Skip to content
This repository has been archived by the owner on Sep 30, 2024. It is now read-only.

[CloudSaas] - Send reactivate account link for locked accounts #33810

Merged
merged 12 commits into from
Apr 13, 2022

Conversation

pietrorosa77
Copy link
Contributor

This is second part of the story for improving security of password based authentication.

To improve the user experience of users that are locked out of their account because of too many failed password logins, we should allow the user to request a reactivate account link sent to their email if their account gets locked.

This will be a mechanism to help mitigate the damage a potential attacker could do by attempting to lockout multiple accounts in a malicious manner.

image

image

image

Test plan

unit tests added as well as manual testing

@cla-bot cla-bot bot added the cla-signed label Apr 12, 2022
client/web/src/auth/UnlockAccount.tsx Show resolved Hide resolved
client/web/src/routes.constants.ts Outdated Show resolved Hide resolved
cmd/frontend/internal/auth/userpasswd/handlers.go Outdated Show resolved Hide resolved
cmd/frontend/internal/auth/userpasswd/lockout.go Outdated Show resolved Hide resolved
cmd/frontend/internal/auth/userpasswd/lockout.go Outdated Show resolved Hide resolved
cmd/frontend/internal/auth/userpasswd/lockout.go Outdated Show resolved Hide resolved
doc/cli/references/search.md Outdated Show resolved Hide resolved
@pietrorosa77 pietrorosa77 requested a review from kopancek April 13, 2022 12:59
@pietrorosa77 pietrorosa77 requested a review from kopancek April 13, 2022 14:38
@pietrorosa77 pietrorosa77 merged commit 5ebe697 into main Apr 13, 2022
@pietrorosa77 pietrorosa77 deleted the piros/resetaccount branch April 13, 2022 15:07
Comment on lines +293 to +300
log15.Error(fmt.Sprintf("Impossible to get primary email address for userId %d. Unlock account email can't be sent", user.ID), err)
}

err = store.SendUnlockAccountEmail(ctx, user.ID, recipient)

if err != nil {
// log the error and proceed
log15.Error(fmt.Sprintf("Impossible to send unlock account email for userId %d", user.ID), err)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

log15 is structural logging, so you would actually want:

log15.Error("Impossible to get primary email address for. Unlock account email can't be sent", "userID", user.ID, "error", err)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current usage is actually causing server panics when the logging happens, will include the fix in a PR I'm currently working on.

log15.Error(fmt.Sprintf("Impossible to get primary email address for userId %d. Unlock account email can't be sent", user.ID), err)
}

err = store.SendUnlockAccountEmail(ctx, user.ID, recipient)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the meaning of having an invalid recipient here (when we logged and proceeded with an error)?

thiswayman pushed a commit that referenced this pull request Apr 22, 2022
* reset account link

* added unit tests to unlock account url generation

* fixed lint and prettier issues

* fixing mock for handle sign in test

* fixed linter error

* comment iteration on PR

* comment iteration on PR

* comment iteration on PR

* comment iteration on PR

* renamed it
thiswayman added a commit that referenced this pull request Apr 22, 2022
* Updates to consolidate Docker Singler Container Deployment

Consolidated the operations guide and made updates to the Docker Single Container page.

* Update index.md

Added correct heading.

* Docker Compose, Update, and Migration changes

Large updates to accommodate the consolidation of Docker Compose docs and specifics related to upgrades and migration.

* Additional changes to docker compose and updates sections.

* Deployment updates to consolidate migration and update sections.

* ci: create client PR preview only when backend code is not changed (#33602)

* Fix broken overlays link (#33606)

* search: Add information about dependencies predicate to search reference (#33603)

* bext: fix command palette mount container selector (#33605)

* ci: Add lint check for submodules. (#33579)

This should prevent someone from re-introducing them without
realizing that these cause a slowdown in build times.

* Redirect new user to org invitation page when singing up from an invitation link/email  (#33577)

* insights: remove separate codeinsights-db pod in local development and point to the primary postgres instance instead (#33469)

* internal/extsvc: Test edge case in ExtractRateLimitConfig (#33556)

* gitserver: Add BatchLog (#33195)

* chore: Fix merge conflict (#33620)

* insights: Add backend integration tests (#33451)

* pr-auditor: support test plans in poorly formatted markdown (#33624)

Previously the regexp required the test plan anchor to be at the start of a line, which fails on PRs with poorly formatted markdown. This changes the regexp to allow the test plan anchor to show up anywhere

* Code monitors: drop unused columns (#33561)

* drop unused code monitor columns

Now that we store the result contents, these columns are unused and can
be removed.

