diff options
Diffstat (limited to 'app/controllers/concerns')
20 files changed, 84 insertions, 42 deletions
diff --git a/app/controllers/concerns/access_tokens_actions.rb b/app/controllers/concerns/access_tokens_actions.rb index fdb08c6572f..6a84c436aae 100644 --- a/app/controllers/concerns/access_tokens_actions.rb +++ b/app/controllers/concerns/access_tokens_actions.rb @@ -43,9 +43,9 @@ module AccessTokensActions revoked_response = ResourceAccessTokens::RevokeService.new(current_user, resource, @resource_access_token).execute if revoked_response.success? - flash[:notice] = _("Revoked access token %{access_token_name}!") % { access_token_name: @resource_access_token.name } + flash[:notice] = format(_("Revoked access token %{access_token_name}!"), access_token_name: @resource_access_token.name) else - flash[:alert] = _("Could not revoke access token %{access_token_name}.") % { access_token_name: @resource_access_token.name } + flash[:alert] = format(_("Could not revoke access token %{access_token_name}."), access_token_name: @resource_access_token.name) end redirect_to resource_access_tokens_path diff --git a/app/controllers/concerns/check_rate_limit.rb b/app/controllers/concerns/check_rate_limit.rb index 0eaf74fd3a9..fc3be3ad009 100644 --- a/app/controllers/concerns/check_rate_limit.rb +++ b/app/controllers/concerns/check_rate_limit.rb @@ -8,10 +8,7 @@ # See lib/api/helpers/rate_limiter.rb for API version module CheckRateLimit def check_rate_limit!(key, scope:, redirect_back: false, **options) - return if bypass_header_set? - return unless rate_limiter.throttled?(key, scope: scope, **options) - - rate_limiter.log_request(request, "#{key}_request_limit".to_sym, current_user) + return unless Gitlab::ApplicationRateLimiter.throttled_request?(request, current_user, key, scope: scope, **options) return yield if block_given? @@ -23,14 +20,4 @@ module CheckRateLimit render plain: message, status: :too_many_requests end end - - private - - def rate_limiter - ::Gitlab::ApplicationRateLimiter - end - - def bypass_header_set? - ::Gitlab::Throttle.bypass_header.present? && request.get_header(Gitlab::Throttle.bypass_header) == '1' - end end diff --git a/app/controllers/concerns/confirm_email_warning.rb b/app/controllers/concerns/confirm_email_warning.rb index 32e1a46e580..ec5140bf223 100644 --- a/app/controllers/concerns/confirm_email_warning.rb +++ b/app/controllers/concerns/confirm_email_warning.rb @@ -19,10 +19,17 @@ module ConfirmEmailWarning email = current_user.unconfirmed_email || current_user.email - flash.now[:warning] = _("Please check your email (%{email}) to verify that you own this address and unlock the power of CI/CD. Didn't receive it? %{resend_link}. Wrong email address? %{update_link}.").html_safe % { + flash.now[:warning] = format( + confirm_warning_message, email: email, resend_link: view_context.link_to(_('Resend it'), user_confirmation_path(user: { email: email }), method: :post), update_link: view_context.link_to(_('Update it'), profile_path) - } + ).html_safe + end + + private + + def confirm_warning_message + _("Please check your email (%{email}) to verify that you own this address and unlock the power of CI/CD. Didn't receive it? %{resend_link}. Wrong email address? %{update_link}.") end end diff --git a/app/controllers/concerns/content_security_policy_patch.rb b/app/controllers/concerns/content_security_policy_patch.rb new file mode 100644 index 00000000000..a4dc232ee42 --- /dev/null +++ b/app/controllers/concerns/content_security_policy_patch.