diff options
Diffstat (limited to 'app/controllers/concerns')
-rw-r--r-- | app/controllers/concerns/dependency_proxy/auth.rb | 43 | ||||
-rw-r--r-- | app/controllers/concerns/dependency_proxy/group_access.rb | 26 | ||||
-rw-r--r-- | app/controllers/concerns/dependency_proxy_access.rb | 24 | ||||
-rw-r--r-- | app/controllers/concerns/integrations_actions.rb | 11 | ||||
-rw-r--r-- | app/controllers/concerns/issuable_collections.rb | 2 | ||||
-rw-r--r-- | app/controllers/concerns/service_params.rb | 3 | ||||
-rw-r--r-- | app/controllers/concerns/snippets_actions.rb | 3 | ||||
-rw-r--r-- | app/controllers/concerns/sorting_preference.rb | 27 | ||||
-rw-r--r-- | app/controllers/concerns/wiki_actions.rb | 28 | ||||
-rw-r--r-- | app/controllers/concerns/workhorse_authorization.rb (renamed from app/controllers/concerns/workhorse_import_export_upload.rb) | 20 |
10 files changed, 136 insertions, 51 deletions
diff --git a/app/controllers/concerns/dependency_proxy/auth.rb b/app/controllers/concerns/dependency_proxy/auth.rb new file mode 100644 index 00000000000..1276feedba6 --- /dev/null +++ b/app/controllers/concerns/dependency_proxy/auth.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: true + +module DependencyProxy + module Auth + extend ActiveSupport::Concern + + included do + # We disable `authenticate_user!` since the `DependencyProxy::Auth` performs auth using JWT token + skip_before_action :authenticate_user!, raise: false + prepend_before_action :authenticate_user_from_jwt_token! + end + + def authenticate_user_from_jwt_token! + return unless dependency_proxy_for_private_groups? + + authenticate_with_http_token do |token, _| + user = user_from_token(token) + sign_in(user) if user + end + + request_bearer_token! unless current_user + end + + private + + def dependency_proxy_for_private_groups? + Feature.enabled?(:dependency_proxy_for_private_groups, default_enabled: true) + end + + def request_bearer_token! + # unfortunately, we cannot use https://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Token.html#method-i-authentication_request + response.headers['WWW-Authenticate'] = ::DependencyProxy::Registry.authenticate_header + render plain: '', status: :unauthorized + end + + def user_from_token(token) + token_payload = DependencyProxy::AuthTokenService.decoded_token_payload(token) + User.find(token_payload['user_id']) + rescue JWT::DecodeError, JWT::ExpiredSignature, JWT::ImmatureSignature + nil + end + end +end diff --git a/app/controllers/concerns/dependency_proxy/group_access.rb b/app/controllers/concerns/dependency_proxy/group_access.rb new file mode 100644 index 00000000000..2a923d02752 --- /dev/null +++ b/app/controllers/concerns/dependency_proxy/group_access.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true + +module DependencyProxy + module GroupAccess + extend ActiveSupport::Concern + + included do + before_action :verify_dependency_proxy_enabled! + before_action :authorize_read_dependency_proxy! + end + + private + + def verify_dependency_proxy_enabled! + render_404 unless group.dependency_proxy_feature_available? + end + + def authorize_read_dependency_proxy! + access_denied! unless can?(current_user, :read_dependency_proxy, group) + end + + def authorize_admin_dependency_proxy! + access_denied! unless can?(current_user, :admin_dependency_proxy, group) + end + end +end diff --git a/app/controllers/concerns/dependency_proxy_access.rb b/app/controllers/concerns/dependency_proxy_access.rb deleted file mode 100644 index 5036d0cfce4..00000000000 --- a/app/controllers/concerns/dependency_proxy_access.rb +++ /dev/null @@ -1,24 +0,0 @@ -# frozen_string_literal: true - -module DependencyProxyAccess - extend ActiveSupport::Concern - - included do - before_action :verify_dependency_proxy_enabled! - before_action :authorize_read_dependency_proxy! - end - - private - - def verify_dependency_proxy_enabled! - render_404 unless group.dependency_proxy_feature_available? - end - - def authorize_read_dependency_proxy! - access_denied! unless can?(current_user, :read_dependency_proxy, group) - end - - def authorize_admin_dependency_proxy! - access_denied! unless can?