Use component.color(:<color name>) instead of component.<color name>

This is handy for monitoring tools, which could e.g. periodically call check
tasks and instead of parsing output, rely on exit code.

The way we detect if something failed is via hooking into String#red, and if
anything was ever printed in red - that's an error.

The default was switched to HTTP in the previous patch, but let's completely
remove SSH option - we support only HTTP for git fetch/push.

Both fetch and push are possible over https, which is selected by http if
gitlab was configured to use https in external url.

This way to reduce security vectors and possible ways to interact with gitlab
we use https only without ssh at all.

= GitLab Community Edition + Nexedi patches

Signed-off-by: Rémy Coutable <remy@rymai.me>

Conflicts:
	.gitlab-ci.yml

Signed-off-by: Rémy Coutable <remy@rymai.me>

Escape HTML nodes in builds commands in ci linter

This MR removes call to `simple_format` that behaves like `String#html_safe`, thus it passes unescaped HTML tags to the view.

Closes #22541

See merge request !2001
Signed-off-by: Rémy Coutable <remy@rymai.me>

API: disable rails session auth for non-GET/HEAD requests

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22435

See merge request !1999
Signed-off-by: Rémy Coutable <remy@rymai.me>

Set a restrictive CORS policy for the API

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22450

See merge request !1998
Signed-off-by: Rémy Coutable <remy@rymai.me>

Enforce the fork_project permission in Projects::CreateService

Projects::ForkService delegates to this service almost entirely, but needed one small change so it would propagate create errors correctly.

CreateService#execute needs significant refactoring; it is now right at the complexity limit set by Rubocop. I avoided doing so in this commit to keep the diff as small as possible.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/18028

See merge request !1996
Signed-off-by: Rémy Coutable <remy@rymai.me>

Allow the Rails cookie to be used for API authentication

Makes the Rails cookie into a valid authentication token for the Grape
API, and uses it instead of token authentication in frontend code that
uses the API.

Rendering the private token into client-side javascript is a security
risk; it may be stolen through XSS or other attacks. In general,
re-using API code in the frontend is more desirable than implementing
endless actions that return JSON.

Closes #18302

See merge request !1995
Signed-off-by: Rémy Coutable <remy@rymai.me>

Signed-off-by: Rémy Coutable <remy@rymai.me>

Exclude some pending or inactivated rows in Member scopes

An unapproved request or not-yet-accepted invite should not give access rights. Neither should a blocked user be considered a member of anything.

One visible outcome of this behaviour is that owners and masters of a group or project may be blocked, yet still receive notification emails for access requests.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/21650

See merge request !1994
Signed-off-by: Rémy Coutable <remy@rymai.me>

Update doorkeeper to 4.2.0

Changelog: https://git.io/v6PnV

See merge request !5881

(cherry picked from commit c5aa31c83145366d88ce6d8d91e68467cf5baed4)

Set permissions to admin for importing a project via Import/Export

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/20802

In order to import a project, it is now required to be an admin

Moved from https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5766

See merge request !1983
(cherry picked from commit 966b3038)

[ci skip]

Upgrade Rails to 4.2.7.1 for security fixes.

Upgrades Rails from 4.2.7 to 4.2.7.1 for security fixes.

For more information: http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/

This should be backported to all currently-supported releases.

See merge request !5781

Fix problems with events under notes importing GitLab projects

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/19588

See merge request !5154
(cherry picked from commit 734e44ee)

Fix commit avatar alignment in compare view

Closes #19567

See merge request !5128
(cherry picked from commit df49492f)

Fix log statements in import/export

Fixes - as seen in the logs:
```
Import/Export error raised on /opt/gitlab/embedded/service/gitlab-rails/lib/gitlab/import_export/file_importer.rb:19:in `rescue in import': undefined method `message' for #<String:0x007fc45e977e10>
```

See merge request !5129
(cherry picked from commit 3c89a788)

Fix broken migration in MySQL

`keys` is a reserved name in MySQL, so if this migration actually attempted to remove any duplicate keys it would fail.

Closes #19344

See merge request !5005
(cherry picked from commit e82c72d1)

Add more debug info to import/export and memory killer

This should help debug https://gitlab.com/gitlab-org/gitlab-ce/issues/19124 further

See merge request !5108
(cherry picked from commit b73da895)

Fix diff comments not showing up in activity feed

## What does this MR do?

It fixes the detection of note events to check for `Note` and `LegacyDiffNote`.

## Are there points in the code the reviewer needs to double check?

No? /cc @DouweM (since I believe you introduced `LegacyDiffNote`

## Why was this MR needed?

To fix #19092.

## What are the relevant issue numbers?

Fixes #19092.

## Does this MR meet the acceptance criteria?

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !5069
(cherry picked from commit b5b17d00)

Add index on both Award Emoji user and name

See merge request !5061
(cherry picked from commit c85092ac)

Downgrade to Redis 3.2.2 due to massive memory leak with Sidekiq

This affects GitLab 8.8 and 8.9. See:

* https://github.com/mperham/sidekiq/blob/master/Changes.md#413
* https://gitlab.com/gitlab-org/gitlab-ce/issues/19441

See merge request !5056
(cherry picked from commit 4b0bd4f8)

Renable import button when import process fail due to the namespace already been taken

Closes #19435

## Screenshots (if relevant)

Before:

![1](/uploads/e8de1b326e0751891f667630a7685f6a/1.png)<br/><br/>

After:

![2](/uploads/566f1fd5442c28232350689fce8eae76/2.png)

See merge request !5053
(cherry picked from commit d6efef0f)

Fix snippets comments not displayed

## What does this MR do?

Fix an issue where comments body were not displayed for project snippets anymore (see commit for details).

## Are there points in the code the reviewer needs to double check?

No.

## Why was this MR needed?

Because of #19388.

## What are the relevant issue numbers?

Fixes #19388.

## Does this MR meet the acceptance criteria?

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- Tests
  - [ ] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !5045
(cherry picked from commit b2273559)