Add latest changes from gitlab-org/gitlab@15-7-stable-eev15.7.0-rc42

5 files changed, 16 insertions, 7 deletions

diff --git a/lib/gitlab/auth/current_user_mode.rb b/lib/gitlab/auth/current_user_mode.rb
index fc391543f4d..9bd4711c4bb 100644
--- a/lib/gitlab/auth/current_user_mode.rb
+++ b/lib/gitlab/auth/current_user_mode.rb
@@ -106,8 +106,8 @@ module Gitlab
       end
 
       def enable_admin_mode!(password: nil, skip_password_validation: false)
-        return unless user&.admin?
-        return unless skip_password_validation || user&.valid_password?(password)
+        return false unless user&.admin?
+        return false unless skip_password_validation || user&.valid_password?(password)
 
         raise NotRequestedError unless admin_mode_requested?
 
@@ -115,6 +115,10 @@ module Gitlab
 
         current_session_data[ADMIN_MODE_REQUESTED_TIME_KEY] = nil
         current_session_data[ADMIN_MODE_START_TIME_KEY] = Time.now
+
+        audit_user_enable_admin_mode
+
+        true
       end
 
       def disable_admin_mode!
@@ -175,6 +179,10 @@ module Gitlab
       def privileged_runtime?
         Gitlab::Runtime.rake? || Gitlab::Runtime.rails_runner? || Gitlab::Runtime.console?
       end
+
+      def audit_user_enable_admin_mode; end
     end
   end
 end
+
+Gitlab::Auth::CurrentUserMode.prepend_mod_with('Gitlab::Auth::CurrentUserMode')
diff --git a/lib/gitlab/auth/ldap/access.rb b/lib/gitlab/auth/ldap/access.rb
index 62a817d7c4d..ea098ff8057 100644
--- a/lib/gitlab/auth/ldap/access.rb
+++ b/lib/gitlab/auth/ldap/access.rb
@@ -12,7 +12,7 @@ module Gitlab
 
         def self.open(user, &block)
           Gitlab::Auth::Ldap::Adapter.open(user.ldap_identity.provider) do |adapter|
-            block.call(self.new(user, adapter))
+            yield(self.new(user, adapter))
           end
         end
 
diff --git a/lib/gitlab/auth/ldap/adapter.rb b/lib/gitlab/auth/ldap/adapter.rb
index 47eca74aa5b..9aedc131e92 100644
--- a/lib/gitlab/auth/ldap/adapter.rb
+++ b/lib/gitlab/auth/ldap/adapter.rb
@@ -11,7 +11,7 @@ module Gitlab
 
         def self.open(provider, &block)
           Net::LDAP.open(config(provider).adapter_options) do |ldap|
-            block.call(self.new(provider, ldap))
+            yield(self.new(provider, ldap))
           end
         end
 
diff --git a/lib/gitlab/auth/ldap/config.rb b/lib/gitlab/auth/ldap/config.rb
index 9dafd59561a..6c99b505797 100644
--- a/lib/gitlab/auth/ldap/config.rb
+++ b/lib/gitlab/auth/ldap/config.rb
@@ -82,7 +82,8 @@ module Gitlab
 
         def adapter_options
           opts = base_options.merge(
-            encryption: encryption_options
+            encryption: encryption_options,
+            instrumentation_service: ActiveSupport::Notifications
           )
 
           opts.merge!(auth_options) if has_auth?
diff --git a/lib/gitlab/auth/ldap/dn.rb b/lib/gitlab/auth/ldap/dn.rb
index a188aa168c1..84bf455c98a 100644
--- a/lib/gitlab/auth/ldap/dn.rb
+++ b/lib/gitlab/auth/ldap/dn.rb
@@ -51,7 +51,7 @@ module Gitlab
 
         ##
         # Parse a DN into key value pairs using ASN from
-        # http://tools.ietf.org/html/rfc2253 section 3.
+        # https://www.rfc-editor.org/rfc/rfc2253 section 3.
         # rubocop:disable Metrics/AbcSize
         # rubocop:disable Metrics/CyclomaticComplexity
         # rubocop:disable Metrics/PerceivedComplexity
@@ -231,7 +231,7 @@ module Gitlab
           self.class.new(*to_a).to_s.downcase
         end
 
-        # https://tools.ietf.org/html/rfc4514 section 2.4 lists these exceptions
+        # https://www.rfc-editor.org/rfc/rfc4514 section 2.4 lists these exceptions
         # for DN values. All of the following must be escaped in any normal string
         # using a single backslash ('\') as escape. The space character is left
         # out here because in a "normalized" string, spaces should only be escaped