Add latest changes from gitlab-org/gitlab@master

2024-06-08 03:19:55 +00:00 · 2024-06-08 03:19:55 +00:00 · 4bc613f07e
parent 54bb6d645b
commit 4bc613f07e
11 changed files with 27 additions and 36 deletions
--- a/app/services/lfs/unlock_file_service.rb
+++ b/app/services/lfs/unlock_file_service.rb
@ -28,7 +28,7 @@ module Lfs
      elsif forced
        error(_('You must have maintainer access to force delete a lock'), 403)
      else
-        error(_("%{lock_path} is locked by @%{lock_user_name}") % { lock_path: lock.path, lock_user_name: lock.user.username }, 403)
+        error(format(_("'%{lock_path}' is locked by @%{lock_user_name}"), lock_path: lock.path, lock_user_name: lock.user.username), 403)
      end
    end

--- a/config/feature_flags/gitlab_com_derisk/extra_slug_path_sanitization.yml
+++ b/config/feature_flags/gitlab_com_derisk/extra_slug_path_sanitization.yml
@ -1,9 +0,0 @@
---
-name: extra_slug_path_sanitization
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/439623
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/145038
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/442650
-milestone: '16.10'
-group: group::authentication
-type: gitlab_com_derisk
-default_enabled: false
--- a/doc/user/packages/container_registry/troubleshoot_container_registry.md
+++ b/doc/user/packages/container_registry/troubleshoot_container_registry.md
@ -163,3 +163,15 @@ Error response from daemon: Get "https://gitlab.company.com:4567/v2/": denied: a

 To avoid this error, ensure the `Authorization` header is not stripped from the request.
 For example, a proxy in front of GitLab might be redirecting to the `/jwt/auth` endpoint.
+
+## `OCI manifest found, but accept header does not support OCI manifests` error
+
+If you are unable to pull an image, the registry logs could have an error similar to:
+
+```plaintext
+manifest unknown: OCI manifest found, but accept header does not support OCI manifests
+```
+
+This error happens when a client does not submit the correct `Accept: application/vnd.oci.image.manifest.v1+json`
+header. Make sure your Docker client version is up to date. If you are using a third party tool,
+make sure it can handle OCI manifests.
--- a/doc/user/project/file_lock.md
+++ b/doc/user/project/file_lock.md
@ -42,7 +42,7 @@ Developer role in the repository.
 Only the user who locked the file or directory can edit locked files. Other
 users are prevented from modifying locked files by pushing, merging,
 or any other means, and are shown an error like:
-`The path '.gitignore' is locked by Administrator`.
+`'.gitignore' is locked by @Administrator`.

 ## Exclusive file locks

--- a/lib/gitlab/auth/o_auth/user.rb
+++ b/lib/gitlab/auth/o_auth/user.rb
@ -250,12 +250,7 @@ module Gitlab
        end

        def sanitize_username(username)
-          if Feature.enabled?(:extra_slug_path_sanitization)
-            ExternalUsernameSanitizer.new(username).sanitize
-          else
-            valid_username = ::Namespace.clean_path(username)
-            Gitlab::Utils::Uniquify.new.string(valid_username) { |s| !NamespacePathValidator.valid_path?(s) }
-          end
+          ExternalUsernameSanitizer.new(username).sanitize
        end

        def sync_profile_from_provider?
--- a/lib/gitlab/checks/diff_check.rb
+++ b/lib/gitlab/checks/diff_check.rb
@ -71,7 +71,8 @@ module Gitlab
          lfs_lock = project.lfs_file_locks.where(path: paths).where.not(user_id: user_access.user.id).take

          if lfs_lock
-            return "The path '#{lfs_lock.path}' is locked in Git LFS by #{lfs_lock.user.username}"
+            return format(_("'%{lock_path}' is locked in Git LFS by @%{lock_user_name}"),
+              lock_path: lfs_lock.path, lock_user_name: lfs_lock.user.username)
          end
        end
      end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -992,9 +992,6 @@ msgstr ""
 msgid "%{listToShow}, and %{awardsListLength} more"
 msgstr ""

-msgid "%{lock_path} is locked by @%{lock_user_name}"
-msgstr ""
-
 msgid "%{mergeLength}/%{usersLength} can merge"
 msgstr ""

@ -1476,6 +1473,12 @@ msgstr ""
 msgid "'%{level}' is not a valid visibility level"
 msgstr ""

+msgid "'%{lock_path}' is locked by @%{lock_user_name}"
+msgstr ""
+
+msgid "'%{lock_path}' is locked in Git LFS by @%{lock_user_name}"
+msgstr ""
+
 msgid "'%{source}' is not a import source"
 msgstr ""

--- a/spec/features/user_settings/personal_access_tokens_spec.rb
+++ b/spec/features/user_settings/personal_access_tokens_spec.rb
@ -89,7 +89,7 @@ RSpec.describe 'User Settings > Personal Access Tokens', :js, feature_category:
  describe "inactive tokens" do
    let!(:personal_access_token) { create(:personal_access_token, user: user) }

-    it "allows revocation of an active token" do
+    it "allows revocation of an active token", quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/435388' do
      visit user_settings_personal_access_tokens_path
      accept_gl_confirm(button_text: 'Revoke') { click_on "Revoke" }

--- a/spec/lib/gitlab/auth/o_auth/user_spec.rb
+++ b/spec/lib/gitlab/auth/o_auth/user_spec.rb
@ -982,17 +982,6 @@ RSpec.describe Gitlab::Auth::OAuth::User, feature_category: :system_access do
        expect(gl_user).to be_valid
        expect(gl_user.username).to eq('opie.the_opossum')
      end
-
-      context 'and extra_slug_path_sanitization feature is disabled' do
-        before do
-          stub_feature_flags(extra_slug_path_sanitization: false)
-        end
-
-        it 'fails to create user' do
-          expect(gl_user).not_to be_valid
-          expect(gl_user.errors[:username]).to be_present
-        end
-      end
    end
  end

--- a/spec/lib/gitlab/checks/diff_check_spec.rb
+++ b/spec/lib/gitlab/checks/diff_check_spec.rb
@ -94,7 +94,7 @@ RSpec.describe Gitlab::Checks::DiffCheck, feature_category: :source_code_managem

        context 'when change is sent by a different user' do
          it 'raises an error if the user is not allowed to update the file' do
-            expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path 'README' is locked in Git LFS by #{lock.user.username}")
+            expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "'README' is locked in Git LFS by @#{lock.user.username}")
          end
        end

@ -148,7 +148,7 @@ RSpec.describe Gitlab::Checks::DiffCheck, feature_category: :source_code_managem
          end

          it "does raise an error" do
-            expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path 'files/locked/baz.lfs' is locked in Git LFS by #{owner.username}")
+            expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "'files/locked/baz.lfs' is locked in Git LFS by @#{owner.username}")
          end
        end
      end
--- a/spec/services/lfs/unlock_file_service_spec.rb
+++ b/spec/services/lfs/unlock_file_service_spec.rb
@ -58,7 +58,7 @@ RSpec.describe Lfs::UnlockFileService, feature_category: :source_code_management
          result = subject.execute

          expect(result[:status]).to eq(:error)
-          expect(result[:message]).to match(/is locked by @#{lock_author.username}/)
+          expect(result[:message]).to match(/'README.md' is locked by @#{lock_author.username}/)
          expect(result[:http_status]).to eq(403)
        end
      end