* regenerate schema

* idempotency

* web(repo/tree): friendlier no-readme placeholder (#33626)

* Code Insights: Refactor creation UI lang stats preview (#33553)

* Add insight card abstraction

* Adjust lang stats live preview chart

* Fix default code insights backend ts types

* ci: run go steps for any change in go sub dirs (#33581)

Non go files can also affect the outcome of go build (embed) and go test
(testdata). We hardcode a list of directories which mostly contain go
code and run go steps if a change includes them.

A recent example of this is where I only modified a file we go:embed
which caused the tests to fail. However, CI did not run the tests on the
PR leading to a failure on main.

Test Plan: go test

* ratelimit: Increase default burst to 10 (#33608)

We have a few places in the code where we request a burst larger than 1
so this gives us some headroom. It doesn't appear to be an issue yet so
this is just a safety measure.

* docs: add PR previews documentation (#33642)

* ratelimit: NPM package syncer should sync rate limit from config (#33644)

It now follows the the pattern used by other rate limiters where their
rate limit is synced on startup and then updated if the config changes.

We also switch to a stricter, non-infinite rate limiter if none is
specified.

* Update insights backend docs with new database state (#33274)

* Update docs as Code Insights no longer uses TimescaleDB

* search-blitz: update-deploy.sh updates dogfood (#33648)

We now want to update dogfood as well. We also change the script to use
the update-images.py helper.

Additionally I added a helpful error message if build has no arguments.
In particular how to check the current version.

Test Plan: ran both scripts to build 0.1.16

* Update client/browser/CHANGELOG.md after Browser Extension release (#33645)

* search: Fix user settings overwriting search parameters from URL (#33542)

The logic to load search parameters from user settings only accounted
for search parameters passed as actual URL parameters, not as part of
the search query.

This PR changes the approach and moves the responsibility of correctly
applying the settings from the user settings loading code to the query
state store.

* Don't show fork indicator when not forking (#33537)

* Helm doc typos and grammar (#33647)

Grammar and typo fixes

* gitserver: refactor TestCleanupOldLocks (#33651)

The original tests was too verbose as it checked for files that were
unrelated to the test's objective. This meant we had to update the test
even for unrelated changes, like adding a sgm.log file for failed sg
maintenance runs.

We don't check for repos-stats.json anymore, because this is already
covered in `TestCleanup_computeStats`.

* repo-updater: Sync rate limiter before service (#33654)

When a new service is added then syncing the service first means we
won't have a rate limiter in place yet. When we first attempt to make an
API call we'll lazily add a default infinite limiter.

In theory the rate limit sync should replace it shortly afterwards but
we're seeing cases of infinite limiters in production and this is one
area that could be the culprit.

We have a 15 second timeout when performing the initial sync so what may be
happening in production is that the initial sync takes longer than 15 seconds in
some cases so the sync fails and we don't get to the point in the code where we
sync the rate limiter.

* ratelimit: Replace RateLimitConfig with rate.Limit (#33649)

We no longer need to return a RateLimitConfig type with extra metadata. All we need is the actual
rate limit. This data was needed in the past for some error messages we passed back when saving a
config with rate limiting but that was removed a while back.

* luasandbox: Improve service API (#33667)

* Add executedQuery and resultClassName props to search list (#33618)

* remove unused variable (#33669)

* changelog: mention updates to sg maintenance (#33658)

- failed sg maintenance jobs might trigger a re-clone
- sg maintenance now uses less memory

* Update release tool to version helm chart the same as other deployment repos (#33674)

* fix: scrolling issue for repo container (#33673)

* Fix linting errors (#33680)

* chore: Update go-mockgen (#33678)

* batches: fix publication of all changesets on the preview page (#33690)

Fixes #33619.

* Update tracing.md (#32794)

* Code Insights: Refactor search based live preview card (#33609)

* Fix line chart API and width of visual grid elements like lines and ticks

* Extend series chart with svg native props

* Adjust backend data format for the line chart preview

* Add search insight live preview styles

* Fix axis chart width

* Refactor search based live preview

* Introduce separate insight preview component for the landing page

* web: split E2E tests per team based on survey results (#33582)

* npm: Use external service urn for rate limiter (#33665)

This is consistent with all the other rate limiters.

