diff options
| author | Long Nguyen <long.polyglot@gmail.com> | 2016-05-05 15:07:50 +0700 |
|---|---|---|
| committer | Long Nguyen <long.polyglot@gmail.com> | 2016-05-05 15:07:50 +0700 |
| commit | 5f60841d7e4aea2b6298df7ea0423e3baa769df1 (patch) | |
| tree | 435917c9667c64432f7f4f08c1d50b5c8e0bf2fb /config | |
| parent | ae29ec31e4f71d722e975bfce945aaed7e0d0bd1 (diff) | |
| parent | f5ae92d81c022e94500eb9a6949b2322a943a5af (diff) | |
| download | gitlab-ce-5f60841d7e4aea2b6298df7ea0423e3baa769df1.tar.gz | |
Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into issue_15572_snippets_tab_under_user_profile
Diffstat (limited to 'config')
| -rw-r--r-- | config/application.rb | 25 | ||||
| -rw-r--r-- | config/environments/development.rb | 2 | ||||
| -rw-r--r-- | config/gitlab.yml.example | 7 | ||||
| -rw-r--r-- | config/initializers/1_settings.rb | 26 | ||||
| -rw-r--r-- | config/initializers/metrics.rb | 37 | ||||
| -rw-r--r-- | config/initializers/rack_attack.rb.example | 3 | ||||
| -rw-r--r-- | config/initializers/rack_attack_git_basic_auth.rb | 4 | ||||
| -rw-r--r-- | config/initializers/sentry.rb | 3 | ||||
| -rw-r--r-- | config/initializers/session_store.rb | 2 | ||||
| -rw-r--r-- | config/routes.rb | 17 |
10 files changed, 95 insertions, 31 deletions
diff --git a/config/application.rb b/config/application.rb index 2e2ed48db07..b602e2b6168 100644 --- a/config/application.rb +++ b/config/application.rb @@ -32,7 +32,30 @@ module Gitlab config.encoding = "utf-8" # Configure sensitive parameters which will be filtered from the log file. - config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt, :variables, :import_url) + # + # Parameters filtered: + # - Password (:password, :password_confirmation) + # - Private tokens (:private_token) + # - Two-factor tokens (:otp_attempt) + # - Repo/Project Import URLs (:import_url) + # - Build variables (:variables) + # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key) + # - Webhook URLs (:hook) + # - Sentry DSN (:sentry_dsn) + # - Deploy keys (:key) + config.filter_parameters += %i( + certificate + encrypted_key + hook + import_url + key + otp_attempt + password + password_confirmation + private_token + sentry_dsn + variables + ) # Enable escaping HTML in JSON. config.active_support.escape_html_entities_in_json = true diff --git a/config/environments/development.rb b/config/environments/development.rb index 689694a3480..4f39016bfa4 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -36,7 +36,7 @@ Rails.application.configure do # For having correct urls in mails config.action_mailer.default_url_options = { host: 'localhost', port: 3000 } # Open sent mails in browser - config.action_mailer.delivery_method = :letter_opener + config.action_mailer.delivery_method = :letter_opener_web # Don't make a mess when bootstrapping a development environment config.action_mailer.perform_deliveries = (ENV['BOOTSTRAP'] != '1') diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index d9c15f81404..e682bcb976d 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -152,7 +152,6 @@ production: &base ## Gravatar ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html gravatar: - enabled: true # Use user avatar image from Gravatar.com (default: true) # gravatar urls: possible placeholders: %{hash} %{size} %{email} # plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon # ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon @@ -168,9 +167,9 @@ production: &base # once per hour you will have concurrent 'git fsck' jobs. repository_check_worker: cron: "20 * * * *" - # Send admin emails once a day + # Send admin emails once a week admin_email_worker: - cron: "0 0 * * *" + cron: "0 0 * * 0" # Remove outdated repository archives repository_archive_cache_worker: @@ -350,6 +349,8 @@ production: &base # - { name: 'github', # app_id: 'YOUR_APP_ID', # app_secret: 'YOUR_APP_SECRET', + # url: "https://github.com/", + # verify_ssl: true, # args: { scope: 'user:email' } } # - { name: 'bitbucket', # app_id: 