2020-02-03 - Triage report for "group::access"

Hi, @jeremy @dennis @lmcandrew @amandakhughes

This is a group or stage level triage package that aims to summarize the feature proposals and bugs which have not been scheduled or triaged. For more information please refer to the handbook:

• https://about.gitlab.com/handbook/engineering/quality/triage-operations/index.html#triage-packages

Scheduling the workload is a collaborative effort by the Product Managers and Engineering Managers for that group. Please work together to provide a best estimate on priority and milestone assignments. For each issue please:

• Determine if the issue should be closed if it is no longer relevant or a duplicate.
• If it is still relevant please assign either a best estimate versioned milestone, the %Backlog or the %Awaiting further demand milestone.
• Specifically for ~bug, if there is no priority or clarity on a versioned milestone, please add a Priority label. Priority labels have an estimate SLO attached to them and help team members and the wider community understand roughly when it will be considered to be scheduled.
  • https://docs.gitlab.com/ee/development/contributing/issue_workflow.html#priority-labels
• Once a milestone has been assigned please check off the box for that issue.
• Please work with your team to complete the list by the due date set.

Feature Proposal Section

For the following feature proposals. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone.

Unscheduled feature with customer

• #118479 (closed) Ability to download user data from .com accounts to CSV ~"Category:Authentication and Authorization", customer, devopsmanage, feature, ~"group::access"
• #39123 Additional LDAP login form custmomization customer, devopsmanage, feature, ~"group::access", ldap
• #36802 Groups provisionning using SAML SSO authentication, customer, devopsmanage, ~"enhancement", feature, ~"group::access", saml
• #36676 Hide ability to invite members to groups where SSO is enforced ~"Category:Authentication and Authorization", Enterprise Edition, customer, devopsmanage, feature, gitlab.com, ~"group::access"
• #36192 Account for Okta's LDAP Interface implementation quirks customer, devopsmanage, feature, ~"group::access", ldap
• #35001 (closed) Improved Admin Dashboard with User Information ~"Category:Authentication and Authorization", customer, devopsmanage, feature, ~"group::access"
• #33143 (closed) Group members domain whitelist should allow multiple domains ~"Category:Authentication and Authorization", auto updated, customer, devopsmanage, feature, ~"group::access", potential proposal
• #21862 Groups SSO SAML: Support for Duo Access Gateway customer, devopsmanage, feature, gitlab.com, ~"group::access", saml
• #14729 (closed) Group Deploy Tokens/Keys ~"Category:Authentication and Authorization", Enterprise Edition, customer, devopsmanage, feature, ~"group::access", settings
• #30857 (closed) Audit logs for CI / CD variables Category:Audit Events, ~"Category:Authentication and Authorization", Manage [DEPRECATED], customer, devopsmanage, ~"enhancement", feature, ~"group::access"
• #30409 (closed) Allow Terms of Service to link to public repository on same GitLab Instance ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"P4", ~"S4", customer, devopsmanage, feature, ~"group::access"
• #12975 (closed) The field "Enter new password" in Service Templates pages should show asterisks in the password field ~"Category:Authentication and Authorization", Enterprise Edition, Manage [DEPRECATED], UX, customer, devopsmanage, feature, frontend, ~"group::access", settings
• #30219 Configure session timeouts with Okta SSO ~"Category:Authentication and Authorization", customer, devopsmanage, feature, ~"group::access"
• #29842 Create Alert/Notification When Username is Modified (LDAP Integration) ~"Category:Authentication and Authorization", customer, devopsmanage, feature, ~"group::access"
• #12153 (closed) ForgeRock Identity Provider - for SAML/SCIM SSO-enabled group management Enterprise Edition, Manage [DEPRECATED], authentication, customer, devopsmanage, ~"enhancement", feature, gitlab.com, ~"group::access", saml, scim

---

Unscheduled feature (non-customer)

