From e53469079dca6ef53a50797ac3c958a781e39da2 Mon Sep 17 00:00:00 2001
From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date: Tue, 21 May 2019 20:56:07 +0530
Subject: [PATCH] Add patch to bump devise to 4.6.2

---
 debian/patches/bump-devise-to-4-6.patch | 134 ++++++++++++++++++++++++
 debian/patches/series                   |   1 +
 2 files changed, 135 insertions(+)
 create mode 100644 debian/patches/bump-devise-to-4-6.patch

diff --git a/debian/patches/bump-devise-to-4-6.patch b/debian/patches/bump-devise-to-4-6.patch
new file mode 100644
index 0000000000..6127e0a1e4
--- /dev/null
+++ b/debian/patches/bump-devise-to-4-6.patch
@@ -0,0 +1,134 @@
+Description: This patch helps in bumping devise to 4.6.2.
+https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/28438
+Author: Utkarsh Gupta <guptautkarsh2102@gmail.com>
+---
+
+--- gitlab-11.10.4+dfsg.orig/Gemfile
++++ gitlab-11.10.4+dfsg/Gemfile
+@@ -35,7 +35,7 @@ gem 'grape-path-helpers', '~> 1.0'
+ gem 'faraday', '~> 0.12'
+ 
+ # Authentication libraries
+-gem 'devise', '~> 4.4'
++gem 'devise', '~> 4.6'
+ gem 'doorkeeper', '~> 4.3'
+ gem 'doorkeeper-openid_connect', '~> 1.5'
+ gem 'omniauth', '~> 1.8'
+--- gitlab-11.10.4+dfsg.orig/Gemfile.lock
++++ gitlab-11.10.4+dfsg/Gemfile.lock
+@@ -153,7 +153,7 @@ GEM
+     descendants_tracker (0.0.4)
+       thread_safe (~> 0.3, >= 0.3.1)
+     device_detector (1.0.0)
+-    devise (4.4.3)
++    devise (4.6.2)
+       bcrypt (~> 3.0)
+       orm_adapter (~> 0.1)
+       railties (>= 4.1.0, < 6.0)
+@@ -986,7 +986,7 @@ DEPENDENCIES
+   database_cleaner (~> 1.7.0)
+   deckar01-task_list (= 2.2.0)
+   device_detector
+-  devise (~> 4.4)
++  devise (~> 4.6)
+   devise-two-factor (~> 3.0.0)
+   diffy (~> 3.1.0)
+   discordrb-webhooks-blackst0ne (~> 3.3)
+--- gitlab-11.10.4+dfsg.orig/app/models/user.rb
++++ gitlab-11.10.4+dfsg/app/models/user.rb
+@@ -1494,15 +1494,6 @@ class User < ApplicationRecord
+     devise_mailer.__send__(notification, self, *args).deliver_later # rubocop:disable GitlabSecurity/PublicSend
+   end
+ 
+-  # This works around a bug in Devise 4.2.0 that erroneously causes a user to
+-  # be considered active in MySQL specs due to a sub-second comparison
+-  # issue. For more details, see: https://gitlab.com/gitlab-org/gitlab-ee/issues/2362#note_29004709
+-  def confirmation_period_valid?
+-    return false if self.class.allow_unconfirmed_access_for == 0.days
+-
+-    super
+-  end
+-
+   def ensure_user_rights_and_limits
+     if external?
+       self.can_create_group = false
+--- gitlab-11.10.4+dfsg.orig/app/views/devise/confirmations/new.html.haml
++++ gitlab-11.10.4+dfsg/app/views/devise/confirmations/new.html.haml
+@@ -3,7 +3,7 @@
+   .login-body
+     = form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post, class: 'gl-show-field-errors' }) do |f|
+       .devise-errors
+-        = devise_error_messages!
++        = render "devise/shared/error_messages", resource: resource
+       .form-group
+         = f.label :email
+         = f.email_field :email, class: "form-control", required: true, title: 'Please provide a valid email address.'
