diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-17 13:07:47 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-17 13:07:47 +0300 |
commit | d670c3006e6e44901bce0d53cc4768d1d80ffa92 (patch) | |
tree | 8f65743c232e5b76850c4cc264ba15e1185815ff /lib/gitlab/auth | |
parent | a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4 (diff) |
Add latest changes from gitlab-org/gitlab@14-0-stable-ee
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/current_user_mode.rb | 34 | ||||
-rw-r--r-- | lib/gitlab/auth/user_access_denied_reason.rb | 4 |
2 files changed, 29 insertions, 9 deletions
diff --git a/lib/gitlab/auth/current_user_mode.rb b/lib/gitlab/auth/current_user_mode.rb index a6d706c2a49..fc391543f4d 100644 --- a/lib/gitlab/auth/current_user_mode.rb +++ b/lib/gitlab/auth/current_user_mode.rb @@ -27,22 +27,27 @@ module Gitlab # will bypass the session check for a user that was already in admin mode # # If passed a block, it will surround the block execution and reset the session - # bypass at the end; otherwise use manually '.reset_bypass_session!' + # bypass at the end; otherwise you must remember to call '.reset_bypass_session!' def bypass_session!(admin_id) Gitlab::SafeRequestStore[CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY] = admin_id + # Bypassing the session invalidates the cached value of admin_mode? + # Any new calls need to be re-computed. + uncache_admin_mode_state(admin_id) Gitlab::AppLogger.debug("Bypassing session in admin mode for: #{admin_id}") - if block_given? - begin - yield - ensure - reset_bypass_session! - end + return unless block_given? + + begin + yield + ensure + reset_bypass_session!(admin_id) end end - def reset_bypass_session! + def reset_bypass_session!(admin_id = nil) + # Restoring the session bypass invalidates the cached value of admin_mode? + uncache_admin_mode_state(admin_id) Gitlab::SafeRequestStore.delete(CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY) end @@ -50,10 +55,21 @@ module Gitlab Gitlab::SafeRequestStore[CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY] end + def uncache_admin_mode_state(admin_id = nil) + if admin_id + key = { res: :current_user_mode, user: admin_id, method: :admin_mode? } + Gitlab::SafeRequestStore.delete(key) + else + Gitlab::SafeRequestStore.delete_if do |key| + key.is_a?(Hash) && key[:res] == :current_user_mode && key[:method] == :admin_mode? + end + end + end + # Store in the current request the provided user model (only if in admin mode) # and yield def with_current_admin(admin) - return yield unless self.new(admin).admin_mode? + return yield unless new(admin).admin_mode? Gitlab::SafeRequestStore[CURRENT_REQUEST_ADMIN_MODE_USER_RS_KEY] = admin diff --git a/lib/gitlab/auth/user_access_denied_reason.rb b/lib/gitlab/auth/user_access_denied_reason.rb index 6639000dba8..904759919ae 100644 --- a/lib/gitlab/auth/user_access_denied_reason.rb +++ b/lib/gitlab/auth/user_access_denied_reason.rb @@ -23,6 +23,8 @@ module Gitlab "Your primary email address is not confirmed. "\ "Please check your inbox for the confirmation instructions. "\ "In case the link is expired, you can request a new confirmation email at #{Rails.application.routes.url_helpers.new_user_confirmation_url}" + when :blocked + "Your account has been blocked." when :password_expired "Your password expired. "\ "Please access GitLab from a web browser to update your password." @@ -44,6 +46,8 @@ module Gitlab :deactivated elsif !@user.confirmed? :unconfirmed + elsif @user.blocked? + :blocked elsif @user.password_expired? :password_expired else |