11 files changed, 67 insertions, 18 deletions

diff --git a/config/application.rb b/config/application.rb
index ad7338763f7..09f706e3d70 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -115,6 +115,7 @@ module Gitlab
     config.assets.precompile << "test.css"
     config.assets.precompile << "snippets.css"
     config.assets.precompile << "locale/**/app.js"
+    config.assets.precompile << "emoji_sprites.css"
 
     # Import gitlab-svgs directly from vendored directory
     config.assets.paths << "#{config.root}/node_modules/@gitlab-org/gitlab-svgs/dist"
diff --git a/config/initializers/8_metrics.rb b/config/initializers/8_metrics.rb
index 7cdf49159b4..8a851b89c56 100644
--- a/config/initializers/8_metrics.rb
+++ b/config/initializers/8_metrics.rb
@@ -119,7 +119,14 @@ def instrument_classes(instrumentation)
 end
 # rubocop:enable Metrics/AbcSize
 
-if Gitlab::Metrics.enabled?
+# With prometheus enabled by default this breaks all specs
+# that stubs methods using `any_instance_of` for the models reloaded here.
+#
+# We should deprecate the usage of `any_instance_of` in the future
+# check: https://github.com/rspec/rspec-mocks#settings-mocks-or-stubs-on-any-instance-of-a-class
+#
+# Related issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/33587
+if Gitlab::Metrics.enabled? && !Rails.env.test?
   require 'pathname'
   require 'influxdb'
   require 'connection_pool'
diff --git a/config/initializers/console_message.rb b/config/initializers/console_message.rb
new file mode 100644
index 00000000000..536ab337d85
--- /dev/null
+++ b/config/initializers/console_message.rb
@@ -0,0 +1,10 @@
+# rubocop:disable Rails/Output
+if defined?(Rails::Console)
+  # note that this will not print out when using `spring`
+  justify = 15
+  puts "-------------------------------------------------------------------------------------"
+  puts " Gitlab:".ljust(justify) + "#{Gitlab::VERSION} (#{Gitlab::REVISION})"
+  puts " Gitlab Shell:".ljust(justify) + Gitlab::Shell.new.version
+  puts " #{Gitlab::Database.adapter_name}:".ljust(justify) + Gitlab::Database.version
+  puts "-------------------------------------------------------------------------------------"
+end
diff --git a/config/initializers/forbid_sidekiq_in_transactions.rb b/config/initializers/forbid_sidekiq_in_transactions.rb
index 4603123665d..deb94d7dbce 100644
--- a/config/initializers/forbid_sidekiq_in_transactions.rb
+++ b/config/initializers/forbid_sidekiq_in_transactions.rb
@@ -27,7 +27,7 @@ module Sidekiq
                 Use an `after_commit` hook, or include `AfterCommitQueue` and use a `run_after_commit` block instead.
                 MSG
               rescue Sidekiq::Worker::EnqueueFromTransactionError => e
-                Rails.logger.error(e.message) if Rails.env.production?
+                ::Rails.logger.error(e.message) if ::Rails.env.production?
                 Gitlab::Sentry.track_exception(e)
               end
             end
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index f2fde1e0048..da24881885e 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -15,19 +15,15 @@ cookie_key = if Rails.env.development?
                "_gitlab_session"
              end
 
-if Rails.env.test?
-  Gitlab::Application.config.session_store :cookie_store, key: "_gitlab_session"
-else
-  sessions_config = Gitlab::Redis::SharedState.params
-  sessions_config[:namespace] = Gitlab::Redis::SharedState::SESSION_NAMESPACE
+sessions_config = Gitlab::Redis::SharedState.params
+sessions_config[:namespace] = Gitlab::Redis::SharedState::SESSION_NAMESPACE
 
