From d5978d09219b654d8c43e6904d6f340643a8b3b9 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Thu, 25 Jul 2019 11:47:08 +0200 Subject: App settings: Allow all import sources from API --- lib/api/settings.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/api/settings.rb b/lib/api/settings.rb index dd27ebab83d..d4bf3f3ac95 100644 --- a/lib/api/settings.rb +++ b/lib/api/settings.rb @@ -74,7 +74,7 @@ module API requires :housekeeping_incremental_repack_period, type: Integer, desc: "Number of Git pushes after which an incremental 'git repack' is run." end optional :html_emails_enabled, type: Boolean, desc: 'By default GitLab sends emails in HTML and plain text formats so mail clients can choose what format to use. Disable this option if you only want to send emails in plain text format.' - optional :import_sources, type: Array[String], values: %w[github bitbucket gitlab google_code fogbugz git gitlab_project manifest], + optional :import_sources, type: Array[String], values: %w[github bitbucket bitbucket_server gitlab google_code fogbugz git gitlab_project gitea manifest phabricator], desc: 'Enabled sources for code import during project creation. OmniAuth must be configured for GitHub, Bitbucket, and GitLab.com' optional :max_artifacts_size, type: Integer, desc: "Set the maximum file size for each job's artifacts" optional :max_attachment_size, type: Integer, desc: 'Maximum attachment size in MB' -- cgit v1.2.1 From ea14d17da4d3625eaf6a70a3b38660e5753c5f77 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Thu, 25 Jul 2019 15:09:04 +0200 Subject: Show domain_blacklist and domain_whitelist in the settings API --- app/controllers/admin/application_settings_controller.rb | 2 ++ app/helpers/application_settings_helper.rb | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb index 99411641874..53ceffd6bea 100644 --- a/app/controllers/admin/application_settings_controller.rb +++ b/app/controllers/admin/application_settings_controller.rb @@ -86,6 +86,8 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController params[:application_setting][:import_sources]&.delete("") params[:application_setting][:restricted_visibility_levels]&.delete("") params.delete(:domain_blacklist_raw) if params[:domain_blacklist_file] + params.delete(:domain_blacklist_raw) if params[:domain_blacklist] + params.delete(:domain_whitelist_raw) if params[:domain_whitelist] params.require(:application_setting).permit( visible_application_setting_attributes diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb index 84021d0da56..76ce08458e8 100644 --- a/app/helpers/application_settings_helper.rb +++ b/app/helpers/application_settings_helper.rb @@ -180,9 +180,11 @@ module ApplicationSettingsHelper :default_projects_limit, :default_snippet_visibility, :disabled_oauth_sign_in_sources, + :domain_blacklist, :domain_blacklist_enabled, - :domain_blacklist_raw, - :domain_whitelist_raw, + :domain_blacklist_raw, # TODO: remove in API v5 + :domain_whitelist, + :domain_whitelist_raw, # TODO: remove in API v5 :outbound_local_requests_whitelist_raw, :dsa_key_restriction, :ecdsa_key_restriction, -- cgit v1.2.1 From 85776fa3ffba6f641cf981cb0107f0e4ba882f3e Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Thu, 25 Jul 2019 15:10:30 +0200 Subject: Settings API: domain_{black,white}list should be arrays As in documentation. Fixes: #58180. Also remove the requirement between domain_blacklist_enabled and domain_blacklist. --- .../admin/application_settings_controller.rb | 1 + app/helpers/application_settings_helper.rb | 6 ++-- doc/api/settings.md | 2 +- lib/api/settings.rb | 6 ++-- spec/requests/api/settings_spec.rb | 38 ++++++++++++++++++++++ 5 files changed, 46 insertions(+), 7 deletions(-) diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb index 53ceffd6bea..f2f72bea5b4 100644 --- a/app/controllers/admin/application_settings_controller.rb +++ b/app/controllers/admin/application_settings_controller.rb @@ -85,6 +85,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController params[:application_setting][:import_sources]&.delete("") params[:application_setting][:restricted_visibility_levels]&.delete("") + # TODO Remove domain_blacklist_raw in APIv5 (See https://gitlab.com/gitlab-org/gitlab-ce/issues/67204) params.delete(:domain_blacklist_raw) if params[:domain_blacklist_file] params.delete(:domain_blacklist_raw) if params[:domain_blacklist] params.delete(:domain_whitelist_raw) if params[:domain_whitelist] diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb index 76ce08458e8..b1a6e988a1d 100644 --- a/app/helpers/application_settings_helper.rb +++ b/app/helpers/application_settings_helper.rb @@ -182,9 +182,11 @@ module ApplicationSettingsHelper :disabled_oauth_sign_in_sources, :domain_blacklist, :domain_blacklist_enabled, - :domain_blacklist_raw, # TODO: remove in API v5 + # TODO Remove domain_blacklist_raw in APIv5 (See https://gitlab.com/gitlab-org/gitlab-ce/issues/67204) + :domain_blacklist_raw, :domain_whitelist, - :domain_whitelist_raw, # TODO: remove in API v5 + # TODO Remove domain_whitelist_raw in APIv5 (See https://gitlab.com/gitlab-org/gitlab-ce/issues/67204) + :domain_whitelist_raw, :outbound_local_requests_whitelist_raw, :dsa_key_restriction, :ecdsa_key_restriction, diff --git a/doc/api/settings.md b/doc/api/settings.md index a14b0d3632a..4ad4ebdacb6 100644 --- a/doc/api/settings.md +++ b/doc/api/settings.md @@ -210,7 +210,7 @@ are listed in the descriptions of the relevant settings. | `diff_max_patch_bytes` | integer | no | Maximum diff patch size (Bytes). | | `disabled_oauth_sign_in_sources` | array of strings | no | Disabled OAuth sign-in sources. | | `dns_rebinding_protection_enabled` | boolean | no | Enforce DNS rebinding attack protection. | -| `domain_blacklist` | array of strings | required by: `domain_blacklist_enabled` | Users with e-mail addresses that match these domain(s) will NOT be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: `domain.com`, `*.domain.com`. | +| `domain_blacklist` | array of strings | no | Users with e-mail addresses that match these domain(s) will NOT be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: `domain.com`, `*.domain.com`. | | `domain_blacklist_enabled` | boolean | no | (**If enabled, requires:** `domain_blacklist`) Allows blocking sign-ups from emails from specific domains. | | `domain_whitelist` | array of strings | no | Force people to use only corporate emails for sign-up. Default is `null`, meaning there is no restriction. | | `dsa_key_restriction` | integer | no | The minimum allowed bit length of an uploaded DSA key. Default is `0` (no restriction). `-1` disables DSA keys. | diff --git a/lib/api/settings.rb b/lib/api/settings.rb index d4bf3f3ac95..acf03051a5b 100644 --- a/lib/api/settings.rb +++ b/lib/api/settings.rb @@ -50,10 +50,8 @@ module API optional :default_snippet_visibility, type: String, values: Gitlab::VisibilityLevel.string_values, desc: 'The default snippet visibility' optional :disabled_oauth_sign_in_sources, type: Array[String], desc: 'Disable certain OAuth sign-in sources' optional :domain_blacklist_enabled, type: Boolean, desc: 'Enable domain blacklist for sign ups' - given domain_blacklist_enabled: ->(val) { val } do - requires :domain_blacklist, type: String, desc: 'Users with e-mail addresses that match these domain(s) will NOT be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com' - end - optional :domain_whitelist, type: String, desc: 'ONLY users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com' + optional :domain_blacklist, type: Array[String], coerce_with: Validations::Types::CommaSeparatedToArray.coerce, desc: 'Users with e-mail addresses that match these domain(s) will NOT be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com' + optional :domain_whitelist, type: Array[String], coerce_with: Validations::Types::CommaSeparatedToArray.coerce, desc: 'ONLY users with e-mail addresses that match these domain(s) will be able to sign-up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com' optional :email_author_in_body, type: Boolean, desc: 'Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.' optional :enabled_git_access_protocol, type: String, values: %w[ssh http nil], desc: 'Allow only the selected protocols to be used for Git access.' optional :gitaly_timeout_default, type: Integer, desc: 'Default Gitaly timeout, in seconds. Set to 0 to disable timeouts.' diff --git a/spec/requests/api/settings_spec.rb b/spec/requests/api/settings_spec.rb index 048d04cdefd..d98b9be726a 100644 --- a/spec/requests/api/settings_spec.rb +++ b/spec/requests/api/settings_spec.rb @@ -252,5 +252,43 @@ describe API::Settings, 'Settings' do expect(json_response['asset_proxy_whitelist']).to eq(['example.com', '*.example.com', 'localhost']) end end + + context 'domain_blacklist settings' do + it 'rejects domain_blacklist_enabled when domain_blacklist is empty' do + put api('/application/settings', admin), + params: { + domain_blacklist_enabled: true, + domain_blacklist: [] + } + + expect(response).to have_gitlab_http_status(400) + message = json_response["message"] + expect(message["domain_blacklist"]).to eq(["Domain blacklist cannot be empty if Blacklist is enabled."]) + end + + it 'allows array for domain_blacklist' do + put api('/application/settings', admin), + params: { + domain_blacklist_enabled: true, + domain_blacklist: ['domain1.com', 'domain2.com'] + } + + expect(response).to have_gitlab_http_status(200) + expect(json_response['domain_blacklist_enabled']).to be(true) + expect(json_response['domain_blacklist']).to eq(['domain1.com', 'domain2.com']) + end + + it 'allows a string for domain_blacklist' do + put api('/application/settings', admin), + params: { + domain_blacklist_enabled: true, + domain_blacklist: 'domain3.com, *.domain4.com' + } + + expect(response).to have_gitlab_http_status(200) + expect(json_response['domain_blacklist_enabled']).to be(true) + expect(json_response['domain_blacklist']).to eq(['domain3.com', '*.domain4.com']) + end + end end end -- cgit v1.2.1 From 6b7456017ded3c12751e27fa3839157f0064a0f7 Mon Sep 17 00:00:00 2001 From: Mathieu Parent Date: Thu, 25 Jul 2019 16:17:18 +0200 Subject: Changelog for "Improve application settings API" !31149 --- changelogs/unreleased/api_settings.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changelogs/unreleased/api_settings.yml diff --git a/changelogs/unreleased/api_settings.yml b/changelogs/unreleased/api_settings.yml new file mode 100644 index 00000000000..58830a5ab97 --- /dev/null +++ b/changelogs/unreleased/api_settings.yml @@ -0,0 +1,5 @@ +--- +title: Improve application settings API +merge_request: 31149 +author: Mathieu Parent +type: fixed -- cgit v1.2.1