+--- gitlab-11.10.4+dfsg.orig/app/views/devise/passwords/edit.html.haml
++++ gitlab-11.10.4+dfsg/app/views/devise/passwords/edit.html.haml
+@@ -3,7 +3,7 @@
+   .login-body
+     = form_for(resource, as: resource_name, url: password_path(:user), html: { method: :put, class: 'gl-show-field-errors' }) do |f|
+       .devise-errors
+-        = devise_error_messages!
++        = render "devise/shared/error_messages", resource: resource
+       = f.hidden_field :reset_password_token
+       .form-group
+         = f.label 'New password', for: "user_password"
+--- gitlab-11.10.4+dfsg.orig/app/views/devise/passwords/new.html.haml
++++ gitlab-11.10.4+dfsg/app/views/devise/passwords/new.html.haml
+@@ -3,7 +3,7 @@
+   .login-body
+     = form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post, class: 'gl-show-field-errors' }) do |f|
+       .devise-errors
+-        = devise_error_messages!
++        = render "devise/shared/error_messages", resource: resource
+       .form-group
+         = f.label :email
+         = f.email_field :email, class: "form-control", required: true, value: params[:user_email], autofocus: true, title: 'Please provide a valid email address.'
+--- gitlab-11.10.4+dfsg.orig/app/views/devise/registrations/edit.html.erb
++++ gitlab-11.10.4+dfsg/app/views/devise/registrations/edit.html.erb
+@@ -1,7 +1,7 @@
+ <h2>Edit <%= resource_name.to_s.humanize %></h2>
+ 
+ <%= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f| %>
+-  <%= devise_error_messages! %>
++  <%= render "devise/shared/error_messages", resource: resource %>
+ 
+   <div><%= f.label :email %><br />
+   <%= f.email_field :email %></div>
+--- gitlab-11.10.4+dfsg.orig/app/views/devise/shared/_signup_box.html.haml
++++ gitlab-11.10.4+dfsg/app/views/devise/shared/_signup_box.html.haml
+@@ -2,7 +2,7 @@
+   .login-body
+     = form_for(resource, as: "new_#{resource_name}", url: registration_path(resource_name), html: { class: "new_new_user gl-show-field-errors", "aria-live" => "assertive" }) do |f|
+       .devise-errors
+-        = devise_error_messages!
++        = render "devise/shared/error_messages", resource: resource
+       .name.form-group
+         = f.label :name, 'Full name', class: 'label-bold'
+         = f.text_field :name, class: "form-control top qa-new-user-name js-block-emoji", required: true, title: _("This field is required.")
+--- gitlab-11.10.4+dfsg.orig/app/views/devise/unlocks/new.html.haml
++++ gitlab-11.10.4+dfsg/app/views/devise/unlocks/new.html.haml
+@@ -3,7 +3,7 @@
+   .login-body
+     = form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post, class: 'gl-show-field-errors' }) do |f|
+       .devise-errors
+-        = devise_error_messages!
++        = render "devise/shared/error_messages", resource: resource
+       .form-group.append-bottom-20
+         = f.label :email
+         = f.email_field :email, class: 'form-control', autofocus: 'autofocus', autocapitalize: 'off', autocorrect: 'off', title: 'Please provide a valid email address.'
+--- gitlab-11.10.4+dfsg.orig/config/initializers/8_devise.rb
++++ gitlab-11.10.4+dfsg/config/initializers/8_devise.rb
+@@ -100,6 +100,11 @@ Devise.setup do |config|
+   # secure: true in order to force SSL only cookies.
+   # config.cookie_options = {}
+ 
++  # When set to false, does not sign a user in automatically after their password is
++  # changed. Defaults to true, so a user is signed in automatically after a password
++  # is changed.
++  config.sign_in_after_change_password = false
++
+   # Send a notification email when the user's password is changed
+   config.send_password_change_notification = true
+ 
diff --git a/debian/patches/series b/debian/patches/series
index d99ff1fb37..f2f02f5e95 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -32,3 +32,4 @@
 0700-add-salsa-link-to-help.patch
 0710-use-yarnpkg.patch
 0730-install-graphql-tag.patch
+bump-devise-to-4-6.patch