diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-09-28 03:06:20 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-09-28 03:06:20 +0300 |
commit | e08eba1838cb749b8815c7da98a504ff97bcfb98 (patch) | |
tree | 0172bc4d205f59dd6f3722b27d53e6aa8abb5825 /app | |
parent | d4633b0e70ec39583ce0b13f277f990b216ac0d9 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/application_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/projects/lfs_api_controller.rb | 17 | ||||
-rw-r--r-- | app/models/ci/artifact_blob.rb | 2 | ||||
-rw-r--r-- | app/models/user.rb | 4 |
4 files changed, 21 insertions, 6 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 224ce75c83f..ad242a078ad 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -288,9 +288,7 @@ class ApplicationController < ActionController::Base def check_password_expiration return if session[:impersonator_id] || !current_user&.allow_password_authentication? - password_expires_at = current_user&.password_expires_at - - if password_expires_at && password_expires_at < Time.now + if current_user&.password_expired? return redirect_to new_profile_password_path end end diff --git a/app/controllers/projects/lfs_api_controller.rb b/app/controllers/projects/lfs_api_controller.rb index 739f7a2437e..a1983bc5462 100644 --- a/app/controllers/projects/lfs_api_controller.rb +++ b/app/controllers/projects/lfs_api_controller.rb @@ -2,6 +2,7 @@ class Projects::LfsApiController < Projects::GitHttpClientController include LfsRequest + include Gitlab::Utils::StrongMemoize LFS_TRANSFER_CONTENT_TYPE = 'application/octet-stream' @@ -81,7 +82,7 @@ class Projects::LfsApiController < Projects::GitHttpClientController download: { href: "#{project.http_url_to_repo}/gitlab-lfs/objects/#{object[:oid]}", header: { - Authorization: request.headers['Authorization'] + Authorization: authorization_header }.compact } } @@ -92,7 +93,7 @@ class Projects::LfsApiController < Projects::GitHttpClientController upload: { href: "#{project.http_url_to_repo}/gitlab-lfs/objects/#{object[:oid]}/#{object[:size]}", header: { - Authorization: request.headers['Authorization'], + Authorization: authorization_header, # git-lfs v2.5.0 sets the Content-Type based on the uploaded file. This # ensures that Workhorse can intercept the request. 'Content-Type': LFS_TRANSFER_CONTENT_TYPE @@ -122,6 +123,18 @@ class Projects::LfsApiController < Projects::GitHttpClientController def lfs_read_only_message _('You cannot write to this read-only GitLab instance.') end + + def authorization_header + strong_memoize(:authorization_header) do + lfs_auth_header || request.headers['Authorization'] + end + end + + def lfs_auth_header + return unless user.is_a?(User) + + Gitlab::LfsToken.new(user).basic_encoding + end end Projects::LfsApiController.prepend_if_ee('EE::Projects::LfsApiController') diff --git a/app/models/ci/artifact_blob.rb b/app/models/ci/artifact_blob.rb index ef00ad75683..76d4b9d6206 100644 --- a/app/models/ci/artifact_blob.rb +++ b/app/models/ci/artifact_blob.rb @@ -53,7 +53,7 @@ module Ci pages_config.enabled && pages_config.artifacts_server && EXTENSIONS_SERVED_BY_PAGES.include?(File.extname(name)) && - job.project.public? + (pages_config.access_control || job.project.public?) end private diff --git a/app/models/user.rb b/app/models/user.rb index 66defb4c707..5711162aa1a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1519,6 +1519,10 @@ class User < ApplicationRecord todos.find_by(target: target, state: :pending) end + def password_expired? + !!(password_expires_at && password_expires_at < Time.now) + end + # @deprecated alias_method :owned_or_masters_groups, :owned_or_maintainers_groups |