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +## +# `content_security_policy_with_context` makes the caller's context available to the invoked block, +# as this is currently not accessible from `content_security_policy` +# +# This patch is available in content_security_policy starting with Rails 7.2. +# Refs: https://github.com/rails/rails/pull/45115. +module ContentSecurityPolicyPatch + def content_security_policy_with_context(enabled = true, **options, &block) + if Rails.gem_version >= Gem::Version.new("7.2") + ActiveSupport::Deprecation.warn( + "content_security_policy_with_context should only be used with Rails < 7.2. + Use content_security_policy instead.") + end + + before_action(options) do + if block + policy = current_content_security_policy + instance_exec(policy, &block) + request.content_security_policy = policy + end + + request.content_security_policy = nil unless enabled + end + end +end diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb index c8de041d5bd..cdef1a45a27 100644 --- a/app/controllers/concerns/enforces_two_factor_authentication.rb +++ b/app/controllers/concerns/enforces_two_factor_authentication.rb @@ -25,8 +25,9 @@ module EnforcesTwoFactorAuthentication case self when GraphqlController render_error( - _("Authentication error: enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}") % - { mfa_help_page: mfa_help_page_url }, + format( + _("Authentication error: enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}"), + mfa_help_page: mfa_help_page_url), status: :unauthorized ) else diff --git a/app/controllers/concerns/gitlab_recaptcha.rb b/app/controllers/concerns/gitlab_recaptcha.rb index cedadba5fc7..7b2382eee4c 100644 --- a/app/controllers/concerns/gitlab_recaptcha.rb +++ b/app/controllers/concerns/gitlab_recaptcha.rb @@ -2,7 +2,7 @@ module GitlabRecaptcha extend ActiveSupport::Concern - include Recaptcha::Verify + include Recaptcha::Adapters::ControllerMethods include RecaptchaHelper def load_recaptcha diff --git a/app/controllers/concerns/integrations/actions.rb b/app/controllers/concerns/integrations/actions.rb index e0a12555e11..7bebafae0fd 100644 --- a/app/controllers/concerns/integrations/actions.rb +++ b/app/controllers/concerns/integrations/actions.rb @@ -57,9 +57,9 @@ module Integrations::Actions def success_message if integration.active? - s_('Integrations|%{integration} settings saved and active.') % { integration: integration.title } + format(s_('Integrations|%{integration} settings saved and active.'), integration: integration.title) else - s_('Integrations|%{integration} settings saved, but not active.') % { integration: integration.title } + format(s_('Integrations|%{integration} settings saved, but not active.'), integration: integration.title) end end diff --git a/app/controllers/concerns/integrations/params.rb b/app/controllers/concerns/integrations/params.rb index 74d998503b7..4d181ded071 100644 --- a/app/controllers/concerns/integrations/params.rb +++ b/app/controllers/concerns/integrations/params.rb @@ -5,6 +5,9 @@ module Integrations extend ActiveSupport::Concern ALLOWED_PARAMS_CE = [ + :app_store_issuer_id, + :app_store_key_id, + :app_store_private_key, :active, :alert_events, :api_key, @@ -38,6 +41,7 @@ module Integrations :external_wiki_url, :google_iap_service_account_json, :google_iap_audience_client_id, + :incident_events, :inherit_from_id, # We're using `issues_events` and `merge_requests_events` # in the view so we still need to explicitly state them diff --git a/app/controllers/concerns/issuable_collections.rb b/app/controllers/concerns/issuable_collections.rb index 7b0d8cf8dcb..5060ce69d9c 100644 --- a/app/controllers/concerns/issuable_collections.rb +++ b/app/controllers/concerns/issuable_collections.rb @@ -3,6 +3,7 @@ module IssuableCollections extend ActiveSupport::Concern include PaginatedCollection + include SearchRateLimitable include SortingHelper include SortingPreference include Gitlab::Utils::StrongMemoize diff --git a/app/controllers/concerns/issuable_collections_action.rb b/app/controllers/concerns/issuable_collections_action.rb index 7beb86b51fd..b8249345a54 100644 --- a/app/controllers/concerns/issuable_collections_action.rb +++ b/app/controllers/concerns/issuable_collections_action.rb @@ -5,6 +5,12 @@ module IssuableCollectionsAction include IssuableCollections include IssuesCalendar + included do + before_action :check_search_rate_limit!, only: [:issues, :merge_requests], if: -> { + params[:search].present? && Feature.enabled?