-  Gitlab::Application.config.session_store(
-    :redis_store, # Using the cookie_store would enable session replay attacks.
-    servers: sessions_config,
-    key: cookie_key,
-    secure: Gitlab.config.gitlab.https,
-    httponly: true,
-    expires_in: Settings.gitlab['session_expire_delay'] * 60,
-    path: Rails.application.config.relative_url_root.nil? ? '/' : Gitlab::Application.config.relative_url_root
-  )
-end
+Gitlab::Application.config.session_store(
+  :redis_store, # Using the cookie_store would enable session replay attacks.
+  servers: sessions_config,
+  key: cookie_key,
+  secure: Gitlab.config.gitlab.https,
+  httponly: true,
+  expires_in: Settings.gitlab['session_expire_delay'] * 60,
+  path: Rails.application.config.relative_url_root.nil? ? '/' : Gitlab::Application.config.relative_url_root
+)
diff --git a/config/initializers/trusted_proxies.rb b/config/initializers/trusted_proxies.rb
index 0c32528311e..ca2eed664ed 100644
--- a/config/initializers/trusted_proxies.rb
+++ b/config/initializers/trusted_proxies.rb
@@ -22,3 +22,16 @@ end.compact
 
 Rails.application.config.action_dispatch.trusted_proxies = (
   ['127.0.0.1', '::1'] + gitlab_trusted_proxies)
+
+# A monkey patch to make trusted proxies work with Rails 5.0.
+# Inspired by https://github.com/rails/rails/issues/5223#issuecomment-263778719
+# Remove this monkey patch when upstream is fixed.
+if Gitlab.rails5?
+  module TrustedProxyMonkeyPatch
+    def ip
+      @ip ||= (get_header("action_dispatch.remote_ip") || super).to_s
+    end
+  end
+
+  ActionDispatch::Request.send(:include, TrustedProxyMonkeyPatch)
+end
diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb
index ee034d21eae..bf079f8e1a7 100644
--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@@ -6,4 +6,16 @@ Rails.application.configure do |config|
   Warden::Manager.before_failure do |env, opts|
     Gitlab::Auth::BlockedUserTracker.log_if_user_blocked(env)
   end
+
+  Warden::Manager.after_authentication do |user, auth, opts|
+    ActiveSession.cleanup(user)
+  end
+
+  Warden::Manager.after_set_user only: :fetch do |user, auth, opts|
+    ActiveSession.set(user, auth.request)
+  end
+
+  Warden::Manager.before_logout do |user, auth, opts|
+    ActiveSession.destroy(user || auth.user, auth.request.session.id)
+  end
 end
diff --git a/config/routes/profile.rb b/config/routes/profile.rb
index bcfc17a5f66..a9ba5ac2c0b 100644
--- a/config/routes/profile.rb
+++ b/config/routes/profile.rb
@@ -30,6 +30,7 @@ resource :profile, only: [:show, :update] do
         put :revoke
       end
     end
+    resources :active_sessions, only: [:index, :destroy]
     resources :emails, only: [:index, :create, :destroy] do
       member do
         put :resend_confirmation_instructions
diff --git a/config/routes/project.rb b/config/routes/project.rb
index 2a1bcb8cde2..f36341cdcaf 100644
--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -161,7 +161,6 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
           end
 
           get :diff_for_path
-          get :update_branches
           get :branch_from
           get :branch_to
         end
@@ -183,6 +182,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
 
         member do
           get :stage
+          get :stage_ajax
           post :cancel
           post :retry
           get :builds
@@ -410,6 +410,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
 
         collection do
           post :toggle_shared_runners
+          post :toggle_group_runners
         end
       end
 
diff --git a/config/routes/repository.rb b/config/routes/repository.rb
index 9e506a1a43a..e2bf8d6a7ff 100644
--- a/config/routes/repository.rb
+++ b/config/routes/repository.rb
@@ -18,6 +18,7 @@ scope format: false do
   resources :compare, only: [:index, :create] do
     collection do
       get :diff_for_path
+      get :signatures
     end
   end
 
diff --git a/config/routes/user.rb b/config/routes/user.rb
index f8677693fab..bc7df5e7584 100644
--- a/config/routes/user.rb
+++ b/config/routes/user.rb
@@ -27,6 +27,13 @@ devise_scope :user do
   get '/users/almost_there' => 'confirmations#almost_there'
 end
 
+scope '-/users', module: :users do
+  resources :terms, only: [:index] do
+    post :accept, on: :member
+    post :decline, on: :member
+  end
+end
+
 scope(constraints: { username: Gitlab::PathRegex.root_namespace_route_regex }) do
   scope(path: 'users/:username',
         as: :user,