diff --git a/Gemfile b/Gemfile index 938c6187325b3d2b0eb74d26d114fd67639bca96..219c190c26d2e0ea93a244521262e29d533d5e26 100644 --- a/Gemfile +++ b/Gemfile @@ -417,7 +417,7 @@ end gem 'octokit', '~> 4.9' -gem 'mail_room', '~> 0.9.1' +gem 'mail_room', '~> 0.10.0' gem 'email_reply_trimmer', '~> 0.1' gem 'html2text' diff --git a/Gemfile.lock b/Gemfile.lock index 6cb2daa25be3105af45e4cf73a06ba06b62fe494..8d8fa9cbffd1e4f473f8aa872d122979a244fbc9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -593,7 +593,7 @@ GEM lumberjack (1.0.13) mail (2.7.1) mini_mime (>= 0.1.1) - mail_room (0.9.1) + mail_room (0.10.0) marcel (0.3.3) mimemagic (~> 0.3.2) marginalia (1.8.0) @@ -1247,7 +1247,7 @@ DEPENDENCIES licensee (~> 8.9) lograge (~> 0.5) loofah (~> 2.2) - mail_room (~> 0.9.1) + mail_room (~> 0.10.0) marginalia (~> 1.8.0) memory_profiler (~> 0.9) method_source (~> 0.8) diff --git a/app/assets/javascripts/blob/openapi/index.js b/app/assets/javascripts/blob/openapi/index.js new file mode 100644 index 0000000000000000000000000000000000000000..a6f28de799f958c4e504059feb7acaf46cba0caf --- /dev/null +++ b/app/assets/javascripts/blob/openapi/index.js @@ -0,0 +1,19 @@ +import { SwaggerUIBundle } from 'swagger-ui-dist'; +import flash from '~/flash'; +import { __ } from '~/locale'; + +export default () => { + const el = document.getElementById('js-openapi-viewer'); + + Promise.all([import(/* webpackChunkName: 'openapi' */ 'swagger-ui-dist/swagger-ui.css')]) + .then(() => { + SwaggerUIBundle({ + url: el.dataset.endpoint, + dom_id: '#js-openapi-viewer', + }); + }) + .catch(error => { + flash(__('Something went wrong while initializing the OpenAPI viewer')); + throw error; + }); +}; diff --git a/app/assets/javascripts/blob/openapi_viewer.js b/app/assets/javascripts/blob/openapi_viewer.js new file mode 100644 index 0000000000000000000000000000000000000000..0cacc33571fc0f33aaaee18dbf8c5c5e31ed42fd --- /dev/null +++ b/app/assets/javascripts/blob/openapi_viewer.js @@ -0,0 +1,3 @@ +import renderOpenApi from './openapi'; + +export default renderOpenApi; diff --git a/app/assets/javascripts/blob/viewer/index.js b/app/assets/javascripts/blob/viewer/index.js index 07e4dde41d9ced448c0af9fd4c080c9b4fd0b013..742404da46c1995af116f7b5e33dd176e329d1a0 100644 --- a/app/assets/javascripts/blob/viewer/index.js +++ b/app/assets/javascripts/blob/viewer/index.js @@ -39,6 +39,9 @@ export default class BlobViewer { case 'notebook': initViewer(import(/* webpackChunkName: 'notebook_viewer' */ '../notebook_viewer')); break; + case 'openapi': + initViewer(import(/* webpackChunkName: 'openapi_viewer' */ '../openapi_viewer')); + break; case 'pdf': initViewer(import(/* webpackChunkName: 'pdf_viewer' */ '../pdf_viewer')); break; diff --git a/app/assets/javascripts/lib/utils/axios_utils.js b/app/assets/javascripts/lib/utils/axios_utils.js index a04fe609015407fbd01adc79211391d5301980c1..4eec5bffc6674ad1c8ac6cbf3fae6c47afeafd91 100644 --- a/app/assets/javascripts/lib/utils/axios_utils.js +++ b/app/assets/javascripts/lib/utils/axios_utils.js @@ -33,11 +33,9 @@ window.addEventListener('beforeunload', () => { // Ignore AJAX errors caused by requests // being cancelled due to browser navigation -const { gon } = window; -const featureFlagEnabled = gon && gon.features && gon.features.suppressAjaxNavigationErrors; axios.interceptors.response.use( response => response, - err => suppressAjaxErrorsDuringNavigation(err, isUserNavigating, featureFlagEnabled), + err => suppressAjaxErrorsDuringNavigation(err, isUserNavigating), ); export default axios; diff --git a/app/assets/javascripts/lib/utils/suppress_ajax_errors_during_navigation.js b/app/assets/javascripts/lib/utils/suppress_ajax_errors_during_navigation.js index 4c61da9b86278595ae56b08c4c64b7aa3ef624dd..fb4d9b7de9cb90f40bd43c19ba59baa1fe90a893 100644 --- a/app/assets/javascripts/lib/utils/suppress_ajax_errors_during_navigation.js +++ b/app/assets/javascripts/lib/utils/suppress_ajax_errors_during_navigation.js @@ -2,8 +2,8 @@ * An Axios error interceptor that suppresses AJAX errors caused * by the request being cancelled when the user navigates to a new page */ -export default (err, isUserNavigating, featureFlagEnabled) => { - if (featureFlagEnabled && isUserNavigating && err.code === 'ECONNABORTED') { +export default (err, isUserNavigating) => { + if (isUserNavigating && err.code === 'ECONNABORTED') { // If the user is navigating away from the current page, // prevent .then() and .catch() handlers from being // called by returning a Promise that never resolves diff --git a/app/assets/stylesheets/framework/files.scss b/app/assets/stylesheets/framework/files.scss index e7b5629b9997027507ac64065e2e71283d3358b7..8e0314bc6daf7df5f80bb62f7cebe431f3c829ae 100644 --- a/app/assets/stylesheets/framework/files.scss +++ b/app/assets/stylesheets/framework/files.scss @@ -486,3 +486,8 @@ span.idiff { overflow-y: auto; max-height: 20rem; } + +#js-openapi-viewer pre.version { + background-color: transparent; + border: transparent; +} diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ba986c495e215f075d7e63974058db2ae812dad6..f5306801c049f4a695581af8ab2bc8051d361554 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -165,7 +165,7 @@ class ApplicationController < ActionController::Base end def log_exception(exception) - Gitlab::Sentry.track_exception(exception) + Gitlab::ErrorTracking.track_exception(exception) backtrace_cleaner = request.env["action_dispatch.backtrace_cleaner"] application_trace = ActionDispatch::ExceptionWrapper.new(backtrace_cleaner, exception).application_trace @@ -533,7 +533,7 @@ class ApplicationController < ActionController::Base end def