(:rate_limit_issuable_searches) + } + end + # rubocop:disable Gitlab/ModuleWithInstanceVariables def issues show_alert_if_search_is_disabled diff --git a/app/controllers/concerns/lfs_request.rb b/app/controllers/concerns/lfs_request.rb index 1653b40bad5..1c4521e2353 100644 --- a/app/controllers/concerns/lfs_request.rb +++ b/app/controllers/concerns/lfs_request.rb @@ -80,7 +80,7 @@ module LfsRequest def lfs_download_access? ci? || lfs_deploy_token? || user_can_download_code? || build_can_download_code? || deploy_token_can_download_code? end - strong_memoize_attr :lfs_download_access?, :lfs_download_access + strong_memoize_attr :lfs_download_access? def deploy_token_can_download_code? deploy_token.present? && @@ -92,10 +92,12 @@ module LfsRequest return false unless has_authentication_ability?(:push_code) return false if limit_exceeded? - lfs_deploy_token? || can?(user, :push_code, -project) || can?(deploy_token, :push_code, project) || any_branch_allows_collaboration? + lfs_deploy_token? || + can?(user, :push_code, project) || + can?(deploy_token, :push_code, project) || + any_branch_allows_collaboration? end - strong_memoize_attr :lfs_upload_access?, :lfs_upload_access + strong_memoize_attr :lfs_upload_access? def any_branch_allows_collaboration? project.merge_requests_allowing_push_to_user(user).any? diff --git a/app/controllers/concerns/membership_actions.rb b/app/controllers/concerns/membership_actions.rb index 28d0af7a118..7c6e449b509 100644 --- a/app/controllers/concerns/membership_actions.rb +++ b/app/controllers/concerns/membership_actions.rb @@ -11,7 +11,7 @@ module MembershipActions .new(current_user, update_params) .execute(member) - member = result[:member] + member = result[:members].first member_data = if member.expires? { @@ -66,8 +66,7 @@ module MembershipActions notice: _('Your request for access has been queued for review.') else redirect_to polymorphic_path(membershipable), - alert: _("Your request for access could not be processed: %{error_message}") % - { error_message: access_requester.errors.full_messages.to_sentence } + alert: format(_("Your request for access could not be processed: %{error_message}"), error_message: access_requester.errors.full_messages.to_sentence) end end @@ -87,9 +86,9 @@ module MembershipActions notice = if member.request? - _("Your access request to the %{source_type} has been withdrawn.") % { source_type: source_type } + format(_("Your access request to the %{source_type} has been withdrawn."), source_type: source_type) else - _("You left the \"%{membershipable_human_name}\" %{source_type}.") % { membershipable_human_name: membershipable.human_name, source_type: source_type } + format(_("You left the \"%{membershipable_human_name}\" %{source_type}."), membershipable_human_name: membershipable.human_name, source_type: source_type) end respond_to do |format| diff --git a/app/controllers/concerns/notes_actions.rb b/app/controllers/concerns/notes_actions.rb index a41e2d840ac..512dbf0de5d 100644 --- a/app/controllers/concerns/notes_actions.rb +++ b/app/controllers/concerns/notes_actions.rb @@ -100,7 +100,7 @@ module NotesActions def gather_all_notes now = Time.current - notes = merge_resource_events(notes_finder.execute.inc_relations_for_view) + notes = merge_resource_events(notes_finder.execute.inc_relations_for_view(noteable)) [notes, { last_fetched_at: (now.to_i * MICROSECOND) + now.usec }] end diff --git a/app/controllers/concerns/observability/content_security_policy.rb b/app/controllers/concerns/observability/content_security_policy.rb index eccd1e1e3ef..3865e3b606d 100644 --- a/app/controllers/concerns/observability/content_security_policy.rb +++ b/app/controllers/concerns/observability/content_security_policy.rb @@ -5,8 +5,14 @@ module Observability extend ActiveSupport::Concern included do - content_security_policy do |p| - next if p.directives.blank? || Gitlab::Observability.observability_url.blank? + content_security_policy_with_context do |p| + current_group = if defined?(group) + group + else + defined?(project) ? project&.group : nil + end + + next if p.directives.blank? || !Gitlab::Observability.observability_enabled?