summaryrefslogtreecommitdiff
path: root/app/helpers/sessions_helper.rb
blob: 129180d1ccfc54e0a959c4afa2974dbde439cb96 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# frozen_string_literal: true

module SessionsHelper
  include Gitlab::Utils::StrongMemoize

  def recently_confirmed_com?
    strong_memoize(:recently_confirmed_com) do
      ::Gitlab.com? &&
        !!flash[:notice]&.include?(t(:confirmed, scope: [:devise, :confirmations]))
    end
  end

  def unconfirmed_email?
    flash[:alert] == t(:unconfirmed, scope: [:devise, :failure])
  end

  # By default, all sessions are given the same expiration time configured in
  # the session store (e.g. 1 week). However, unauthenticated users can
  # generate a lot of sessions, primarily for CSRF verification. It makes
  # sense to reduce the TTL for unauthenticated to something much lower than
  # the default (e.g. 1 hour) to limit Redis memory. In addition, Rails
  # creates a new session after login, so the short TTL doesn't even need to
  # be extended.
  def limit_session_time
    set_session_time(Settings.gitlab['unauthenticated_session_expire_delay'])
  end

  def ensure_authenticated_session_time
    set_session_time(nil)
  end

  def set_session_time(expiry_s)
    # Rack sets this header, but not all tests may have it: https://github.com/rack/rack/blob/fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77/lib/rack/session/abstract/id.rb#L251-L259
    return unless request.env['rack.session.options']

    # This works because Rack uses these options every time a request is handled, and redis-store
    # uses the Rack setting first:
    # 1. https://github.com/rack/rack/blob/fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77/lib/rack/session/abstract/id.rb#L342
    # 2. https://github.com/redis-store/redis-store/blob/3acfa95f4eb6260c714fdb00a3d84be8eedc13b2/lib/redis/store/ttl.rb#L32
    request.env['rack.session.options'][:expire_after] = expiry_s
  end

  def send_rate_limited?(user)
    Gitlab::ApplicationRateLimiter.peek(:email_verification_code_send, scope: user)
  end

  def obfuscated_email(email)
    regex = ::Gitlab::UntrustedRegexp.new('^(..?)(.*)(@.?)(.*)(\..*)$')
    match = regex.match(email)
    return email unless match

    match[1] + '*' * match[2].length + match[3] + '*' * match[4].length + match[5]
  end
end