root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Add latest changes from gitlab-org/security/gitlab@14-10-stable-ee

This commit is contained in:
GitLab Bot 2022-06-29 14:12:12 +00:00
parent 25344e300e
commit e2e6f2f2e9
6 changed files with 48 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.rubocop_todo/layout/line_length.yml
View File

@ -1979,7 +1979,6 @@ Layout/LineLength:
- 'ee/spec/features/groups/iterations/user_edits_iteration_spec.rb'
- 'ee/spec/features/groups/iterations/user_views_iteration_cadence_spec.rb'
- 'ee/spec/features/groups/iterations/user_views_iteration_spec.rb'
- 'ee/spec/features/groups/members/manage_groups_spec.rb'
- 'ee/spec/features/groups/members/manage_members_spec.rb'
- 'ee/spec/features/groups/members/override_ldap_memberships_spec.rb'
- 'ee/spec/features/groups/saml_providers_spec.rb'

2
app/models/group_group_link.rb
View File

@ -41,3 +41,5 @@ class GroupGroupLink < ApplicationRecord
Gitlab::Access.human_access(self.group_access)
end
end
GroupGroupLink.prepend_mod_with('GroupGroupLink')

3
doc/user/group/index.md
View File

@ -640,6 +640,7 @@ To restrict group access by IP address:
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/7297) in GitLab 12.2.
> - Support for specifying multiple email domains [added](https://gitlab.com/gitlab-org/gitlab/-/issues/33143) in GitLab 13.1.
> - Support for restricting access to projects in the group [added](https://gitlab.com/gitlab-org/gitlab/-/issues/14004) in GitLab 14.1.2.
> - Support for restricting group memberships to groups with a subset of the allowed email domains [added](https://gitlab.com/gitlab-org/gitlab/-/issues/354791) in GitLab 15.0.1
You can prevent users with email addresses in specific domains from being added to a group and its projects.
@ -662,6 +663,8 @@ The most popular public email domains cannot be restricted, such as:
- `hotmail.com`, `hotmail.co.uk`, `hotmail.fr`
- `msn.com`, `live.com`, `outlook.com`
When you share a group, both the source and target namespaces must allow the domains of the members' email addresses.
## Group file templates **(PREMIUM)**
Use group file templates to share a set of templates for common file

3
lib/gitlab/jira/dvcs.rb
View File

@ -38,7 +38,8 @@ module Gitlab
# @param [String] namespace
def self.restore_full_path(namespace:, project:)
if project.include?(ENCODED_SLASH)
project.gsub(ENCODED_SLASH, SLASH)
# Replace multiple slashes with single ones to make sure the redirect stays on the same host
project.gsub(ENCODED_SLASH, SLASH).gsub(%r{\/{2,}}, '/')
else
"#{namespace}/#{project}"
end

3
locale/gitlab.pot
View File

@ -20839,6 +20839,9 @@ msgstr ""
msgid "Invited"
msgstr ""
msgid "Invited group allowed email domains must contain a subset of the allowed email domains of the root ancestor group. Go to the group's 'Settings &gt; General' page and check 'Restrict membership by email domain'."
msgstr ""
msgid "Invocations"
msgstr ""

54
spec/requests/jira_routing_spec.rb
View File

@ -25,27 +25,49 @@ RSpec.describe 'Jira referenced paths', type: :request do
expect(response).to redirect_to(redirect_path)
end
context 'with encoded subgroup path' do
where(:jira_path, :redirect_path) do
'/group/group@sub_group@sub_group_project' | '/group/sub_group/sub_group_project'
'/group@sub_group/group@sub_group@sub_group_project' | '/group/sub_group/sub_group_project'
'/group/group@sub_group@sub_group_project/commit/1234567' | '/group/sub_group/sub_group_project/commit/1234567'
'/group/group@sub_group@sub_group_project/tree/1234567' | '/group/sub_group/sub_group_project/-/tree/1234567'
shared_examples 'redirects to jira path' do
it 'redirects to canonical path with legacy prefix' do
redirects_to_canonical_path "/-/jira#{jira_path}", redirect_path
end
with_them do
context 'with legacy prefix' do
it 'redirects to canonical path' do
redirects_to_canonical_path "/-/jira#{jira_path}", redirect_path
end
end
it 'redirects to canonical path' do
redirects_to_canonical_path jira_path, redirect_path
end
it 'redirects to canonical path' do
redirects_to_canonical_path jira_path, redirect_path
end
end
let(:jira_path) { '/group/group@sub_group@sub_group_project' }
let(:redirect_path) { '/group/sub_group/sub_group_project' }
it_behaves_like 'redirects to jira path'
context 'contains @ before the first /' do
let(:jira_path) { '/group@sub_group/group@sub_group@sub_group_project' }
let(:redirect_path) { '/group/sub_group/sub_group_project' }
it_behaves_like 'redirects to jira path'
end
context 'including commit path' do
let(:jira_path) { '/group/group@sub_group@sub_group_project/commit/1234567' }
let(:redirect_path) { '/group/sub_group/sub_group_project/commit/1234567' }
it_behaves_like 'redirects to jira path'
end
context 'including tree path' do
let(:jira_path) { '/group/group@sub_group@sub_group_project/tree/1234567' }
let(:redirect_path) { '/group/sub_group/sub_group_project/-/tree/1234567' }
it_behaves_like 'redirects to jira path'
end
context 'malicious path' do
let(:jira_path) { '/group/@@malicious.server' }
let(:redirect_path) { '/malicious.server' }
it_behaves_like 'redirects to jira path'
end
context 'regular paths with legacy prefix' do
where(:jira_path, :redirect_path) do
'/-/jira/group/group_project' | '/group/group_project'