sentry_context(&block) - Gitlab::Sentry.with_context(current_user, &block) + Gitlab::ErrorTracking.with_context(current_user, &block) end def allow_gitaly_ref_name_caching diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb index 4a1b06bf01ffc003b5b2d7c1f62093bad1b187f0..c4abaacd573cd3affa79fff9a82c371930618bec 100644 --- a/app/controllers/concerns/issuable_actions.rb +++ b/app/controllers/concerns/issuable_actions.rb @@ -98,7 +98,7 @@ module IssuableActions error_message = "Destroy confirmation not provided for #{issuable.human_class_name}" exception = RuntimeError.new(error_message) - Gitlab::Sentry.track_exception( + Gitlab::ErrorTracking.track_exception( exception, project_path: issuable.project.full_path, issuable_type: issuable.class.name, diff --git a/app/controllers/projects/ci/lints_controller.rb b/app/controllers/projects/ci/lints_controller.rb index d7a0b7ece143d757f2e784e1bb97241798a1500b..812420e970876249d920fc64c74e106e8a1cd346 100644 --- a/app/controllers/projects/ci/lints_controller.rb +++ b/app/controllers/projects/ci/lints_controller.rb @@ -8,11 +8,13 @@ class Projects::Ci::LintsController < Projects::ApplicationController def create @content = params[:content] - @error = Gitlab::Ci::YamlProcessor.validation_message(@content, yaml_processor_options) - @status = @error.blank? + result = Gitlab::Ci::YamlProcessor.new_with_validation_errors(@content, yaml_processor_options) - if @error.blank? - @config_processor = Gitlab::Ci::YamlProcessor.new(@content, yaml_processor_options) + @error = result.errors.join(', ') + @status = result.valid? + + if result.valid? + @config_processor = result.content @stages = @config_processor.stages @builds = @config_processor.builds @jobs = @config_processor.jobs diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb index d9416cb10c4289f63e7e7909276360cc5e228dcc..71e4195c50fca06f5355d356e1aaa22d75da9760 100644 --- a/app/helpers/application_settings_helper.rb +++ b/app/helpers/application_settings_helper.rb @@ -232,6 +232,7 @@ module ApplicationSettingsHelper :metrics_port, :metrics_sample_interval, :metrics_timeout, + :minimum_password_length, :mirror_available, :pages_domain_verification_enabled, :password_authentication_enabled_for_web, diff --git a/app/helpers/icons_helper.rb b/app/helpers/icons_helper.rb index cacb4113cb2e1806fed4efb930a8c21d655c0112..876789e0d4af78764ae189f6cd1069d207dfecd5 100644 --- a/app/helpers/icons_helper.rb +++ b/app/helpers/icons_helper.rb @@ -44,7 +44,7 @@ module IconsHelper def sprite_icon(icon_name, size: nil, css_class: nil) if known_sprites&.exclude?(icon_name) exception = ArgumentError.new("#{icon_name} is not a known icon in @gitlab-org/gitlab-svg") - Gitlab::Sentry.track_and_raise_for_dev_exception(exception) + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(exception) end css_classes = [] diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb index ee3c03905efd03ce9c6a32b9a388aecc92202994..195e4154c67e34c3636c3a789152a7717c382bba 100644 --- a/app/helpers/users_helper.rb +++ b/app/helpers/users_helper.rb @@ -57,7 +57,7 @@ module UsersHelper unless user.association(:status).loaded? exception = RuntimeError.new("Status was not preloaded") - Gitlab::Sentry.track_and_raise_for_dev_exception(exception, user: user.inspect) + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(exception, user: user.inspect) end return unless user.status diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index e764b6c56b05368c5c4b783c69208e0f345a374e..456b643008851bdb978a7ceaa1926e41e60a70a6 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -46,6 +46,12 @@ class ApplicationSetting < ApplicationRecord presence: true, numericality: { only_integer: true, greater_than_or_equal_to: 0 } + validates :minimum_password_length, + presence: true, + numericality: { only_integer: true, + greater_than_or_equal_to: DEFAULT_MINIMUM_PASSWORD_LENGTH, + less_than_or_equal_to: Devise.password_length.max } + validates :home_page_url, allow_blank: true, addressable_url: true, diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb index e1eb8d429bb94f8a723ac515a91e234bcf1308bb..98d8bb43b93f63615967bbc4e32446b3c23e532a 100644 --- a/app/models/application_setting_implementation.rb +++ b/app/models/application_setting_implementation.rb @@ -30,6 +30,8 @@ module ApplicationSettingImplementation '/admin/session' ].freeze + DEFAULT_MINIMUM_PASSWORD_LENGTH = 8 + class_methods do def defaults { @@ -106,6 +108,7 @@ module ApplicationSettingImplementation sourcegraph_enabled: false, sourcegraph_url: nil, sourcegraph_public_only: true, + minimum_password_length: DEFAULT_MINIMUM_PASSWORD_LENGTH, terminal_max_session_time: 0, throttle_authenticated_api_enabled: false, throttle_authenticated_api_period_in_seconds: 3600, diff --git a/app/models/blob.rb b/app/models/blob.rb index cc089715b06c3b00db06749eb9e3cf7113dd39ac..c0f26ee64f8e9ecfe87f393738bf55c0dd6aa87e 100644 --- a/app/models/blob.rb +++ b/app/models/blob.rb @@ -26,6 +26,7 @@ class Blob < SimpleDelegator BlobViewer::Markup, BlobViewer::Notebook, BlobViewer::SVG, + BlobViewer::OpenApi, BlobViewer::Image, BlobViewer::Sketch, diff --git a/app/models/blob_viewer/open_api.rb b/app/models/blob_viewer/open_api.rb new file mode 100644 index 0000000000000000000000000000000000000000..963b7336c8d648a88cffa7f77c3661ec66257e6d --- /dev/null +++ b/app/models/blob_viewer/open_api.