diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-07-17 03:08:37 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-07-17 03:08:37 +0300 |
commit | cd7ea53ba94f20c09b88614d2c17662972d8ce4d (patch) | |
tree | d930e0c89f6951343c7566ff70edba047e4385c0 /app | |
parent | b7f59cf951f4610ff712358f1675183989fb5d2a (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/members/mailgun/permanent_failures_controller.rb | 65 | ||||
-rw-r--r-- | app/mailers/emails/members.rb | 6 | ||||
-rw-r--r-- | app/services/members/mailgun.rb | 8 | ||||
-rw-r--r-- | app/services/members/mailgun/process_webhook_service.rb | 39 | ||||
-rw-r--r-- | app/views/admin/application_settings/_mailgun.html.haml | 2 |
5 files changed, 5 insertions, 115 deletions
diff --git a/app/controllers/members/mailgun/permanent_failures_controller.rb b/app/controllers/members/mailgun/permanent_failures_controller.rb deleted file mode 100644 index 685faa34694..00000000000 --- a/app/controllers/members/mailgun/permanent_failures_controller.rb +++ /dev/null @@ -1,65 +0,0 @@ -# frozen_string_literal: true - -module Members - module Mailgun - class PermanentFailuresController < ApplicationController - respond_to :json - - skip_before_action :authenticate_user! - skip_before_action :verify_authenticity_token - - before_action :ensure_feature_enabled! - before_action :authenticate_signature! - before_action :validate_invite_email! - - feature_category :authentication_and_authorization - - def create - webhook_processor.execute - - head :ok - end - - private - - def ensure_feature_enabled! - render_406 unless Gitlab::CurrentSettings.mailgun_events_enabled? - end - - def authenticate_signature! - access_denied! unless valid_signature? - end - - def valid_signature? - return false if Gitlab::CurrentSettings.mailgun_signing_key.blank? - - # per this guide: https://documentation.mailgun.com/en/latest/user_manual.html#webhooks - digest = OpenSSL::Digest.new('SHA256') - data = [params.dig(:signature, :timestamp), params.dig(:signature, :token)].join - - hmac_digest = OpenSSL::HMAC.hexdigest(digest, Gitlab::CurrentSettings.mailgun_signing_key, data) - - ActiveSupport::SecurityUtils.secure_compare(params.dig(:signature, :signature), hmac_digest) - end - - def validate_invite_email! - # permanent_failures webhook does not provide a way to filter failures, so we'll get them all on this endpoint - # and we only care about our invite_emails - render_406 unless payload[:tags]&.include?(::Members::Mailgun::INVITE_EMAIL_TAG) - end - - def webhook_processor - ::Members::Mailgun::ProcessWebhookService.new(payload) - end - - def payload - @payload ||= params.permit!['event-data'] - end - - def render_406 - # failure to stop retries per https://documentation.mailgun.com/en/latest/user_manual.html#webhooks - head :not_acceptable - end - end - end -end diff --git a/app/mailers/emails/members.rb b/app/mailers/emails/members.rb index 738794a94e7..d1870065845 100644 --- a/app/mailers/emails/members.rb +++ b/app/mailers/emails/members.rb @@ -150,10 +150,10 @@ module Emails end def invite_email_headers - if Gitlab::CurrentSettings.mailgun_events_enabled? + if Gitlab.dev_env_or_com? { - 'X-Mailgun-Tag' => ::Members::Mailgun::INVITE_EMAIL_TAG, - 'X-Mailgun-Variables' => { ::Members::Mailgun::INVITE_EMAIL_TOKEN_KEY => @token }.to_json + 'X-Mailgun-Tag' => 'invite_email', + 'X-Mailgun-Variables' => { 'invite_token' => @token }.to_json } else {} diff --git a/app/services/members/mailgun.rb b/app/services/members/mailgun.rb deleted file mode 100644 index 43fb5a14ef1..00000000000 --- a/app/services/members/mailgun.rb +++ /dev/null @@ -1,8 +0,0 @@ -# frozen_string_literal: true - -module Members - module Mailgun - INVITE_EMAIL_TAG = 'invite_email' - INVITE_EMAIL_TOKEN_KEY = :invite_token - end -end diff --git a/app/services/members/mailgun/process_webhook_service.rb b/app/services/members/mailgun/process_webhook_service.rb deleted file mode 100644 index e359a83ad42..00000000000 --- a/app/services/members/mailgun/process_webhook_service.rb +++ /dev/null @@ -1,39 +0,0 @@ -# frozen_string_literal: true - -module Members - module Mailgun - class ProcessWebhookService - ProcessWebhookServiceError = Class.new(StandardError) - - def initialize(payload) - @payload = payload - end - - def execute - @member = Member.find_by_invite_token(invite_token) - update_member_and_log if member - rescue ProcessWebhookServiceError => e - Gitlab::ErrorTracking.track_exception(e) - end - - private - - attr_reader :payload, :member - - def update_member_and_log - log_update_event if member.update(invite_email_success: false) - end - - def log_update_event - Gitlab::AppLogger.info "UPDATED MEMBER INVITE_EMAIL_SUCCESS: member_id: #{member.id}" - end - - def invite_token - # may want to validate schema in some way using ::JSONSchemer.schema(SCHEMA_PATH).valid?(message) if this - # gets more complex - payload.dig('user-variables', ::Members::Mailgun::INVITE_EMAIL_TOKEN_KEY) || - raise(ProcessWebhookServiceError, "Failed to receive #{::Members::Mailgun::INVITE_EMAIL_TOKEN_KEY} in user-variables: #{payload}") - end - end - end -end diff --git a/app/views/admin/application_settings/_mailgun.html.haml b/app/views/admin/application_settings/_mailgun.html.haml index 40b4d5cac6d..6204f7df5dc 100644 --- a/app/views/admin/application_settings/_mailgun.html.haml +++ b/app/views/admin/application_settings/_mailgun.html.haml @@ -1,3 +1,5 @@ +- return unless Feature.enabled?(:mailgun_events_receiver) + - expanded = integration_expanded?('mailgun_') %section.settings.as-mailgun.no-animate#js-mailgun-settings{ class: ('expanded' if expanded) } .settings-header |