'YOUR_APP_ID', diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 10c25044b75..8db2c05fe45 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -140,6 +140,30 @@ Settings.omniauth.cas3['session_duration'] ||= 8.hours Settings.omniauth['session_tickets'] ||= Settingslogic.new({}) Settings.omniauth.session_tickets['cas3'] = 'ticket' +# Fill out omniauth-gitlab settings. It is needed for easy set up GHE or GH by just specifying url. + +github_default_url = "https://github.com" +github_settings = Settings.omniauth['providers'].find { |provider| provider["name"] == "github" } + +if github_settings + # For compatibility with old config files (before 7.8) + # where people dont have url in github settings + if github_settings['url'].blank? + github_settings['url'] = github_default_url + end + + github_settings["args"] ||= Settingslogic.new({}) + + if github_settings["url"].include?(github_default_url) + github_settings["args"]["client_options"] = OmniAuth::Strategies::GitHub.default_options[:client_options] + else + github_settings["args"]["client_options"] = { + "site" => File.join(github_settings["url"], "api/v3"), + "authorize_url" => File.join(github_settings["url"], "login/oauth/authorize"), + "token_url" => File.join(github_settings["url"], "login/oauth/access_token") + } + end +end Settings['shared'] ||= Settingslogic.new({}) Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root) @@ -245,7 +269,7 @@ Settings.cron_jobs['repository_check_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['repository_check_worker']['cron'] ||= '20 * * * *' Settings.cron_jobs['repository_check_worker']['job_class'] = 'RepositoryCheck::BatchWorker' Settings.cron_jobs['admin_email_worker'] ||= Settingslogic.new({}) -Settings.cron_jobs['admin_email_worker']['cron'] ||= '0 0 * * *' +Settings.cron_jobs['admin_email_worker']['cron'] ||= '0 0 * * 0' Settings.cron_jobs['admin_email_worker']['job_class'] = 'AdminEmailWorker' Settings.cron_jobs['repository_archive_cache_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['repository_archive_cache_worker']['cron'] ||= '0 * * * *' diff --git a/config/initializers/metrics.rb b/config/initializers/metrics.rb index 283936d0efc..b2d08d87bac 100644 --- a/config/initializers/metrics.rb +++ b/config/initializers/metrics.rb @@ -61,12 +61,30 @@ if Gitlab::Metrics.enabled? config.instrument_instance_methods(const) end - Dir[Rails.root.join('app', 'finders', '*.rb')].each do |path| - const = File.basename(path, '.rb').camelize.constantize - - config.instrument_instance_methods(const) + # Path to search => prefix to strip from constant + paths_to_instrument = { + ['app', 'finders'] => ['app', 'finders'], + ['app', 'mailers', 'emails'] => ['app', 'mailers'], + ['app', 'services', '**'] => ['app', 'services'], + ['lib', 'gitlab', 'diff'] => ['lib'], + ['lib', 'gitlab', 'email', 'message'] => ['lib'] + } + + paths_to_instrument.each do |(path, prefix)| + prefix = Rails.root.join(*prefix) + + Dir[Rails.root.join(*path + ['*.rb'])].each do |file_path| + path = Pathname.new(file_path).relative_path_from(prefix) + const = path.to_s.sub('.rb', '').camelize.constantize + + config.instrument_methods(const) + config.instrument_instance_methods(const) + end end + config.instrument_methods(Premailer::Adapter::Nokogiri) + config.instrument_instance_methods(Premailer::Adapter::Nokogiri) + [ :Blame, :Branch, :BranchCollection, :Blob, :Commit, :Diff, :Repository, :Tag, :TagCollection, :Tree @@ -97,17 +115,6 @@ if Gitlab::Metrics.enabled? config.instrument_methods(Gitlab::ReferenceExtractor) config.instrument_instance_methods(Gitlab::ReferenceExtractor) - # Instrument all service classes - services = Rails.root.join('app', 'services') - - Dir[services.join('**', '*.rb')].each do |file_path| - path = Pathname.new(file_path).relative_path_from(services) - const = path.to_s.sub('.rb', '').camelize.constantize - - config.instrument_methods(const) - config.instrument_instance_methods(const) - end - # Instrument the classes used for checking if somebody has push