* Add metric for payload size (#33655)

* gomod: bump zoekt to include datadog tracer (#33704)

- ea82fcb Add Datadog tracer as a supported tracer
- acffe79 feature flag lazy runeDocSection decoding
- 2a5b562 Add Datadog profiler
- f7cdd83 bump ctags to 5.9.20220403.0
- 918c8a8 disable bloom filters by default
- d3a8fbd ci: add shellcheck step
- da2ce8a ranking: add test for scoring based on ctags

* [CLOUD-222] auth: account locked out after consecutive failed attempts (#33585)

* Notebooks outline (#33530)

* Quick start tour updates. part 1 (#33652)

* Make the checkbox icon-color when at 0 completed and make the distance between the icon and text 4px
* Move inside quick start when displayed vertically
* Fix dark theme styles for the language selector
* Disable SignUp/IDE/BEXT install CTA on results/file pages when showing tour info panel
* Remove "Quickly" from "Understand a new codebase"

* chore: run go-mockgen with 1.1.5 (#33707)

* Update helm docs (#33671)

* Add full redis example

* sub chart -> subchart

* Remove trailing spaces

* Move advanced configuration to nest below configuration

* Remove wait flag recommendation

* Add guidance on uninstalling

* Tweak version language

* Update examples (#33672)

* repo-updater: move vcs/git/tree/ReadTree to gitserver/commands/ReadTree (#33610)

* search-blitz: add back select repo queries (#33708)

Accidently removed them.

Test Plan: n/a

* Remove roaring.Bitmaps from all of the authz/permissions code (#33333)

* Remove roaring.Bitmap from all of the permissions/authz code

* luasandbox: Add unit test (#33687)

* gitserver: go generate (#33720)

* luasandbox: Add unit test (#33683)

* luasandbox: Add Call method (#33681)

* sg setup: Add rust to language dependencies (#33723)

* Wildcard: Fix label hover state (#33385)

* Use a CSS variable for text color on input hover state

* Update CSS variable to explicitly reference label

* Upgrade to the latest version of React (#33641)

Co-authored-by: gitstart-sourcegraph <gitstart@users.noreply.github.com>

* doc: improve preview docs (#33718)

* gomodproxy: Look up the rate limiter based on extsvc urn (#33710)

This is consistent with our other external services and should fix an
issue where the connection always has an infinite limiter in production.

* Refactor CodeMirror query input suggestions (#33382)

This commit refactors the suggestions CodeMirror integration. Because CodeMirror makes it easy to use multiple autocompletion sources, suggestions are now implemented as four sources for default suggestions, dynamic symbol suggestions, static filter value suggestions and dynamic filter suggestions. Most importantly, autocompletion for regex filter values (e.g. `repo:^git`) now work, by instructing CodeMirror to not filter the values (`filter: false`) (fixes https://github.com/sourcegraph/sourcegraph/issues/33005).

* ci: clarify instrumentation failure impact (#33721)

* Double user added repos limit (#33714)

* Bump alert limit

* gitserver: go generate

Co-authored-by: Keegan Carruthers-Smith <keegan.csmith@gmail.com>

* rcache: handle redis not instantly expiring (#33724)

This test has been flakey on CI. It feels like we shouldn't be so strict
on the timing, especially since they are different processes running. I
added a 5s buffer.

Test Plan: "go test -count=5". Additionally I increased the TTL to 10s
and the test did fail.

* Search: make ComputeExcludedRepos aware of dependency search (#33722)

When dependency search was added, the ComputeExcludedRepos job was not
updated to reflect the new repo search type, so the statistics returned
by ComputeExcludedRepos were incorrect. This makes the exclusion
computation step behave the same as the resolution step by adding
dependency resolution to the job.

* dev/sg: check status code of sg download before using it as binary (#33725)

* searcher: move search into an internal pkg (#33716)

This code is not meant to be imported by other packages. Lets prevent
accidental imports by moving it into internal.

This is a mechanical commit. I just ran "git mv search internal/search".
I then had to fix only two import paths.

Test Plan: CI

* nix: add rust & tools to shell.nix (#33727)

* luasandbox: Add CallGenerator method (#33684)

* New Password Policy (#31881)

* Changes for backend

* Corrected operator

* Update security.go

* Updated Unit Tests

* Temp push

* Fixup schema definition

* Final Changes

* Updated for testing

* Updated test-cases

* Removed unused import

* Moved to sync

* Updated format.