(current_user, :admin_dependency_proxy, group) - end -end diff --git a/app/controllers/concerns/integrations_actions.rb b/app/controllers/concerns/integrations_actions.rb index 8e9b038437d..baebedb8e5d 100644 --- a/app/controllers/concerns/integrations_actions.rb +++ b/app/controllers/concerns/integrations_actions.rb @@ -6,7 +6,6 @@ module IntegrationsActions included do include ServiceParams - before_action :not_found, unless: :integrations_enabled? before_action :integration, only: [:edit, :update, :test] end @@ -43,12 +42,16 @@ module IntegrationsActions render json: {}, status: :ok end - private + def reset + integration.destroy! + + flash[:notice] = s_('Integrations|This integration, and inheriting projects were reset.') - def integrations_enabled? - false + render json: {}, status: :ok end + private + def integration # Using instance variable `@service` still required as it's used in ServiceParams. # Should be removed once that is refactored to use `@integration`. diff --git a/app/controllers/concerns/issuable_collections.rb b/app/controllers/concerns/issuable_collections.rb index 0d7af57328a..3f5f3b6e9df 100644 --- a/app/controllers/concerns/issuable_collections.rb +++ b/app/controllers/concerns/issuable_collections.rb @@ -150,7 +150,7 @@ module IssuableCollections common_attributes + [:project, project: :namespace] when 'MergeRequest' common_attributes + [ - :target_project, :latest_merge_request_diff, :approvals, :approved_by_users, + :target_project, :latest_merge_request_diff, :approvals, :approved_by_users, :reviewers, source_project: :route, head_pipeline: :project, target_project: :namespace ] end diff --git a/app/controllers/concerns/service_params.rb b/app/controllers/concerns/service_params.rb index a19c43a227a..c295290a123 100644 --- a/app/controllers/concerns/service_params.rb +++ b/app/controllers/concerns/service_params.rb @@ -23,6 +23,9 @@ module ServiceParams :comment_detail, :confidential_issues_events, :confluence_url, + :datadog_site, + :datadog_env, + :datadog_service, :default_irc_uri, :device, :disable_diffs, diff --git a/app/controllers/concerns/snippets_actions.rb b/app/controllers/concerns/snippets_actions.rb index 0153ede2821..c93e75b438b 100644 --- a/app/controllers/concerns/snippets_actions.rb +++ b/app/controllers/concerns/snippets_actions.rb @@ -9,11 +9,14 @@ module SnippetsActions include Gitlab::NoteableMetadata include Snippets::SendBlob include SnippetsSort + include RedisTracking included do skip_before_action :verify_authenticity_token, if: -> { action_name == 'show' && js_request? } + track_redis_hll_event :show, name: 'i_snippets_show', feature: :usage_data_i_snippets_show, feature_default_enabled: true + respond_to :html end diff --git a/app/controllers/concerns/sorting_preference.rb b/app/controllers/concerns/sorting_preference.rb index a51b68147d5..8d8845e2f41 100644 --- a/app/controllers/concerns/sorting_preference.rb +++ b/app/controllers/concerns/sorting_preference.rb @@ -4,8 +4,11 @@ module SortingPreference include SortingHelper include CookiesHelper - def set_sort_order - set_sort_order_from_user_preference || set_sort_order_from_cookie || params[:sort] || default_sort_order + def set_sort_order(field = sorting_field, default_order = default_sort_order) + set_sort_order_from_user_preference(field) || + set_sort_order_from_cookie(field) || + params[:sort] || + default_order end # Implement sorting_field method on controllers @@ -29,42 +32,42 @@ module SortingPreference private - def set_sort_order_from_user_preference + def set_sort_order_from_user_preference(field = sorting_field) return unless current_user - return unless sorting_field + return unless field user_preference = current_user.user_preference sort_param = params[:sort] - sort_param ||= user_preference[sorting_field] + sort_param ||= user_preference[field] return sort_param if Gitlab::Database.read_only? - if user_preference[sorting_field] != sort_param - user_preference.update(sorting_field => sort_param) + if user_preference[field] != sort_param + user_preference.update(field => sort_param) end sort_param end - def