Merge branch 'add-user_show_add_ssh_key_message-application-setting' into 'master'

Add a "user_show_add_ssh_key_message" application setting for use with SSH certificates Closes #49953 See merge request gitlab-org/gitlab-ce!21027

Merge branch 'add-user_show_add_ssh_key_message-application-setting' into 'master'
Add a "user_show_add_ssh_key_message" application setting for use with SSH certificates Closes #49953 See merge request gitlab-org/gitlab-ce!21027
9b718a76 · Nick Thomas · c87ca832 · b6ba8cc6 · 9b718a76 · 9b718a76
Commit 9b718a76 authored Aug 15, 2018 by Nick Thomas
11 changed files
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -254,6 +254,7 @@ module ApplicationSettingsHelper
      :usage_ping_enabled,
      :instance_statistics_visibility_private,
      :user_default_external,
+      :user_show_add_ssh_key_message,
      :user_oauth_applications,
      :version_check_enabled,
      :web_ide_clientside_preview_enabled

--- a/app/helpers/button_helper.rb
+++ b/app/helpers/button_helper.rb
@@ -73,7 +73,11 @@ module ButtonHelper
  end

  def ssh_clone_button(project, append_link: true)
-    dropdown_description = _("You won't be able to pull or push project code via SSH until you add an SSH key to your profile") if current_user.try(:require_ssh_key?)
+    if Gitlab::CurrentSettings.user_show_add_ssh_key_message? &&
+        current_user.try(:require_ssh_key?)
+      dropdown_description = _("You won't be able to pull or push project code via SSH until you add an SSH key to your profile")
+    end
+
    append_url = project.ssh_url_to_repo if append_link

    dropdown_item_with_description('SSH', dropdown_description, href: append_url)

--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -192,7 +192,10 @@ module ProjectsHelper
  end

  def show_no_ssh_key_message?
-    cookies[:hide_no_ssh_message].blank? && !current_user.hide_no_ssh_key && current_user.require_ssh_key?
+    Gitlab::CurrentSettings.user_show_add_ssh_key_message? &&
+      cookies[:hide_no_ssh_message].blank? &&
+      !current_user.hide_no_ssh_key &&
+      current_user.require_ssh_key?
  end

  def show_no_password_message?

--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -298,7 +298,8 @@ class ApplicationSetting < ActiveRecord::Base
      unique_ips_limit_time_window: 3600,
      usage_ping_enabled: Settings.gitlab['usage_ping_enabled'],
      instance_statistics_visibility_private: false,
-      user_default_external: false
+      user_default_external: false,
+      user_show_add_ssh_key_message: true
    }
  end


--- a/app/views/admin/application_settings/_account_and_limit.html.haml
+++ b/app/views/admin/application_settings/_account_and_limit.html.haml
@@ -29,5 +29,11 @@
        = f.check_box :user_default_external, class: 'form-check-input'
        = f.label :user_default_external, class: 'form-check-label' do
          Newly registered users will by default be external
+    .form-group
+      = f.label :user_show_add_ssh_key_message, 'Prompt users to upload SSH keys', class: 'label-bold'
+      .form-check
+        = f.check_box :user_show_add_ssh_key_message, class: 'form-check-input'
+        = f.label :user_show_add_ssh_key_message, class: 'form-check-label' do
+          Inform users without uploaded SSH keys that they can't push over SSH until one is added

