diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-20 14:22:11 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-20 14:22:11 +0000 |
commit | 0c872e02b2c822e3397515ec324051ff540f0cd5 (patch) | |
tree | ce2fb6ce7030e4dad0f4118d21ab6453e5938cdd /app/controllers/jira_connect | |
parent | f7e05a6853b12f02911494c4b3fe53d9540d74fc (diff) | |
download | gitlab-ce-f7d6ced4f57b4920a666336f5a44d098faade2ea.tar.gz |
Add latest changes from gitlab-org/gitlab@15-7-stable-eev15.7.0-rc42
Diffstat (limited to 'app/controllers/jira_connect')
8 files changed, 26 insertions, 58 deletions
diff --git a/app/controllers/jira_connect/app_descriptor_controller.rb b/app/controllers/jira_connect/app_descriptor_controller.rb index 16bd73f5ab6..3c50d54fa10 100644 --- a/app/controllers/jira_connect/app_descriptor_controller.rb +++ b/app/controllers/jira_connect/app_descriptor_controller.rb @@ -28,7 +28,7 @@ class JiraConnect::AppDescriptorController < JiraConnect::ApplicationController type: 'jwt' }, modules: modules, - scopes: %w(READ WRITE DELETE), + scopes: %w[READ WRITE DELETE], apiVersion: 1, apiMigrations: { 'context-qsh': true, @@ -76,7 +76,7 @@ class JiraConnect::AppDescriptorController < JiraConnect::ApplicationController jiraDevelopmentTool: { actions: { createBranch: { - templateUrl: new_jira_connect_branch_url + '?issue_key={issue.key}&issue_summary={issue.summary}' + templateUrl: "#{new_jira_connect_branch_url}?issue_key={issue.key}&issue_summary={issue.summary}" } }, key: 'gitlab-development-tool', @@ -84,7 +84,7 @@ class JiraConnect::AppDescriptorController < JiraConnect::ApplicationController name: { value: 'GitLab' }, url: HOME_URL, logoUrl: logo_url, - capabilities: %w(branch commit pull_request) + capabilities: %w[branch commit pull_request] } } end diff --git a/app/controllers/jira_connect/application_controller.rb b/app/controllers/jira_connect/application_controller.rb index b9f0ea795e1..e26d69314cd 100644 --- a/app/controllers/jira_connect/application_controller.rb +++ b/app/controllers/jira_connect/application_controller.rb @@ -3,11 +3,6 @@ class JiraConnect::ApplicationController < ApplicationController include Gitlab::Utils::StrongMemoize - CORS_ALLOWED_METHODS = { - '/-/jira_connect/oauth_application_id' => %i[GET OPTIONS], - '/-/jira_connect/subscriptions/*' => %i[DELETE OPTIONS] - }.freeze - skip_before_action :authenticate_user! skip_before_action :verify_authenticity_token before_action :verify_atlassian_jwt! @@ -65,25 +60,4 @@ class JiraConnect::ApplicationController < ApplicationController def auth_token params[:jwt] || request.headers['Authorization']&.split(' ', 2)&.last end - - def cors_allowed_methods - CORS_ALLOWED_METHODS[resource] - end - - def resource - request.path.gsub(%r{/\d+$}, '/*') - end - - def set_cors_headers - return unless allow_cors_request? - - response.set_header('Access-Control-Allow-Origin', Gitlab::CurrentSettings.jira_connect_proxy_url) - response.set_header('Access-Control-Allow-Methods', cors_allowed_methods.join(', ')) - end - - def allow_cors_request? - return false if cors_allowed_methods.nil? - - !Gitlab.com? && Gitlab::CurrentSettings.jira_connect_proxy_url.present? - end end diff --git a/app/controllers/jira_connect/cors_preflight_checks_controller.rb b/app/controllers/jira_connect/cors_preflight_checks_controller.rb deleted file mode 100644 index 3f30c1e04df..00000000000 --- a/app/controllers/jira_connect/cors_preflight_checks_controller.rb +++ /dev/null @@ -1,16 +0,0 @@ -# frozen_string_literal: true - -module JiraConnect - class CorsPreflightChecksController < ApplicationController - feature_category :integrations - - skip_before_action :verify_atlassian_jwt! - before_action :set_cors_headers - - def index - return render_404 unless allow_cors_request? - - render plain: '', content_type: 'text/plain' - end - end -end diff --git a/app/controllers/jira_connect/events_controller.rb b/app/controllers/jira_connect/events_controller.rb index 394fdc9b2f6..fa1e1f505eb 100644 --- a/app/controllers/jira_connect/events_controller.rb +++ b/app/controllers/jira_connect/events_controller.rb @@ -31,7 +31,10 @@ class JiraConnect::EventsController < JiraConnect::ApplicationController end def update_installation - current_jira_installation.update(update_params) + JiraConnectInstallations::UpdateService.execute( + current_jira_installation, + update_params + ).success? end def create_params @@ -56,7 +59,7 @@ class JiraConnect::EventsController < JiraConnect::ApplicationController def jwt_verification_claims { - aud: jira_connect_base_url(protocol: 'https'), + aud: Gitlab.config.jira_connect.enforce_jira_base_url_https ? jira_connect_base_url(protocol: 'https') : jira_connect_base_url, iss: transformed_params[:client_key], qsh: Atlassian::Jwt.create_query_string_hash(request.url, request.method, jira_connect_base_url) } diff --git a/app/controllers/jira_connect/installations_controller.rb b/app/controllers/jira_connect/installations_controller.rb index 401bc4f9c87..44dbf90f5fb 100644 --- a/app/controllers/jira_connect/installations_controller.rb +++ b/app/controllers/jira_connect/installations_controller.rb @@ -6,11 +6,12 @@ class JiraConnect::InstallationsController < JiraConnect::ApplicationController end def update - if current_jira_installation.update(installation_params) + result = update_installation + if result.success? render json: installation_json(current_jira_installation) else render( - json: { errors: current_jira_installation.errors }, + json: { errors: result.message }, status: :unprocessable_entity ) end @@ -18,6 +19,13 @@ class JiraConnect::InstallationsController < JiraConnect::ApplicationController private + def update_installation + JiraConnectInstallations::UpdateService.execute( + current_jira_installation, + installation_params + ) + end + def installation_json(installation) { gitlab_com: installation.instance_url.blank?, diff --git a/app/controllers/jira_connect/oauth_application_ids_controller.rb b/app/controllers/jira_connect/oauth_application_ids_controller.rb index 3e788e2282e..de520337af3 100644 --- a/app/controllers/jira_connect/oauth_application_ids_controller.rb +++ b/app/controllers/jira_connect/oauth_application_ids_controller.rb @@ -5,7 +5,6 @@ module JiraConnect feature_category :integrations skip_before_action :verify_atlassian_jwt! - before_action :set_cors_headers def show if show_application_id? @@ -20,7 +19,7 @@ module JiraConnect def show_application_id? return if Gitlab.com? - Feature.enabled?(:jira_connect_oauth_self_managed) && jira_connect_application_key.present? + jira_connect_application_key.present? end def jira_connect_application_key diff --git a/app/controllers/jira_connect/public_keys_controller.rb b/app/controllers/jira_connect/public_keys_controller.rb index b3144993edb..09003f8478f 100644 --- a/app/controllers/jira_connect/public_keys_controller.rb +++ b/app/controllers/jira_connect/public_keys_controller.rb @@ -10,7 +10,9 @@ module JiraConnect skip_before_action :authenticate_user! def show - return render_404 if Feature.disabled?(:jira_connect_oauth_self_managed) || !Gitlab.com? + if Feature.disabled?(:jira_connect_oauth_self_managed) || !Gitlab.config.jira_connect.enable_public_keys_storage + return render_404 + end render plain: public_key.key end diff --git a/app/controllers/jira_connect/subscriptions_controller.rb b/app/controllers/jira_connect/subscriptions_controller.rb index 9a732cadd94..ff7477a94d6 100644 --- a/app/controllers/jira_connect/subscriptions_controller.rb +++ b/app/controllers/jira_connect/subscriptions_controller.rb @@ -1,19 +1,20 @@ # frozen_string_literal: true class JiraConnect::SubscriptionsController < JiraConnect::ApplicationController + ALLOWED_IFRAME_ANCESTORS = [:self, 'https://*.atlassian.net', 'https://*.jira.com'].freeze layout 'jira_connect' content_security_policy do |p| next if p.directives.blank? # rubocop: disable Lint/PercentStringArray - script_src_values = Array.wrap(p.directives['script-src']) | %w('self' https://connect-cdn.atl-paas.net) - style_src_values = Array.wrap(p.directives['style-src']) | %w('self' 'unsafe-inline') + script_src_values = Array.wrap(p.directives['script-src']) | %w['self' https://connect-cdn.atl-paas.net] + style_src_values = Array.wrap(p.directives['style-src']) | %w['self' 'unsafe-inline'] # rubocop: enable Lint/PercentStringArray # *.jira.com is needed for some legacy Jira Cloud instances, new ones will use *.atlassian.net # https://support.atlassian.com/organization-administration/docs/ip-addresses-and-domains-for-atlassian-cloud-products/ - p.frame_ancestors :self, 'https://*.atlassian.net', 'https://*.jira.com' + p.frame_ancestors(*(ALLOWED_IFRAME_ANCESTORS + Gitlab.config.jira_connect.additional_iframe_ancestors)) p.script_src(*script_src_values) p.style_src(*style_src_values) end @@ -27,7 +28,6 @@ class JiraConnect::SubscriptionsController < JiraConnect::ApplicationController before_action :verify_qsh_claim!, only: :index before_action :allow_self_managed_content_security_policy, only: :index before_action :authenticate_user!, only: :create - before_action :set_cors_headers def index @subscriptions = current_jira_installation.subscriptions.preload_namespace_route @@ -65,8 +65,6 @@ class JiraConnect::SubscriptionsController < JiraConnect::ApplicationController private def allow_self_managed_content_security_policy - return unless Feature.enabled?(:jira_connect_oauth_self_managed_setting) - return unless current_jira_installation.instance_url? request.content_security_policy.directives['connect-src'] ||= [] |