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +module BlobViewer + class OpenApi < Base + include Rich + include ClientSide + + self.partial_name = 'openapi' + self.file_types = %i(openapi) + self.binary = false + # TODO: get an icon for OpenAPI + self.switcher_icon = 'file-pdf-o' + self.switcher_title = 'OpenAPI' + end +end diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb index 2e6b5d68747b9aa6315cf2062c19bff4c6c07d06..4077a86837378e35c1db45d90099a902f9c25720 100644 --- a/app/models/ci/build.rb +++ b/app/models/ci/build.rb @@ -289,7 +289,7 @@ module Ci begin build.deployment.drop! rescue => e - Gitlab::Sentry.track_and_raise_for_dev_exception(e, build_id: build.id) + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, build_id: build.id) end true diff --git a/app/models/ci/persistent_ref.rb b/app/models/ci/persistent_ref.rb index 634c03e03262591cf7c2692ba81fdd40cc917fdc..76139f5d67668e51dee1b5cbd2a2e5770be53c8f 100644 --- a/app/models/ci/persistent_ref.rb +++ b/app/models/ci/persistent_ref.rb @@ -26,7 +26,7 @@ module Ci create_ref(sha, path) rescue => e - Gitlab::Sentry + Gitlab::ErrorTracking .track_exception(e, pipeline_id: pipeline.id) end @@ -37,7 +37,7 @@ module Ci rescue Gitlab::Git::Repository::NoRepository # no-op rescue => e - Gitlab::Sentry + Gitlab::ErrorTracking .track_exception(e, pipeline_id: pipeline.id) end diff --git a/app/models/ci/pipeline.rb b/app/models/ci/pipeline.rb index ce263566ea62c53461511508f629b2436137f10d..29ec41ef1a1d9981f0017addbbdba8a69f15f5ff 100644 --- a/app/models/ci/pipeline.rb +++ b/app/models/ci/pipeline.rb @@ -638,6 +638,7 @@ module Ci variables.append(key: 'CI_COMMIT_BEFORE_SHA', value: before_sha) variables.append(key: 'CI_COMMIT_REF_NAME', value: source_ref) variables.append(key: 'CI_COMMIT_REF_SLUG', value: source_ref_slug) + variables.append(key: 'CI_COMMIT_BRANCH', value: ref) if branch? variables.append(key: 'CI_COMMIT_TAG', value: ref) if tag? variables.append(key: 'CI_COMMIT_MESSAGE', value: git_commit_message.to_s) variables.append(key: 'CI_COMMIT_TITLE', value: git_commit_full_title.to_s) diff --git a/app/models/clusters/cluster.rb b/app/models/clusters/cluster.rb index 2d5b4905bf53772dc42a3d8586b5652ec4027587..d2eee78f3dfdc36277eea5a577cf5396bfb4c3c7 100644 --- a/app/models/clusters/cluster.rb +++ b/app/models/clusters/cluster.rb @@ -335,7 +335,7 @@ module Clusters rescue Kubeclient::HttpError => e kubeclient_error_status(e.message) rescue => e - Gitlab::Sentry.track_exception(e, cluster_id: id) + Gitlab::ErrorTracking.track_exception(e, cluster_id: id) :unknown_failure else diff --git a/app/models/clusters/concerns/application_core.rb b/app/models/clusters/concerns/application_core.rb index cc9eafbcdd6b5978b75e2037cfb45ecb4b3d0a1d..f6431f5bac3943378b890cb2d3ea03a03e835e39 100644 --- a/app/models/clusters/concerns/application_core.rb +++ b/app/models/clusters/concerns/application_core.rb @@ -76,7 +76,7 @@ module Clusters message: error.message }) - Gitlab::Sentry.track_exception(error, cluster_id: cluster&.id, application_id: id) + Gitlab::ErrorTracking.track_exception(error, cluster_id: cluster&.id, application_id: id) end end end diff --git a/app/models/concerns/group_descendant.rb b/app/models/concerns/group_descendant.rb index 18f6a7a9c58d79b2ded70da8345d608ef65f50ba..67953105bed66b47cd136cb1b5a723720a54b27e 100644 --- a/app/models/concerns/group_descendant.rb +++ b/app/models/concerns/group_descendant.rb @@ -52,7 +52,7 @@ module GroupDescendant issue_url: 'https://gitlab.com/gitlab-org/gitlab-foss/issues/49404' } - Gitlab::Sentry.track_and_raise_for_dev_exception(exception, extras) + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(exception, extras) end if parent.nil? && hierarchy_top.present? diff --git a/app/models/concerns/storage/legacy_namespace.rb b/app/models/concerns/storage/legacy_namespace.rb index b9081f9bbf25230c125d0bbe06b94f0b8865dda9..da4f2a798956ba9472b55a0764e5eb4df8097131 100644 --- a/app/models/concerns/storage/legacy_namespace.rb +++ b/app/models/concerns/storage/legacy_namespace.rb @@ -37,7 +37,7 @@ module Storage send_update_instructions write_projects_repository_config rescue => e - Gitlab::Sentry.track_and_raise_for_dev_exception(e, + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, full_path_before_last_save: full_path_before_last_save, full_path: full_path, action: 'move_dir') diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb index 1671b1e2d55bc9dbdf89490869854ad124127839..2280c5280d58ae72c8d2f7532367fa4092f4c8b8 100644 --- a/app/models/merge_request.rb +++ b/app/models/merge_request.rb @@ -1514,7 +1514,7 @@ class MergeRequest < ApplicationRecord end end rescue ActiveRecord::LockWaitTimeout => e - Gitlab::Sentry.track_exception(e) + Gitlab::ErrorTracking.track_exception(e) raise RebaseLockTimeout, REBASE_LOCK_MESSAGE end diff --git a/app/models/upload.rb b/app/models/upload.rb index 12917f8543153d5f14ab2a7802c165b85ff377f9..46ae924bf8cdecb88c889fe82ebf003260aaaf46 100644 --- a/app/models/upload.rb +++ b/app/models/upload.rb @@ -104,7 +104,7 @@ class Upload < ApplicationRecord # Help sysadmins find missing upload files if persisted? && !exist exception = RuntimeError.new("Uploaded file does not exist") - Gitlab::Sentry.track_exception(exception, self.attributes) + Gitlab::ErrorTracking.track_exception(exception, self.attributes) Gitlab::Metrics.counter(:upload_file_does_not_exist_total, _('The number of times an upload record could not find its file')).increment end diff --git a/app/models/uploads/local.rb b/app/models/uploads/local.rb index f1f25dfb5848ca02f001b367d46ffb83eacd237b..bd295a6683868656c08765d44606bc34cf2d52b7 100644 --- a/app/models/uploads/local.rb +++ b/app/models/uploads/local.rb @@ -23,7 +23,7 @@ module Uploads unless in_uploads?