diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-25 03:08:59 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-25 03:08:59 +0300 |
commit | 4f749a9b30a638f0bd3a19e8d9925e966b0f5cb4 (patch) | |
tree | b786e4d09b23ff9c89c7c429fa21fa74068d17fb /lib/gitlab/middleware | |
parent | 167894d0e7c98aae1c6d4f5a060ad6d58ea3f382 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/middleware')
-rw-r--r-- | lib/gitlab/middleware/read_only/controller.rb | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/lib/gitlab/middleware/read_only/controller.rb b/lib/gitlab/middleware/read_only/controller.rb index 2cf2a81f812..ca8f4e34802 100644 --- a/lib/gitlab/middleware/read_only/controller.rb +++ b/lib/gitlab/middleware/read_only/controller.rb @@ -24,8 +24,9 @@ module Gitlab 'projects/compare' => %w{create} }.freeze - WHITELISTED_LOGOUT_ROUTES = { - 'sessions' => %w{destroy} + WHITELISTED_SESSION_ROUTES = { + 'sessions' => %w{destroy}, + 'admin/sessions' => %w{create destroy} }.freeze GRAPHQL_URL = '/api/graphql' @@ -89,7 +90,7 @@ module Gitlab # Overridden in EE module def whitelisted_routes - grack_route? || internal_route? || lfs_route? || compare_git_revisions_route? || sidekiq_route? || logout_route? || graphql_query? + grack_route? || internal_route? || lfs_route? || compare_git_revisions_route? || sidekiq_route? || session_route? || graphql_query? end def grack_route? @@ -122,11 +123,12 @@ module Gitlab WHITELISTED_GIT_LFS_ROUTES[route_hash[:controller]]&.include?(route_hash[:action]) end - def logout_route? + def session_route? # Calling route_hash may be expensive. Only do it if we think there's a possible match - return false unless request.post? && request.path.end_with?('/users/sign_out') + return false unless request.post? && request.path.end_with?('/users/sign_out', + '/admin/session', '/admin/session/destroy') - WHITELISTED_LOGOUT_ROUTES[route_hash[:controller]]&.include?(route_hash[:action]) + WHITELISTED_SESSION_ROUTES[route_hash[:controller]]&.include?(route_hash[:action]) end def sidekiq_route? |