2020-03-09 - Triage report for "group::access"

Hi, @jeremy @dennis @lmcandrew @amandakhughes

This is a group or stage level triage package that aims to summarize the feature proposals and bugs which have not been scheduled or triaged. For more information please refer to the handbook:

• https://about.gitlab.com/handbook/engineering/quality/triage-operations/index.html#triage-packages

Scheduling the workload is a collaborative effort by the Product Managers and Engineering Managers for that group. Please work together to provide a best estimate on priority and milestone assignments. For each issue please:

• Determine if the issue should be closed if it is no longer relevant or a duplicate.
• If it is still relevant please assign either a best estimate versioned milestone, the %Backlog or the %Awaiting further demand milestone.
• Specifically for ~bug, if there is no priority or clarity on a versioned milestone, please add a Priority label. Priority labels have an estimate SLO attached to them and help team members and the wider community understand roughly when it will be considered to be scheduled.
  • https://docs.gitlab.com/ee/development/contributing/issue_workflow.html#priority-labels
• Once a milestone has been assigned please check off the box for that issue.
• Please work with your team to complete the list by the due date set.

Feature Proposal Section

For the following feature proposals. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone.

Unscheduled feature with customer

• #209341 (closed) Custom Landing Page for Blocked Users ~"Category:Authentication and Authorization", Category:User Management, customer, devopsmanage, feature, ~"group::access"
• #208956 OAuth2 Group Claims ~"Category:Authentication and Authorization", customer, devopsmanage, feature, ~"group::access"
• #208361 (confidential) ~"(confidential)"
• #207371 Associate a role to a project's deploy key ~"Category:Authentication and Authorization", customer, ~"devops", devopsmanage, feature, ~"group::access"
• #205403 (closed) Group-level option to enable read-only code access to Private repos for Guest users ~"Category:Authentication and Authorization", customer, customer+, devopsmanage, feature, ~"group::access"
• #202677 Add Applications API for User applications ~"Category:APIs/SDKs", api, customer, devopsmanage, feature, ~"group::access", oauth
• #39123 Additional LDAP login form custmomization customer, devopsmanage, feature, ~"group::access", ldap
• #36802 Groups provisionning using SAML SSO authentication, customer, devopsmanage, ~"enhancement", feature, ~"group::access", saml
• #36676 Hide ability to invite members to groups where SSO is enforced ~"Category:Authentication and Authorization", Enterprise Edition, customer, devopsmanage, feature, gitlab.com, ~"group::access"
• #36192 Account for Okta's LDAP Interface implementation quirks customer, devopsmanage, feature, ~"group::access", ldap
• #35001 (closed) Improved Admin Dashboard with User Information ~"Category:Authentication and Authorization", customer, devopsmanage, feature, ~"group::access"
• #33143 (closed) Group members domain whitelist should allow multiple domains ~"Category:Authentication and Authorization", auto updated, customer, devopsmanage, feature, ~"group::access", potential proposal
• #21862 Groups SSO SAML: Support for Duo Access Gateway customer, devopsmanage, feature, gitlab.com, ~"group::access", saml
• #30857 (closed) Audit logs for CI / CD variables Category:Audit Events, ~"Category:Authentication and Authorization", Manage [DEPRECATED], customer, devopsmanage, ~"enhancement", feature, ~"group::access"
• #30409 (closed) Allow Terms of Service to link to public repository on same GitLab Instance ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"P4", ~"S4", customer, devopsmanage, feature, ~"group::access"

---

Unscheduled feature (non-customer)