* Update internal/security/security.go

Co-authored-by: Erik Seliger <erikseliger@me.com>

* Update internal/security/security.go

Co-authored-by: Erik Seliger <erikseliger@me.com>

* Update internal/security/security.go

Co-authored-by: Erik Seliger <erikseliger@me.com>

* Updated test-cases

* Added Password Requirements

* Updated test cases

* Updated formatting

* Added minLength

* Added note to keep in sync

* This shouldn't have been updated.

* Update internal/database/users.go

Co-authored-by: Erik Seliger <erikseliger@me.com>

* Update security.go

* Fixup formatting of site.schema.json

* Updated format

* Update security.go

* Update security.go

* Update security.go

* Update UserSettingsSecurityPage.tsx

* ESLint Fixes

* Update SignUpForm.tsx

* Update SignUpForm.tsx

* Update users_test.go

* Update users_test.go

* Update users_test.go

* Update users_test.go

* Update users_test.go

* Update users_test.go

* Added experimental features to context

* Update security.go

* Update SignUpForm.tsx

* Updated string conversion

* Resolved undefined reference

* Update SignUpForm.tsx

* fix failing test

Signed-off-by: Stephen Gutekanst <stephen@sourcegraph.com>

* update signuppage snapshot

Signed-off-by: Stephen Gutekanst <stephen@sourcegraph.com>

* fix linter complaint about optional chains

Signed-off-by: Stephen Gutekanst <stephen@sourcegraph.com>

* pass experimentalFeatures through

Signed-off-by: Stephen Gutekanst <stephen@sourcegraph.com>

* Format

* properly pass context to functions

Signed-off-by: Stephen Gutekanst <stephen@sourcegraph.com>

* Format after Stephen Change

* Updated tests

* Update mock_client.go

Co-authored-by: Erik Seliger <erikseliger@me.com>
Co-authored-by: Stephen Gutekanst <stephen@sourcegraph.com>

* chore: update doc (#33734)

* ci: fix left-over from QA'ing changes (#33736)

* codeintel: Make cross-index navigation batch size configurable (#33737)

* doc: Add docs on rate-limiting for JVM and npm dependencies. (#33739)

* Enable notebooks by default (#33706)

* zoekt: update to sourcegraph/zoekt@a5d329b (#33221)

Co-authored-by: ggilmore <ggilmore@users.noreply.github.com>

* bext: refactor to use yarn workspaces in commands (#33700)

* do not display "Sourcegraph cannot send emails!" alerts to non-admins (#33742)

In v3.38 we introduced a banner at the top of the page that would inform site
admins if email sending is not configured:

> Warning: Sourcegraph cannot send emails! Configure `email.smtp` so that features such as Code Monitors, password resets, and invitations work.

This was only intended to be shown to site admins, but unfortunately was shown to all users
which [caused issue for some customers](https://sourcegraph.slack.com/archives/C022SPMNR0W/p1648233834859799?thread_ts=1648226738.063809&cid=C022SPMNR0W)

The issue could be worked around by adding this to their site configuration:

```
"htmlHeadTop": "<script>localStorage.setItem('DismissibleAlert/alert.email-sending/dismissed', 'true')</script>",
```

This PR (and v3.39) will fix the issue for good.

Signed-off-by: Stephen Gutekanst <stephen@sourcegraph.com>

* insights: prune stream insights snapshots (#33711)

* bitbucket: Initialise using synced rate limiters (#33773)

Instead of setting default ones in the package. This is consistent with
how all the other code hosts treat rate limit initialisation.

* searcher: support FetchTarPaths in test infrastructure (#33719)

This adds support for FetchTarPaths in our store fake used in searcher
tests. This isn't called yet, but will be needed in an upcoming commit.

Also factored out fetchTimeoutForCI since I want to reuse it.

Test Plan: go test

* pagure: Rely on rate limiter syncing (#33726)

We don't need to set up a custom fallback rate limiter as we can rely on
our existing rate limit syncing.

This is the same approach that is used for all our other code host
connections.

* dependencies: Add service-level test (#33744)

* remove any y axis ticks that are not integers (#32960)

* Search backend: reorganize job packages (#33741)

This reorganizes the job packages to simplify some package dependencies. The main issue is that the internal/search/job package effectively could not be imported by any other search package because it imported many search packages so it could have a list of allJobs. Importing it would cause circular dependencies.

