }
-
-  let(:mutation) do
-    variables = {
+  let(:variables) do
+    {
      start_at: start_at,
      project_path: project_path
    }
+  end

+  let(:mutation) do
    graphql_mutation(:jira_import_users, variables)
  end

@@ -65,9 +67,38 @@ RSpec.describe 'Importing Jira Users' do
      end
    end

-    context 'when all params and permissions are ok' do
-      let(:importer) { instance_double(JiraImport::UsersImporter) }
+    context 'with start_at' do
+      RSpec.shared_examples 'start users import at zero' do
+        it 'returns imported users' do
+          users = [{ jira_account_id: '12a', jira_display_name: 'user 1' }]
+          result = ServiceResponse.success(payload: users)
+
+          expect(importer).to receive(:execute).and_return(result)
+          expect(JiraImport::UsersImporter).to receive(:new).with(current_user, project, 0).and_return(importer)

+          post_graphql_mutation(mutation, current_user: current_user)
+        end
+      end
+
+      context 'when nil' do
+        let(:variables) do
+          {
+            start_at: nil,
+            project_path: project_path
+          }
+        end
+
+        it_behaves_like 'start users import at zero'
+      end
+
+      context 'when not provided' do
+        let(:variables) { { project_path: project_path } }
+
+        it_behaves_like 'start users import at zero'
+      end
+    end
+
+    context 'when all params and permissions are ok' do
      before do
        expect(JiraImport::UsersImporter).to receive(:new).with(current_user, project, 7)
          .and_return(importer)

--- a/spec/requests/api/settings_spec.rb
+++ b/spec/requests/api/settings_spec.rb
@@ -15,7 +15,7 @@ RSpec.describe API::Settings, 'Settings' do
      expect(json_response).to be_an Hash
      expect(json_response['default_projects_limit']).to eq(42)
      expect(json_response['password_authentication_enabled_for_web']).to be_truthy
-      expect(json_response['repository_storages']).to eq(['default'])
+      expect(json_response['repository_storages_weighted']).to eq({ 'default' => 100 })
      expect(json_response['password_authentication_enabled']).to be_truthy
      expect(json_response['plantuml_enabled']).to be_falsey
      expect(json_response['plantuml_url']).to be_nil
@@ -55,6 +55,28 @@ RSpec.describe API::Settings, 'Settings' do
        stub_feature_flags(sourcegraph: true)
      end

+      it "coerces repository_storages_weighted to an int" do
+        put api("/application/settings", admin),
+          params: {
+            repository_storages_weighted: { 'custom' => '75' }
+          }
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(json_response['repository_storages_weighted']).to eq({ 'custom' => 75 })
+      end
+
+      context "repository_storages_weighted value is outside a 0-100 range" do
+        [-1, 101].each do |out_of_range_int|
+          it "returns a :bad_request for #{out_of_range_int}" do
+            put api("/application/settings", admin),
+              params: {
+                repository_storages_weighted: { 'custom' => out_of_range_int }
+              }
+            expect(response).to have_gitlab_http_status(:bad_request)
+          end
+        end
+      end
+
      it "updates application settings" do
        put api("/application/settings", admin),
          params: {
@@ -62,7 +84,7 @@ RSpec.describe API::Settings, 'Settings' do
            default_projects_limit: 3,
            default_project_creation: 2,
            password_authentication_enabled_for_web: false,
-            repository_storages: 'custom',
+            repository_storages_weighted: { 'custom' => 100 },
            plantuml_enabled: true,
            plantuml_url: 'http://plantuml.example.com',
            sourcegraph_enabled: true,
@@ -104,7 +126,7 @@ RSpec.describe API::Settings, 'Settings' do
        expect(json_response['default_projects_limit']).to eq(3)
        expect(json_response['default_project_creation']).to eq(::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS)
        expect(json_response['password_authentication_enabled_for_web']).to be_falsey
-        expect(json_response['repository_storages']).to eq(['custom'])
+        expect(json_response['repository_storages_weighted']).to eq({ 'custom' => 100 })
        expect(json_response['plantuml_enabled']).to be_truthy
        expect(json_response['plantuml_url']).to eq('http://plantuml.example.com')
        expect(json_response['sourcegraph_enabled']).to be_truthy