summaryrefslogtreecommitdiff
path: root/db/migrate/20200728182311_add_o_auth_paths_to_protected_paths.rb
diff options
context:
space:
mode:
Diffstat (limited to 'db/migrate/20200728182311_add_o_auth_paths_to_protected_paths.rb')
-rw-r--r--db/migrate/20200728182311_add_o_auth_paths_to_protected_paths.rb62
1 files changed, 62 insertions, 0 deletions
diff --git a/db/migrate/20200728182311_add_o_auth_paths_to_protected_paths.rb b/db/migrate/20200728182311_add_o_auth_paths_to_protected_paths.rb
new file mode 100644
index 00000000000..7a5af0135fa
--- /dev/null
+++ b/db/migrate/20200728182311_add_o_auth_paths_to_protected_paths.rb
@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+class AddOAuthPathsToProtectedPaths < ActiveRecord::Migration[6.0]
+ include Gitlab::Database::MigrationHelpers
+
+ DOWNTIME = false
+
+ ADD_PROTECTED_PATHS = [
+ '/oauth/authorize',
+ '/oauth/token'
+ ].freeze
+
+ EXISTING_DEFAULT_PROTECTED_PATHS = [
+ '/users/password',
+ '/users/sign_in',
+ '/api/v3/session.json',
+ '/api/v3/session',
+ '/api/v4/session.json',
+ '/api/v4/session',
+ '/users',
+ '/users/confirmation',
+ '/unsubscribes/',
+ '/import/github/personal_access_token',
+ '/admin/session'
+ ].freeze
+
+ NEW_DEFAULT_PROTECTED_PATHS = (EXISTING_DEFAULT_PROTECTED_PATHS + ADD_PROTECTED_PATHS).freeze
+
+ class ApplicationSetting < ActiveRecord::Base
+ self.table_name = 'application_settings'
+ end
+
+ def up
+ change_column_default :application_settings, :protected_paths, NEW_DEFAULT_PROTECTED_PATHS
+
+ ApplicationSetting.reset_column_information
+
+ ApplicationSetting.where.not(protected_paths: nil).each do |application_setting|
+ missing_paths = ADD_PROTECTED_PATHS - application_setting.protected_paths
+
+ next if missing_paths.empty?
+
+ updated_protected_paths = application_setting.protected_paths + missing_paths
+ application_setting.update!(protected_paths: updated_protected_paths)
+ end
+ end
+
+ def down
+ change_column_default :application_settings, :protected_paths, EXISTING_DEFAULT_PROTECTED_PATHS
+
+ ApplicationSetting.reset_column_information
+
+ ApplicationSetting.where.not(protected_paths: nil).each do |application_setting|
+ paths_to_remove = application_setting.protected_paths - EXISTING_DEFAULT_PROTECTED_PATHS
+
+ next if paths_to_remove.empty?
+
+ updated_protected_paths = application_setting.protected_paths - paths_to_remove
+ application_setting.update!(protected_paths: updated_protected_paths)
+ end
+ end
+end
View Lorry Controller Status