diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-09-26 15:06:00 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-09-26 15:06:00 +0300 |
commit | 5707f305f4b961e24369fcdaecf0b8ce1c34bad8 (patch) | |
tree | 3b291653b83b3e6c2bffc77c54527fbe6f6373be /app/controllers | |
parent | 759cd6c2985088d187ed519f2a881c2c690b34ec (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/admin/sessions_controller.rb | 33 | ||||
-rw-r--r-- | app/controllers/application_controller.rb | 5 | ||||
-rw-r--r-- | app/controllers/concerns/enforces_admin_authentication.rb | 12 | ||||
-rw-r--r-- | app/controllers/concerns/sessionless_authentication.rb | 10 | ||||
-rw-r--r-- | app/controllers/health_controller.rb | 4 |
5 files changed, 60 insertions, 4 deletions
diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb new file mode 100644 index 00000000000..1f946e41995 --- /dev/null +++ b/app/controllers/admin/sessions_controller.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +class Admin::SessionsController < ApplicationController + include InternalRedirect + + before_action :user_is_admin! + + def new + # Renders a form in which the admin can enter their password + end + + def create + if current_user_mode.enable_admin_mode!(password: params[:password]) + redirect_location = stored_location_for(:redirect) || admin_root_path + redirect_to safe_redirect_path(redirect_location) + else + flash.now[:alert] = _('Invalid Login or password') + render :new + end + end + + def destroy + current_user_mode.disable_admin_mode! + + redirect_to root_path, status: :found, notice: _('Admin mode disabled') + end + + private + + def user_is_admin! + render_404 unless current_user&.admin? + end +end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 9a7859fc687..0d0384ba52f 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -36,6 +36,7 @@ class ApplicationController < ActionController::Base protect_from_forgery with: :exception, prepend: true helper_method :can? + helper_method :current_user_mode helper_method :import_sources_enabled?, :github_import_enabled?, :gitea_import_enabled?, :github_import_configured?, :gitlab_import_enabled?, :gitlab_import_configured?, @@ -533,6 +534,10 @@ class ApplicationController < ActionController::Base yield end end + + def current_user_mode + @current_user_mode ||= Gitlab::Auth::CurrentUserMode.new(current_user) + end end ApplicationController.prepend_if_ee('EE::ApplicationController') diff --git a/app/controllers/concerns/enforces_admin_authentication.rb b/app/controllers/concerns/enforces_admin_authentication.rb index 3ef92730df6..e731211f423 100644 --- a/app/controllers/concerns/enforces_admin_authentication.rb +++ b/app/controllers/concerns/enforces_admin_authentication.rb @@ -14,6 +14,16 @@ module EnforcesAdminAuthentication end def authenticate_admin! - render_404 unless current_user.admin? + return render_404 unless current_user.admin? + return unless Feature.enabled?(:user_mode_in_session) + + unless current_user_mode.admin_mode? + store_location_for(:redirect, request.fullpath) if storable_location? + redirect_to(new_admin_session_path, notice: _('Re-authentication required')) + end + end + + def storable_location? + request.path != new_admin_session_path end end diff --git a/app/controllers/concerns/sessionless_authentication.rb b/app/controllers/concerns/sessionless_authentication.rb index ba06384a37a..f644923443b 100644 --- a/app/controllers/concerns/sessionless_authentication.rb +++ b/app/controllers/concerns/sessionless_authentication.rb @@ -5,6 +5,12 @@ # Controller concern to handle PAT, RSS, and static objects token authentication methods # module SessionlessAuthentication + extend ActiveSupport::Concern + + included do + before_action :enable_admin_mode!, if: :sessionless_user? + end + # This filter handles personal access tokens, atom requests with rss tokens, and static object tokens def authenticate_sessionless_user!(request_format) user = Gitlab::Auth::RequestAuthenticator.new(request).find_sessionless_user(request_format) @@ -25,4 +31,8 @@ module SessionlessAuthentication sign_in(user, store: false, message: :sessionless_sign_in) end end + + def enable_admin_mode! + current_user_mode.enable_admin_mode!(skip_password_validation: true) if Feature.enabled?(:user_mode_in_session) + end end diff --git a/app/controllers/health_controller.rb b/app/controllers/health_controller.rb index dc9a52f8da5..c97057c08cb 100644 --- a/app/controllers/health_controller.rb +++ b/app/controllers/health_controller.rb @@ -20,9 +20,7 @@ class HealthController < ActionController::Base end def liveness - results = CHECKS.map { |check| [check.name, check.liveness] } - - render_check_results(results) + render json: { status: 'ok' }, status: :ok end private |