(path) message = "Path '#{path}' is not in uploads dir, skipping" logger.warn(message) - Gitlab::Sentry.track_and_raise_for_dev_exception( + Gitlab::ErrorTracking.track_and_raise_for_dev_exception( RuntimeError.new(message), uploads_dir: storage_dir) return end diff --git a/app/models/user.rb b/app/models/user.rb index b6ed550e441bdd812ab78e94ffe755ab2adf89f8..441ad1e70be821ecdabeb924bc9a29c412a2fc57 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -381,6 +381,11 @@ class User < ApplicationRecord # Class methods # class << self + # Devise method overridden to allow support for dynamic password lengths + def password_length + Gitlab::CurrentSettings.minimum_password_length..Devise.password_length.max + end + # Devise method overridden to allow sign in with email or username def find_for_database_authentication(warden_conditions) conditions = warden_conditions.dup diff --git a/app/services/ci/archive_trace_service.rb b/app/services/ci/archive_trace_service.rb index 75c7eee2f720813976554067ad7c3d4ab1fd728f..f143736ddc1331767823b67e6d012bffa04cda8b 100644 --- a/app/services/ci/archive_trace_service.rb +++ b/app/services/ci/archive_trace_service.rb @@ -46,7 +46,7 @@ module Ci message: "Failed to archive trace. message: #{error.message}.", job_id: job.id) - Gitlab::Sentry + Gitlab::ErrorTracking .track_and_raise_for_dev_exception(error, issue_url: 'https://gitlab.com/gitlab-org/gitlab-foss/issues/51502', job_id: job.id ) diff --git a/app/services/ci/generate_exposed_artifacts_report_service.rb b/app/services/ci/generate_exposed_artifacts_report_service.rb index af6331341fff077d80f62dd470a67c472806695f..1dbcd19227936c3298b1518f041d1cfd71a79255 100644 --- a/app/services/ci/generate_exposed_artifacts_report_service.rb +++ b/app/services/ci/generate_exposed_artifacts_report_service.rb @@ -15,7 +15,7 @@ module Ci data: data } rescue => e - Gitlab::Sentry.track_exception(e, project_id: project.id) + Gitlab::ErrorTracking.track_exception(e, project_id: project.id) { status: :error, key: key(base_pipeline, head_pipeline), diff --git a/app/services/ci/prepare_build_service.rb b/app/services/ci/prepare_build_service.rb index 8ace7914f8edcd168d7a6bb8ce707ba3f4db467f..5d024c45e5f5b7b60dd9d1feea9c385f269f529f 100644 --- a/app/services/ci/prepare_build_service.rb +++ b/app/services/ci/prepare_build_service.rb @@ -13,7 +13,7 @@ module Ci build.enqueue! rescue => e - Gitlab::Sentry.track_exception(e, build_id: build.id) + Gitlab::ErrorTracking.track_exception(e, build_id: build.id) build.drop(:unmet_prerequisites) end diff --git a/app/services/ci/register_job_service.rb b/app/services/ci/register_job_service.rb index 24597579d9effe7014788617be3f07ad2bdfe1e2..57c0cdd0602d7e902d71f8601e28c9ffb82ccc60 100644 --- a/app/services/ci/register_job_service.rb +++ b/app/services/ci/register_job_service.rb @@ -128,7 +128,7 @@ module Ci end def track_exception_for_build(ex, build) - Gitlab::Sentry.track_exception(ex, + Gitlab::ErrorTracking.track_exception(ex, build_id: build.id, build_name: build.name, build_stage: build.stage, diff --git a/app/services/clusters/applications/base_helm_service.rb b/app/services/clusters/applications/base_helm_service.rb index 2b51de71934878911c8d9f954f9044e05842a8f2..f38051bcad211b7a1ab3c9b33d74cd178a1e0af1 100644 --- a/app/services/clusters/applications/base_helm_service.rb +++ b/app/services/clusters/applications/base_helm_service.rb @@ -21,7 +21,7 @@ module Clusters group_ids: app.cluster.group_ids } - Gitlab::Sentry.track_exception(error, meta) + Gitlab::ErrorTracking.track_exception(error, meta) end def log_event(event) diff --git a/app/services/projects/container_repository/delete_tags_service.rb b/app/services/projects/container_repository/delete_tags_service.rb index 0da3ddea9f72ad72a5af577645ab8822f013e425..88ff3c2c9dfeca8d5d8a00b5f182a68a66ff1444 100644 --- a/app/services/projects/container_repository/delete_tags_service.rb +++ b/app/services/projects/container_repository/delete_tags_service.rb @@ -51,7 +51,7 @@ module Projects digests = deleted_tags.values.uniq # rubocop: disable CodeReuse/ActiveRecord - Gitlab::Sentry.track_and_raise_for_dev_exception(ArgumentError.new('multiple tag digests')) if digests.many? + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(ArgumentError.new('multiple tag digests')) if digests.many? deleted_tags end diff --git a/app/services/projects/fork_service.rb b/app/services/projects/fork_service.rb index 47ab7f9a8a036baa83cb88e35bb5b72cb0b01117..e66a0ed181a4a146f48463734b7ca508c79c59cf 100644 --- a/app/services/projects/fork_service.rb +++ b/app/services/projects/fork_service.rb @@ -3,11 +3,16 @@ module Projects class ForkService < BaseService def execute(fork_to_project = nil) - if fork_to_project - link_existing_project(fork_to_project) - else - fork_new_project - end + forked_project = + if fork_to_project + link_existing_project(fork_to_project) + else + fork_new_project + end + + refresh_forks_count if forked_project&.saved? + + forked_project end private @@ -92,8 +97,7 @@ module Projects def link_fork_network(fork_to_project) return if fork_to_project.errors.any? - fork_to_project.fork_network_member.save && - refresh_forks_count + fork_to_project.fork_network_member.save end def refresh_forks_count diff --git a/app/services/projects/import_service.rb b/app/services/projects/import_service.rb index bef4897baec62982b54442c860d39fdfd02e2670..cc12aacaf02ba0fc6ed65046b9f6167ea08ceef2 100644 --- a/app/services/projects/import_service.rb +++ b/app/services/projects/import_service.rb @@ -25,13 +25,13 @@ module Projects success rescue Gitlab::UrlBlocker::BlockedUrlError => e - Gitlab::Sentry.track_exception(e, project_path: project.full_path, importer: project.import_type) + Gitlab::ErrorTracking.track_exception(e, project_path: