Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2019-09-26 15:06:00 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2019-09-26 15:06:00 +0300
commit: 5707f305f4b961e24369fcdaecf0b8ce1c34bad8 (patch)
tree: 3b291653b83b3e6c2bffc77c54527fbe6f6373be /app/controllers
parent: 759cd6c2985088d187ed519f2a881c2c690b34ec (diff)
5 files changed, 60 insertions, 4 deletions
diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb
new file mode 100644
index 00000000000..1f946e41995
--- /dev/null
+++ b/app/controllers/admin/sessions_controller.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class Admin::SessionsController < ApplicationController
+  include InternalRedirect
+
+  before_action :user_is_admin!
+
+  def new
+    # Renders a form in which the admin can enter their password
+  end
+
+  def create
+    if current_user_mode.enable_admin_mode!(password: params[:password])
+      redirect_location = stored_location_for(:redirect) || admin_root_path
+      redirect_to safe_redirect_path(redirect_location)
+    else
+      flash.now[:alert] = _('Invalid Login or password')
+      render :new
+    end
+  end
+
+  def destroy
+    current_user_mode.disable_admin_mode!
+
+    redirect_to root_path, status: :found, notice: _('Admin mode disabled')
+  end
+
+  private
+
+  def user_is_admin!
+    render_404 unless current_user&.admin?
+  end
+end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 9a7859fc687..0d0384ba52f 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -36,6 +36,7 @@ class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception, prepend: true
 
   helper_method :can?
+  helper_method :current_user_mode
   helper_method :import_sources_enabled?, :github_import_enabled?,
     :gitea_import_enabled?, :github_import_configured?,
     :gitlab_import_enabled?, :gitlab_import_configured?,
@@ -533,6 +534,10 @@ class ApplicationController < ActionController::Base
       yield
     end
   end
+
+  def current_user_mode
+    @current_user_mode ||= Gitlab::Auth::CurrentUserMode.new(current_user)
+  end
 end
 
 ApplicationController.prepend_if_ee('EE::ApplicationController')
diff --git a/app/controllers/concerns/enforces_admin_authentication.rb b/app/controllers/concerns/enforces_admin_authentication.rb
index 3ef92730df6..e731211f423 100644
--- a/app/controllers/concerns/enforces_admin_authentication.rb
+++ b/app/controllers/concerns/enforces_admin_authentication.rb
@@ -14,6 +14,16 @@ module EnforcesAdminAuthentication
   end
 
   def authenticate_admin!
-    render_404 unless current_user.admin?
+    return render_404 unless current_user.admin?
+    return unless Feature.enabled?(:user_mode_in_session)
+
+    unless current_user_mode.admin_mode?
+      store_location_for(:redirect, request.fullpath) if storable_location?
+      redirect_to(new_admin_session_path, notice: _('Re-authentication required'))
+    end
+  end
+
+  def storable_location?
+    request.path != new_admin_session_path
   end
 end
diff --git a/app/controllers/concerns/sessionless_authentication.rb b/app/controllers/concerns/sessionless_authentication.rb
index ba06384a37a..f644923443b 100644
--- a/app/controllers/concerns/sessionless_authentication.rb
+++ b/app/controllers/concerns/sessionless_authentication.rb
@@ -5,6 +5,12 @@
 # Controller concern to handle PAT, RSS, and static objects token authentication methods
 #
 module SessionlessAuthentication
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :enable_admin_mode!, if: :sessionless_user?
+  end
+
   # This filter handles personal access tokens, atom requests with rss tokens, and static object tokens
   def authenticate_sessionless_user!(request_format)
     user = Gitlab::Auth::RequestAuthenticator.new(request).find_sessionless_user(request_format)
@@ -25,4 +31,8 @@ module SessionlessAuthentication
       sign_in(user, store: false, message: :sessionless_sign_in)
     end
   end
+
+  def enable_admin_mode!
+    current_user_mode.enable_admin_mode!(skip_password_validation: true) if Feature.enabled?(:user_mode_in_session)
+  end
 end
diff --git a/app/controllers/health_controller.rb b/app/controllers/health_controller.rb
index dc9a52f8da5..c97057c08cb 100644
--- a/app/controllers/health_controller.rb
+++ b/app/controllers/health_controller.rb
@@ -20,9 +20,7 @@ class HealthController < ActionController::Base
   end
 
   def liveness
-    results = CHECKS.map { |check| [check.name, check.liveness] }
-
-    render_check_results(results)
+    render json: { status: 'ok' }, status: :ok
   end
 
   private
author	GitLab Bot <gitlab-bot@gitlab.com>	2019-09-26 15:06:00 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2019-09-26 15:06:00 +0300
commit	5707f305f4b961e24369fcdaecf0b8ce1c34bad8 (patch)
tree	3b291653b83b3e6c2bffc77c54527fbe6f6373be /app/controllers
parent	759cd6c2985088d187ed519f2a881c2c690b34ec (diff)