Merge branch 'master' into sh-support-bitbucket-server-import

4 files changed, 55 insertions, 54 deletions

diff --git a/config/aws.yml.example b/config/aws.yml.example
deleted file mode 100644
index bb10c3cec7b..00000000000
--- a/config/aws.yml.example
+++ /dev/null
@@ -1,22 +0,0 @@
-# See https://github.com/jnicklas/carrierwave#using-amazon-s3
-# for more options
-# If you change this file in a Merge Request, please also create
-# a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
-#
-production:
-  access_key_id: AKIA1111111111111UA
-  secret_access_key: secret
-  bucket: mygitlab.production.us
-  region: us-east-1
-
-development:
-  access_key_id: AKIA1111111111111UA
-  secret_access_key: secret
-  bucket: mygitlab.development.us
-  region: us-east-1
-
-test:
-  access_key_id: AKIA1111111111111UA
-  secret_access_key: secret
-  bucket: mygitlab.test.us
-  region: us-east-1
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 550647ae1c6..693a2934a1b 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -338,6 +338,10 @@ Settings.cron_jobs['issue_due_scheduler_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['issue_due_scheduler_worker']['cron'] ||= '50 00 * * *'
 Settings.cron_jobs['issue_due_scheduler_worker']['job_class'] = 'IssueDueSchedulerWorker'
 
+Settings.cron_jobs['prune_web_hook_logs_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['prune_web_hook_logs_worker']['cron'] ||= '0 */1 * * *'
+Settings.cron_jobs['prune_web_hook_logs_worker']['job_class'] = 'PruneWebHookLogsWorker'
+
 #
 # Sidekiq
 #
diff --git a/config/initializers/carrierwave.rb b/config/initializers/carrierwave.rb
deleted file mode 100644
index 5cde6cbb0ff..00000000000
--- a/config/initializers/carrierwave.rb
+++ /dev/null
@@ -1,31 +0,0 @@
-CarrierWave::SanitizedFile.sanitize_regexp = /[^[:word:]\.\-\+]/
-
-aws_file = Rails.root.join('config', 'aws.yml')
-
-if File.exist?(aws_file)
-  AWS_CONFIG = YAML.load(File.read(aws_file))[Rails.env]
-
-  CarrierWave.configure do |config|
-    config.fog_provider = 'fog/aws'
-
-    config.fog_credentials = {
-      provider: 'AWS',                                        # required
-      aws_access_key_id: AWS_CONFIG['access_key_id'],         # required
-      aws_secret_access_key: AWS_CONFIG['secret_access_key'], # required
-      region: AWS_CONFIG['region'],                           # optional, defaults to 'us-east-1'
-    }
-
-    # required
-    config.fog_directory = AWS_CONFIG['bucket']
-
-    # optional, defaults to true
-    config.fog_public = false
-
-    # optional, defaults to {}
-    config.fog_attributes = { 'Cache-Control' => 'max-age=315576000' }
-
-    # optional time (in seconds) that authenticated urls will be valid.
-    # when fog_public is false and provider is AWS or Google, defaults to 600
-    config.fog_authenticated_url_expiration = 1 << 29
-  end
-end
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index e3a342590d4..f321b4ea763 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -37,7 +37,7 @@ Doorkeeper.configure do
 
   # Reuse access token for the same resource owner within an application (disabled by default)
   # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
-  # reuse_access_token
+  reuse_access_token
 
   # Issue access tokens with refresh token (disabled by default)
   use_refresh_token
@@ -106,3 +106,53 @@ Doorkeeper.configure do
 
   base_controller '::Gitlab::BaseDoorkeeperController'
 end
+
+# Monkey patch to avoid creating new applications if the scope of the
+# app created does not match the complete list of scopes of the configured app.
+# It also prevents the OAuth authorize application window to appear every time.
+
+# Remove after we upgrade the doorkeeper gem from version 4.3.2
+if Doorkeeper.gem_version > Gem::Version.new('4.3.2')
+  raise "Doorkeeper was upgraded, please remove the monkey patch in #{__FILE__}"
+end
+
+module Doorkeeper
+  module AccessTokenMixin
+    module ClassMethods
+      def matching_token_for(application, resource_owner_or_id, scopes)
+        resource_owner_id =
+          if resource_owner_or_id.respond_to?(:to_key)
+            resource_owner_or_id.id
+          else
+            resource_owner_or_id
+          end
+
+        tokens = authorized_tokens_for(application.try(:id), resource_owner_id)
+        tokens.detect do |token|
+          scopes_match?(token.scopes, scopes, application.try(:scopes))
+        end
+      end
+
+      def scopes_match?(token_scopes, param_scopes, app_scopes)
+        return true if token_scopes.empty? && param_scopes.empty?
+
+        (token_scopes.sort == param_scopes.sort) &&
+          Doorkeeper::OAuth::Helpers::ScopeChecker.valid?(
+            param_scopes.to_s,
+            Doorkeeper.configuration.scopes,
+            app_scopes)
+      end
+
+      def authorized_tokens_for(application_id, resource_owner_id)
+        ordered_by(:created_at, :desc)
+          .where(application_id: application_id,
+                 resource_owner_id: resource_owner_id,
+                 revoked_at: nil)
+      end
+
+      def last_authorized_token_for(application_id, resource_owner_id)
+        authorized_tokens_for(application_id, resource_owner_id).first
+      end
+    end
+  end
+end