Merge branch 'master' into docs-zm002-gitlab-casedocs-zm002-gitlab-case

8 files changed, 74 insertions, 29 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5e65084a110..af6644b8fcc 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -12,6 +12,7 @@ class ApplicationController < ActionController::Base
   include EnforcesTwoFactorAuthentication
   include WithPerformanceBar
   include SessionlessAuthentication
+  include ConfirmEmailWarning
 
   before_action :authenticate_user!
   before_action :enforce_terms!, if: :should_enforce_terms?
diff --git a/app/controllers/concerns/confirm_email_warning.rb b/app/controllers/concerns/confirm_email_warning.rb
new file mode 100644
index 00000000000..5a4b5897a4f
--- /dev/null
+++ b/app/controllers/concerns/confirm_email_warning.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module ConfirmEmailWarning
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :set_confirm_warning, if: -> { Feature.enabled?(:soft_email_confirmation) }
+  end
+
+  protected
+
+  def set_confirm_warning
+    return unless current_user
+    return if current_user.confirmed?
+    return if peek_request? || json_request? || !request.get?
+
+    email = current_user.unconfirmed_email || current_user.email
+
+    flash.now[:warning] = _("Please check your email (%{email}) to verify that you own this address. Didn't receive it? %{resend_link}. Wrong email address? %{update_link}.").html_safe % {
+      email: email,
+      resend_link: view_context.link_to(_('Resend it'), user_confirmation_path(user: { email: email }), method: :post),
+      update_link: view_context.link_to(_('Update it'), profile_path)
+    }
+  end
+end
diff --git a/app/controllers/concerns/invisible_captcha.rb b/app/controllers/concerns/invisible_captcha.rb
index c9f66e5c194..45c0a5c58ef 100644
--- a/app/controllers/concerns/invisible_captcha.rb
+++ b/app/controllers/concerns/invisible_captcha.rb
@@ -41,9 +41,9 @@ module InvisibleCaptcha
     request_information = {
       message: message,
       env: :invisible_captcha_signup_bot_detected,
-      ip: request.ip,
+      remote_ip: request.ip,
       request_method: request.request_method,
-      fullpath: request.fullpath
+      path: request.fullpath
     }
 
     Gitlab::AuthLogger.error(request_information)
diff --git a/app/controllers/confirmations_controller.rb b/app/controllers/confirmations_controller.rb
index 2ae500a2fdf..b192189ba3c 100644
--- a/app/controllers/confirmations_controller.rb
+++ b/app/controllers/confirmations_controller.rb
@@ -11,7 +11,7 @@ class ConfirmationsController < Devise::ConfirmationsController
   protected
 
   def after_resending_confirmation_instructions_path_for(resource)
-    users_almost_there_path
+    Feature.enabled?(:soft_email_confirmation) ? stored_location_for(resource) || dashboard_projects_path : users_almost_there_path
   end
 
   def after_confirmation_path_for(resource_name, resource)
diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb
index b04ffe80db4..4125f44d00a 100644
--- a/app/controllers/projects/blob_controller.rb
+++ b/app/controllers/projects/blob_controller.rb
@@ -92,7 +92,7 @@ class Projects::BlobController < Projects::ApplicationController
   def diff
     apply_diff_view_cookie!
 
-    @form = Blobs::UnfoldPresenter.new(blob, params.to_unsafe_h)
+    @form = Blobs::UnfoldPresenter.new(blob, diff_params)
 
     # keep only json rendering when
     # https://gitlab.com/gitlab-org/gitlab-ce/issues/44988 is done
@@ -239,4 +239,8 @@ class Projects::BlobController < Projects::ApplicationController
   def tree_path
     @path.rpartition('/').first
   end
+
+  def diff_params
+    params.permit(:full, :since, :to, :bottom, :unfold, :offset, :indent)
+  end
 end
diff --git a/app/controllers/projects/starrers_controller.rb b/app/controllers/projects/starrers_controller.rb
index c8facea1d70..4efe956e973 100644
--- a/app/controllers/projects/starrers_controller.rb
+++ b/app/controllers/projects/starrers_controller.rb
@@ -5,25 +5,11 @@ class Projects::StarrersController < Projects::ApplicationController
 
