diff options
Diffstat (limited to 'app/controllers/concerns')
7 files changed, 23 insertions, 37 deletions
diff --git a/app/controllers/concerns/authenticates_with_two_factor.rb b/app/controllers/concerns/authenticates_with_two_factor.rb index 4f4b204def8..da5b7ccfbf0 100644 --- a/app/controllers/concerns/authenticates_with_two_factor.rb +++ b/app/controllers/concerns/authenticates_with_two_factor.rb @@ -151,14 +151,14 @@ module AuthenticatesWithTwoFactor def handle_two_factor_failure(user, method, message) user.increment_failed_attempts! - log_failed_two_factor(user, method, request.remote_ip) + log_failed_two_factor(user, method) Gitlab::AppLogger.info("Failed Login: user=#{user.username} ip=#{request.remote_ip} method=#{method}") flash.now[:alert] = message prompt_for_two_factor(user) end - def log_failed_two_factor(user, method, ip_address) + def log_failed_two_factor(user, method) # overridden in EE end diff --git a/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb b/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb index a8155f1e639..574fc6c0f37 100644 --- a/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb +++ b/app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb @@ -98,7 +98,7 @@ module AuthenticatesWithTwoFactorForAdminMode def admin_handle_two_factor_failure(user, method, message) user.increment_failed_attempts! - log_failed_two_factor(user, method, request.remote_ip) + log_failed_two_factor(user, method) Gitlab::AppLogger.info("Failed Admin Mode Login: user=#{user.username} ip=#{request.remote_ip} method=#{method}") flash.now[:alert] = message diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb index 929e60a9e77..2664a7b7151 100644 --- a/app/controllers/concerns/issuable_actions.rb +++ b/app/controllers/concerns/issuable_actions.rb @@ -3,6 +3,7 @@ module IssuableActions extend ActiveSupport::Concern include Gitlab::Utils::StrongMemoize + include Gitlab::Cache::Helpers included do before_action :authorize_destroy_issuable!, only: :destroy @@ -129,7 +130,11 @@ module IssuableActions discussions = Discussion.build_collection(notes, issuable) - render json: discussion_serializer.represent(discussions, context: self) + if issuable.is_a?(MergeRequest) && Feature.enabled?(:merge_request_discussion_cache, issuable.target_project, default_enabled: :yaml) + render_cached(discussions, with: discussion_serializer, context: self) + else + render json: discussion_serializer.represent(discussions, context: self) + end end # rubocop:enable CodeReuse/ActiveRecord diff --git a/app/controllers/concerns/metrics/dashboard/prometheus_api_proxy.rb b/app/controllers/concerns/metrics/dashboard/prometheus_api_proxy.rb index e0e3f628cc5..65237b552ca 100644 --- a/app/controllers/concerns/metrics/dashboard/prometheus_api_proxy.rb +++ b/app/controllers/concerns/metrics/dashboard/prometheus_api_proxy.rb @@ -16,7 +16,7 @@ module Metrics::Dashboard::PrometheusApiProxy return error_response(variable_substitution_result) end - prometheus_result = Prometheus::ProxyService.new( + prometheus_result = ::Prometheus::ProxyService.new( proxyable, proxy_method, proxy_path, diff --git a/app/controllers/concerns/redis_tracking.rb b/app/controllers/concerns/redis_tracking.rb index 3155208f47c..c1135d2f759 100644 --- a/app/controllers/concerns/redis_tracking.rb +++ b/app/controllers/concerns/redis_tracking.rb @@ -12,12 +12,13 @@ # You can also pass custom conditions using `if:`, using the same format as with Rails callbacks. # You can also pass an optional block that calculates and returns a custom id to track. module RedisTracking + include Gitlab::Tracking::Helpers extend ActiveSupport::Concern class_methods do def track_redis_hll_event(*controller_actions, name:, if: nil, &block) custom_conditions = Array.wrap(binding.local_variable_get('if')) - conditions = [:trackable_request?, *custom_conditions] + conditions = [:trackable_html_request?, *custom_conditions] after_action only: controller_actions, if: conditions do track_unique_redis_hll_event(name, &block) @@ -37,10 +38,6 @@ module RedisTracking Gitlab::UsageDataCounters::HLLRedisCounter.track_event(event_name, values: unique_id) end - def trackable_request? - request.format.html? && request.headers['DNT'] != '1' - end - def visitor_id return cookies[:visitor_id] if cookies[:visitor_id].present? return unless current_user diff --git a/app/controllers/concerns/spammable_actions.rb b/app/controllers/concerns/spammable_actions.rb index 9e861d2859d..eb1223f22a9 100644 --- a/app/controllers/concerns/spammable_actions.rb +++ b/app/controllers/concerns/spammable_actions.rb @@ -47,31 +47,16 @@ module SpammableActions end end - def spammable_params - # NOTE: For the legacy reCAPTCHA implementation based on the HTML/HAML form, the - # 'g-recaptcha-response' field name comes from `Recaptcha::ClientHelper#recaptcha_tags` in the - # recaptcha gem, which is called from the HAML `_recaptcha_form.html.haml` form. - # - # It is used in the `Recaptcha::Verify#verify_recaptcha` to extract the value from `params`, - # if the `response` option is not passed explicitly. - # - # Instead of relying on this behavior, we are extracting and passing it explicitly. This will - # make it consistent with the newer, modern reCAPTCHA verification process as it will be - # implemented via the GraphQL API and in Vue components via the native reCAPTCHA Javascript API, - # which requires that the recaptcha response param be obtained and passed explicitly. - # - # It can also be expanded to multiple fields when we move to future alternative captcha - # implementations such as FriendlyCaptcha. See https://gitlab.com/gitlab-org/gitlab/-/issues/273480 - - # After this newer GraphQL/JS API process is fully supported by the backend, we can remove the - # check for the 'g-recaptcha-response' field and other HTML/HAML form-specific support. - captcha_response = params['g-recaptcha-response'] || params[:captcha_response] - - { - request: request, - spam_log_id: params[:spam_log_id], - captcha_response: captcha_response - } + # TODO: This method is currently only needed for issue create, to convert spam/CAPTCHA values from + # params, and instead be passed as headers, as the spam services now all expect. It can be removed + # when issue create is is converted to a client/JS based approach instead of the legacy HAML + # `_recaptcha_form.html.haml` which is rendered via the `projects/issues/verify` template. + # In that case, which is based on the legacy reCAPTCHA implementation using the HTML/HAML form, + # the 'g-recaptcha-response' field name comes from `Recaptcha::ClientHelper#recaptcha_tags` in the + # recaptcha gem, which is called from the HAML `_recaptcha_form.html.haml` form. + def extract_legacy_spam_params_to_headers + request.headers['X-GitLab-Captcha-Response'] = params['g-recaptcha-response'] || params[:captcha_response] + request.headers['X-GitLab-Spam-Log-Id'] = params[:spam_log_id] end def spammable diff --git a/app/controllers/concerns/wiki_actions.rb b/app/controllers/concerns/wiki_actions.rb index b7f6691ef4b..848b7ee44c5 100644 --- a/app/controllers/concerns/wiki_actions.rb +++ b/app/controllers/concerns/wiki_actions.rb @@ -14,8 +14,7 @@ module WikiActions before_action { respond_to :html } before_action :authorize_read_wiki! - before_action :authorize_create_wiki!, only: [:edit, :create] - before_action :authorize_admin_wiki!, only: :destroy + before_action :authorize_create_wiki!, only: [:edit, :create, :destroy] before_action :wiki before_action :page, only: [:show, :edit, :update, :history, :destroy, :diff] |