This new global setting will allow admins to specify if HTML emails should be sent or not,
this is basically useful when system administrators want to save some disk space by avoiding
emails in HTML format and using only the Plain Text version.
fix shibboleth misconfigurations resulting in authentication bypass
This merge request fixes#22267 where a misconfigured Shibboleth `HTTP_UID` or `HTTP_EPPN` could result in users being logged into an account that did not belong to them.
See merge request !7428
Centralize all LDAP config logic in `GitLab::LDAP::Config`. Previously,
some logic was in the Devise initializer and it was not honoring the
`user_filter`. If a user outside the configured `user_filter` signed
in, an account would be created but they would then be denied access.
Now that logic is centralized, the filter is honored and users outside
the filter are never created.
Refactor project routing
## What does this MR do?
Refactor project routing:
* split on multiple files
* improve routing order
## Why was this MR needed?
It makes it easier to maintain and modify project routing
## What are the relevant issue numbers?
Extracted from https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7121
See merge request !7329
By default, Sidekiq will retry 25 times with an exponential backoff.
This may result in jobs retrying for up to 21 days. Most Sidekiq
failures occur when attempting to connect to external services -
Project service hooks, web hooks, mailers, mirror updates, etc.
We should set a default retry of 3, and if that's not sufficient
individual workers can override this in the worker class.
The Sidekiq client API adds an entry to the Sidekiq "queues" list,
but mail_room and gitlab-shell use redis-rb directly to insert jobs
into Redis and thus do not make an extra "sadd" call to Redis
each time a job is inserted. To make it possible to monitor
these queues via the API, add an initialization step to
set up the list at startup.
Closesgitlab-com/infrastructure#682
These are regular Rails migrations that are executed by default. A user
can opt-out of these migrations by setting an environment variable
during the deployment process.
Fixesgitlab-org/gitlab-ce#22133
This commit introduces a Sidekiq worker that precalculates the list of
trending projects on a daily basis. The resulting set is stored in a
database table that is then queried by Project.trending.
This setup means that Unicorn workers no longer _may_ have to calculate
the list of trending projects. Furthermore it supports filtering without
any complex caching mechanisms.
The data in the "trending_projects" table is inserted in the same order
as the project ranking. This means that getting the projects in the
correct order is simply a matter of:
SELECT projects.*
FROM projects
INNER JOIN trending_projects ON trending_projects.project_id = projects.id
ORDER BY trending_projects.id ASC;
Such a query will only take a few milliseconds at most (as measured on
GitLab.com), opposed to a few seconds for the query used for calculating
the project ranks.
The migration in this commit does not require downtime and takes care of
populating an initial list of trending projects.
Memoize Github::Shell's secret token
## What does this MR do?
`API::Helpers#secret_token` was reading the secret file on every invocation. This MR reads the file in the `gitlab_shell_secret_token.rb` initializer and saves it as a class variable at `Gitlab::Shell.secret_token`
## Are there points in the code the reviewer needs to double check?
- I'm not sure if the use of `cattr_accessor` is the best approach, or if should be moved into the `class << self` block?
- Should `API::Helpers#secret_token` be removed in favor of using `Gitlab::Shell.secret_token`?
## Why was this MR needed?
Performance optimization.
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22510
See merge request !6599
This commit adds a number of _html columns and, with the exception of Note,
starts updating them whenever the content of their partner fields changes.
Note has a collision with the note_html attr_accessor; that will be fixed later
A background worker for clearing these cache columns is also introduced - use
`rake cache:clear` to set it off. You can clear the database or Redis caches
separately by running `rake cache:clear:db` or `rake cache:clear:redis`,
respectively.
Fix two problematic bits of code that will be deprecated or broken in Rails 5.
Found in the Rails 5 MR: !5555
These are safe to use in Rails 4.2.7 as well as Rails 5.0.0, so I figured I'd backport them for the sake of making that merge request smaller.
The explanation for the mime_types.rb code is here: https://github.com/rails-api/active_model_serializers/issues/1027#issuecomment-126543577
See merge request !6214
Security and safety improvements for gitlab-workhorse integration
Companion to https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/60
- Use a custom content type when sending data to gitlab-workhorse
- Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse
This will allow us to build features in gitlab-workhorse that require
more trust, and protect us against programming mistakes in the future.
This is designed so that no action is required for installations from
source. For omnibus-gitlab we need to add code that manages the shared
secret.
See merge request !5907
Old deployments of Gitlab might have a big number of old events to be
deleted. Such numbers cause the worker to timeout.
I've limited the amount of rows that should be destroyed at once to
10000, and increased how often pruning shall take place to 4 times a
day.
Since contribution calendar shows only 12 months of activity,
events older than that time are not visible anywhere and can be
safely pruned saving big amount of database storage.
Fixes#21164
Because this method is a Rails scope we have to instrument it manually
as regular the instrumentation methods only instrument methods defined
directly on a Class or Module.
Ruben Davila
Brian Neel
Rémy Coutable
Alfredo Sumaran
Drew Blessing
Josep Llaneras
Patricio Cano
Dmitriy Zaporozhets
Robert Speicher
Stan Hu
Yorick Peterse
Frank Groeneveld
Sean McGivern
Nick Thomas
Justin DiPierro
Jacob Vosmaer
Fu Xu
Andre Guedes
Chris Wilson
Paco Guzman
Robert Speicher
Connor Shea
Olaf Tomalka
Z.J. van de Weg
Valery Sizov
Douwe Maan