access. config.instrument_instance_methods(Gitlab::GitAccess) config.instrument_instance_methods(Gitlab::GitAccessWiki) diff --git a/config/initializers/rack_attack.rb.example b/config/initializers/rack_attack.rb.example index b1bbcca1d61..30d05f16153 100644 --- a/config/initializers/rack_attack.rb.example +++ b/config/initializers/rack_attack.rb.example @@ -17,8 +17,9 @@ paths_to_be_protected = [ # Create one big regular expression that matches strings starting with any of # the paths_to_be_protected. paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ }) +rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled'] -unless Rails.env.test? +unless Rails.env.test? || !rack_attack_enabled Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req| if req.post? && req.path =~ paths_regex req.ip diff --git a/config/initializers/rack_attack_git_basic_auth.rb b/config/initializers/rack_attack_git_basic_auth.rb index bbbfed68329..6a721826170 100644 --- a/config/initializers/rack_attack_git_basic_auth.rb +++ b/config/initializers/rack_attack_git_basic_auth.rb @@ -1,4 +1,6 @@ -unless Rails.env.test? +rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled'] + +unless Rails.env.test? || !rack_attack_enabled # Tell the Rack::Attack Rack middleware to maintain an IP blacklist. We will # update the blacklist from Grack::Auth#authenticate_user. Rack::Attack.blacklist('Git HTTP Basic Auth') do |req| diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb index e87899b2d5c..74fef7cadfe 100644 --- a/config/initializers/sentry.rb +++ b/config/initializers/sentry.rb @@ -15,6 +15,9 @@ if Rails.env.production? Raven.configure do |config| config.dsn = current_application_settings.sentry_dsn config.release = Gitlab::REVISION + + # Sanitize fields based on those sanitized from Rails. + config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s) end end end diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 88cb859871c..599dabb9e50 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -22,7 +22,7 @@ else key: '_gitlab_session', secure: Gitlab.config.gitlab.https, httponly: true, - expire_after: Settings.gitlab['session_expire_delay'] * 60, + expires_in: Settings.gitlab['session_expire_delay'] * 60, path: (Rails.application.config.relative_url_root.nil?) ? '/' : Gitlab::Application.config.relative_url_root ) end diff --git a/config/routes.rb b/config/routes.rb index f6a41331ecf..2bfaa2c2af6 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -16,16 +16,18 @@ Rails.application.routes.draw do end end - # Make the built-in Rails routes available in development, otherwise they'd - # get swallowed by the `namespace/project` route matcher below. - # - # See https://git.io/va79N if Rails.env.development? + # Make the built-in Rails routes available in development, otherwise they'd + # get swallowed by the `namespace/project` route matcher below. + # + # See https://git.io/va79N get '/rails/mailers' => 'rails/mailers#index' get '/rails/mailers/:path' => 'rails/mailers#preview' get '/rails/info/properties' => 'rails/info#properties' get '/rails/info/routes' => 'rails/info#routes' get '/rails/info' => 'rails/info#index' + + mount LetterOpenerWeb::Engine, at: '/rails/letter_opener' end namespace :ci do @@ -210,8 +212,6 @@ Rails.application.routes.draw do resources :keys, only: [:show, :destroy] resources :identities, except: [:show] - delete 'stop_impersonation' => 'impersonation#destroy', on: :collection - member do get :projects get :keys @@ -221,12 +221,14 @@ Rails.application.routes.draw do put :unblock put :unlock put :confirm - post 'impersonate' => 'impersonation#create' + post :impersonate patch :disable_two_factor delete 'remove/:email_id', action: 'remove_email', as: 'remove_email' end end + resource :impersonation, only: :destroy + resources :abuse_reports, only: [:index, :destroy] resources :spam_logs, only: [:index, :destroy] @@ -709,6 +711,7 @@ Rails.application.routes.draw do post :toggle_subscription get :referenced_merge_requests get :related_branches + get :can_create_branch end collection do post :bulk_update |