diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-09-26 12:06:00 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-09-26 12:06:00 +0000 |
commit | 5707f305f4b961e24369fcdaecf0b8ce1c34bad8 (patch) | |
tree | 3b291653b83b3e6c2bffc77c54527fbe6f6373be /lib/gitlab | |
parent | 759cd6c2985088d187ed519f2a881c2c690b34ec (diff) | |
download | gitlab-ce-5707f305f4b961e24369fcdaecf0b8ce1c34bad8.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab')
-rw-r--r-- | lib/gitlab/auth/current_user_mode.rb | 66 | ||||
-rw-r--r-- | lib/gitlab/file_type_detection.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/health_checks/base_abstract_check.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/usage_data.rb | 2 |
4 files changed, 68 insertions, 6 deletions
diff --git a/lib/gitlab/auth/current_user_mode.rb b/lib/gitlab/auth/current_user_mode.rb new file mode 100644 index 00000000000..df5039f50c1 --- /dev/null +++ b/lib/gitlab/auth/current_user_mode.rb @@ -0,0 +1,66 @@ +# frozen_string_literal: true + +module Gitlab + module Auth + # Keeps track of the current session user mode + # + # In order to perform administrative tasks over some interfaces, + # an administrator must have explicitly enabled admin-mode + # e.g. on web access require re-authentication + class CurrentUserMode + SESSION_STORE_KEY = :current_user_mode + ADMIN_MODE_START_TIME_KEY = 'admin_mode' + MAX_ADMIN_MODE_TIME = 6.hours + + def initialize(user) + @user = user + end + + def admin_mode? + return false unless user + + Gitlab::SafeRequestStore.fetch(request_store_key) do + user&.admin? && any_session_with_admin_mode? + end + end + + def enable_admin_mode!(password: nil, skip_password_validation: false) + return unless user&.admin? + return unless skip_password_validation || user&.valid_password?(password) + + current_session_data[ADMIN_MODE_START_TIME_KEY] = Time.now + end + + def disable_admin_mode! + current_session_data[ADMIN_MODE_START_TIME_KEY] = nil + Gitlab::SafeRequestStore.delete(request_store_key) + end + + private + + attr_reader :user + + def request_store_key + @request_store_key ||= { res: :current_user_mode, user: user.id } + end + + def current_session_data + @current_session ||= Gitlab::NamespacedSessionStore.new(SESSION_STORE_KEY) + end + + def any_session_with_admin_mode? + return true if current_session_data.initiated? && current_session_data[ADMIN_MODE_START_TIME_KEY].to_i > MAX_ADMIN_MODE_TIME.ago.to_i + + all_sessions.any? do |session| + session[ADMIN_MODE_START_TIME_KEY].to_i > MAX_ADMIN_MODE_TIME.ago.to_i + end + end + + def all_sessions + @all_sessions ||= ActiveSession.list_sessions(user).lazy.map do |session| + Gitlab::NamespacedSessionStore.new(SESSION_STORE_KEY, session.with_indifferent_access ) + end + end + end + end +end diff --git a/lib/gitlab/file_type_detection.rb b/lib/gitlab/file_type_detection.rb index c2b9dfa562d..7137720f204 100644 --- a/lib/gitlab/file_type_detection.rb +++ b/lib/gitlab/file_type_detection.rb @@ -12,7 +12,7 @@ # We use Workhorse to detect the real extension when we serve files with # the `SendsBlob` helper methods, and ask Workhorse to set the content # type when it serves the file: -# https://gitlab.com/gitlab-org/gitlab-ce/blob/33e5955/app/helpers/workhorse_helper.rb#L48. +# https://gitlab.com/gitlab-org/gitlab/blob/33e5955/app/helpers/workhorse_helper.rb#L48. # # Because Workhorse has access to the content when it is downloaded, if # the type/extension doesn't match the real type, we adjust the diff --git a/lib/gitlab/health_checks/base_abstract_check.rb b/lib/gitlab/health_checks/base_abstract_check.rb index 1d31f59999c..199cd2f9b2d 100644 --- a/lib/gitlab/health_checks/base_abstract_check.rb +++ b/lib/gitlab/health_checks/base_abstract_check.rb @@ -15,10 +15,6 @@ module Gitlab raise NotImplementedError end - def liveness - HealthChecks::Result.new(true) - end - def metrics [] end diff --git a/lib/gitlab/usage_data.rb b/lib/gitlab/usage_data.rb index c5303dad558..1a3d848e692 100644 --- a/lib/gitlab/usage_data.rb +++ b/lib/gitlab/usage_data.rb @@ -187,7 +187,7 @@ module Gitlab .find_in_batches(batch_size: BATCH_SIZE) do |services| counts = services.group_by do |service| - # TODO: Simplify as part of https://gitlab.com/gitlab-org/gitlab-ce/issues/63084 + # TODO: Simplify as part of https://gitlab.com/gitlab-org/gitlab/issues/29404 service_url = service.data_fields&.url || (service.properties && service.properties['url']) service_url&.include?('.atlassian.net') ? :cloud : :server end |