summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorDouwe Maan <douwe@selenight.nl>2017-08-31 18:02:19 +0200
committerDouwe Maan <douwe@selenight.nl>2017-08-31 18:02:19 +0200
commit92edb3edab89dcb7b87bad3ac0fe7fed404fea85 (patch)
treeb96e7b9d37a789ad252ee5c01a6c2811b9bc88d5 /config
parent7c215dd23dfa942d6b83252403ce326df96ab3ea (diff)
parent9aef0427eb9986fc27a399ea6b47e1518d6ebdac (diff)
downloadgitlab-ce-92edb3edab89dcb7b87bad3ac0fe7fed404fea85.tar.gz
Merge branch 'master' into issue-discussions-refactor
# Conflicts: # app/models/issue.rb
Diffstat (limited to 'config')
-rw-r--r--config/application.rb15
-rw-r--r--config/gitlab.yml.example5
-rw-r--r--config/initializers/1_settings.rb17
-rw-r--r--config/initializers/sentry.rb5
-rw-r--r--config/initializers/session_store.rb3
5 files changed, 14 insertions, 31 deletions
diff --git a/config/application.rb b/config/application.rb
index f69dab4de39..32a290f2002 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -51,31 +51,24 @@ module Gitlab
# Configure sensitive parameters which will be filtered from the log file.
#
# Parameters filtered:
- # - Password (:password, :password_confirmation)
- # - Private tokens
+ # - Any parameter ending with `_token`
+ # - Any parameter containing `password`
+ # - Any parameter containing `secret`
# - Two-factor tokens (:otp_attempt)
# - Repo/Project Import URLs (:import_url)
# - Build variables (:variables)
# - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
# - Webhook URLs (:hook)
- # - GitLab-shell secret token (:secret_token)
# - Sentry DSN (:sentry_dsn)
# - Deploy keys (:key)
+ config.filter_parameters += [/_token$/, /password/, /secret/]
config.filter_parameters += %i(
- authentication_token
certificate
encrypted_key
hook
import_url
- incoming_email_token
- rss_token
key
otp_attempt
- password
- password_confirmation
- private_token
- runners_token
- secret_token
sentry_dsn
variables
)
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 25285525846..545c01e1156 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -273,9 +273,8 @@ production: &base
encryption: 'plain'
# Enables SSL certificate verification if encryption method is
- # "start_tls" or "simple_tls". (Defaults to false for backward-
- # compatibility)
- verify_certificates: false
+ # "start_tls" or "simple_tls". Defaults to true.
+ verify_certificates: true
# Specifies the path to a file containing a PEM-format CA certificate,
# e.g. if you need to use an internal CA.
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index abaabad5d65..360b72cdea3 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -155,18 +155,11 @@ if Settings.ldap['enabled'] || Rails.env.test?
server['encryption'] = 'simple_tls' if server['encryption'] == 'ssl'
server['encryption'] = 'start_tls' if server['encryption'] == 'tls'
- # Certificates are not verified for backwards compatibility.
- # This default should be flipped to true in 9.5.
- if server['verify_certificates'].nil?
- server['verify_certificates'] = false
-
- message = <<-MSG.strip_heredoc
- LDAP SSL certificate verification is disabled for backwards-compatibility.
- Please add the "verify_certificates" option to gitlab.yml for each LDAP
- server. Certificate verification will be enabled by default in GitLab 9.5.
- MSG
- Rails.logger.warn(message)
- end
+ # Certificate verification was added in 9.4.2, and defaulted to false for
+ # backwards-compatibility.
+ #
+ # Since GitLab 10.0, verify_certificates defaults to true for security.
+ server['verify_certificates'] = true if server['verify_certificates'].nil?
Settings.ldap['servers'][key] = server
end
diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb
index 6b0cff75653..62d0967009a 100644
--- a/config/initializers/sentry.rb
+++ b/config/initializers/sentry.rb
@@ -1,19 +1,18 @@
# Be sure to restart your server when you modify this file.
require 'gitlab/current_settings'
-include Gitlab::CurrentSettings
if Rails.env.production?
# allow it to fail: it may do so when create_from_defaults is executed before migrations are actually done
begin
- sentry_enabled = current_application_settings.sentry_enabled
+ sentry_enabled = Gitlab::CurrentSettings.current_application_settings.sentry_enabled
rescue
sentry_enabled = false
end
if sentry_enabled
Raven.configure do |config|
- config.dsn = current_application_settings.sentry_dsn
+ config.dsn = Gitlab::CurrentSettings.current_application_settings.sentry_dsn
config.release = Gitlab::REVISION
# Sanitize fields based on those sanitized from Rails.
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index e8213ac8ba4..f2fde1e0048 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,11 +1,10 @@
# Be sure to restart your server when you modify this file.
require 'gitlab/current_settings'
-include Gitlab::CurrentSettings
# allow it to fail: it may do so when create_from_defaults is executed before migrations are actually done
begin
- Settings.gitlab['session_expire_delay'] = current_application_settings.session_expire_delay || 10080
+ Settings.gitlab['session_expire_delay'] = Gitlab::CurrentSettings.current_application_settings.session_expire_delay || 10080
rescue
Settings.gitlab['session_expire_delay'] ||= 10080
end