Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
3209c1a4
Commit
3209c1a4
authored
Nov 19, 2019
by
GitLab Bot
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add latest changes from gitlab-org/gitlab@master
parent
7f3bff15
Changes
15
Show whitespace changes
Inline
Side-by-side
Showing
15 changed files
with
111 additions
and
19 deletions
+111
-19
CHANGELOG-EE.md
CHANGELOG-EE.md
+8
-0
CHANGELOG.md
CHANGELOG.md
+8
-0
app/models/project_snippet.rb
app/models/project_snippet.rb
+1
-0
app/models/snippet.rb
app/models/snippet.rb
+22
-7
app/views/snippets/_snippets_scope_menu.html.haml
app/views/snippets/_snippets_scope_menu.html.haml
+1
-1
changelogs/unreleased/fj-secret-snippet-migrations.yml
changelogs/unreleased/fj-secret-snippet-migrations.yml
+5
-0
changelogs/unreleased/sh-fix-bitbucket-importer-pr-state.yml
changelogs/unreleased/sh-fix-bitbucket-importer-pr-state.yml
+0
-5
changelogs/unreleased/sh-fix-protected-paths.yml
changelogs/unreleased/sh-fix-protected-paths.yml
+0
-5
db/migrate/20191025092748_add_secret_token_to_snippet.rb
db/migrate/20191025092748_add_secret_token_to_snippet.rb
+10
-0
db/migrate/20191105155113_add_secret_to_snippet.rb
db/migrate/20191105155113_add_secret_to_snippet.rb
+27
-0
db/schema.rb
db/schema.rb
+4
-1
lib/gitlab/import_export/import_export.yml
lib/gitlab/import_export/import_export.yml
+3
-0
spec/factories/snippets.rb
spec/factories/snippets.rb
+5
-0
spec/models/project_snippet_spec.rb
spec/models/project_snippet_spec.rb
+1
-0
spec/models/snippet_spec.rb
spec/models/snippet_spec.rb
+16
-0
No files found.
CHANGELOG-EE.md
View file @
3209c1a4
Please view this file on the master branch, on stable branches it's out of date.
## 12.4.3
### Fixed (2 changes)
-
Fix admin welcome image not found. !19676
-
Revert ES support for public/internal project snippets. !19715
## 12.4.2
### Fixed (1 change)
...
...
CHANGELOG.md
View file @
3209c1a4
...
...
@@ -2,6 +2,14 @@
documentation
](
doc/development/changelog.md
)
for instructions on adding your own
entry.
## 12.4.3
### Fixed (2 changes)
-
Only enable protected paths for POST requests. !19184
-
Fix Bitbucket Cloud importer pull request state. !19734
## 12.4.2
### Fixed (10 changes)
...
...
app/models/project_snippet.rb
View file @
3209c1a4
...
...
@@ -4,4 +4,5 @@ class ProjectSnippet < Snippet
belongs_to
:project
validates
:project
,
presence:
true
validates
:secret
,
inclusion:
{
in:
[
false
]
}
end
app/models/snippet.rb
View file @
3209c1a4
...
...
@@ -51,8 +51,8 @@ class Snippet < ApplicationRecord
# Scopes
scope
:are_internal
,
->
{
where
(
visibility_level:
Snippet
::
INTERNAL
)
}
scope
:are_private
,
->
{
where
(
visibility_level:
Snippet
::
PRIVATE
)
}
scope
:are_public
,
->
{
where
(
visibility_level:
Snippet
::
PUBLIC
)
}
scope
:
public_and_internal
,
->
{
where
(
visibility_level:
[
Snippet
::
PUBLIC
,
Snippet
::
INTERNAL
]
)
}
scope
:are_public
,
->
{
public_only
}
scope
:
are_secret
,
->
{
public_only
.
where
(
secret:
true
)
}
scope
:fresh
,
->
{
order
(
"created_at DESC"
)
}
scope
:inc_author
,
->
{
includes
(
:author
)
}
scope
:inc_relations_for_view
,
->
{
includes
(
author: :status
)
}
...