project.full_path, importer: project.import_type) error(s_("ImportProjects|Error importing repository %{project_safe_import_url} into %{project_full_path} - %{message}") % { project_safe_import_url: project.safe_import_url, project_full_path: project.full_path, message: e.message }) rescue => e message = Projects::ImportErrorFilter.filter_message(e.message) - Gitlab::Sentry.track_exception(e, project_path: project.full_path, importer: project.import_type) + Gitlab::ErrorTracking.track_exception(e, project_path: project.full_path, importer: project.import_type) error(s_("ImportProjects|Error importing repository %{project_safe_import_url} into %{project_full_path} - %{message}") % { project_safe_import_url: project.safe_import_url, project_full_path: project.full_path, message: message }) end diff --git a/app/services/prometheus/proxy_variable_substitution_service.rb b/app/services/prometheus/proxy_variable_substitution_service.rb index 4a6678ec2376dce72b12ec249737f2107233c31b..ca56292e9d69be30df804364473df57f8ffd05d1 100644 --- a/app/services/prometheus/proxy_variable_substitution_service.rb +++ b/app/services/prometheus/proxy_variable_substitution_service.rb @@ -32,7 +32,7 @@ module Prometheus success(result) rescue TypeError, ArgumentError => exception log_error(exception.message) - Gitlab::Sentry.track_exception(exception, extra: { + Gitlab::ErrorTracking.track_exception(exception, extra: { template_string: query, variables: predefined_context }) diff --git a/app/services/users/build_service.rb b/app/services/users/build_service.rb index 8c85ad9ffd8b9c6e0ca3ab7439470721aae5449a..ea4d11e728e09ef95dac67cbca45290b0ac3c88d 100644 --- a/app/services/users/build_service.rb +++ b/app/services/users/build_service.rb @@ -23,7 +23,7 @@ module Users @reset_token = user.generate_reset_token if params[:reset_password] if user_params[:force_random_password] - random_password = Devise.friendly_token.first(Devise.password_length.min) + random_password = Devise.friendly_token.first(User.password_length.min) user.password = user.password_confirmation = random_password end end diff --git a/app/views/admin/application_settings/_signup.html.haml b/app/views/admin/application_settings/_signup.html.haml index 7c1df78f30c97cb827b41ad3db0253856341c249..b9d9d86ca30a8f7fc1a4720da5e4a6ab2283dd9c 100644 --- a/app/views/admin/application_settings/_signup.html.haml +++ b/app/views/admin/application_settings/_signup.html.haml @@ -12,6 +12,12 @@ = f.check_box :send_user_confirmation_email, class: 'form-check-input' = f.label :send_user_confirmation_email, class: 'form-check-label' do Send confirmation email on sign-up + .form-group + = f.label :minimum_password_length, _('Minimum password length (number of characters)'), class: 'label-bold' + = f.number_field :minimum_password_length, class: 'form-control', rows: 4, min: ApplicationSetting::DEFAULT_MINIMUM_PASSWORD_LENGTH, max: Devise.password_length.max + - password_policy_guidelines_link = link_to _('Password Policy Guidelines'), 'https://about.gitlab.com/handbook/security/#gitlab-password-policy-guidelines', target: '_blank', rel: 'noopener noreferrer nofollow' + .form-text.text-muted + = _("See GitLab's %{password_policy_guidelines}").html_safe % { password_policy_guidelines: password_policy_guidelines_link } .form-group = f.label :domain_whitelist, 'Whitelisted domains for sign-ups', class: 'label-bold' = f.text_area :domain_whitelist_raw, placeholder: 'domain.com', class: 'form-control', rows: 8 diff --git a/app/views/projects/blob/viewers/_openapi.html.haml b/app/views/projects/blob/viewers/_openapi.html.haml new file mode 100644 index 0000000000000000000000000000000000000000..ce8030cf2d2f0e6c5b9ab333187aa975e9c00108 --- /dev/null +++ b/app/views/projects/blob/viewers/_openapi.html.haml @@ -0,0 +1 @@ +.file-content#js-openapi-viewer{ data: { endpoint: blob_raw_path } } diff --git a/app/workers/delete_stored_files_worker.rb b/app/workers/delete_stored_files_worker.rb index 1d52f71c866ef911ca90096eb4aa637be5727613..e1e2f66f57393850d240bc2a35a24502317d32c6 100644 --- a/app/workers/delete_stored_files_worker.rb +++ b/app/workers/delete_stored_files_worker.rb @@ -15,7 +15,7 @@ class DeleteStoredFilesWorker unless klass message = "Unknown class '#{class_name}'" logger.error(message) - Gitlab::Sentry.track_and_raise_for_dev_exception(RuntimeError.new(message)) + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(RuntimeError.new(message)) return end diff --git a/app/workers/pages_domain_removal_cron_worker.rb b/app/workers/pages_domain_removal_cron_worker.rb index ba3c89d0e70de6993fdf7d1ea8e00dc6c40f2a52..07ecde55922480a42c0232664bd58a06fee7fdb9 100644 --- a/app/workers/pages_domain_removal_cron_worker.rb +++ b/app/workers/pages_domain_removal_cron_worker.rb @@ -11,7 +11,7 @@ class PagesDomainRemovalCronWorker PagesDomain.for_removal.find_each do |domain| domain.destroy! rescue => e - Gitlab::Sentry.track_exception(e) + Gitlab::ErrorTracking.track_exception(e) end end end diff --git a/app/workers/run_pipeline_schedule_worker.rb b/app/workers/run_pipeline_schedule_worker.rb index 450dee0e83ef8a6d3d1678c39279aa172cfa70eb..f8f8a2fe7aec6de1950fed7532efb2cd1e14fd30 100644 --- a/app/workers/run_pipeline_schedule_worker.rb +++ b/app/workers/run_pipeline_schedule_worker.rb @@ -38,7 +38,7 @@ class RunPipelineScheduleWorker Rails.logger.error "Failed to create a scheduled pipeline. " \ "schedule_id: #{schedule.id} message: #{error.message}" - Gitlab::Sentry + Gitlab::ErrorTracking .track_and_raise_for_dev_exception(error, issue_url: 'https://gitlab.com/gitlab-org/gitlab-foss/issues/41231', schedule_id: schedule.id) diff --git