  = f.submit 'Save changes', class: 'btn btn-success'
--- a/changelogs/unreleased/49953-add-user_show_add_ssh_key_message-setting.yml
+++ b/changelogs/unreleased/49953-add-user_show_add_ssh_key_message-setting.yml
+---
+title: Add ability to suppress the global "You won't be able to use SSH" message
+merge_request: 21027
+author: Ævar Arnfjörð Bjarmason
+type: added
--- a/db/migrate/20180808162000_add_user_show_add_ssh_key_message_to_application_settings.rb
+++ b/db/migrate/20180808162000_add_user_show_add_ssh_key_message_to_application_settings.rb
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddUserShowAddSshKeyMessageToApplicationSettings < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_column_with_default :application_settings, :user_show_add_ssh_key_message, :boolean, default: true, allow_null: false
+  end
+
+  def down
+    remove_column :application_settings, :user_show_add_ssh_key_message
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20180807153545) do
+ActiveRecord::Schema.define(version: 20180808162000) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -170,6 +170,7 @@ ActiveRecord::Schema.define(version: 20180807153545) do
    t.boolean "hide_third_party_offers", default: false, null: false
    t.boolean "instance_statistics_visibility_private", default: false, null: false
    t.boolean "web_ide_clientside_preview_enabled", default: false, null: false
+    t.boolean "user_show_add_ssh_key_message", default: true, null: false
  end

  create_table "audit_events", force: :cascade do |t|

--- a/doc/administration/operations/ssh_certificates.md
+++ b/doc/administration/operations/ssh_certificates.md
@@ -163,3 +163,20 @@ Such a restriction can currently be hacked in by e.g. providing a
 custom `AuthorizedKeysCommand` which checks if the discovered key-ID
 returned from `gitlab-shell-authorized-keys-check` is a deploy key or
 not (all non-deploy keys should be refused).
+
+## Disabling the global warning about users lacking SSH keys
+
+By default GitLab will show a "You won't be able to pull or push
+project code via SSH" warning to users who have not uploaded an SSH
+key to their profile.
+
+This is counterproductive when using SSH certificates, since users
+aren't expected to upload their own keys.
+
+To disable this warning globally, go to "Application settings ->
+Account and limit settings" and disable the "Show user add SSH key
+message" setting.
+
+This setting was added specifically for use with SSH certificates, but
+can be turned off without using them if you'd like to hide the warning
+for some other reason.
--- a/doc/api/settings.md
+++ b/doc/api/settings.md
@@ -56,7 +56,8 @@ Example response:
   "enforce_terms": true,
   "terms": "Hello world!",
   "performance_bar_allowed_group_id": 42,
-   "instance_statistics_visibility_private": false
+   "instance_statistics_visibility_private": false,
+   "user_show_add_ssh_key_message": true
 }
 ```

@@ -161,6 +162,8 @@ PUT /application/settings
 | `enforce_terms`                          | boolean          | no                                            | Enforce application ToS to all users                                                                                                                                                                                                                                                                                                                                                                                                         |
 | `terms`                                  | text             | yes (if `enforce_terms` is true)              | Markdown content for the ToS                                                                                                                                                                                                                                                                                                                                                                                                                 |
 | `instance_statistics_visibility_private` | boolean          | no                                            | When set to `true` Instance statistics will only be available to admins                                                                                                                                                                                                                                                                                                                                                                      |
+| `user_show_add_ssh_key_message`          | boolean          | no                                            | When set to `false` disable the "You won't be able to pull or push
+project code via SSH" warning shown to users with no uploaded SSH key                                                                                                                                                                                                                                                                   |

 ```bash
 curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/application/settings?signup_enabled=false&default_project_visibility=internal
@@ -206,6 +209,7 @@ Example response:
  "enforce_terms": true,
  "terms": "Hello world!",
  "performance_bar_allowed_group_id": 42,
-  "instance_statistics_visibility_private": false
+  "instance_statistics_visibility_private": false,
+  "user_show_add_ssh_key_message": true
 }
 ```
--- a/spec/helpers/button_helper_spec.rb
+++ b/spec/helpers/button_helper_spec.rb
@@ -79,6 +79,18 @@ describe ButtonHelper do
      end
    end

+    context 'without an ssh key on the user and user_show_add_ssh_key_message unset' do
+      before do
+        stub_application_setting(user_show_add_ssh_key_message: false)
+      end
+
+      it 'there is no warning on the dropdown description' do
+        description = element.search('.dropdown-menu-inner-content').first
+
+        expect(description).to be_nil
+      end
+    end
+
    context 'with an ssh key on the user' do
      before do
        create(:key, user: user)