From cc626f14115f740bd4aa247cf3ac42dfb2082a4e Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 17 Nov 2022 00:09:56 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 .../observability/content_security_policy.rb       | 21 ++++++++++++++++++++
 app/controllers/groups/observability_controller.rb | 23 +++-------------------
 .../oauth_application_ids_controller.rb            |  2 +-
 app/controllers/registrations_controller.rb        |  9 +++++++++
 4 files changed, 34 insertions(+), 21 deletions(-)
 create mode 100644 app/controllers/concerns/observability/content_security_policy.rb

(limited to 'app/controllers')

diff --git a/app/controllers/concerns/observability/content_security_policy.rb b/app/controllers/concerns/observability/content_security_policy.rb
new file mode 100644
index 00000000000..2721907f218
--- /dev/null
+++ b/app/controllers/concerns/observability/content_security_policy.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Observability
+  module ContentSecurityPolicy
+    extend ActiveSupport::Concern
+
+    included do
+      content_security_policy do |p|
+        next if p.directives.blank? || Gitlab::Observability.observability_url.blank?
+
+        default_frame_src = p.directives['frame-src'] || p.directives['default-src']
+
+        # When ObservabilityUI is not authenticated, it needs to be able
+        # to redirect to the GL sign-in page, hence 'self'
+        frame_src_values = Array.wrap(default_frame_src) | [Gitlab::Observability.observability_url, "'self'"]
+
+        p.frame_src(*frame_src_values)
+      end
+    end
+  end
+end
diff --git a/app/controllers/groups/observability_controller.rb b/app/controllers/groups/observability_controller.rb
index 4b1f2b582ce..3baa5e830ff 100644
--- a/app/controllers/groups/observability_controller.rb
+++ b/app/controllers/groups/observability_controller.rb
@@ -1,18 +1,9 @@
 # frozen_string_literal: true
 module Groups
   class ObservabilityController < Groups::ApplicationController
-    feature_category :tracing
-
-    content_security_policy do |p|
-      next if p.directives.blank?
-
-      default_frame_src = p.directives['frame-src'] || p.directives['default-src']
+    include ::Observability::ContentSecurityPolicy
 
-      # When ObservabilityUI is not authenticated, it needs to be able to redirect to the GL sign-in page, hence 'self'
-      frame_src_values = Array.wrap(default_frame_src) | [observability_url, "'self'"]
-
-      p.frame_src(*frame_src_values)
-    end
+    feature_category :tracing
 
     before_action :check_observability_allowed
 
@@ -34,16 +25,8 @@ module Groups
       render 'observability', layout: 'group', locals: { base_layout: 'layouts/fullscreen' }
     end
 
-    def self.observability_url
-      Gitlab::Observability.observability_url
-    end
-
-    def observability_url
-      self.class.observability_url
-    end
-
     def check_observability_allowed
-      return render_404 unless observability_url.present?
+      return render_404 unless Gitlab::Observability.observability_url.present?
 
       render_404 unless can?(current_user, :read_observability, @group)
     end
diff --git a/app/controllers/jira_connect/oauth_application_ids_controller.rb b/app/controllers/jira_connect/oauth_application_ids_controller.rb
index 3e788e2282e..eb03faed351 100644
--- a/app/controllers/jira_connect/oauth_application_ids_controller.rb
+++ b/app/controllers/jira_connect/oauth_application_ids_controller.rb
@@ -20,7 +20,7 @@ module JiraConnect
     def show_application_id?
       return if Gitlab.com?
 
-      Feature.enabled?(:jira_connect_oauth_self_managed) && jira_connect_application_key.present?
+      Feature.enabled?(:jira_connect_oauth_self_managed_setting) && jira_connect_application_key.present?
     end
 
     def jira_connect_application_key
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index 995303a631a..35f395ac904 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -15,6 +15,7 @@ class RegistrationsController < Devise::RegistrationsController
   layout 'devise'
 
   prepend_before_action :check_captcha, only: :create
+  before_action :ensure_first_name_and_last_name_not_empty, only: :create
   before_action :ensure_destroy_prerequisites_met, only: [:destroy]
   before_action :init_preferred_language, only: :new
   before_action :load_recaptcha, only: :new
@@ -172,6 +173,14 @@ class RegistrationsController < Devise::RegistrationsController
     render action: 'new'
   end
 
+  def ensure_first_name_and_last_name_not_empty
+    return if params[resource_name][:first_name].present? && params[resource_name][:last_name].present?
+
+    resource.errors.add(_('First name'), _("cannot be blank")) if params[resource_name][:first_name].blank?
+    resource.errors.add(_('Last name'), _("cannot be blank")) if params[resource_name][:last_name].blank?
+    render action: 'new'
+  end
+
   def pending_approval?
     return false unless Gitlab::CurrentSettings.require_admin_approval_after_user_signup
 
-- 
cgit v1.2.1