(current_user, current_group) default_frame_src = p.directives['frame-src'] || p.directives['default-src'] diff --git a/app/controllers/concerns/redirects_for_missing_path_on_tree.rb b/app/controllers/concerns/redirects_for_missing_path_on_tree.rb index 085afbf3975..92574dfade9 100644 --- a/app/controllers/concerns/redirects_for_missing_path_on_tree.rb +++ b/app/controllers/concerns/redirects_for_missing_path_on_tree.rb @@ -8,7 +8,7 @@ module RedirectsForMissingPathOnTree private def missing_path_on_ref(path, ref) - _('"%{path}" did not exist on "%{ref}"') % { path: truncate_path(path), ref: ref } + format(_('"%{path}" did not exist on "%{ref}"'), path: truncate_path(path), ref: ref) end def truncate_path(path) diff --git a/app/controllers/concerns/renders_blob.rb b/app/controllers/concerns/renders_blob.rb index a15bf27a22f..c3ccd9edd87 100644 --- a/app/controllers/concerns/renders_blob.rb +++ b/app/controllers/concerns/renders_blob.rb @@ -35,6 +35,6 @@ module RendersBlob def conditionally_expand_blobs(blobs) return unless params[:expanded] == 'true' - blobs.each { |blob| blob.expand! } + blobs.each(&:expand!) end end diff --git a/app/controllers/concerns/spammable_actions/akismet_mark_as_spam_action.rb b/app/controllers/concerns/spammable_actions/akismet_mark_as_spam_action.rb index 044519004b2..6ba079ee658 100644 --- a/app/controllers/concerns/spammable_actions/akismet_mark_as_spam_action.rb +++ b/app/controllers/concerns/spammable_actions/akismet_mark_as_spam_action.rb @@ -9,7 +9,7 @@ module SpammableActions::AkismetMarkAsSpamAction def mark_as_spam if Spam::AkismetMarkAsSpamService.new(target: spammable).execute - redirect_to spammable_path, notice: _("%{spammable_titlecase} was submitted to Akismet successfully.") % { spammable_titlecase: spammable.spammable_entity_type.titlecase } + redirect_to spammable_path, notice: format(_("%{spammable_titlecase} was submitted to Akismet successfully."), spammable_titlecase: spammable.spammable_entity_type.titlecase) else redirect_to spammable_path, alert: _('Error with Akismet. Please check the logs for more info.') end diff --git a/app/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support.rb b/app/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support.rb index 707c1e6c84f..23db6a4b368 100644 --- a/app/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support.rb +++ b/app/controllers/concerns/spammable_actions/captcha_check/html_format_actions_support.rb @@ -24,7 +24,7 @@ module SpammableActions::CaptchaCheck::HtmlFormatActionsSupport # Convert spam/CAPTCHA values from form field params to headers, because all spam-related services # expect these values to be passed as headers. # - # The 'g-recaptcha-response' field name comes from `Recaptcha::ClientHelper#recaptcha_tags` in the + # The 'g-recaptcha-response' field name comes from `Recaptcha::Adapters::ViewMethods#recaptcha_tags` in the # recaptcha gem. This is a field which is automatically included by calling the # `#recaptcha_tags` method within a HAML template's form. def convert_html_spam_params_to_headers diff --git a/app/controllers/concerns/uploads_actions.rb b/app/controllers/concerns/uploads_actions.rb index 0ba13896631..308da018a42 100644 --- a/app/controllers/concerns/uploads_actions.rb +++ b/app/controllers/concerns/uploads_actions.rb @@ -5,7 +5,7 @@ module UploadsActions include Gitlab::Utils::StrongMemoize include SendFileUpload - UPLOAD_MOUNTS = %w[avatar attachment file logo header_logo favicon].freeze + UPLOAD_MOUNTS = %w[avatar attachment file logo pwa_icon header_logo favicon].freeze included do prepend_before_action :set_request_format_from_path_extension diff --git a/app/controllers/concerns/verifies_with_email.rb b/app/controllers/concerns/verifies_with_email.rb index 3cada24a81a..82388090350 100644 --- a/app/controllers/concerns/verifies_with_email.rb +++ b/app/controllers/concerns/verifies_with_email.rb @@ -105,8 +105,10 @@ module VerifiesWithEmail end def render_sign_in_rate_limited - message = s_('IdentityVerification|Maximum login attempts exceeded. '\ - 'Wait %{interval} and try again.') % { interval: user_sign_in_interval } + message = format( + s_('IdentityVerification|Maximum login attempts exceeded. Wait %{interval} and try again.'), + interval: user_sign_in_interval + ) redirect_to new_user_session_path, alert: message end |