a/app/workers/stuck_ci_jobs_worker.rb b/app/workers/stuck_ci_jobs_worker.rb index 99eff044eae4c2460b4fa8845234507d1ce48c38..d08cea9e494ca5dfad0a57f129829c16fa049823 100644 --- a/app/workers/stuck_ci_jobs_worker.rb +++ b/app/workers/stuck_ci_jobs_worker.rb @@ -80,7 +80,7 @@ class StuckCiJobsWorker end def track_exception_for_build(ex, build) - Gitlab::Sentry.track_exception(ex, + Gitlab::ErrorTracking.track_exception(ex, build_id: build.id, build_name: build.name, build_stage: build.stage, diff --git a/changelogs/unreleased/32115-structured-logging-mail_room.yml b/changelogs/unreleased/32115-structured-logging-mail_room.yml new file mode 100644 index 0000000000000000000000000000000000000000..17b678a82d4e72497d87864adb28e06ef7995995 --- /dev/null +++ b/changelogs/unreleased/32115-structured-logging-mail_room.yml @@ -0,0 +1,5 @@ +--- +title: Upgrade `mail_room` gem to 0.10.0 and enable structured logging +merge_request: 19186 +author: +type: added diff --git a/changelogs/unreleased/36776-entropy-requirements-for-new-user-passwords-mvc.yml b/changelogs/unreleased/36776-entropy-requirements-for-new-user-passwords-mvc.yml new file mode 100644 index 0000000000000000000000000000000000000000..6b2e159c273e7862b649481dd2a9778b9e1709b4 --- /dev/null +++ b/changelogs/unreleased/36776-entropy-requirements-for-new-user-passwords-mvc.yml @@ -0,0 +1,5 @@ +--- +title: Allow administrators to set a minimum password length +merge_request: 20661 +author: +type: added diff --git a/changelogs/unreleased/37972-container-registry-tags-expect-oci-image-configs-to-have-created-fi.yml b/changelogs/unreleased/37972-container-registry-tags-expect-oci-image-configs-to-have-created-fi.yml new file mode 100644 index 0000000000000000000000000000000000000000..65e9685494cd99acb5664d8376c9363bca3369ab --- /dev/null +++ b/changelogs/unreleased/37972-container-registry-tags-expect-oci-image-configs-to-have-created-fi.yml @@ -0,0 +1,5 @@ +--- +title: Fix crash registry contains helm charts +merge_request: 21381 +author: +type: fixed diff --git a/changelogs/unreleased/feat-openapi-viewer.yml b/changelogs/unreleased/feat-openapi-viewer.yml new file mode 100644 index 0000000000000000000000000000000000000000..fc5e2cb06fc247e4fd482bf3635d3c23f3fb8bf4 --- /dev/null +++ b/changelogs/unreleased/feat-openapi-viewer.yml @@ -0,0 +1,5 @@ +--- +title: add OpenAPI file viewer +merge_request: 21106 +author: Roger Meier +type: added diff --git a/changelogs/unreleased/make-workflow-rules-to-work.yml b/changelogs/unreleased/make-workflow-rules-to-work.yml new file mode 100644 index 0000000000000000000000000000000000000000..04a6a53de132208e8f3a1f5e54e0d27c46f0f21f --- /dev/null +++ b/changelogs/unreleased/make-workflow-rules-to-work.yml @@ -0,0 +1,5 @@ +--- +title: Make `workflow:rules` to work well with Merge Requests +merge_request: 21742 +author: +type: changed diff --git a/changelogs/unreleased/osw-refresh-forks-count-cache-correctly.yml b/changelogs/unreleased/osw-refresh-forks-count-cache-correctly.yml new file mode 100644 index 0000000000000000000000000000000000000000..426efd53b2274f8c8c0f6b0ede397d64b8643b83 --- /dev/null +++ b/changelogs/unreleased/osw-refresh-forks-count-cache-correctly.yml @@ -0,0 +1,5 @@ +--- +title: Ensure forks count cache refresh for source project +merge_request: 21771 +author: +type: fixed diff --git a/changelogs/unreleased/yaml-processor-validation-errors.yml b/changelogs/unreleased/yaml-processor-validation-errors.yml new file mode 100644 index 0000000000000000000000000000000000000000..aaca26d6b3d06e16d3f801eb277bf502151307a1 --- /dev/null +++ b/changelogs/unreleased/yaml-processor-validation-errors.yml @@ -0,0 +1,5 @@ +--- +title: Return multiple errors from CI linter +merge_request: 21589 +author: +type: added diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index a7b0a0f0b62aecd23d14171b8a3c41f384274de0..5ac9b7ee6e5143eb28aec3fb485e40b200fd43df 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -181,6 +181,11 @@ production: &base mailbox: "inbox" # The IDLE command timeout. idle_timeout: 60 + # The log file path for the structured log file. + # Since `mail_room` is run independently of Rails, an absolute path is preferred. + # The default is 'log/mail_room_json.log' relative to the root of the Rails app. + # + # log_path: log/mail_room_json.log ## Build Artifacts artifacts: diff --git a/config/initializers/devise_dynamic_password_length_validation.rb b/config/initializers/devise_dynamic_password_length_validation.rb new file mode 100644 index 0000000000000000000000000000000000000000..e71b28bc495f2861ce5b3f353b8ce88d0c8ca0a4 --- /dev/null +++ b/config/initializers/devise_dynamic_password_length_validation.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +# Discard the default Devise length validation from the `User` model. + +# This needs to be discarded because the length validation provided by Devise does not +# support dynamically checking for min and max lengths. + +# A new length validation has been added to the User model instead, to keep supporting +# dynamic password length validations, like: + +# validates :password, length: { maximum: proc { password_length.max }, minimum: proc { password_length.min } }, allow_blank: true + +def length_validator_supports_dynamic_length_checks?(validator) + validator.options[:minimum].is_a?(Proc) && + validator.options[:maximum].is_a?(Proc) +end + +# Get the in-built Devise validator on password length. +password_length_validator = User.validators_on(:password).find do |validator| + validator.kind == :length +end + +# This initializer can be removed as soon as https://github.com/plataformatec/devise/pull/5166 +# is merged into Devise. +if length_validator_supports_dynamic_length_checks?