   def index
     @starrers = UsersStarProjectsFinder.new(@project, params, current_user: @current_user).execute
-
-    # Normally the number of public starrers is equal to the number of visible
-    # starrers. We need to fix the counts in two cases: when the current user
-    # is an admin (and can see everything) and when the current user has a
-    # private profile and has starred the project (and can see itself).
-    @public_count =
-      if @current_user&.admin?
-        @starrers.with_public_profile.count
-      elsif @current_user&.private_profile && has_starred_project?(@starrers)
-        @starrers.size - 1
-      else
-        @starrers.size
-      end
-
-    @total_count = @project.starrers.size
-    @private_count = @total_count - @public_count
-
     @sort = params[:sort].presence || sort_value_name
-    @starrers = @starrers.sort_by_attribute(@sort).page(params[:page])
+    @starrers = @starrers.preload_users.sort_by_attribute(@sort).page(params[:page])
+    @public_count  = @project.starrers.with_public_profile.size
+    @total_count   = @project.starrers.size
+    @private_count = @total_count - @public_count
   end
 
   private
diff --git a/app/controllers/projects/wikis_controller.rb b/app/controllers/projects/wikis_controller.rb
index d1914c35bd3..b187fdb2723 100644
--- a/app/controllers/projects/wikis_controller.rb
+++ b/app/controllers/projects/wikis_controller.rb
@@ -16,6 +16,10 @@ class Projects::WikisController < Projects::ApplicationController
     redirect_to(project_wiki_path(@project, @page))
   end
 
+  def new
+    redirect_to project_wiki_path(@project, SecureRandom.uuid, random_title: true)
+  end
+
   def pages
     @wiki_pages = Kaminari.paginate_array(
       @project_wiki.list_pages(sort: params[:sort], direction: params[:direction])
@@ -24,17 +28,25 @@ class Projects::WikisController < Projects::ApplicationController
     @wiki_entries = WikiPage.group_by_directory(@wiki_pages)
   end
 
+  # `#show` handles a number of scenarios:
+  #
+  # - If `id` matches a WikiPage, then show the wiki page.
+  # - If `id` is a file in the wiki repository, then send the file.
+  # - If we know the user wants to create a new page with the given `id`,
+  #   then display a create form.
+  # - Otherwise show the empty wiki page and invite the user to create a page.
   def show
-    view_param = @project_wiki.empty? ? params[:view] : 'create'
-
     if @page
       set_encoding_error unless valid_encoding?
 
       render 'show'
     elsif file_blob
       send_blob(@project_wiki.repository, file_blob)
-    elsif can?(current_user, :create_wiki, @project) && view_param == 'create'
-      @page = build_page(title: params[:id])
+    elsif show_create_form?
+      # Assign a title to the WikiPage unless `id` is a randomly generated slug from #new
+      title = params[:id] unless params[:random_title].present?
+
+      @page = build_page(title: title)
 
       render 'edit'
     else
@@ -110,6 +122,15 @@ class Projects::WikisController < Projects::ApplicationController
 
   private
 
+  def show_create_form?
+    can?(current_user, :create_wiki, @project) &&
+      @page.nil? &&
+      # Always show the create form when the wiki has had at least one page created.
+      # Otherwise, we only show the form when the user has navigated from
+      # the 'empty wiki' page
+      (@project_wiki.exists? || params[:view] == 'create')
+  end
+
   def load_project_wiki
     @project_wiki = load_wiki
 
@@ -135,7 +156,7 @@ class Projects::WikisController < Projects::ApplicationController
     params.require(:wiki).permit(:title, :content, :format, :message, :last_commit_sha)
   end
 
-  def build_page(args)
+  def build_page(args = {})
     WikiPage.new(@project_wiki).tap do |page|
       page.update_attributes(args) # rubocop:disable Rails/ActiveRecordAliases
     end
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index db10515c0b4..e773ec09924 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -69,12 +69,12 @@ class RegistrationsController < Devise::RegistrationsController
 
   def after_sign_up_path_for(user)
     Gitlab::AppLogger.info(user_created_message(confirmed: user.confirmed?))
-    user.confirmed? ? stored_location_for(user) || dashboard_projects_path : users_almost_there_path
+    confirmed_or_unconfirmed_access_allowed(user) ? stored_location_or_dashboard(user) : users_almost_there_path
   end
 
   def after_inactive_sign_up_path_for(resource)
     Gitlab::AppLogger.info(user_created_message)
-    users_almost_there_path
+    Feature.enabled?(:soft_email_confirmation) ? dashboard_projects_path : users_almost_there_path
   end
 
   private
@@ -135,4 +135,12 @@ class RegistrationsController < Devise::RegistrationsController
   def terms_accepted?
     Gitlab::Utils.to_boolean(params[:terms_opt_in])
   end
+
+  def confirmed_or_unconfirmed_access_allowed(user)
+    user.confirmed? || Feature.enabled?(:soft_email_confirmation)
+  end
+
+  def stored_location_or_dashboard(user)
+    stored_location_for(user) || dashboard_projects_path
+  end
 end