diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-29 03:06:10 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-29 03:06:10 +0300 |
| commit | abfafe3c57f56cd76a0a9afb7275cddb12304544 (patch) | |
| tree | f1a82b1afe78f1fd37234f86f3107bc8eb976742 /db | |
| parent | ef326e805ac99222c55e1efd9867045800f01a4b (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'db')
| -rw-r--r-- | db/migrate/20191026041447_change_default_value_of_throttle_protected_paths.rb | 38 | ||||
| -rw-r--r-- | db/schema.rb | 4 |
2 files changed, 40 insertions, 2 deletions
diff --git a/db/migrate/20191026041447_change_default_value_of_throttle_protected_paths.rb b/db/migrate/20191026041447_change_default_value_of_throttle_protected_paths.rb new file mode 100644 index 00000000000..dd79fb217ef --- /dev/null +++ b/db/migrate/20191026041447_change_default_value_of_throttle_protected_paths.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +class ChangeDefaultValueOfThrottleProtectedPaths < ActiveRecord::Migration[5.2] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + def up + change_column_default :application_settings, :throttle_protected_paths_enabled, false + + # Because we already set the value to true in the previous + # migration, this feature was switched on inadvertently in GitLab + # 12.4. This migration toggles it back off to ensure we don't + # inadvertently block legitimate users. The admin will have to + # re-enable it in the application settings. + unless omnibus_protected_paths_present? + execute "UPDATE application_settings SET throttle_protected_paths_enabled = #{false_value}" + end + end + + def down + change_column_default :application_settings, :throttle_protected_paths_enabled, true + + execute "UPDATE application_settings SET throttle_protected_paths_enabled = #{true_value}" + end + + private + + def omnibus_protected_paths_present? + Rack::Attack.throttles.key?('protected paths') + rescue e + say "Error while checking if Omnibus protected paths were already enabled: #{e.message}" + say 'Continuing. Protected paths will remain enabled.' + + # Return true so we don't take a risk + true + end +end diff --git a/db/schema.rb b/db/schema.rb index dce9d1dc189..39c4f3005be 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2019_10_17_180026) do +ActiveRecord::Schema.define(version: 2019_10_26_041447) do # These are extensions that must be enabled in order to support this database enable_extension "pg_trgm" @@ -331,7 +331,7 @@ ActiveRecord::Schema.define(version: 2019_10_17_180026) do t.string "encrypted_asset_proxy_secret_key_iv" t.string "static_objects_external_storage_url", limit: 255 t.string "static_objects_external_storage_auth_token", limit: 255 - t.boolean "throttle_protected_paths_enabled", default: true, null: false + t.boolean "throttle_protected_paths_enabled", default: false, null: false t.integer "throttle_protected_paths_requests_per_period", default: 10, null: false t.integer "throttle_protected_paths_period_in_seconds", default: 60, null: false t.string "protected_paths", limit: 255, default: ["/users/password", "/users/sign_in", "/api/v3/session.json", "/api/v3/session", "/api/v4/session.json", "/api/v4/session", "/users", "/users/confirmation", "/unsubscribes/", "/import/github/personal_access_token"], array: true |