(password_length_validator) + raise "Devise now supports dynamic length checks, please remove the monkey patch in #{__FILE__}" +else + # discard the in-built length validator by always returning true + def password_length_validator.validate(*_) + true + end + + # add a custom password length validator with support for dynamic length validation. + User.class_eval do + validates :password, length: { maximum: proc { password_length.max }, minimum: proc { password_length.min } }, allow_blank: true + end +end diff --git a/config/initializers/forbid_sidekiq_in_transactions.rb b/config/initializers/forbid_sidekiq_in_transactions.rb index bd59fd4ab9030d0db3c09c66f1d86f9417194c2c..9bade443aaedc561f887a6a74d1c4a391a0f5c62 100644 --- a/config/initializers/forbid_sidekiq_in_transactions.rb +++ b/config/initializers/forbid_sidekiq_in_transactions.rb @@ -29,7 +29,7 @@ module Sidekiq MSG rescue Sidekiq::Worker::EnqueueFromTransactionError => e ::Rails.logger.error(e.message) if ::Rails.env.production? - Gitlab::Sentry.track_and_raise_for_dev_exception(e) + Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e) end end diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb index cebb0edf275bf6c966a5d434085d88353398b448..a1eddd6a2c2a2e767bb3d51c81890f9e898e3921 100644 --- a/config/initializers/sentry.rb +++ b/config/initializers/sentry.rb @@ -2,4 +2,4 @@ require 'gitlab/current_settings' -Gitlab::Sentry.configure +Gitlab::ErrorTracking.configure diff --git a/config/mail_room.yml b/config/mail_room.yml index c3a5be8d38c5ab1a2f19b2500c42c9a1cc0535f5..75024c2b2e18f1172c9290900aa550bbcca555b9 100644 --- a/config/mail_room.yml +++ b/config/mail_room.yml @@ -13,6 +13,8 @@ :email: <%= config[:user].to_json %> :password: <%= config[:password].to_json %> :idle_timeout: <%= config[:idle_timeout].to_json %> + :logger: + :log_path: <%= config[:log_path].to_json %> :name: <%= config[:mailbox].to_json %> diff --git a/db/migrate/20191123062354_add_minimum_password_length_to_application_settings.rb b/db/migrate/20191123062354_add_minimum_password_length_to_application_settings.rb new file mode 100644 index 0000000000000000000000000000000000000000..0a7ad9d81a9ac752914ae629829e399c99b3fe77 --- /dev/null +++ b/db/migrate/20191123062354_add_minimum_password_length_to_application_settings.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +class AddMinimumPasswordLengthToApplicationSettings < ActiveRecord::Migration[5.2] + DOWNTIME = false + + DEFAULT_MINIMUM_PASSWORD_LENGTH = 8 + + def change + add_column(:application_settings, :minimum_password_length, :integer, default: DEFAULT_MINIMUM_PASSWORD_LENGTH, null: false) + end +end diff --git a/db/post_migrate/20191205084057_update_minimum_password_length.rb b/db/post_migrate/20191205084057_update_minimum_password_length.rb new file mode 100644 index 0000000000000000000000000000000000000000..d9324347075fc6d8ee357bf40d37b42414fe2a4c --- /dev/null +++ b/db/post_migrate/20191205084057_update_minimum_password_length.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +class UpdateMinimumPasswordLength < ActiveRecord::Migration[5.2] + DOWNTIME = false + + def up + value_to_be_updated_to = [ + Devise.password_length.min, + ApplicationSetting::DEFAULT_MINIMUM_PASSWORD_LENGTH + ].max + + execute "UPDATE application_settings SET minimum_password_length = #{value_to_be_updated_to}" + + ApplicationSetting.expire + end + + def down + value_to_be_updated_to = ApplicationSetting::DEFAULT_MINIMUM_PASSWORD_LENGTH + + execute "UPDATE application_settings SET minimum_password_length = #{value_to_be_updated_to}" + + ApplicationSetting.expire + end +end diff --git a/db/schema.rb b/db/schema.rb index 9ba5fcc41c6cac840039f1e980f10d0aad2f5441..bfb6f55bbd48087bd0d8cea3d07c09cbaa6fa89a 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -351,6 +351,7 @@ ActiveRecord::Schema.define(version: 2019_12_08_071112) do t.string "sourcegraph_url", limit: 255 t.boolean "sourcegraph_public_only", default: true, null: false t.bigint "snippet_size_limit", default: 52428800, null: false + t.integer "minimum_password_length", default: 8, null: false t.text "encrypted_akismet_api_key" t.string "encrypted_akismet_api_key_iv", limit: 255 t.text "encrypted_elasticsearch_aws_secret_access_key" diff --git a/doc/administration/logs.md b/doc/administration/logs.md index ed0d402c0308fa8ff4ecc761e89d51f876557b94..f4a1c7542525960a9128cb61353d0a9499d0a21e 100644 --- a/doc/administration/logs.md +++ b/doc/administration/logs.md @@ -360,6 +360,17 @@ Introduced in GitLab 12.3. This file lives in `/var/log/gitlab/gitlab-rails/migr Omnibus GitLab packages or in `/home/git/gitlab/log/migrations.log` for installations from source. +## `mail_room_json.log` (default) + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/19186) in GitLab 12.6. + +This file lives in `/var/log/gitlab/mail_room/mail_room_json.log` for +Omnibus GitLab packages or in `/home/git/gitlab/log/mail_room_json.log` for +installations from source. + +This structured log file records internal activity in the `mail_room` gem. +Its name and path are configurable, so the name and path may not match the above. + ## Reconfigure Logs Reconfigure log files live in `/var/log/gitlab/reconfigure` for Omnibus GitLab diff --git a/doc/ci/variables/predefined_variables.md b/doc/ci/variables/predefined_variables.md index 837fcd01050fea85230d048b584ab597131b38ab..e25425b01ae506ad2e6e5d548d7a412df645300c 100644 --- a/doc/ci/variables/predefined_variables.md +++ b/doc/ci/variables/predefined_variables.md @@ -37,6 +37,7 @@ future GitLab releases.