diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-02 12:07:57 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-02 12:07:57 +0000 |
commit | 988b28ec1a379d38f6ac9ed04886ee564fd447fd (patch) | |
tree | 9d93267209387e62d23ea7abf81ef9c0d64f2f0b /lib/gitlab/auth | |
parent | a325f3a104748ecc68df7c3d793940aa709a111f (diff) | |
download | gitlab-ce-988b28ec1a379d38f6ac9ed04886ee564fd447fd.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/current_user_mode.rb | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/lib/gitlab/auth/current_user_mode.rb b/lib/gitlab/auth/current_user_mode.rb index 1ef95c03cfc..06ae4d81870 100644 --- a/lib/gitlab/auth/current_user_mode.rb +++ b/lib/gitlab/auth/current_user_mode.rb @@ -23,15 +23,26 @@ module Gitlab class << self # Admin mode activation requires storing a flag in the user session. Using this - # method when scheduling jobs in Sidekiq will bypass the session check for a - # user that was already in admin mode + # method when scheduling jobs in sessionless environments (e.g. Sidekiq, API) + # will bypass the session check for a user that was already in admin mode + # + # If passed a block, it will surround the block execution and reset the session + # bypass at the end; otherwise use manually '.reset_bypass_session!' def bypass_session!(admin_id) Gitlab::SafeRequestStore[CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY] = admin_id Gitlab::AppLogger.debug("Bypassing session in admin mode for: #{admin_id}") - yield - ensure + if block_given? + begin + yield + ensure + reset_bypass_session! + end + end + end + + def reset_bypass_session! Gitlab::SafeRequestStore.delete(CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY) end @@ -90,10 +101,6 @@ module Gitlab current_session_data[ADMIN_MODE_START_TIME_KEY] = Time.now end - def enable_sessionless_admin_mode! - request_admin_mode! && enable_admin_mode!(skip_password_validation: true) - end - def disable_admin_mode! return unless user&.admin? |