From 84a414fe534ebb60c8e7396c245486be521e2a11 Mon Sep 17 00:00:00 2001 From: Eric Maziade Date: Fri, 5 Jun 2015 11:50:37 -0400 Subject: Add session expiration delay configuration through UI application settings --- CHANGELOG | 3 ++- app/controllers/admin/application_settings_controller.rb | 1 + app/models/application_setting.rb | 2 ++ app/views/admin/application_settings/_form.html.haml | 4 ++++ config/initializers/1_settings.rb | 1 + config/initializers/session_store.rb | 2 +- ...0604202921_add_session_expire_seconds_for_application_settings.rb | 5 +++++ db/schema.rb | 3 ++- lib/gitlab/current_settings.rb | 3 ++- spec/models/application_setting_spec.rb | 1 + 10 files changed, 21 insertions(+), 4 deletions(-) create mode 100644 db/migrate/20150604202921_add_session_expire_seconds_for_application_settings.rb diff --git a/CHANGELOG b/CHANGELOG index 1fd938a34cd..77deb92f3be 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 7.12.0 (unreleased) + - Add session expiration delay configuration through UI application settings - Don't notify users mentioned in code blocks or blockquotes. - Disable changing of the source branch in merge request update API (Stan Hu) - Shorten merge request WIP text. @@ -1497,4 +1498,4 @@ v 0.8.0 - stability - security fixes - increased test coverage - - email notification + - email notification \ No newline at end of file diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb index a01e2a907d7..2601867cf03 100644 --- a/app/controllers/admin/application_settings_controller.rb +++ b/app/controllers/admin/application_settings_controller.rb @@ -40,6 +40,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController :home_page_url, :after_sign_out_path, :max_attachment_size, + :session_expire_seconds, :default_project_visibility, :default_snippet_visibility, :restricted_signup_domains_raw, diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index 80463ee8841..ce06e022c3d 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -15,6 +15,7 @@ # twitter_sharing_enabled :boolean default(TRUE) # restricted_visibility_levels :text # max_attachment_size :integer default(10), not null +# session_expire_seconds :integer default(604800), not null # default_project_visibility :integer # default_snippet_visibility :integer # restricted_signup_domains :text @@ -61,6 +62,7 @@ class ApplicationSetting < ActiveRecord::Base sign_in_text: Settings.extra['sign_in_text'], restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'], max_attachment_size: Settings.gitlab['max_attachment_size'], + session_expire_seconds: Settings.gitlab['session_expire_seconds'], default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'], default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'], restricted_signup_domains: Settings.gitlab['restricted_signup_domains'] diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml index 188a08940ab..9de29e50d15 100644 --- a/app/views/admin/application_settings/_form.html.haml +++ b/app/views/admin/application_settings/_form.html.haml @@ -83,6 +83,10 @@ = f.label :max_attachment_size, 'Maximum attachment size (MB)', class: 'control-label col-sm-2' .col-sm-10 = f.number_field :max_attachment_size, class: 'form-control' + .form-group + = f.label :session_expire_seconds, 'Session duration (seconds)', class: 'control-label col-sm-2' + .col-sm-10 + = f.number_field :session_expire_seconds, class: 'form-control' .form-group = f.label :restricted_signup_domains, 'Restricted domains for sign-ups', class: 'control-label col-sm-2' .col-sm-10 diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index c234bd69e9a..9b39dff046e 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -128,6 +128,7 @@ Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e Settings.gitlab['default_projects_features'] ||= {} Settings.gitlab['webhook_timeout'] ||= 10 Settings.gitlab['max_attachment_size'] ||= 10 +Settings.gitlab['session_expire_seconds'] ||= 604800 Settings.gitlab.default_projects_features['issues'] = true if Settings.gitlab.default_projects_features['issues'].nil? Settings.gitlab.default_projects_features['merge_requests'] = true if Settings.gitlab.default_projects_features['merge_requests'].nil? Settings.gitlab.default_projects_features['wiki'] = true if Settings.gitlab.default_projects_features['wiki'].nil? diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index b2d59f1c4b7..1603f7561cd 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -6,6 +6,6 @@ Gitlab::Application.config.session_store( key: '_gitlab_session', secure: Gitlab.config.gitlab.https, httponly: true, - expire_after: 1.week, + expire_after: ActiveRecord::Base.connected? && ActiveRecord::Base.connection.table_exists?