• #208699 (closed) Zapier integration - Add basic Auth login ~"Category:Authentication and Authorization", devopsmanage, feature, ~"group::access"
• #208236 (closed) Alert for remove project owner ~"Category:Authentication and Authorization", Category:User Management, devopsmanage, feature, ~"group::access"
• #207903 Provide one time tokens for HTTPS clones when 2FA is enabled authentication, devopsmanage, feature, ~"group::access", personal access tokens
• #207792 Make it possible to setup multiple 2FA apps 2FA, authentication, devopsmanage, feature, ~"group::access"
• #207738 (closed) Request: TFA with Phone Number ~"Category:Authentication and Authorization", devopsmanage, feature, ~"group::access"
• #207562 (closed) 2FA: Proposal - Use inputmode=numeric on OTP input fields 2FA, authentication, devopsmanage, feature, frontend, ~"group::access", security
• #207264 Scoping CODEOWNERS to a set of branches ~"Category:Authentication and Authorization", Category:Source Code Management, devopsmanage, ~"enhancement", feature, ~"group::access"
• #207262 (closed) Allow forking to namespaces where Developers/Maintainers are allowed to create projects ~"Category:Authentication and Authorization", backend, devopsmanage, feature, ~"group::access"
• #204763 API Feature: List group projects with authenticated user permissions ~"Category:Authentication and Authorization", api, devopsmanage, feature, ~"group::access", permissions
• #202644 (closed) API - Allow to search projects by membership level ~"Category:Authentication and Authorization", api, devopsmanage, feature, ~"group::access"
• #202214 (closed) Improve Group Managed Account experience for active groups ~"Category:Authentication and Authorization", Enterprise Edition, UX, authentication, backend, devopsmanage, feature, gitlab.com, ~"group::access", saml
• #201790 (closed) Automaticlly remove unconfirmed accounts ~"Category:Authentication and Authorization", devopsmanage, feature, ~"group::access", spam fighting
• #201788 Self-hosted alternative to Recaptcha ~"Category:Authentication and Authorization", devopsmanage, feature, ~"group::access", spam fighting
• #198662 (closed) Support a read-only scope for API access for OAuth applications ~"Category:Authentication and Authorization", devopsmanage, feature, ~"group::access"
• #198634 (closed) Unique login-URLs (browser shortcuts) for people with multiple accounts ~"Category:Authentication and Authorization", ~"devops", devopsmanage, feature, ~"group::access"

---

Unscheduled UX Debt Issues

• #29200 (closed) Follow-up from "Fix alignment of resend button in members page" ~"Category:Authentication and Authorization", Manage [DEPRECATED], UX debt, devopsmanage, frontend, ~"group::access"
• #20456 (closed) Better Feedback For 2 Factor Auth With HTTP 2FA, UX debt, devopsmanage, ~"group::access"

---

Bug Section

For the following bugs. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone and ensure that a priority label is set.

Heatmap for all bugs

Bugs for their priority and severity label are counted here. Every bug should have severity and priority labels applied. Please take a look at the bugs which fall into the columns indicating that the priority or severity labels are currently missing.

	~S1	~S2	~S3	~S4	No severity
~P1	2	0	0	0	0
~P2	1	7	0	0	3
~P3	0	2	46	6	2
~P4	1	2	37	25	0
No priority	0	11	49	44	101

---

Unscheduled frontend ~bug with customer

• #205513 (closed) Create subgroup button missing ~"Category:Authentication and Authorization", ~"bug", customer, devopsmanage, frontend, ~"group::access", reproduced on GitLab.com
• #29126 (closed) Enabled OAuth sign-in sources has confusing UI for disabling / enabling Omniauth providers ~"Category:Authentication and Authorization", Manage [DEPRECATED], UX, ~"bug", customer, devopsmanage, frontend, ~"group::access"

---

Unscheduled frontend ~bug (non-customer)

