diff --git a/app/services/lfs/unlock_file_service.rb b/app/services/lfs/unlock_file_service.rb index 0c81e1dde4e..61f07531e40 100644 --- a/app/services/lfs/unlock_file_service.rb +++ b/app/services/lfs/unlock_file_service.rb @@ -28,7 +28,7 @@ module Lfs elsif forced error(_('You must have maintainer access to force delete a lock'), 403) else - error(_("%{lock_path} is locked by @%{lock_user_name}") % { lock_path: lock.path, lock_user_name: lock.user.username }, 403) + error(format(_("'%{lock_path}' is locked by @%{lock_user_name}"), lock_path: lock.path, lock_user_name: lock.user.username), 403) end end diff --git a/config/feature_flags/gitlab_com_derisk/extra_slug_path_sanitization.yml b/config/feature_flags/gitlab_com_derisk/extra_slug_path_sanitization.yml deleted file mode 100644 index d49227fe8f3..00000000000 --- a/config/feature_flags/gitlab_com_derisk/extra_slug_path_sanitization.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -name: extra_slug_path_sanitization -feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/439623 -introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/145038 -rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/442650 -milestone: '16.10' -group: group::authentication -type: gitlab_com_derisk -default_enabled: false diff --git a/doc/user/packages/container_registry/troubleshoot_container_registry.md b/doc/user/packages/container_registry/troubleshoot_container_registry.md index c738d36eb4e..ee063b91717 100644 --- a/doc/user/packages/container_registry/troubleshoot_container_registry.md +++ b/doc/user/packages/container_registry/troubleshoot_container_registry.md @@ -163,3 +163,15 @@ Error response from daemon: Get "https://gitlab.company.com:4567/v2/": denied: a To avoid this error, ensure the `Authorization` header is not stripped from the request. For example, a proxy in front of GitLab might be redirecting to the `/jwt/auth` endpoint. + +## `OCI manifest found, but accept header does not support OCI manifests` error + +If you are unable to pull an image, the registry logs could have an error similar to: + +```plaintext +manifest unknown: OCI manifest found, but accept header does not support OCI manifests +``` + +This error happens when a client does not submit the correct `Accept: application/vnd.oci.image.manifest.v1+json` +header. Make sure your Docker client version is up to date. If you are using a third party tool, +make sure it can handle OCI manifests. diff --git a/doc/user/project/file_lock.md b/doc/user/project/file_lock.md index c404ac3bdc7..74f05439563 100644 --- a/doc/user/project/file_lock.md +++ b/doc/user/project/file_lock.md @@ -42,7 +42,7 @@ Developer role in the repository. Only the user who locked the file or directory can edit locked files. Other users are prevented from modifying locked files by pushing, merging, or any other means, and are shown an error like: -`The path '.gitignore' is locked by Administrator`. +`'.gitignore' is locked by @Administrator`. ## Exclusive file locks diff --git a/lib/gitlab/auth/o_auth/user.rb b/lib/gitlab/auth/o_auth/user.rb index 99de87eef1c..ca2730f855d 100644 --- a/lib/gitlab/auth/o_auth/user.rb +++ b/lib/gitlab/auth/o_auth/user.rb @@ -250,12 +250,7 @@ module Gitlab end def sanitize_username(username) - if Feature.enabled?(:extra_slug_path_sanitization) - ExternalUsernameSanitizer.new(username).sanitize - else - valid_username = ::Namespace.clean_path(username) - Gitlab::Utils::Uniquify.new.string(valid_username) { |s| !NamespacePathValidator.valid_path?