Add latest changes from gitlab-org/gitlab@master

2 files changed, 14 insertions, 2 deletions

diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index f3635613339..9c5a07919b3 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -645,6 +645,7 @@ Settings.rack_attack.git_basic_auth['ip_whitelist'] ||= %w{127.0.0.1}
 Settings.rack_attack.git_basic_auth['maxretry'] ||= 10
 Settings.rack_attack.git_basic_auth['findtime'] ||= 1.minute
 Settings.rack_attack.git_basic_auth['bantime'] ||= 1.hour
+Settings.rack_attack['admin_area_protected_paths_enabled'] ||= false
 
 #
 # Gitaly
diff --git a/config/initializers/rack_attack_new.rb b/config/initializers/rack_attack_new.rb
index 92a8bf79432..6d29bb1cd8b 100644
--- a/config/initializers/rack_attack_new.rb
+++ b/config/initializers/rack_attack_new.rb
@@ -1,11 +1,22 @@
+# Specs for this file can be found on:
+# * spec/lib/gitlab/throttle_spec.rb
+# * spec/requests/rack_attack_global_spec.rb
 module Gitlab::Throttle
   def self.settings
     Gitlab::CurrentSettings.current_application_settings
   end
 
+  # Returns true if we should use the Admin Area protected paths throttle
   def self.protected_paths_enabled?
-    !self.omnibus_protected_paths_present? &&
-      self.settings.throttle_protected_paths_enabled?
+    return false if should_use_omnibus_protected_paths?
+
+    self.settings.throttle_protected_paths_enabled?
+  end
+
+  # To be removed in 13.0: https://gitlab.com/gitlab-org/gitlab/issues/29952
+  def self.should_use_omnibus_protected_paths?
+    !Settings.rack_attack.admin_area_protected_paths_enabled &&
+      self.omnibus_protected_paths_present?
   end
 
   def self.omnibus_protected_paths_present?