diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-04 21:08:50 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-04 21:08:50 +0300 |
commit | ca05512007cea51e05d3431b2c8bd7228c754370 (patch) | |
tree | 5202d429acd68c071445aff9e352379173ec9c0b /lib/gitlab/auth | |
parent | 6b833f1e0340e00fdee074da9c42c0d4e07a46d2 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/current_user_mode.rb | 61 |
1 files changed, 6 insertions, 55 deletions
diff --git a/lib/gitlab/auth/current_user_mode.rb b/lib/gitlab/auth/current_user_mode.rb index 1ef95c03cfc..cb39baaa6cc 100644 --- a/lib/gitlab/auth/current_user_mode.rb +++ b/lib/gitlab/auth/current_user_mode.rb @@ -10,54 +10,12 @@ module Gitlab class CurrentUserMode NotRequestedError = Class.new(StandardError) - # RequestStore entries - CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY = { res: :current_user_mode, data: :bypass_session_admin_id }.freeze - CURRENT_REQUEST_ADMIN_MODE_USER_RS_KEY = { res: :current_user_mode, data: :current_admin }.freeze - - # SessionStore entries SESSION_STORE_KEY = :current_user_mode - ADMIN_MODE_START_TIME_KEY = :admin_mode - ADMIN_MODE_REQUESTED_TIME_KEY = :admin_mode_requested + ADMIN_MODE_START_TIME_KEY = 'admin_mode' + ADMIN_MODE_REQUESTED_TIME_KEY = 'admin_mode_requested' MAX_ADMIN_MODE_TIME = 6.hours ADMIN_MODE_REQUESTED_GRACE_PERIOD = 5.minutes - class << self - # Admin mode activation requires storing a flag in the user session. Using this - # method when scheduling jobs in Sidekiq will bypass the session check for a - # user that was already in admin mode - def bypass_session!(admin_id) - Gitlab::SafeRequestStore[CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY] = admin_id - - Gitlab::AppLogger.debug("Bypassing session in admin mode for: #{admin_id}") - - yield - ensure - Gitlab::SafeRequestStore.delete(CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY) - end - - def bypass_session_admin_id - Gitlab::SafeRequestStore[CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY] - end - - # Store in the current request the provided user model (only if in admin mode) - # and yield - def with_current_admin(admin) - return yield unless self.new(admin).admin_mode? - - Gitlab::SafeRequestStore[CURRENT_REQUEST_ADMIN_MODE_USER_RS_KEY] = admin - - Gitlab::AppLogger.debug("Admin mode active for: #{admin.username}") - - yield - ensure - Gitlab::SafeRequestStore.delete(CURRENT_REQUEST_ADMIN_MODE_USER_RS_KEY) - end - - def current_admin - Gitlab::SafeRequestStore[CURRENT_REQUEST_ADMIN_MODE_USER_RS_KEY] - end - end - def initialize(user) @user = user end @@ -84,7 +42,7 @@ module Gitlab raise NotRequestedError unless admin_mode_requested? - reset_request_store_cache_entries + reset_request_store current_session_data[ADMIN_MODE_REQUESTED_TIME_KEY] = nil current_session_data[ADMIN_MODE_START_TIME_KEY] = Time.now @@ -97,7 +55,7 @@ module Gitlab def disable_admin_mode! return unless user&.admin? - reset_request_store_cache_entries + reset_request_store current_session_data[ADMIN_MODE_REQUESTED_TIME_KEY] = nil current_session_data[ADMIN_MODE_START_TIME_KEY] = nil @@ -106,7 +64,7 @@ module Gitlab def request_admin_mode! return unless user&.admin? - reset_request_store_cache_entries + reset_request_store current_session_data[ADMIN_MODE_REQUESTED_TIME_KEY] = Time.now end @@ -115,12 +73,10 @@ module Gitlab attr_reader :user - # RequestStore entry to cache #admin_mode? result def admin_mode_rs_key @admin_mode_rs_key ||= { res: :current_user_mode, user: user.id, method: :admin_mode? } end - # RequestStore entry to cache #admin_mode_requested? result def admin_mode_requested_rs_key @admin_mode_requested_rs_key ||= { res: :current_user_mode, user: user.id, method: :admin_mode_requested? } end @@ -130,7 +86,6 @@ module Gitlab end def any_session_with_admin_mode? - return true if bypass_session? return true if current_session_data.initiated? && current_session_data[ADMIN_MODE_START_TIME_KEY].to_i > MAX_ADMIN_MODE_TIME.ago.to_i all_sessions.any? do |session| @@ -148,11 +103,7 @@ module Gitlab current_session_data[ADMIN_MODE_REQUESTED_TIME_KEY].to_i > ADMIN_MODE_REQUESTED_GRACE_PERIOD.ago.to_i end - def bypass_session? - user&.id && user.id == self.class.bypass_session_admin_id - end - - def reset_request_store_cache_entries + def reset_request_store Gitlab::SafeRequestStore.delete(admin_mode_rs_key) Gitlab::SafeRequestStore.delete(admin_mode_requested_rs_key) end |