diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-28 13:31:50 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-28 13:31:50 +0000 |
commit | 1e8ef329735f06d3b3cfe1966b79fe55eff21f30 (patch) | |
tree | 0c03cc2618813b9eafafd2289cfbac16fd2c2766 /app/models | |
parent | efed756aa7fbe80f589edb613eda69f6c7a9a47a (diff) | |
download | gitlab-ce-1e8ef329735f06d3b3cfe1966b79fe55eff21f30.tar.gz |
Add latest changes from gitlab-org/security/gitlab@12-7-stable-ee
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/grafana_integration.rb | 28 | ||||
-rw-r--r-- | app/models/note.rb | 3 | ||||
-rw-r--r-- | app/models/project.rb | 4 |
3 files changed, 33 insertions, 2 deletions
diff --git a/app/models/grafana_integration.rb b/app/models/grafana_integration.rb index ed4c279965a..00213732fee 100644 --- a/app/models/grafana_integration.rb +++ b/app/models/grafana_integration.rb @@ -8,11 +8,13 @@ class GrafanaIntegration < ApplicationRecord algorithm: 'aes-256-gcm', key: Settings.attr_encrypted_db_key_base_32 + before_validation :check_token_changes + validates :grafana_url, length: { maximum: 1024 }, addressable_url: { enforce_sanitization: true, ascii_only: true } - validates :token, :project, presence: true + validates :encrypted_token, :project, presence: true validates :enabled, inclusion: { in: [true, false] } @@ -23,4 +25,28 @@ class GrafanaIntegration < ApplicationRecord @client ||= ::Grafana::Client.new(api_url: grafana_url.chomp('/'), token: token) end + + def masked_token + mask(encrypted_token) + end + + def masked_token_was + mask(encrypted_token_was) + end + + private + + def token + decrypt(:token, encrypted_token) + end + + def check_token_changes + return unless [encrypted_token_was, masked_token_was].include?(token) + + clear_attribute_changes [:token, :encrypted_token, :encrypted_token_iv] + end + + def mask(token) + token&.squish&.gsub(/./, '*') + end end diff --git a/app/models/note.rb b/app/models/note.rb index 7731b477ad0..11237a5049d 100644 --- a/app/models/note.rb +++ b/app/models/note.rb @@ -545,7 +545,8 @@ class Note < ApplicationRecord # if they are not equal, then there are private/confidential references as well user_visible_reference_count > 0 && user_visible_reference_count == total_reference_count else - referenced_mentionables(user).any? + refs = all_references(user) + refs.all.any? && refs.stateful_not_visible_counter == 0 end end diff --git a/app/models/project.rb b/app/models/project.rb index c48360290c7..b2f20731c65 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -2341,6 +2341,10 @@ class Project < ApplicationRecord end end + def template_source? + false + end + private def closest_namespace_setting(name) |