• #198662 (closed) Support a read-only scope for API access for OAuth applications ~"Category:Authentication and Authorization", devopsmanage, feature, ~"group::access"
• #198634 (closed) Unique login-URLs (browser shortcuts) for people with multiple accounts ~"Category:Authentication and Authorization", ~"devops", devopsmanage, feature, ~"group::access"
• #198054 Docs feedback: More detail in the GitLab DocsGitLab integrationsSAML OmniAuth Provider ~"Category:Authentication and Authorization", authentication, devopsmanage, documentation, feature, ~"group::access", saml
• #197969 (closed) Allow unauthenticated access to GPG keys [Follow up of #17569 (closed)] ~"Category:Authentication and Authorization", api, devopsmanage, feature, ~"group::access"
• #196248 (closed) Simplify Projects page by seperating All and Personal section ~"Category:Authentication and Authorization", devopsmanage, feature, ~"group::access"
• #196244 (closed) Set up a properly capitalized label for Microsoft OAuth2 ~"Category:Authentication and Authorization", devopsmanage, feature, ~"group::access"
• #121595 Include fork information in GraphQL Repository response ~"Category:Authentication and Authorization", GraphQL, devopsmanage, feature, forking, ~"group::access", project
• #118873 Allow reporters to create projects in a group ~"Category:Authentication and Authorization", devopsmanage, feature, ~"group::access", permissions
• #39482 (closed) Add avatar to Ghost user ~"Category:Authentication and Authorization", ~"component::avatars", devopsmanage, feature, ~"group::access"
• #39463 (closed) Allow 'Guest' role to read and pull from private repositories ~"Category:Authentication and Authorization", devopsmanage, feature, ~"group::access"
• #39207 (closed) Group Managed Accounts API returning admin-like Member data api, backend, devopsmanage, feature, ~"group::access", saml, scim
• #39203 Support multiple SCIM tokens ~"Category:Authentication and Authorization", backend, devopsmanage, feature, ~"group::access", scim
• #39040 (closed) Custom instance-wide bot accounts ~"Category:Authentication and Authorization", devopsmanage, feature, ~"group::access"
• #38543 Include statistics section in project API for public projects ~"Category:Authentication and Authorization", api, devopsmanage, feature, ~"group::access"
• #38113 (closed) Consider supporting additional SAML assertion formats devopsmanage, feature, ~"group::access", saml

---

Unscheduled UX Debt Issues

• #29200 (closed) Follow-up from "Fix alignment of resend button in members page" ~"Category:Authentication and Authorization", Manage [DEPRECATED], UX debt, devopsmanage, frontend, ~"group::access"
• #20456 (closed) Better Feedback For 2 Factor Auth With HTTP 2FA, UX debt, devopsmanage, ~"group::access"

---

Bug Section

For the following bugs. Please either close or assign either a versioned milestone, the %Backlog or the %Awaiting further demand milestone and ensure that a priority label is set.

Heatmap for all bugs

Bugs for their priority and severity label are counted here. Every bug should have severity and priority labels applied. Please take a look at the bugs which fall into the columns indicating that the priority or severity labels are currently missing.

	~S1	~S2	~S3	~S4	~"No severity"
~P1	2	0	0	0	0
~P2	3	9	0	0	0
~P3	0	2	46	6	2
~P4	1	2	35	25	0
~"No priority"	0	10	43	39	86

---

Unscheduled frontend ~bug with customer

• #29126 (closed) Enabled OAuth sign-in sources has confusing UI for disabling / enabling Omniauth providers ~"Category:Authentication and Authorization", Manage [DEPRECATED], UX, ~"bug", customer, devopsmanage, frontend, ~"group::access"

---

Unscheduled frontend ~bug (non-customer)