* frontend: Replace use of errors.Cause with errors.Is. (#33767)

Turns out, errors.Unwrap is not a left-identity to errors.Wrap.
Moreover, errors.UnwrapAll can return a more 'bare' error than
the original error created by errors.New. This means that errors.Cause
would have 0 stack frames; comparing that to a result from errors.New
(with 1 stack frame) would fail.
Thanks to this counter-intuitive behavior, switching over the result
of errors.Cause is (ahem) error-prone; it MUST NOT be compared directly
with the result of errors.New.

So let's not use errors.Cause + switch; let's use errors.Is instead.

Fixes issue 33697; we had code paths for making sure that we showed
the unhighlighted file on HSS timeouts, but that code path was not
triggered because we weren't checking the error's identity properly.

* Enable server-side with true (#33785)

* Bump go-github to id workflow_job header (#33746)

Excessive logging in sg managed instances when `workflow_run` gh events come in from customer workflows
This bumps us to go-github v43 from v23 everywhere v23 is used

* Search backend: pass runtime dependencies at runtime (#33760)

This brings us most of the way to a static query execution plan. In particular, it modifies search jobs to accept a job.RuntimeDependencies struct for their Run methods and removes all runtime clients from the search job structs.

* Search backend: remove DB handle from planning code (#33763)

This removes the unused DB handle from a bunch of code in the search Plan step.

* Code monitors: simplify last searched (#33732)

This removes the concept of an "args hash" from repo-aware code monitors. It restricts the types of queries that can be run by code monitors to queries that generate a single commit search job. This way, we only need to know which commits were last searched by the code monitor.

* Clarify benefits of running batch changes server-side (#33792)

* eventLogger: update connect code hosts clicked log name (#25065)

* Helm doc revisions (#33713)

* Add Helm CLi install link

Add Helm CLi install link wherever it's listed as a prereq.

* Update helm.md

Explain where to run the `helm repo add sourcegraph https://sourcegraph.github.io/deploy-sourcegraph-helm/` command

* Apply suggestions from code review

Clarity where to run `helm repo add` - "on the machine used to interact with your cluster"

* Move config scenarios under confi

Moved specific config scenarios to be under the broader config header

* Update advanced config guidance 

Changed the guidance in the advanced config section:
> ⚠️ While both of these approaches are available, deployment changes that are not covered by Sourcegraph documentation should be discussed with either your Customer Engineer or Support contact before proceeding, to ensure the changes proposed can be supported by Sourcegraph. This also allows Sourcegraph to consider adding the required customizations to the Helm chart.

* Add notes to watch for pg conf changes (#33765)

* Support traceURLs with Datadog (#32024)

Add the same support for viewing traces on Sourcegraph Cloud as Grafana

Co-authored-by: Joe Chen <joe@sourcegraph.com>

* Code Insights: Refactor capture group live preview (#33676)

* Fix line chart API and width of visual grid elements like lines and ticks

* Fix axis chart width

* Revamp capture group creation UI live preview card

* Add use live preview hook (fetching abstraction for live preview charts)

* Use use-live-preview hook instead of in place fetching implementations

* Add live preview components

* Migrate live previews to live preview components

* Adjust public API over core exports

* Fix naming around chart content data structures

* Migrate Dynamic Insight Preview component on new Live Preview family components

* Migrate all other imports over core directory

* Fix eslint problems

* ci: add --retry to curl call to Buildkite API (#33803)

* zoekt: update to sourcegraph/zoekt@0b9c6b1 (#33806)

Co-authored-by: ggilmore <ggilmore@users.noreply.github.com>

* gitserver: add user agent to metrics for number of AddrForRepo hits (#33791)

* gitserver: Add light parallelism to BatchLog (#33811)

* codeintel: User-facing repository badge (#33571)

* codeintel: Update lsif-typescript flag. (#33812)

lsif-node used --inferTSConfig but lsif-typescript started
using a different spelling for consistency.

* Limit number of external services per org/user (#33639)

* Insights: support filtering insightViews graphql query based on a search context embedded query pattern (#33686)

* fix disabled create insight button (#33809)

* fix disabled create insight button

* Rockskip: reduce round trips to DB (#33764)

* Accessibility: Expand accessibility issue template (#33693)

* ci: do not asdf install for pipeline upload (#33821)

* Move git.log.LogReverseEach to gitserver.Client (#33776)

* Move git.log.LogReverseEach to gitserver.Client

- move leftovers from git/log to gitdomain/log

* bext: refactor integration tests (#33598)

* ignore go workspace files (#33827)

This is a new feature in go1.18 to simplify working on multiple modules.
For example I can easily test sourcegraph with local changes to zoekt by
running the command:

  go work init . ../../google/zoekt/

These files shouldn't be committed, as they are files that are specific
to someones task.