• #202300 (closed) SAML SSO config toggle buttons change state on navigating to the Settings page ~"S3", ~"bug", devopsmanage, frontend, ~"group::access", saml
• #38355 (closed) User popovers don't work in system notes ~"Category:Authentication and Authorization", ~"S4", ~"bug", devopsmanage, frontend, ~"group::access"
• #35125 (closed) Extra trailing %hr when using LDAP without smartcard ~"bug", devopsmanage, frontend, ~"group::access", ldap
• #34961 (closed) Autofocus authentication-code field during login ~"Category:Authentication and Authorization", ~"S4", ~"bug", devopsmanage, frontend, ~"group::access"
• #30561 (closed) Avatar/profile picture position of assignee on issue creation ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"S4", ~"bug", devopsmanage, frontend, ~"group::access"
• #30169 (closed) Avatar consistency ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"S4", UI polish, ~"bug", devopsmanage, frontend, ~"group::access"
• #30090 (closed) Description in Group's projects list is overflown ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"S4", UX, ~"bug", devopsmanage, frontend, ~"group::access"
• #12640 (closed) Externalized string using namespaces in new user form in admin area is missing required prefix ~"Category:Authentication and Authorization", Enterprise Edition, Manage [DEPRECATED], UI polish, ~"bug", devopsmanage, frontend, ~"group::access"
• #29511 (closed) On new project, modifying project name field updates project slug even if slug is customized ~"Category:Authentication and Authorization", Manage [DEPRECATED], UX, ~"bug", devopsmanage, frontend, ~"group::access", project, reproduced on GitLab.com, settings
• #29187 (closed) Filter by author is not working when you change a search or sorting filter in Todos ~"Category:Authentication and Authorization", Manage [DEPRECATED], UX, ~"bug", devopsmanage, frontend, ~"group::access", todos
• #28884 (closed) Large Branch name breaks UI in the settings page ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"S4", UI polish, ~"bug", devopsmanage, frontend, ~"group::access"
• #28875 (closed) Project Icons are not displaying for some projects in explore page ~"Category:Authentication and Authorization", Manage [DEPRECATED], awaiting feedback, ~"bug", devopsmanage, frontend, ~"group::access"
• #28874 (closed) Long Branch name breaks profile page activity design ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"S4", UI polish, ~"bug", devopsmanage, frontend, ~"group::access"
• #28808 (closed) Important parts of the top nav truncated on mobile Safari ~"Category:Authentication and Authorization", Manage [DEPRECATED], UX, ~"bug", devopsmanage, frontend, ~"group::access"
• #26855 (closed) Impersonation dropdown style is broken ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"P4", ~"S4", UX, admin dashboard, ~"bug", devopsmanage, frontend, global nav, ~"group::access", workflowverification

---

Unscheduled ~bug with customer

• #209047 (closed) When LDAP doesn't supply email address the user is no longer allowed to set it in the UI UI component, ~"bug", customer, devopsmanage, ~"group::access", ldap, regression, regression:12.8
• #208970 (closed) Group share project accessibility issue ~"Category:Authentication and Authorization", ~"Category:Subgroups", ~"bug", customer, devopsmanage, ~"group::access", reproduced on GitLab.com, subgroups
• #207548 (closed) License isn't consumed immediately when new Admin account logs in via LDAP Category:User Management, Enterprise Edition, ~"bug", customer, devopsmanage, ~"group::access", ldap
• #204762 (closed) 12.7.5-ee upgrade causes emails sent to the users with the "Never Expire" PAT's ~"Category:Authentication and Authorization", ~"S2", ~"bug", customer, devopsmanage, ~"group::access"
• #199363 (closed) SAML Response with UTF-8 encoded characters not supported ~"bug", customer, devopsmanage, ~"group::access", saml
• #197659 (closed) OpenSSL Cipher Recaptcha error on login page ~"Category:Authentication and Authorization", ~"S3", ~"bug", customer, devopsmanage, ~"group::access"
• #195963 (closed) Guest user cannot see code in 'internal' project ~"Category:Authentication and Authorization", ~"bug", customer, devopsmanage, ~"group::access"
• #195161 LDAP subgroup sync fails when user-to-be-synced has requested (but not received) higher permissions in parent group ~"S3", ~"bug", customer, devopsmanage, ~"group::access", ldap
• #39520 (closed) Group Search doesn't work as described in the https://docs.gitlab.com/ee/user/search/#groups ~"Category:Authentication and Authorization", Category:Global Search, ~"bug", customer, devopsmanage, ~"group::access"
• #36671 (confidential) ~"(confidential)"
• #36077 (closed) Regular user access tokens unable to see external accounts ~"Category:Authentication and Authorization", api, ~"bug", customer, devopsmanage, ~"group::access"
• #34411 (closed) admins get misleading error message while creating a project when project limit is reached ~"Category:Authentication and Authorization", ~"S4", ~"bug", customer, devopsmanage, ~"group::access"
• #33046 (closed) "Namespace is not valid" error when trying to create a project through the admin area ~"Category:Authentication and Authorization", ~"S4", ~"bug", customer, devopsmanage, ~"group::access"
• #32346 Group still visible even with IP restriction ~"Category:Authentication and Authorization", ~"P2", ~"S1", ~"bug", customer, devopsmanage, ~"group::access", ~"missed-SLO"
• #14731 (closed) Auditor users cannot access public and internal projects when files access is limited to project members ~"Category:Authentication and Authorization", ~"bug", customer, devopsmanage, ~"group::access", permissions

