diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-04 12:09:00 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-04 12:09:00 +0000 |
| commit | 88a0824944720b6edaaef56376713541b9a02118 (patch) | |
| tree | f5fcc4f9755f249779cda9a8f02902d734af6e7e /lib/gitlab/auth | |
| parent | 7d19df2d34a9803d9f077c16315ba919b7ae2aa2 (diff) | |
| download | gitlab-ce-88a0824944720b6edaaef56376713541b9a02118.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/auth')
| -rw-r--r-- | lib/gitlab/auth/current_user_mode.rb | 61 |
1 files changed, 55 insertions, 6 deletions
diff --git a/lib/gitlab/auth/current_user_mode.rb b/lib/gitlab/auth/current_user_mode.rb index cb39baaa6cc..1ef95c03cfc 100644 --- a/lib/gitlab/auth/current_user_mode.rb +++ b/lib/gitlab/auth/current_user_mode.rb @@ -10,12 +10,54 @@ module Gitlab class CurrentUserMode NotRequestedError = Class.new(StandardError) + # RequestStore entries + CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY = { res: :current_user_mode, data: :bypass_session_admin_id }.freeze + CURRENT_REQUEST_ADMIN_MODE_USER_RS_KEY = { res: :current_user_mode, data: :current_admin }.freeze + + # SessionStore entries SESSION_STORE_KEY = :current_user_mode - ADMIN_MODE_START_TIME_KEY = 'admin_mode' - ADMIN_MODE_REQUESTED_TIME_KEY = 'admin_mode_requested' + ADMIN_MODE_START_TIME_KEY = :admin_mode + ADMIN_MODE_REQUESTED_TIME_KEY = :admin_mode_requested MAX_ADMIN_MODE_TIME = 6.hours ADMIN_MODE_REQUESTED_GRACE_PERIOD = 5.minutes + class << self + # Admin mode activation requires storing a flag in the user session. Using this + # method when scheduling jobs in Sidekiq will bypass the session check for a + # user that was already in admin mode + def bypass_session!(admin_id) + Gitlab::SafeRequestStore[CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY] = admin_id + + Gitlab::AppLogger.debug("Bypassing session in admin mode for: #{admin_id}") + + yield + ensure + Gitlab::SafeRequestStore.delete(CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY) + end + + def bypass_session_admin_id + Gitlab::SafeRequestStore[CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY] + end + + # Store in the current request the provided user model (only if in admin mode) + # and yield + def with_current_admin(admin) + return yield unless self.new(admin).admin_mode? + + Gitlab::SafeRequestStore[CURRENT_REQUEST_ADMIN_MODE_USER_RS_KEY] = admin + + Gitlab::AppLogger.debug("Admin mode active for: #{admin.username}") + + yield + ensure + Gitlab::SafeRequestStore.delete(CURRENT_REQUEST_ADMIN_MODE_USER_RS_KEY) + end + + def current_admin + Gitlab::SafeRequestStore[CURRENT_REQUEST_ADMIN_MODE_USER_RS_KEY] + end + end + def initialize(user) @user = user end @@ -42,7 +84,7 @@ module Gitlab raise NotRequestedError unless admin_mode_requested? - reset_request_store + reset_request_store_cache_entries current_session_data[ADMIN_MODE_REQUESTED_TIME_KEY] = nil current_session_data[ADMIN_MODE_START_TIME_KEY] = Time.now @@ -55,7 +97,7 @@ module Gitlab def disable_admin_mode! return unless user&.admin? - reset_request_store + reset_request_store_cache_entries current_session_data[ADMIN_MODE_REQUESTED_TIME_KEY] = nil current_session_data[ADMIN_MODE_START_TIME_KEY] = nil @@ -64,7 +106,7 @@ module Gitlab def request_admin_mode! return unless user&.admin? - reset_request_store + reset_request_store_cache_entries current_session_data[ADMIN_MODE_REQUESTED_TIME_KEY] = Time.now end @@ -73,10 +115,12 @@ module Gitlab attr_reader :user + # RequestStore entry to cache #admin_mode? result def admin_mode_rs_key @admin_mode_rs_key ||= { res: :current_user_mode, user: user.id, method: :admin_mode? } end + # RequestStore entry to cache #admin_mode_requested? result def admin_mode_requested_rs_key @admin_mode_requested_rs_key ||= { res: :current_user_mode, user: user.id, method: :admin_mode_requested? } end @@ -86,6 +130,7 @@ module Gitlab end def any_session_with_admin_mode? + return true if bypass_session? return true if current_session_data.initiated? && current_session_data[ADMIN_MODE_START_TIME_KEY].to_i > MAX_ADMIN_MODE_TIME.ago.to_i all_sessions.any? do |session| @@ -103,7 +148,11 @@ module Gitlab current_session_data[ADMIN_MODE_REQUESTED_TIME_KEY].to_i > ADMIN_MODE_REQUESTED_GRACE_PERIOD.ago.to_i end - def reset_request_store + def bypass_session? + user&.id && user.id == self.class.bypass_session_admin_id + end + + def reset_request_store_cache_entries Gitlab::SafeRequestStore.delete(admin_mode_rs_key) Gitlab::SafeRequestStore.delete(admin_mode_requested_rs_key) end |