Test Plan: my go.work file doesn't show up in git status

* gitserver: Make Cmd fields private (#33782)

This is in preparation for having two Command implementations, one that calls
out to gitserver over the network and one that runs against a local git
directory. This will allow us to more easily test inside the gitserver package
and should remove the need to run gitserver instances in tests. It may also
allow us to remove a lot of the mocking code we use today.

All fields inside of gitserver.Cmd were made private. Methods were introduced
where we need to read or write the values outside of the package.

In the case of the Repo field, we added it to the constructor as in all
places it was used previously we create a Cmd and then set the value of the
Repo field on the next line so this could be collapsed.

* gitserver: Command to GitCommand (#33800)

Command had to take git as its first argument or it would panic so
renamed to GitCommand and don't even allow passing in the command name.

* docs: mention contributing to enterprise code, update code of conduct link (#33772)

* ci: save `yarn.lock` for `dev/release` (#33770)

* test: enable and fix accessibilityAudit test issues in notebook.test.ts (#33578)

Co-authored-by: gitstart-sourcegraph <gitstart@users.noreply.github.com>

* Enable accessibilityAudit on `client/web/src/integration/org.test.ts` (#33729)

Co-authored-by: gitstart-sourcegraph <gitstart@users.noreply.github.com>

* search: Notepad updates (#33814)

This commit implements the discussed visual changes for the closed and opened Notepad state. In particular the closed state is now much simpler, simply showing a button to open the notepad. The opened state now contains a more distinctive "add note/entry" section.

Some additional tweaks:

- There is no only one open/close button instead of two (the open header used to be two buttons...)
- Meta+Enter in the annotations input will now close it.
- I choose slightly lighter backgrounds for the selected entries in light mode. I think the previous background color was too dark/heavy.
- Changed the heading to <h2> since it isn't actually contained in any other context.

* [cloud][CLOUD-356] Change default invite quota for users (#33786)

* [cloud][CLOUD-356] Change default invite quota for users

Right now the default quota is 15. However we expect cloud open beta
customers to be able to invite ~100 developers in their organization.

Changing the default quota to 100 to adhere to this expected size.
Otherwise we would need more than 1 person to invite the organization
members (or change the quota in the DB directly on-demand), which is not
desired.

* Fix failing unit test

* Fix backcompat check

* bext: fix Sourcegraph button styles on Bitbucket (#33787)

* luasandbox: Add utilities (#33819)

* Enable accessibilityAudit on `client/web/src/integration/extension-registry.test.ts` (#33668)

Co-authored-by: gitstart-sourcegraph <gitstart@users.noreply.github.com>

* bext: include integration tests snapshots into client Percy build (#33709)

* lockfiles: parse go.mod instead of go.sum  (#33831)

This replaces the go.sum parser with a go.mod parser.

Based on our current understanding, with go >= 1.17, go.mod is the
source of truth for all direct and indirect dependencies.

The parser parses a go.mod file and returns the list of all required
dependencies, honoring the replace and exclude directives.

* github: Log more detail when we exceed our internal rate limiter (#33838)

We're seeing a number of production logs indicating that we're exceeding
our internal rate limiter. Logging more information to aid debugging.

* dev/sg: migrate to urfave/cli (#33758)

This enables better flag handlers, a nicer way to build commands, aliases for commands and flags, and more!

* [CloudSaas] - Send reactivate account link for locked accounts (#33810)

* reset account link

* added unit tests to unlock account url generation

* fixed lint and prettier issues

* fixing mock for handle sign in test

* fixed linter error

* comment iteration on PR

* comment iteration on PR

* comment iteration on PR

* comment iteration on PR

* renamed it

* migration: Fix flaky TestIndexStatus (#33843)

* workerutil: Fix flaky TestWorkerConcurrent (#33847)

* Remove unused method (#33850)

* Quick start tour design updates. part 2 (#33788)