...
@@ -63,6 +63,11 @@ class Snippet < ApplicationRecord
attr_spammable
:title
,
spam_title:
true
attr_spammable
:content
,
spam_description:
true
attr_encrypted
:secret_token
,
key:
Settings
.
attr_encrypted_db_key_base_truncated
,
mode: :per_attribute_iv
,
algorithm:
'aes-256-cbc'
def
self
.
with_optional_visibility
(
value
=
nil
)
if
value
where
(
visibility_level:
value
)
...
...
@@ -112,11 +117,8 @@ class Snippet < ApplicationRecord
end
def
self
.
visible_to_or_authored_by
(
user
)
where
(
'snippets.visibility_level IN (?) OR snippets.author_id = ?'
,
Gitlab
::
VisibilityLevel
.
levels_for_user
(
user
),
user
.
id
)
query
=
where
(
visibility_level:
Gitlab
::
VisibilityLevel
.
levels_for_user
(
user
))
query
.
or
(
where
(
author_id:
user
.
id
))
end
def
self
.
reference_prefix
...
...
@@ -222,6 +224,19 @@ class Snippet < ApplicationRecord
model_name
.
singular
end
def
valid_secret_token?
(
token
)
return
false
unless
token
&&
secret_token
ActiveSupport
::
SecurityUtils
.
secure_compare
(
token
.
to_s
,
secret_token
.
to_s
)
end
def
as_json
(
options
=
{})
options
[
:except
]
=
Array
.
wrap
(
options
[
:except
])
options
[
:except
]
<<
:secret_token
super
end
class
<<
self
# Searches for snippets with a matching title or file name.
#
...
...
app/views/snippets/_snippets_scope_menu.html.haml
View file @
3209c1a4
...
...
@@ -9,7 +9,7 @@
-
if
include_private
=
subject
.
snippets
.
count
-
else
=
subject
.
snippets
.
public_and_internal
.
count
=
subject
.
snippets
.
public_and_internal
_only
.
count
-
if
include_private
%li
{
class:
active_when
(
params
[
:scope
]
==
"are_private"
)
}
...
...
changelogs/unreleased/fj-secret-snippet-migrations.yml
0 → 100644
View file @
3209c1a4
---
title
:
Add migrations for secret snippets
merge_request
:
19939
author
:
type
:
added
changelogs/unreleased/sh-fix-bitbucket-importer-pr-state.yml
deleted
100644 → 0
View file @
7f3bff15
---
title
:
Fix Bitbucket Cloud importer pull request state
merge_request
:
19734
author
:
type
:
fixed
changelogs/unreleased/sh-fix-protected-paths.yml
deleted
100644 → 0
View file @
7f3bff15
---
title
:
Only enable protected paths for POST requests
merge_request
:
19184
author
:
type
:
fixed
db/migrate/20191025092748_add_secret_token_to_snippet.rb
0 → 100644
View file @
3209c1a4
# frozen_string_literal: true
class
AddSecretTokenToSnippet
<
ActiveRecord
::
Migration
[
5.2
]
DOWNTIME
=
false
def
change
add_column
:snippets
,
:encrypted_secret_token
,
:string
,
limit:
255
add_column
:snippets
,
:encrypted_secret_token_iv
,
:string
,
limit:
255
end
end
db/migrate/20191105155113_add_secret_to_snippet.rb
0 → 100644
View file @
3209c1a4
# frozen_string_literal: true
class
AddSecretToSnippet
<
ActiveRecord
::
Migration
[
5.2
]
include
Gitlab
::
Database
::
MigrationHelpers
DOWNTIME
=
false
disable_ddl_transaction!
def
up
unless
column_exists?
(
:snippets
,
:secret
)
add_column_with_default
:snippets
,
:secret
,
:boolean
,
default:
false
end
add_concurrent_index
:snippets
,
[
:visibility_level
,
:secret
]
remove_concurrent_index
:snippets
,
:visibility_level
end
def
down
add_concurrent_index
:snippets
,
:visibility_level
remove_concurrent_index
:snippets
,
[
:visibility_level
,
:secret
]
if
column_exists?