** | `CI_COMMIT_REF_SLUG` | 9.0 | all | `$CI_COMMIT_REF_NAME` lowercased, shortened to 63 bytes, and with everything except `0-9` and `a-z` replaced with `-`. No leading / trailing `-`. Use in URLs, host names and domain names. | | `CI_COMMIT_SHA` | 9.0 | all | The commit revision for which project is built | | `CI_COMMIT_SHORT_SHA` | 11.7 | all | The first eight characters of `CI_COMMIT_SHA` | +| `CI_COMMIT_BRANCH` | 12.6 | 0.5 | The commit branch name. Present only when building branches. | | `CI_COMMIT_TAG` | 9.0 | 0.5 | The commit tag name. Present only when building tags. | | `CI_COMMIT_TITLE` | 10.8 | all | The title of the commit - the full first line of the message | | `CI_CONCURRENT_ID` | all | 11.10 | Unique ID of build execution within a single executor. | diff --git a/doc/development/logging.md b/doc/development/logging.md index 4ccb5a1a06e5379d4708e19c186c0a1d3f0cca42..2eb140d3b7e2b15c605649546fef008fec41a5f7 100644 --- a/doc/development/logging.md +++ b/doc/development/logging.md @@ -142,21 +142,21 @@ It should be noted that manual logging of exceptions is not allowed, as: 1. It is very likely that manually logged exceptions will end-up across multiple files, which increases burden scraping all logging files. -To avoid duplicating and having consistent behavior the `Gitlab::Sentry` +To avoid duplicating and having consistent behavior the `Gitlab::ErrorTracking` provides helper methods to track exceptions: -1. `Gitlab::Sentry.track_and_raise_exception`: this method logs, +1. `Gitlab::ErrorTracking.track_and_raise_exception`: this method logs, sends exception to Sentry (if configured) and re-raises the exception, -1. `Gitlab::Sentry.track_exception`: this method only logs +1. `Gitlab::ErrorTracking.track_exception`: this method only logs and sends exception to Sentry (if configured), -1. `Gitlab::Sentry.log_exception`: this method only logs the exception, +1. `Gitlab::ErrorTracking.log_exception`: this method only logs the exception, and DOES NOT send the exception to Sentry, -1. `Gitlab::Sentry.track_and_raise_for_dev_exception`: this method logs, +1. `Gitlab::ErrorTracking.track_and_raise_for_dev_exception`: this method logs, sends exception to Sentry (if configured) and re-raises the exception for development and test enviroments. -It is advised to only use `Gitlab::Sentry.track_and_raise_exception` -and `Gitlab::Sentry.track_exception` as presented on below examples. +It is advised to only use `Gitlab::ErrorTracking.track_and_raise_exception` +and `Gitlab::ErrorTracking.track_exception` as presented on below examples. Consider adding additional extra parameters to provide more context for each tracked exception. @@ -170,7 +170,7 @@ class MyService < ::BaseService success rescue => e - Gitlab::Sentry.track_exception(e, project_id: project.id) + Gitlab::ErrorTracking.track_exception(e, project_id: project.id) error('Exception occurred') end @@ -184,7 +184,7 @@ class MyService < ::BaseService success rescue => e - Gitlab::Sentry.track_and_raise_exception(e, project_id: project.id) + Gitlab::ErrorTracking.track_and_raise_exception(e, project_id: project.id) end end ``` diff --git a/doc/security/password_length_limits.md b/doc/security/password_length_limits.md index 9909ef4a8e4c492bd272f081b4a6887e2153b990..235730eb8256aec55ebca5f512e160b0e4857c42 100644 --- a/doc/security/password_length_limits.md +++ b/doc/security/password_length_limits.md @@ -4,7 +4,19 @@ type: reference, howto # Custom password length limits -The user password length is set to a minimum of 8 characters by default. +By default, GitLab supports passwords with: + +- A minimum length of 8. +- A maximum length of 128. + +GitLab administrators can modify password lengths: + +- Using configuration file. +- [From](https://gitlab.com/gitlab-org/gitlab/merge_requests/20661) GitLab 12.6, using the GitLab UI. + +## Modify maximum password length using configuration file + +The user password length is set to a maximum of 128 characters by default. To change that for installations from source: 1. Edit `devise_password_length.rb`: @@ -18,15 +30,35 @@ To change that for installations from source: 1. Change the new password length limits: ```ruby - config.password_length = 12..128 + config.password_length = 12..135 ``` In this example, the minimum length is 12 characters, and the maximum length - is 128 characters. + is 135 characters. 1. [Restart GitLab](../administration/restart_gitlab.md#installations-from-source) for the changes to take effect. +NOTE: **Note:** +From GitLab 12.6, the minimum password length set in this configuration file will be ignored. Minimum password lengths will now have to be modified via the [GitLab UI](#modify-minimum-password-length-using-gitlab-ui) instead. + +## Modify minimum password length using GitLab UI + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/20661) in GitLab 12.6 + +The user password length is set to a minimum of 8 characters by default. +To change that using GitLab UI: + +In the Admin area under **Settings** (`/admin/application_settings`), go to section **Sign-up Restrictions**. + +[Minimum password length settings](../user/admin_area/img/minimum_password_length_settings_v12_6.png) + +Set the **Minimum password length** to a value greater than or equal to 8 and hit **Save changes** to save the changes. + +CAUTION: **Caution:** +Changing minimum or maximum limit does not affect existing user passwords in any manner. Existing users will not be asked to reset their password to adhere to the new limits. +The new limit restriction will only apply during new user sign-ups and when an existing user performs a password reset. +