* Logos and text should be center-aligned on horizontal variant
* Remove left padding/margin on the list on the horizontal variant. Should not change current vertical behavior
* Change ”Learn how to find and fix vulnerabilities faster” to ”Find problematic code in diffs”
* Hide vertical/horizontal scroll bars
* Update completed items section for horizontal variant

* vsce: implement search UI (#30084)

Co-authored-by: Beatrix <68532117+abeatrix@users.noreply.github.com>
Co-authored-by: Alex Isken <alex.isken@sourcegraph.com>
Co-authored-by: Sara Lee <87138876+jjinnii@users.noreply.github.com>
Co-authored-by: Philipp Spiess <hello@philippspiess.com>
Co-authored-by: Giselle Northy <northyg@oregonstate.edu>
Co-authored-by: Beatrix <beatrix@sourcegraph.com>

* dev/ci: only asdf install go in pipeline gen (#33853)

Cuts the pipeline generation step from ~60s to ~25s - doing a fresh asdf install golang seems significantly faster than using the asdf tools cache.

Together with #33821 , this significantly reduces the time it takes for builds to get to an "actually running" state (~120s -> ~50s)

* dev/sg: make 'sg install' nicer to use for local dev (#33822)

* dev/sg: command, flag, and argument autocompletions (#33817)

Adds a new dependency in `sg setup` that writes the appropriate completion script for your shell into `~/.sourcegraph` and adds a line to your shell config to use the completion script. Completions are generated by `sg` itself, so there is no need to be able to update this script (and if we do need to update it, we can consider a migration path then)

`urfave/cli` completions work by providing command suggestions by default, and if you use `-` <tab><tab> you can get flag completions as well.

Also adds:

1. Custom completions based on config for `sg start`, `sg run`, `sg test`
2. Custom completions based on valid values for`sg live`, `sg ci build`

* zoekt: update to sourcegraph/zoekt@ad62e0a (#33832)

Co-authored-by: ggilmore <ggilmore@users.noreply.github.com>

* ci: remove codeinsights db vestigial from script (#33852)

* dev/ci: recurse over nested pipelines to generate step keys (#33857)

* dev/sg: improve update clarity, fix changelog (#33860)

* dev/sg: fix sg ci logs --build (#33867)

* dev/ci: fetch before update/changelog check, remove debug print (#33868)

* Insights: support filtering just in time insights with search contexts embedded query (#33815)

* set getBackendInsights to network-only (#33876)

* remove caching at github client layer in favor of httpcli caching (#33219)

* remove caching at github client layer in favor of httpcli caching

* update test to use vcr

* [Repo Header] fix view on github inside dropdown (#33829)

* fix import (#33877)

* update note on flag (#33870)

update the stale flag docs note

* Add self to be notified of BB Cloud changes for now. (#33875)

* ci: run client linters on changed files (#33701)

* dev/sg: detect completion mode and omit setup (#33874)

* web: fix stylelint issues (#33891)

* github: Don't capture pointer in collector (#33892)

We're seeing metrics being collected with names of non site owned
external services, this should not be the case as we only set up
collectors for site owned external services. The only way the wrong name
could be coming through is if the pointer to the service that is
captured by the collector closure is changed at some point. It's not
clear where this could happen, but by passing the name through as a
value we avoid this possibility.

* web: allow empty input for `lint:css:changed` (#33899)

* Fix integration test script command (#33898)

* Bump src-cli to latest release (#33902)

* Fix lsif-typescript in GitHub action (#33897)

Seems like the arg has been changed a few weeks ago (see
1abc1be3196fd0c4b3af160063d339ab719ce468), but only published yesterday: sourcegraph/scip-typescript@dff7f7d

This changes the arg to the new version.

* New ref panel: filter results client-side when using search-based (#33896)

This fixes #33412 by filtering the search-based results client side to
get back to feature parity.

* New reference panel: fix repository links not working (#33894)

This fixes #33539 by using the links to the repository use the
`externalHistory` and not the panel-internal memory history.

* ci: Increase TestIndexStatus timeout (#33907)

* Updates to deployment sections

Edited deployment sections and organized pages.