(
:snippets
,
:secret
)
remove_column
:snippets
,
:secret
end
end
end
db/schema.rb
View file @
3209c1a4
...
...
@@ -3555,13 +3555,16 @@ ActiveRecord::Schema.define(version: 2019_11_15_091425) do
t
.
integer
"cached_markdown_version"
t
.
text
"description"
t
.
text
"description_html"
t
.
string
"encrypted_secret_token"
,
limit:
255
t
.
string
"encrypted_secret_token_iv"
,
limit:
255
t
.
boolean
"secret"
,
default:
false
,
null:
false
t
.
index
[
"author_id"
],
name:
"index_snippets_on_author_id"
t
.
index
[
"content"
],
name:
"index_snippets_on_content_trigram"
,
opclass: :gin_trgm_ops
,
using: :gin
t
.
index
[
"file_name"
],
name:
"index_snippets_on_file_name_trigram"
,
opclass: :gin_trgm_ops
,
using: :gin
t
.
index
[
"project_id"
,
"visibility_level"
],
name:
"index_snippets_on_project_id_and_visibility_level"
t
.
index
[
"title"
],
name:
"index_snippets_on_title_trigram"
,
opclass: :gin_trgm_ops
,
using: :gin
t
.
index
[
"updated_at"
],
name:
"index_snippets_on_updated_at"
t
.
index
[
"visibility_level"
],
name:
"index_snippets_on_visibility_level
"
t
.
index
[
"visibility_level"
,
"secret"
],
name:
"index_snippets_on_visibility_level_and_secret
"
end
create_table
"software_license_policies"
,
id: :serial
,
force: :cascade
do
|
t
|
...
...
lib/gitlab/import_export/import_export.yml
View file @
3209c1a4
...
...
@@ -163,6 +163,9 @@ excluded_attributes:
-
:identifier
snippets
:
-
:expired_at
-
:secret
-
:encrypted_secret_token
-
:encrypted_secret_token_iv
merge_request_diff
:
-
:external_diff
-
:stored_externally
...
...
spec/factories/snippets.rb
View file @
3209c1a4
...
...
@@ -7,6 +7,7 @@ FactoryBot.define do
content
{
generate
(
:title
)
}
description
{
generate
(
:title
)
}
file_name
{
generate
(
:filename
)
}
secret
{
false
}
trait
:public
do
visibility_level
{
Snippet
::
PUBLIC
}
...
...
@@ -27,5 +28,9 @@ FactoryBot.define do
end
factory
:personal_snippet
,
parent: :snippet
,
class: :PersonalSnippet
do
trait
:secret
do
visibility_level
{
Snippet
::
PUBLIC
}
secret
{
true
}
end
end
end
spec/models/project_snippet_spec.rb
View file @
3209c1a4
...
...
@@ -9,6 +9,7 @@ describe ProjectSnippet do
describe
"Validation"
do
it
{
is_expected
.
to
validate_presence_of
(
:project
)
}
it
{
is_expected
.
to
validate_inclusion_of
(
:secret
).
in_array
([
false
])
}
end
describe
'#embeddable?'
do
...
...
spec/models/snippet_spec.rb
View file @
3209c1a4
...
...
@@ -451,4 +451,20 @@ describe Snippet do
expect
(
blob
.
data
).
to
eq
(
snippet
.
content
)
end
end
describe
'#to_json'
do
let
(
:snippet
)
{
build
(
:snippet
)
}
it
'excludes secret_token from generated json'
do
expect
(
JSON
.
parse
(
to_json
).
keys
).
not_to
include
(
"secret_token"
)
end
it
'does not override existing exclude option value'
do
expect
(
JSON
.
parse
(
to_json
(
except:
[
:id
])).
keys
).
not_to
include
(
"secret_token"
,
"id"
)
end
def
to_json
(
params
=
{})
snippet
.
to_json
(
params
)
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment