Add latest changes from gitlab-org/gitlab@master

.rubocop.yml

@@ -11,7 +11,6 @@ inherit_from:
     <% Dir.glob('.rubocop_todo/**/*.yml').each do |rubocop_todo_yaml| %>
   - '<%= rubocop_todo_yaml %>'
     <% end %>
-  - '.rubocop_todo.yml'
   <% end %>
   - ./rubocop/rubocop-migrations.yml
   - ./rubocop/rubocop-usage-data.yml

.rubocop_todo.yml

-# This configuration is no longer used.
-#
-# The RuboCop TODO lists are located in `.rubocop_todo/**/*.yml`.
-#
-# Please use `rake rubocop:todo:generate` to generate TODOs.
-#
-# See https://docs.gitlab.com/ee/development/rake_tasks.html#generate-initial-rubocop-todo-list

.rubocop_todo/rspec/be_eq.yml

@@ -267,7 +267,6 @@ RSpec/BeEq:
     - 'ee/spec/models/namespaces/combined_storage_users/pre_enforcement_spec.rb'
     - 'ee/spec/models/namespaces/free_user_cap/enforcement_without_storage_spec.rb'
     - 'ee/spec/models/namespaces/free_user_cap/root_size_spec.rb'
-    - 'ee/spec/models/namespaces/storage/enforcement_spec.rb'
     - 'ee/spec/models/namespaces/storage/root_size_spec.rb'
     - 'ee/spec/models/onboarding/completion_spec.rb'
     - 'ee/spec/models/onboarding/progress_spec.rb'

.rubocop_todo/rspec/receive_messages.yml

@@ -99,7 +99,6 @@ RSpec/ReceiveMessages:
     - 'ee/spec/models/merge_request_spec.rb'
     - 'ee/spec/models/merge_trains/train_spec.rb'
     - 'ee/spec/models/namespace_setting_spec.rb'
-    - 'ee/spec/models/namespaces/storage/enforcement_spec.rb'
     - 'ee/spec/models/project_feature_spec.rb'
     - 'ee/spec/models/security/scan_result_policy_read_spec.rb'
     - 'ee/spec/policies/issue_policy_spec.rb'

app/assets/javascripts/pages/groups/new/components/app.vue

 <script>
+import GROUP_IMPORT_SVG_URL from '@gitlab/svgs/dist/illustrations/group-import.svg?url';
+import GROUP_NEW_SVG_URL from '@gitlab/svgs/dist/illustrations/group-new.svg?url';
 import { s__ } from '~/locale';
 import NewNamespacePage from '~/vue_shared/new_namespace/new_namespace_page.vue';
 import createGroupDescriptionDetails from './create_group_description_details.vue';
@@ -71,6 +73,7 @@ export default {
             parentGroupName: this.parentGroupName,
             importExistingGroupPath: this.importExistingGroupPath,
           },
+          imageSrc: GROUP_NEW_SVG_URL,
         },
         {
           name: 'import-group-pane',
@@ -80,6 +83,7 @@ export default {
             'GroupsNew|Import a group and related data from another GitLab instance.',
           ),
           details: 'Migrate your existing groups from another instance of GitLab.',
+          imageSrc: GROUP_IMPORT_SVG_URL,
         },
       ];
     },

app/assets/javascripts/projects/new/components/app.vue

 <script>
+import PROJECT_CREATE_FROM_TEMPLATE_SVG_URL from '@gitlab/svgs/dist/illustrations/project-create-from-template-sm.svg?url';
+import PROJECT_CREATE_NEW_SVG_URL from '@gitlab/svgs/dist/illustrations/project-create-new-sm.svg?url';
+import PROJECT_IMPORT_SVG_URL from '@gitlab/svgs/dist/illustrations/project-import-sm.svg?url';
+import PROJECT_RUN_CICD_PIPELINES_SVG_URL from '@gitlab/svgs/dist/illustrations/empty-state/empty-devops-md.svg?url';
 import SafeHtml from '~/vue_shared/directives/safe_html';
 import { s__ } from '~/locale';
 import NewNamespacePage from '~/vue_shared/new_namespace/new_namespace_page.vue';
@@ -15,6 +19,7 @@ const PANELS = [
     description: s__(
       'ProjectsNew|Create a blank project to store your files, plan your work, and collaborate on code, among other things.',
     ),
+    imageSrc: PROJECT_CREATE_NEW_SVG_URL,
   },
   {
     key: 'template',
@@ -24,6 +29,7 @@ const PANELS = [
     description: s__(
       'ProjectsNew|Create a project pre-populated with the necessary files to get you started quickly.',
     ),
+    imageSrc: PROJECT_CREATE_FROM_TEMPLATE_SVG_URL,
   },
   {
     key: 'import',
@@ -33,6 +39,7 @@ const PANELS = [
     description: s__(
       'ProjectsNew|Migrate your data from an external source like GitHub, Bitbucket, or another instance of GitLab.',
     ),
+    imageSrc: PROJECT_IMPORT_SVG_URL,
   },
   {
     key: 'ci',
@@ -40,6 +47,7 @@ const PANELS = [
     selector: '#ci-cd-project-pane',
     title: s__('ProjectsNew|Run CI/CD for external repository'),
     description: s__('ProjectsNew|Connect your external repository to GitLab CI/CD.'),
+    imageSrc: PROJECT_RUN_CICD_PIPELINES_SVG_URL,
   },
 ];
 

app/assets/javascripts/work_items/components/design_management/design_item.vue

@@ -60,6 +60,14 @@ export default {
       required: false,
       default: false,
     },
+    useRouter: {
+      type: Boolean,
+      required: true,
+    },
+    workItemWebUrl: {
+      type: String,
+      required: true,
+    },
   },
   data() {
     return {
@@ -113,6 +121,12 @@ export default {
         query: this.$route.query,
       };
     },
+    nonRouterHref() {
+      return `${this.workItemWebUrl}/designs/${this.filename}`;
+    },
+    linkComponent() {
+      return this.useRouter ? 'router-link' : 'a';
+    },
   },
   methods: {
     onImageLoad() {
@@ -144,8 +158,10 @@ export default {
 </script>
 
 <template>
-  <router-link
+  <component
+    :is="linkComponent"
     :to="routerLinkProps"
+    :href="nonRouterHref"
     class="card js-design-list-item design-list-item gl-mb-0 gl-cursor-pointer gl-text-default hover:gl-text-default"
   >
     <div
@@ -206,5 +222,5 @@ export default {
         </span>
       </div>
     </div>
-  </router-link>
+  </component>
 </template>

app/assets/javascripts/work_items/components/design_management/design_management_widget.vue

@@ -4,10 +4,11 @@ import { GlBreakpointInstance } from '@gitlab/ui/dist/utils';
 import VueDraggable from 'vuedraggable';
 import * as Sentry from '~/sentry/sentry_browser_wrapper';
 import { s__ } from '~/locale';
+import glFeatureFlagMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
 import { isLoggedIn } from '~/lib/utils/common_utils';
 import { TYPENAME_DESIGN_VERSION } from '~/graphql_shared/constants';
 import { convertToGraphQLId } from '~/graphql_shared/utils';
-import { findDesignWidget } from '~/work_items/utils';
+import { findDesignWidget, canRouterNav } from '~/work_items/utils';
 import CrudComponent from '~/vue_shared/components/crud_component.vue';
 import DesignDropzone from '~/vue_shared/components/upload_dropzone/upload_dropzone.vue';
 import {
@@ -42,6 +43,7 @@ export default {
   directives: {
     GlTooltip: GlTooltipDirective,
   },
+  mixins: [glFeatureFlagMixin()],
   inject: ['fullPath'],
   props: {
     workItemId: {
@@ -74,6 +76,18 @@ export default {
       required: false,
       default: false,
     },
+    workItemFullPath: {
+      type: String,
+      required: true,
+    },
+    workItemWebUrl: {
+      type: String,
+      required: true,
+    },
+    isGroup: {
+      type: Boolean,
+      required: true,
+    },
   },
   apollo: {
     designCollection: {
@@ -190,6 +204,21 @@ export default {
         ? s__('DesignManagement|Deselect all')
         : s__('DesignManagement|Select all');
     },
+    issueAsWorkItem() {
+      return Boolean(
+        !this.isGroup &&
+          this.glFeatures.workItemsViewPreference &&
+          gon.current_user_use_work_items_view,
+      );
+    },
+    canUseRouter() {
+      return canRouterNav({
+        fullPath: this.fullPath,
+        webUrl: this.workItemWebUrl,
+        isGroup: this.isGroup,
+        issueAsWorkItem: this.issueAsWorkItem,
+      });
+    },
   },
   methods: {
     dismissError() {
@@ -231,7 +260,7 @@ export default {
           mutation: archiveDesignMutation,
           variables: {
             filenames: this.selectedDesigns,
-            projectPath: this.fullPath,
+            projectPath: this.workItemFullPath,
             iid: this.workItemIid,
           },
           update: this.afterArchiveDesign,
@@ -471,6 +500,8 @@ export default {
                 :is-uploading="false"
                 :is-dragging="isDraggingDesign"
                 :work-item-iid="workItemIid"
+                :work-item-web-url="workItemWebUrl"
+                :use-router="canUseRouter"
                 data-testid="design-item"
                 @pointerup="onPointerUp"
               />

app/assets/javascripts/work_items/components/work_item_detail.vue

@@ -1029,6 +1029,9 @@ export default {
               :class="{ 'gl-mt-0': isDrawer }"
               :work-item-id="workItem.id"
               :work-item-iid="iid"
+              :work-item-full-path="workItemFullPath"
+              :work-item-web-url="workItem.webUrl"
+              :is-group="isGroupWorkItem"
               :upload-error="designUploadError"
               :upload-error-variant="designUploadErrorVariant"
               :is-saving="isSaving"

app/helpers/issuables_helper.rb

@@ -206,14 +206,6 @@ def has_filter_bar_param?
     finder.class.scalar_params.any? { |p| params[p].present? }
   end
 
-  def issuable_squash_option?(issuable, project)
-    if issuable.persisted?
-      issuable.squash
-    else
-      project.squash_enabled_by_default?
-    end
-  end
-
   def issuable_type_selector_data(issuable)
     {
       selected_type: issuable.issue_type,

app/helpers/merge_requests_helper.rb

@@ -363,6 +363,10 @@ def show_mr_dashboard_banner?
       show_new_mr_dashboard_banner?
   end
 
+  def merge_request_squash_option?(merge_request)
+    merge_request.persisted? ? merge_request.squash : merge_request.squash_enabled_by_default?
+  end
+
   private
 
   def review_requested_merge_requests_count

app/models/concerns/encrypted_user_password.rb

@@ -12,6 +12,16 @@ module EncryptedUserPassword
   BCRYPT_STRATEGY = :bcrypt
   PBKDF2_SHA512_STRATEGY = :pbkdf2_sha512
 
+  class_methods do
+    def stretches
+      prior_stretches = Rails.env.test? ? 1 : 10
+
+      return prior_stretches unless Feature.enabled?(:increase_password_storage_stretches) # rubocop:disable Gitlab/FeatureFlagWithoutActor -- required to enable FFing a Class method, which is required to FF the Stretches config
+
+      Rails.env.test? ? 5 : 13
+    end
+  end
+
   # Use Devise DatabaseAuthenticatable#authenticatable_salt
   # unless encrypted password is PBKDF2+SHA512.
   def authenticatable_salt
@@ -69,11 +79,27 @@ def password_matches?(password)
   end
 
   def migrate_password!(password)
-    return true if password_strategy == encryptor
+    # A note on ordering here:
+    # Other code expects to use this function to switch between pbkdf2 and bcrypt.
+    # Hence, if password strategy != encryptor, we need to fail immediately and migrate.
+    # Reversing this ordering will break tests in spec/models/concerns/encrypted_user_password_spec.rb.
+
+    if password_strategy == encryptor
+      return true unless Feature.enabled?(:increase_password_storage_stretches) # rubocop:disable Gitlab/FeatureFlagWithoutActor -- required to enable FFing a Class method, which is required to FF the Stretches config
+      return true if (BCRYPT_STRATEGY == password_strategy) && bcrypt_password_matches_current_stretches?
+      # We do not attempt to upgrade stretches on PBKDF2-stored passwords.
+      return true if PBKDF2_SHA512_STRATEGY == password_strategy
+    end
 
     update_attribute(:password, password)
   end
 
+  def bcrypt_password_matches_current_stretches?
+    return false unless bcrypt_password?
+
+    ::BCrypt::Password.new(encrypted_password).cost == self.class.stretches
+  end
+
   def encryptor
     return BCRYPT_STRATEGY unless Gitlab::FIPS.enabled?
 