• #39532 (closed) Search in Productivity Analytics is buggy ~"Category:Authentication and Authorization", ~"S4", ~"bug", devopsmanage, frontend, ~"group::access"
• #38355 (closed) User popovers don't work in system notes ~"Category:Authentication and Authorization", ~"S4", ~"bug", devopsmanage, frontend, ~"group::access"
• #35125 (closed) Extra trailing %hr when using LDAP without smartcard ~"bug", devopsmanage, frontend, ~"group::access", ldap
• #34961 (closed) Autofocus authentication-code field during login ~"Category:Authentication and Authorization", ~"S4", ~"bug", devopsmanage, frontend, ~"group::access"
• #30561 (closed) Avatar/profile picture position of assignee on issue creation ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"S4", ~"bug", devopsmanage, frontend, ~"group::access"
• #30169 (closed) Avatar consistency ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"S4", UI polish, ~"bug", devopsmanage, frontend, ~"group::access"
• #30090 (closed) Description in Group's projects list is overflown ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"S4", UX, ~"bug", devopsmanage, frontend, ~"group::access"
• #12640 (closed) Externalized string using namespaces in new user form in admin area is missing required prefix ~"Category:Authentication and Authorization", Enterprise Edition, Manage [DEPRECATED], UI polish, ~"bug", devopsmanage, frontend, ~"group::access"
• #29511 (closed) On new project, modifying project name field updates project slug even if slug is customized ~"Category:Authentication and Authorization", Manage [DEPRECATED], UX, ~"bug", devopsmanage, frontend, ~"group::access", project, reproduced on GitLab.com, settings
• #29187 (closed) Filter by author is not working when you change a search or sorting filter in Todos ~"Category:Authentication and Authorization", Manage [DEPRECATED], UX, ~"bug", devopsmanage, frontend, ~"group::access", todos
• #28884 (closed) Large Branch name breaks UI in the settings page ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"S4", UI polish, ~"bug", devopsmanage, frontend, ~"group::access"
• #28875 (closed) Project Icons are not displaying for some projects in explore page ~"Category:Authentication and Authorization", Manage [DEPRECATED], awaiting feedback, ~"bug", devopsmanage, frontend, ~"group::access"
• #28874 (closed) Long Branch name breaks profile page activity design ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"S4", UI polish, ~"bug", devopsmanage, frontend, ~"group::access"
• #28808 (closed) Important parts of the top nav truncated on mobile Safari ~"Category:Authentication and Authorization", Manage [DEPRECATED], UX, ~"bug", devopsmanage, frontend, ~"group::access"
• #26855 (closed) Impersonation dropdown style is broken ~"Category:Authentication and Authorization", Manage [DEPRECATED], ~"P4", ~"S4", UX, admin dashboard, ~"bug", devopsmanage, frontend, global nav, ~"group::access", workflowverification

---

Unscheduled ~bug with customer

• #199587 (closed) New SCIM users not created with group SAML connection ~"Category:Authentication and Authorization", ~"S3", ~"bug", customer, devopsmanage, ~"group::access", scim
• #199363 (closed) SAML Response with UTF-8 encoded characters not supported ~"bug", customer, devopsmanage, ~"group::access", saml
• #197659 OpenSSL Cipher Recaptcha error on login page ~"Category:Authentication and Authorization", ~"S3", ~"bug", customer, devopsmanage, ~"group::access"
• #195963 (closed) Guest user cannot see code in 'internal' project ~"Category:Authentication and Authorization", ~"bug", customer, devopsmanage, ~"group::access"
• #195161 LDAP subgroup sync fails when user-to-be-synced has requested (but not received) higher permissions in parent group ~"S3", ~"bug", customer, devopsmanage, ~"group::access", ldap
• #39520 (closed) Group Search doesn't work as described in the https://docs.gitlab.com/ee/user/search/#groups ~"Category:Authentication and Authorization", ~"Category:Search", ~"bug", customer, devopsmanage, ~"group::access"
• #36671 (confidential) ~"(confidential)"
• #34159 (closed) Enabling "Require 2FA" forces smart card users to register an OTP / U2F 2FA, ~"bug", customer, devopsmanage, ~"group::access"
• #33046 (closed) "Namespace is not valid" error when trying to create a project through the admin area ~"Category:Authentication and Authorization", ~"S4", ~"bug", customer, devopsmanage, ~"group::access"
• #32346 Group still visible even with IP restriction ~"Category:Authentication and Authorization", ~"P2", ~"S1", ~"bug", customer, devopsmanage, ~"group::access", ~"missed-SLO"
• #14731 (closed) Auditor users cannot access public and internal projects when files access is limited to project members ~"Category:Authentication and Authorization", ~"bug", customer, devopsmanage, ~"group::access", permissions
• #30369 (closed) 500 Internal Server Error: GET https://gitlab.com/api/v4/groups/group_id ~"Category:Authentication and Authorization", Manage [DEPRECATED], api, ~"bug", customer, devopsmanage, ~"group::access"
• #30278 (closed) Unblocked users cannot see group projects added while they are blocked ~"Category:Authentication and Authorization", ~"S4", ~"bug", customer, devopsmanage, ~"group::access"
• #12856 Membership requests are taken into account for access level validation Enterprise Edition, Manage [DEPRECATED], ~"S3", ~"bug", customer, devopsmanage, ~"group::access", ldap
• #12178 (closed) Omniauth 500 when blocking new users Enterprise Edition, Manage [DEPRECATED], authentication, ~"bug", customer, devopsmanage, ~"group::access", oauth, saml