---

Unscheduled ~bug (non-customer)

• #209081 (closed) Removing a Group Manged user from the group should not prevent re-joining ~"UX Bug", ~"bug", devopsmanage, ~"group::access", saml
• #208953 (closed) 400 Bad request when trying to get token ~"Category:Authentication and Authorization", ~"S3", ~"bug", devopsmanage, ~"group::access"
• #208522 (closed) Maintainer getting "401 Unauthorized" error ~"Category:Authentication and Authorization", ~"S4", ~"bug", devopsmanage, ~"group::access"
• #208130 Email notification about login email changed is not received when using verified linked email address ~"Category:Authentication and Authorization", HackerOne, ~"S4", ~"bug", devopsmanage, ~"group::access"
• #207991 (closed) Opening the notifications settings page with a large amount of groups (1246 groups) causes unusability ~"Category:Authentication and Authorization", Quality, ~"S4", ~"bug", devopsmanage, ~"group::access", ~"performance", reproduced on GitLab.com
• #207818 (closed) Cannot update external flag and can_create_group at once ~"Category:Authentication and Authorization", ~"S3", ~"bug", devopsmanage, ~"group::access"
• #207795 (closed) Every browser close clearing GitLab session on Android authentication, ~"bug", devopsmanage, ~"group::access"
• #207624 Cannot add SSH key (Fingerprint has already been taken) even though none a registered ~"S4", authentication, ~"bug", devopsmanage, ~"group::access"
• #207555 Group Membership Permission Changes not taking Effect ~"Category:Authentication and Authorization", ~"S3", ~"bug", devopsmanage, ~"group::access"
• #207354 (closed) uploading user avatar recieve error 411 ~"Category:Authentication and Authorization", ~"S3", ~"bug", devopsmanage, ~"group::access"
• #205902 (closed) Hide "Initialize repository with a README" when permissions aren't sufficient ~"Category:Authentication and Authorization", ~"bug", devopsmanage, ~"group::access", permissions
• #204784 (closed) No longer able to (as administrator) update email address for users or create an 'already validated' user ~"Category:Authentication and Authorization", ~"S4", ~"bug", devopsmanage, ~"group::access"
• #204744 (closed) Group SAML Enforce SSO not enabled after navigating back to Group Settings page. ~"S3", ~"bug", devopsmanage, ~"group::access", saml
• #202366 (closed) Can't pull LDAP groups from AD (search error: Referral) ~"Category:Authentication and Authorization", ~"S3", ~"bug", devopsmanage, ~"group::access"
• #202291 (closed) Sign out link broken on 404 page ~"S3", authentication, ~"bug", devopsmanage, ~"group::access"

---

Heatmap for ~missed-SLO bugs

	~S1	~S2	~S3	~S4
~P1	2	0	0	0
~P2	1	4	0	0
~P3	0	0	0	0
~P4	1	0	0	0

---

---

This is a group level triage package that aims to collate the latest bug reports (for frontend and otherwise) and feature proposals. For more information please refer to the handbook:

• https://about.gitlab.com/handbook/engineering/quality/triage-operations/index.html#triage-packages

---

If assignees or people mentioned in this individual triage package need to be amended, please edit team-triage-package.yml.