app/services/users/reset_incoming_email_token_service.rb

+# frozen_string_literal: true
+
+module Users
+  class ResetIncomingEmailTokenService < BaseService
+    def initialize(current_user:, user:)
+      @current_user = current_user
+      @user = user
+    end
+
+    def execute!
+      return ServiceResponse.error(message: s_('Not permitted to reset user feed token')) unless reset_permitted?
+
+      Users::UpdateService.new(current_user, user: user).execute!(&:reset_incoming_email_token!)
+
+      ServiceResponse.success(message: 'Incoming mail token was successfully reset')
+    end
+
+    private
+
+    attr_reader :user
+
+    def reset_permitted?
+      Ability.allowed?(current_user, :update_user, user)
+    end
+  end
+end

app/views/shared/issuable/form/_merge_params.html.haml

-- issuable = local_assigns.fetch(:issuable)
-- project = local_assigns.fetch(:project)
+- merge_request = local_assigns.fetch(:issuable)
 
-- return unless issuable.is_a?(MergeRequest)
-- return if issuable.closed_or_merged_without_fork?
+- return if !merge_request.is_a?(MergeRequest) || merge_request.closed_or_merged_without_fork?
 
 .form-group.row.gl-mb-7
   .col-12
     %label
       = _('Merge options')
-    - if issuable.can_remove_source_branch?(current_user)
+    - if merge_request.can_remove_source_branch?(current_user)
       .form-check.gl-pl-0
         = hidden_field_tag 'merge_request[force_remove_source_branch]', '0', id: nil
-        = render Pajamas::CheckboxTagComponent.new(name: 'merge_request[force_remove_source_branch]', checked: issuable.force_remove_source_branch?, value: '1', checkbox_options: { class: 'js-form-update' }) do |c|
+        = render Pajamas::CheckboxTagComponent.new(name: 'merge_request[force_remove_source_branch]', checked: merge_request.force_remove_source_branch?, value: '1', checkbox_options: { class: 'js-form-update' }) do |c|
           - c.with_label do
             = _("Delete source branch when merge request is accepted.")
 
-    - if !project.squash_never?
+    - unless merge_request.squash_never?
       .form-check.gl-pl-0
-        - if project.squash_always?
+        - if merge_request.squash_always?
           = hidden_field_tag 'merge_request[squash]', '1', id: nil
-          = render Pajamas::CheckboxTagComponent.new(name: 'merge_request[squash]', checked: project.squash_enabled_by_default?, value: '1', checkbox_options: { class: 'js-form-update', disabled: true }) do |c|
+          = render Pajamas::CheckboxTagComponent.new(name: 'merge_request[squash]', checked: true, value: '1', checkbox_options: { class: 'js-form-update', disabled: true }) do |c|
             - c.with_label do
               = _("Squash commits when merge request is accepted.")
               = link_to sprite_icon('question-o'), help_page_path('user/project/merge_requests/squash_and_merge.md'), target: '_blank', rel: 'noopener noreferrer'
             - c.with_help_text do
-              = _('Required in this project.')
+              -# When we remove the feature flag we should also remove the local_assigns[:project]
+              - if Feature.enabled?(:branch_rule_squash_settings, local_assigns.fetch(:project))
+                = _('Required in this branch.')
+              - else
+                = _('Required in this project.')
         - else
           = hidden_field_tag 'merge_request[squash]', '0', id: nil
-          = render Pajamas::CheckboxTagComponent.new(name: 'merge_request[squash]', checked: issuable_squash_option?(issuable, project), value: '1', checkbox_options: { class: 'js-form-update' }) do |c|
+          = render Pajamas::CheckboxTagComponent.new(name: 'merge_request[squash]', checked: merge_request_squash_option?(merge_request), value: '1', checkbox_options: { class: 'js-form-update' }) do |c|
             - c.with_label do
               = _("Squash commits when merge request is accepted.")
               = link_to sprite_icon('question-o'), help_page_path('user/project/merge_requests/squash_and_merge.md'), target: '_blank', rel: 'noopener noreferrer'