---

Unscheduled ~bug (non-customer)

• #199263 (closed) PersonalAccessTokens::ExpiringWorker fails every time with a date range error Background Processing, ~"Category:Authentication and Authorization", ~"bug", devopsmanage, ~"group::access"
• #197895 (closed) NoMethodError: undefined method `namespace' for nil:NilClass ~"Category:Authentication and Authorization", ~"P1", ~"S1", ~"bug", devopsmanage, ~"group::access"
• #197313 Group path validation does not handle subgroup paths properly ~"Category:Authentication and Authorization", ~"S3", ~"bug", devopsmanage, ~"group::access"
• #196721 (closed) gitlab omniauth + oauth2 report "You need to sign in or sign up before continuing." authentication, backend, ~"bug", devopsmanage, ~"group::access", oauth
• #196150 (closed) Previous Group Path Exposed via Transfered Group/Sub-Group/Project Audit Events ~"Category:Authentication and Authorization", HackerOne, ~"P4", ~"S4", ~"bug", devopsmanage, ~"group::access"
• #196131 (closed) SAML - bypass 2 factor authentication - don't require GitLab 2FA to exist ~"P4", ~"S4", ~"bug", devopsmanage, ~"group::access", saml
• #196028 (closed) Impersonating an admin who impersonates yourself leads to a non-audited authenticated session ~"Category:Authentication and Authorization", ~"P4", ~"S4", ~"bug", devopsmanage, ~"group::access"
• #195666 (closed) GPG key upload has no effect but also shows no errors ~"Category:Authentication and Authorization", ~"S2", ~"bug", devopsmanage, gpg, ~"group::access"
• #194189 (closed) Endless automatic omniauth redirect loop if user doesn't exist ~"S2", ~"bug", devopsmanage, ~"group::access", saml
• #121569 (closed) I keep getting logged out every day! ~"Category:Authentication and Authorization", ~"S4", ~"bug", devopsmanage, ~"group::access"
• #119497 (closed) Gitlab redirects me to serviceworker.js ~"S3", authentication, ~"bug", devopsmanage, ~"group::access", needs investigation
• #119291 (closed) Setting a complex password for a newly bootstrapping instances fails ~"Category:Authentication and Authorization", ~"bug", devopsmanage, ~"group::access"
• #118433 (closed) GitLab CE "500 Error" when i go to group_members page ~"Category:Authentication and Authorization", ~"S3", ~"bug", devopsmanage, ~"group::access"
• #85046 (closed) Gitlab CE does not send reset password email ~"Category:Authentication and Authorization", ~"S2", ~"bug", devopsmanage, ~"group::access"
• #55345 (closed) project_count size in /groups/???/-/children.json does not take user access permissions into account and returns the full size. ~"Category:Authentication and Authorization", ~"S3", ~"bug", devopsmanage, ~"group::access"

---

Heatmap for ~missed-SLO bugs

	~S1	~S2	~S3	~S4
~P1	0	0	0	0
~P2	1	4	0	0
~P3	0	0	0	0
~P4	1	0	0	0

---

---

This is a group level triage package that aims to collate the latest bug reports (for frontend and otherwise) and feature proposals. For more information please refer to the handbook:

• https://about.gitlab.com/handbook/engineering/quality/triage-operations/index.html#triage-packages

---

If assignees or people mentioned in this individual triage package need to be amended, please edit team-triage-package.yml.