('application_settings') ? ApplicationSetting.current.session_expire_seconds : Settings.gitlab['session_expire_seconds'], path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root ) diff --git a/db/migrate/20150604202921_add_session_expire_seconds_for_application_settings.rb b/db/migrate/20150604202921_add_session_expire_seconds_for_application_settings.rb new file mode 100644 index 00000000000..8096efc6865 --- /dev/null +++ b/db/migrate/20150604202921_add_session_expire_seconds_for_application_settings.rb @@ -0,0 +1,5 @@ +class AddSessionExpireSecondsForApplicationSettings < ActiveRecord::Migration + def change + add_column :application_settings, :session_expire_seconds, :integer, default: 604800, null: false + end +end \ No newline at end of file diff --git a/db/schema.rb b/db/schema.rb index aea0742cf3b..d2ad55d7a99 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20150529150354) do +ActiveRecord::Schema.define(version: 20150604202921) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -35,6 +35,7 @@ ActiveRecord::Schema.define(version: 20150529150354) do t.text "restricted_signup_domains" t.boolean "user_oauth_applications", default: true t.string "after_sign_out_path" + t.integer "session_expire_seconds", default: 604800, null: false end create_table "broadcast_messages", force: true do |t| diff --git a/lib/gitlab/current_settings.rb b/lib/gitlab/current_settings.rb index d8f696d247b..56bb0736429 100644 --- a/lib/gitlab/current_settings.rb +++ b/lib/gitlab/current_settings.rb @@ -21,7 +21,8 @@ module Gitlab gravatar_enabled: Settings.gravatar['enabled'], sign_in_text: Settings.extra['sign_in_text'], restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'], - max_attachment_size: Settings.gitlab['max_attachment_size'] + max_attachment_size: Settings.gitlab['max_attachment_size'], + session_expire_seconds: Settings.gitlab['session_expire_seconds'] ) end end diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb index 116c318121d..f4e1c65b633 100644 --- a/spec/models/application_setting_spec.rb +++ b/spec/models/application_setting_spec.rb @@ -15,6 +15,7 @@ # twitter_sharing_enabled :boolean default(TRUE) # restricted_visibility_levels :text # max_attachment_size :integer default(10), not null +# session_expire_seconds :integer default(604800), not null # default_project_visibility :integer # default_snippet_visibility :integer # restricted_signup_domains :text -- cgit v1.2.1 From 1d080f57454fda46eb60700a8693cb968e6d557f Mon Sep 17 00:00:00 2001 From: themaze75 Date: Fri, 5 Jun 2015 17:16:32 +0000 Subject: session_expire_seconds => session_expire_delay delay is in seconds more legible code in session_store Added `GitLab restart required` help block to session_expire_delay --- app/controllers/admin/application_settings_controller.rb | 2 +- app/models/application_setting.rb | 8 ++++++-- app/views/admin/application_settings/_form.html.haml | 5 +++-- config/initializers/1_settings.rb | 2 +- config/initializers/session_store.rb | 8 ++++++-- ...4202921_add_session_expire_seconds_for_application_settings.rb | 5 ----- ...609141121_add_session_expire_delay_for_application_settings.rb | 5 +++++ db/schema.rb | 2 +- lib/gitlab/current_settings.rb | 2 +- spec/models/application_setting_spec.rb | 2 +- 10 files changed, 25 insertions(+), 16 deletions(-) delete mode 100644 db/migrate/20150604202921_add_session_expire_seconds_for_application_settings.rb create mode 100644 db/migrate/20150609141121_add_session_expire_delay_for_application_settings.rb diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb index 2601867cf03..c7c643db401 100644 --- a/app/controllers/admin/application_settings_controller.rb +++ b/app/controllers/admin/application_settings_controller.rb @@ -40,7 +40,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController :home_page_url, :after_sign_out_path, :max_attachment_size, - :session_expire_seconds, + :session_expire_delay, :default_project_visibility, :default_snippet_visibility, :restricted_signup_domains_raw, diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index ce06e022c3d..29f8fac470b 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -15,7 +15,7 @@ # twitter_sharing_enabled :boolean default(TRUE) # restricted_visibility_levels :text # max_attachment_size :integer default(10), not null -# session_expire_seconds :integer default(604800), not null +# session_expire_delay :integer default(10080), not null # default_project_visibility :integer # default_snippet_visibility :integer # restricted_signup_domains :text @@ -27,6 +27,10 @@ class ApplicationSetting < ActiveRecord::Base serialize :restricted_visibility_levels serialize :restricted_signup_domains, Array attr_accessor :restricted_signup_domains_raw + + validates :session_expire_delay, + presence: true, + numericality: { only_integer: true, greater_than_or_equal_to: 0 } validates :home_page_url, allow_blank: true, @@ -62,7 +66,7 @@ class ApplicationSetting < ActiveRecord::Base sign_in_text: Settings.extra['sign_in_text'], restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'], max_attachment_size: Settings.gitlab['max_attachment_size'], - session_expire_seconds: Settings.gitlab['session_expire_seconds'], + session_expire_delay: Settings.gitlab['session_expire_delay'], default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'], default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'], restricted_signup_domains: Settings.gitlab['restricted_signup_domains'] diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml index 9de29e50d15..d5a49fc41f4 100644 --- a/app/views/admin/application_settings/_form.html.haml +++ b/app/views/admin/application_settings/_form.html.haml @@ -84,9 +84,10 @@ .col-sm-10 = f.number_field :max_attachment_size, class: 'form-control' .form-group - = f.label :session_expire_seconds, 'Session duration (seconds)', class: 'control-label col-sm-2' + = f.label :session_expire_delay, 'Session duration (minutes)', class: 'control-label col-sm-2' .col-sm-10 - = f.number_field :session_expire_seconds, class: 'form-control' + = f.number_field :session_expire_delay, class: 'form-control' + %span.help-block#session_expire_delay_help_block GitLab restart is required to apply changes .form-group = f.label :restricted_signup_domains, 'Restricted domains for sign-ups', class: 'control-label col-sm-2' .col-sm-10 diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 9b39dff046e..f050a7ea1a5 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -128,7 +128,7 @@ Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e Settings.gitlab['default_projects_features'] ||= {} Settings.gitlab['webhook_timeout'] ||= 10 Settings.gitlab['max_attachment_size'] ||= 10 -Settings.gitlab['session_expire_seconds'] ||= 604800 +Settings.gitlab['session_expire_delay'] ||= 10080 Settings.gitlab.default_projects_features['issues'] = true if Settings.gitlab.default_projects_features['issues'].nil? Settings.gitlab.default_projects_features['merge_requests'] = true if Settings.gitlab.default_projects_features['merge_requests'].nil? Settings.gitlab.default_projects_features['wiki'] = true if Settings.gitlab.default_projects_features['wiki'].nil? diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 1603f7561cd..43077fb575e 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,11 +1,15 @@ # Be sure to restart your server when you modify this file. +if ActiveRecord::Base.connection.active? && ActiveRecord::Base.connection.table_exists?('application_settings') + Settings.gitlab['session_expire_delay'] = ApplicationSetting.current.session_expire_delay +end + Gitlab::Application.config.session_store( :redis_store, # Using the cookie_store would enable session replay attacks. servers: Gitlab::Application.config.cache_store[1].merge(namespace: 'session:gitlab'), # re-use the Redis config from the Rails cache store key: '_gitlab_session', secure: Gitlab.config.gitlab.https, httponly: true, - expire_after: ActiveRecord::Base.connected? && ActiveRecord::Base.connection.table_exists?('application_settings') ? ApplicationSetting.current.session_expire_seconds : Settings.gitlab['session_expire_seconds'], + expire_after: Settings.gitlab['session_expire_delay'] * 60, path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root -) +) \ No newline at end of file diff --git a/db/migrate/20150604202921_add_session_expire_seconds_for_application_settings.rb b/db/migrate/20150604202921_add_session_expire_seconds_for_application_settings.rb deleted file mode 100644 index 8096efc6865..00000000000 --- a/db/migrate/20150604202921_add_session_expire_seconds_for_application_settings.rb +++ /dev/null @@ -1,5 +0,0 @@ -class AddSessionExpireSecondsForApplicationSettings < ActiveRecord::Migration - def change - add_column :application_settings, :session_expire_seconds, :integer, default: 604800, null: false - end -end \ No newline at end of file diff --git a/db/migrate/20150609141121_add_session_expire_delay_for_application_settings.rb b/db/migrate/20150609141121_add_session_expire_delay_for_application_settings.rb new file mode 100644 index 00000000000..ffa22e6d5ef --- /dev/null +++ b/db/migrate/20150609141121_add_session_expire_delay_for_application_settings.rb @@ -0,0 +1,5 @@ +class AddSessionExpireDelayForApplicationSettings < ActiveRecord::Migration + def change + add_column :application_settings, :session_expire_delay, :integer, default: 10080, null: false + end +end \ No newline at end of file diff --git a/db/schema.rb b/db/schema.rb index d2ad55d7a99..04f887274de 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -35,7 +35,7 @@ ActiveRecord::Schema.define(version: 20150604202921) do t.text "restricted_signup_domains" t.boolean "user_oauth_applications", default: true t.string "after_sign_out_path" - t.integer "session_expire_seconds", default: 604800, null: false + t.integer "session_expire_delay", default: 10080, null: false end create_table "broadcast_messages", force: true do |t| diff --git a/lib/gitlab/current_settings.rb b/lib/gitlab/current_settings.rb index 56bb0736429..931d51c55d3 100644 --- a/lib/gitlab/current_settings.rb +++ b/lib/gitlab/current_settings.rb @@ -22,7 +22,7 @@ module Gitlab sign_in_text: Settings.extra['sign_in_text'], restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'], max_attachment_size: Settings.gitlab['max_attachment_size'], - session_expire_seconds: Settings.gitlab['session_expire_seconds'] + session_expire_delay: Settings.gitlab['session_expire_delay'] ) end end diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb index f4e1c65b633..d648f4078be 100644 --- a/spec/models/application_setting_spec.rb +++ b/spec/models/application_setting_spec.rb @@ -15,7 +15,7 @@ # twitter_sharing_enabled :boolean default(TRUE) # restricted_visibility_levels :text # max_attachment_size :integer default(10), not null -# session_expire_seconds :integer default(604800), not null +# session_expire_delay :integer default(10080), not null # default_project_visibility :integer # default_snippet_visibility :integer # restricted_signup_domains :text -- cgit v1.2.1