app/workers/pages/reset_pages_default_domain_redirect_worker.rb

@@ -13,7 +13,9 @@ def handle_event(event)
 
       return unless project_settings
       return unless project_settings.pages_primary_domain
-      return unless event.data['domain'] == project_settings.pages_primary_domain
+
+      primary_domain = URI.parse(project_settings.pages_primary_domain).host
+      return unless event.data['domain'] == primary_domain
 
       project_settings.update!(pages_primary_domain: nil)
     end

app/workers/repository_update_remote_mirror_worker.rb

@@ -31,7 +31,7 @@ def perform(remote_mirror_id, scheduled_time, tries = 0)
       ttl: remote_mirror.max_runtime,
       sleep_sec: LOCK_WAIT_TIME
     ) do
-      update_mirror(remote_mirror, scheduled_time, tries)
+      update_mirror(remote_mirror, tries)
     end
   rescue Gitlab::ExclusiveLeaseHelpers::FailedToObtainLockError
     # If an update runs longer than 1.5 minutes, we'll reschedule it
@@ -42,13 +42,13 @@ def perform(remote_mirror_id, scheduled_time, tries = 0)
 
   private
 
-  def update_mirror(mirror, scheduled_time, tries)
+  def update_mirror(mirror, tries)
     project = mirror.project
     current_user = project.creator
     result = Projects::UpdateRemoteMirrorService.new(project, current_user).execute(mirror, tries)
 
     if result[:status] == :error && mirror.to_retry?
-      schedule_retry(mirror, scheduled_time, tries)
+      schedule_retry(mirror, tries)
     end
   end
 
@@ -56,12 +56,8 @@ def remote_mirror_update_lock(mirror_id)
     [self.class.name, mirror_id].join(':')
   end
 
-  def schedule_retry(mirror, scheduled_time, tries)
-    retry_time = if Feature.enabled?(:remote_mirror_retry_with_delay, mirror.project)
-                   Time.current + 1.second
-                 else
-                   scheduled_time
-                 end
+  def schedule_retry(mirror, tries)
+    retry_time = Time.current + 1.second
 
     self.class.perform_in(mirror.backoff_delay, mirror.id, retry_time, tries + 1)
   end

config/feature_flags/gitlab_com_derisk/remote_mirror_retry_with_delay.yml → config/feature_flags/gitlab_com_derisk/increase_password_storage_stretches.yml

 ---
-name: remote_mirror_retry_with_delay
-feature_issue_url: 
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/146707
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/472002
-milestone: '17.3'
-group: group::source code
+name: increase_password_storage_stretches
+feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/222481
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/177154
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/511397
+milestone: '17.9'
+group: group::authentication
 type: gitlab_com_derisk
 default_enabled: false

config/initializers/8_devise.rb

@@ -80,6 +80,13 @@
   # Limiting the stretches to just one in testing will increase the performance of
   # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
   # a value less than 10 in other environments.
+
+  # The bcrypt gem does not allow stretches to be set less than 4 (it will ignore it).
+  # To allow password WF upgrade testing (spec/models/concerns/encrypted_user_password_spec.rb),
+  # changing the test-side configuration to 5 to give the test something to do,
+  # along with changing the production value to 13 for https://gitlab.com/gitlab-org/gitlab/-/issues/222481.
+  # config.stretches = Rails.env.test? ? 5 : 13
+  # NOTE: This is being overridden in the `encrypted_user_password.rb` concern, behind an FF
   config.stretches = Rails.env.test? ? 1 : 10
 
   # Set up a pepper to generate the encrypted password.

config/metrics/counts_28d/20210409100451_users_expanding_testing_code_quality_report_monthly.yml

@@ -2,7 +2,7 @@
 data_category: optional
 key_path: redis_hll_counters.testing.users_expanding_testing_code_quality_report_monthly
 description: Count of expanding the code quality widget
-product_group: dynamic_analysis
+product_group: static_analysis
 product_categories:
 - code_quality
 value_type: number

config/metrics/counts_28d/20210901221410_p_ci_templates_code_quality_monthly.yml

 ---
 key_path: redis_hll_counters.ci_templates.p_ci_templates_code_quality_monthly
 description: ''
-product_group: pipeline_authoring
+product_group: static_analysis
 value_type: number
 status: active
 milestone: '14.3'