Co-authored-by: Valery Bugakov <skymk1@gmail.com>
Co-authored-by: Crystal Augustus <91073224+caugustus-sourcegraph@users.noreply.github.com>
Co-authored-by: Felix Kling <felix@felix-kling.de>
Co-authored-by: Taras Yemets <yemets.taras@gmail.com>
Co-authored-by: Varun Gandhi <varun.gandhi@sourcegraph.com>
Co-authored-by: Michelle Veronese <mverone@gmail.com>
Co-authored-by: coury-clark <coury@sourcegraph.com>
Co-authored-by: Indradhanush Gupta <indradhanush.gupta@gmail.com>
Co-authored-by: Eric Fritz <eric@eric-fritz.com>
Co-authored-by: Cristina Birkel <cdbirkel@gmail.com>
Co-authored-by: Robert Lin <robert@bobheadxi.dev>
Co-authored-by: Camden Cheek <camden@ccheek.com>
Co-authored-by: Vova Kulikov <vovakulikov@icloud.com>
Co-authored-by: Keegan Carruthers-Smith <keegan.csmith@gmail.com>
Co-authored-by: Ryan Slade <ryanslade@gmail.com>
Co-authored-by: leo <leo.p@sourcegraph.com>
Co-authored-by: Erzhan Torokulov <erzhan.torokulov@gmail.com>
Co-authored-by: Erik Seliger <erikseliger@me.com>
Co-authored-by: dan-mckean <44909130+dan-mckean@users.noreply.github.com>
Co-authored-by: Stefan Hengl <stefan@sourcegraph.com>
Co-authored-by: TJ Kandala <kandalatj@gmail.com>
Co-authored-by: Beatrix <68532117+abeatrix@users.noreply.github.com>
Co-authored-by: Adam Harvey <adam@adamharvey.name>
Co-authored-by: Kelvin Lee <7654435+Kelvin-Lee@users.noreply.github.com>
Co-authored-by: Rafał Gajdulewicz <rafax@users.noreply.github.com>
Co-authored-by: Joe Chen <joe@sourcegraph.com>
Co-authored-by: Rok Novosel <rok@sourcegraph.com>
Co-authored-by: Alex Ostrikov <94846361+sashaostrikov@users.noreply.github.com>
Co-authored-by: Idan Varsano <varsanojidan@gmail.com>
Co-authored-by: L. R. Hacker <laura.hacker@sourcegraph.com>
Co-authored-by: GitStart-SourceGraph <89894075+gitstart-sourcegraph@users.noreply.github.com>
Co-authored-by: gitstart-sourcegraph <gitstart@users.noreply.github.com>
Co-authored-by: Jean-Hadrien Chabran <jh@chabran.fr>
Co-authored-by: Noah S-C <noah@sourcegraph.com>
Co-authored-by: david-sandy <92327545+david-sandy@users.noreply.github.com>
Co-authored-by: Stephen Gutekanst <stephen@sourcegraph.com>
Co-authored-by: Bolaji Olajide <25608335+BolajiOlajide@users.noreply.github.com>
Co-authored-by: sourcegraph-buildkite <71296199+sourcegraph-buildkite@users.noreply.github.com>
Co-authored-by: ggilmore <ggilmore@users.noreply.github.com>
Co-authored-by: chwarwick <christopher.warwick@sourcegraph.com>
Co-authored-by: Malo Marrec <malo.marrec@gmail.com>
Co-authored-by: Dax McDonald <dax@sourcegraph.com>
Co-authored-by: Farhan Attamimi <farhan@sourcegraph.com>
Co-authored-by: Michael Lin <mlzc@hey.com>
Co-authored-by: Justin Boyson <justin.boyson@sourcegraph.com>
Co-authored-by: Chris Wendt <chrismwendt@gmail.com>
Co-authored-by: Kelli Rockwell <kelli@sourcegraph.com>
Co-authored-by: Michal Vrtiak <michal.vrtiak@sourcegraph.com>
Co-authored-by: Milan Freml <kopancek@users.noreply.github.com>
Co-authored-by: Pietrorosa77 <pietrorosa77@gmail.com>
Co-authored-by: Alex Isken <alex.isken@sourcegraph.com>
Co-authored-by: Sara Lee <87138876+jjinnii@users.noreply.github.com>
Co-authored-by: Philipp Spiess <hello@philippspiess.com>
Co-authored-by: Giselle Northy <northyg@oregonstate.edu>
Co-authored-by: Beatrix <beatrix@sourcegraph.com>
Co-authored-by: davejrt <davetry@gmail.com>
Co-authored-by: Naman Kumar <naman@outlook.in>
Co-authored-by: Joel Kwartler <LoJoel3+gh@gmail.com>
Co-authored-by: Thorsten Ball <mrnugget@gmail.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants