diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 15:57:02 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 15:57:02 +0300 |
| commit | e0ab280b774e34fcfd6fd031616247714230ca68 (patch) | |
| tree | 472ee2dcef05f242e1b861caa47a0a5179e92f4c /lib | |
| parent | 60b56b48afb89ed1890409b6c425f16549c4d28b (diff) | |
Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/import_bitbucket_server.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/auth.rb | 6 | ||||
| -rw-r--r-- | lib/gitlab/auth/two_factor_auth_verifier.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/import_export/group/import_export.yml | 1 | ||||
| -rw-r--r-- | lib/gitlab/import_export/project/import_export.yml | 2 | ||||
| -rw-r--r-- | lib/gitlab/legacy_github_import/client.rb | 6 |
6 files changed, 19 insertions, 4 deletions
diff --git a/lib/api/import_bitbucket_server.rb b/lib/api/import_bitbucket_server.rb index ecd78c6e6db..0f0d62dcbfb 100644 --- a/lib/api/import_bitbucket_server.rb +++ b/lib/api/import_bitbucket_server.rb @@ -4,6 +4,10 @@ module API class ImportBitbucketServer < ::API::Base feature_category :importers + before do + forbidden! unless Gitlab::CurrentSettings.import_sources&.include?('bitbucket_server') + end + helpers do def client @client ||= BitbucketServer::Client.new(credentials) diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 1afb2eda149..0970b92723b 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -172,7 +172,11 @@ module Gitlab user = find_with_user_password(login, password) return unless user - raise Gitlab::Auth::MissingPersonalAccessTokenError if user.two_factor_enabled? + verifier = TwoFactorAuthVerifier.new(user) + + if user.two_factor_enabled? || verifier.two_factor_authentication_enforced? + raise Gitlab::Auth::MissingPersonalAccessTokenError + end Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities) end diff --git a/lib/gitlab/auth/two_factor_auth_verifier.rb b/lib/gitlab/auth/two_factor_auth_verifier.rb index 86552ef1267..5a203a1fe9c 100644 --- a/lib/gitlab/auth/two_factor_auth_verifier.rb +++ b/lib/gitlab/auth/two_factor_auth_verifier.rb @@ -9,6 +9,10 @@ module Gitlab @current_user = current_user end + def two_factor_authentication_enforced? + two_factor_authentication_required? && two_factor_grace_period_expired? + end + def two_factor_authentication_required? Gitlab::CurrentSettings.require_two_factor_authentication? || current_user&.require_two_factor_authentication_from_group? diff --git a/lib/gitlab/import_export/group/import_export.yml b/lib/gitlab/import_export/group/import_export.yml index 630f918a78b..f7ab1677001 100644 --- a/lib/gitlab/import_export/group/import_export.yml +++ b/lib/gitlab/import_export/group/import_export.yml @@ -37,6 +37,7 @@ excluded_attributes: - :trial_ends_on - :shared_runners_minute_limit - :extra_shared_runners_minutes_limit + - :repository_size_limit epics: - :state_id diff --git a/lib/gitlab/import_export/project/import_export.yml b/lib/gitlab/import_export/project/import_export.yml index fe0974d27a6..8046fedc4f3 100644 --- a/lib/gitlab/import_export/project/import_export.yml +++ b/lib/gitlab/import_export/project/import_export.yml @@ -88,7 +88,6 @@ tree: - :external_pull_request - :merge_request - :auto_devops - - :triggers - :pipeline_schedules - :container_expiration_policy - protected_branches: @@ -211,6 +210,7 @@ excluded_attributes: - :show_default_award_emojis - :services - :exported_protected_branches + - :repository_size_limit namespaces: - :runners_token - :runners_token_encrypted diff --git a/lib/gitlab/legacy_github_import/client.rb b/lib/gitlab/legacy_github_import/client.rb index 4482610523e..48a8e0ce6d7 100644 --- a/lib/gitlab/legacy_github_import/client.rb +++ b/lib/gitlab/legacy_github_import/client.rb @@ -8,9 +8,10 @@ module Gitlab attr_reader :access_token, :host, :api_version, :wait_for_rate_limit_reset - def initialize(access_token, host: nil, api_version: 'v3', wait_for_rate_limit_reset: true) + def initialize(access_token, host: nil, api_version: 'v3', wait_for_rate_limit_reset: true, hostname: nil) @access_token = access_token @host = host.to_s.sub(%r{/+\z}, '') + @hostname = hostname @api_version = api_version @users = {} @wait_for_rate_limit_reset = wait_for_rate_limit_reset @@ -28,7 +29,8 @@ module Gitlab # If there is no config, we're connecting to github.com and we # should verify ssl. connection_options: { - ssl: { verify: config ? config['verify_ssl'] : true } + ssl: { verify: config ? config['verify_ssl'] : true }, + headers: { host: @hostname }.compact } ) end |