(s) } - end + ExternalUsernameSanitizer.new(username).sanitize end def sync_profile_from_provider? diff --git a/lib/gitlab/checks/diff_check.rb b/lib/gitlab/checks/diff_check.rb index d0492a39a56..67c0243e96d 100644 --- a/lib/gitlab/checks/diff_check.rb +++ b/lib/gitlab/checks/diff_check.rb @@ -71,7 +71,8 @@ module Gitlab lfs_lock = project.lfs_file_locks.where(path: paths).where.not(user_id: user_access.user.id).take if lfs_lock - return "The path '#{lfs_lock.path}' is locked in Git LFS by #{lfs_lock.user.username}" + return format(_("'%{lock_path}' is locked in Git LFS by @%{lock_user_name}"), + lock_path: lfs_lock.path, lock_user_name: lfs_lock.user.username) end end end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index e3a969f7d26..74e4bee77a4 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -992,9 +992,6 @@ msgstr "" msgid "%{listToShow}, and %{awardsListLength} more" msgstr "" -msgid "%{lock_path} is locked by @%{lock_user_name}" -msgstr "" - msgid "%{mergeLength}/%{usersLength} can merge" msgstr "" @@ -1476,6 +1473,12 @@ msgstr "" msgid "'%{level}' is not a valid visibility level" msgstr "" +msgid "'%{lock_path}' is locked by @%{lock_user_name}" +msgstr "" + +msgid "'%{lock_path}' is locked in Git LFS by @%{lock_user_name}" +msgstr "" + msgid "'%{source}' is not a import source" msgstr "" diff --git a/spec/features/user_settings/personal_access_tokens_spec.rb b/spec/features/user_settings/personal_access_tokens_spec.rb index 3015e4151ba..2708a34e54f 100644 --- a/spec/features/user_settings/personal_access_tokens_spec.rb +++ b/spec/features/user_settings/personal_access_tokens_spec.rb @@ -89,7 +89,7 @@ RSpec.describe 'User Settings > Personal Access Tokens', :js, feature_category: describe "inactive tokens" do let!(:personal_access_token) { create(:personal_access_token, user: user) } - it "allows revocation of an active token" do + it "allows revocation of an active token", quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/435388' do visit user_settings_personal_access_tokens_path accept_gl_confirm(button_text: 'Revoke') { click_on "Revoke" } diff --git a/spec/lib/gitlab/auth/o_auth/user_spec.rb b/spec/lib/gitlab/auth/o_auth/user_spec.rb index ca2115df764..20b25f5b08a 100644 --- a/spec/lib/gitlab/auth/o_auth/user_spec.rb +++ b/spec/lib/gitlab/auth/o_auth/user_spec.rb @@ -982,17 +982,6 @@ RSpec.describe Gitlab::Auth::OAuth::User, feature_category: :system_access do expect(gl_user).to be_valid expect(gl_user.username).to eq('opie.the_opossum') end - - context 'and extra_slug_path_sanitization feature is disabled' do - before do - stub_feature_flags(extra_slug_path_sanitization: false) - end - - it 'fails to create user' do - expect(gl_user).not_to be_valid - expect(gl_user.errors[:username]).to be_present - end - end end end diff --git a/spec/lib/gitlab/checks/diff_check_spec.rb b/spec/lib/gitlab/checks/diff_check_spec.rb index 8056611b5bd..6001ce2b9d7 100644 --- a/spec/lib/gitlab/checks/diff_check_spec.rb +++ b/spec/lib/gitlab/checks/diff_check_spec.rb @@ -94,7 +94,7 @@ RSpec.describe Gitlab::Checks::DiffCheck, feature_category: :source_code_managem context 'when change is sent by a different user' do it 'raises an error if the user is not allowed to update the file' do - expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path 'README' is locked in Git LFS by #{lock.user.username}") + expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "'README' is locked in Git LFS by @#{lock.user.username}") end end @@ -148,7 +148,7 @@ RSpec.describe Gitlab::Checks::DiffCheck, feature_category: :source_code_managem end it "does raise an error" do - expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "The path 'files/locked/baz.lfs' is locked in Git LFS by #{owner.username}") + expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "'files/locked/baz.lfs' is locked in Git LFS by @#{owner.username}") end end end diff --git a/spec/services/lfs/unlock_file_service_spec.rb b/spec/services/lfs/unlock_file_service_spec.rb index 2786c544ae4..51d5391e793 100644 --- a/spec/services/lfs/unlock_file_service_spec.rb +++ b/spec/services/lfs/unlock_file_service_spec.rb @@ -58,7 +58,7 @@ RSpec.describe Lfs::UnlockFileService, feature_category: :source_code_management result = subject.execute expect(result[:status]).to eq(:error) - expect(result[:message]).to match(/is locked by @#{lock_author.username}/) + expect(result[:message]).to match(/'README.md' is locked by @#{lock_author.username}/) expect(result[:http_status]).to eq(403) end end