set_sort_order_from_cookie + def set_sort_order_from_cookie(field = sorting_field) return unless legacy_sort_cookie_name sort_param = params[:sort] if params[:sort].present? # fallback to legacy cookie value for backward compatibility sort_param ||= cookies[legacy_sort_cookie_name] - sort_param ||= cookies[remember_sorting_key] + sort_param ||= cookies[remember_sorting_key(field)] sort_value = update_cookie_value(sort_param) - set_secure_cookie(remember_sorting_key, sort_value) + set_secure_cookie(remember_sorting_key(field), sort_value) sort_value end # Convert sorting_field to legacy cookie name for backwards compatibility # :merge_requests_sort => 'mergerequest_sort' # :issues_sort => 'issue_sort' - def remember_sorting_key - @remember_sorting_key ||= sorting_field + def remember_sorting_key(field = sorting_field) + @remember_sorting_key ||= field .to_s .split('_')[0..-2] .map(&:singularize) diff --git a/app/controllers/concerns/wiki_actions.rb b/app/controllers/concerns/wiki_actions.rb index 6abb2e16226..1ae90edd8f7 100644 --- a/app/controllers/concerns/wiki_actions.rb +++ b/app/controllers/concerns/wiki_actions.rb @@ -8,6 +8,8 @@ module WikiActions include RedisTracking extend ActiveSupport::Concern + RESCUE_GIT_TIMEOUTS_IN = %w[show edit history diff pages].freeze + included do before_action { respond_to :html } @@ -38,6 +40,12 @@ module WikiActions feature: :track_unique_wiki_page_views, feature_default_enabled: true helper_method :view_file_button, :diff_file_html_data + + rescue_from ::Gitlab::Git::CommandTimedOut do |exc| + raise exc unless RESCUE_GIT_TIMEOUTS_IN.include?(action_name) + + render 'shared/wikis/git_error' + end end def new @@ -46,11 +54,7 @@ module WikiActions # rubocop:disable Gitlab/ModuleWithInstanceVariables def pages - @wiki_pages = Kaminari.paginate_array( - wiki.list_pages(sort: params[:sort], direction: params[:direction]) - ).page(params[:page]) - - @wiki_entries = WikiDirectory.group_pages(@wiki_pages) + @wiki_entries = WikiDirectory.group_pages(wiki_pages) render 'shared/wikis/pages' end @@ -182,6 +186,10 @@ module WikiActions end # rubocop:enable Gitlab/ModuleWithInstanceVariables + def git_access + render 'shared/wikis/git_access' + end + private def container @@ -225,9 +233,19 @@ module WikiActions unless @sidebar_page # Fallback to default sidebar @sidebar_wiki_entries, @sidebar_limited = wiki.sidebar_entries end + rescue ::Gitlab::Git::CommandTimedOut => e + @sidebar_error = e end # rubocop:enable Gitlab/ModuleWithInstanceVariables + def wiki_pages + strong_memoize(:wiki_pages) do + Kaminari.paginate_array( + wiki.list_pages(sort: params[:sort], direction: params[:direction]) + ).page(params[:page]) + end + end + def wiki_params params.require(:wiki).permit(:title, :content, :format, :message, :last_commit_sha) end diff --git a/app/controllers/concerns/workhorse_import_export_upload.rb b/app/controllers/concerns/workhorse_authorization.rb index 3c52f4d7adf..a290ba256b6 100644 --- a/app/controllers/concerns/workhorse_import_export_upload.rb +++ b/app/controllers/concerns/workhorse_authorization.rb @@ -1,6 +1,6 @@ # frozen_string_literal: true -module WorkhorseImportExportUpload +module WorkhorseAuthorization extend ActiveSupport::Concern include WorkhorseRequest @@ -12,10 +12,9 @@ module WorkhorseImportExportUpload def authorize set_workhorse_internal_api_content_type - authorized = ImportExportUploader.workhorse_authorize( + authorized = uploader_class.workhorse_authorize( has_length: false, - maximum_size: Gitlab::CurrentSettings.max_import_size.megabytes - ) + maximum_size: maximum_size.to_i) render json: authorized rescue SocketError @@ -27,7 +26,18 @@ module WorkhorseImportExportUpload def file_is_valid?(file) return false unless file.is_a?(::UploadedFile) + file_extension_whitelist.include?(File.extname(file.original_filename).downcase.delete('.')) + end + + def uploader_class + raise NotImplementedError + end + + def maximum_size + raise NotImplementedError + end + + def file_extension_whitelist ImportExportUploader::EXTENSION_WHITELIST - .include?(File.extname(file.original_filename).delete('.')) end end |