diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-24 13:12:46 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-24 13:12:46 +0300 |
commit | 85e95876ecf827253256c841df80a53843b84f7f (patch) | |
tree | 7759343984204444409dcfb5ac8b72c493c5d7b5 /lib | |
parent | 680a5284470c6e5c430cd077b797504acd1f26d7 (diff) |
Add latest changes from gitlab-org/gitlab@12-7-stable-ee
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/auth/o_auth/auth_hash.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/bitbucket_server_import/importer.rb | 1 | ||||
-rw-r--r-- | lib/gitlab/middleware/read_only/controller.rb | 13 |
3 files changed, 14 insertions, 2 deletions
diff --git a/lib/gitlab/auth/o_auth/auth_hash.rb b/lib/gitlab/auth/o_auth/auth_hash.rb index 76f2827af1a..b37a9225dd7 100644 --- a/lib/gitlab/auth/o_auth/auth_hash.rb +++ b/lib/gitlab/auth/o_auth/auth_hash.rb @@ -34,7 +34,7 @@ module Gitlab end def password - @password ||= Gitlab::Utils.force_utf8(Devise.friendly_token[0, 8].downcase) + @password ||= Gitlab::Utils.force_utf8(::User.random_password.downcase) end def location diff --git a/lib/gitlab/bitbucket_server_import/importer.rb b/lib/gitlab/bitbucket_server_import/importer.rb index 886fbaaff48..16fe5b46b1f 100644 --- a/lib/gitlab/bitbucket_server_import/importer.rb +++ b/lib/gitlab/bitbucket_server_import/importer.rb @@ -172,6 +172,7 @@ module Gitlab stage: 'import_pull_requests', iid: pull_request.iid, error: e.message ) + backtrace = Gitlab::BacktraceCleaner.clean_backtrace(e.backtrace) errors << { type: :pull_request, iid: pull_request.iid, errors: e.message, backtrace: backtrace.join("\n"), raw_response: pull_request.raw } end end diff --git a/lib/gitlab/middleware/read_only/controller.rb b/lib/gitlab/middleware/read_only/controller.rb index b18f0eed1fa..c749816cf6a 100644 --- a/lib/gitlab/middleware/read_only/controller.rb +++ b/lib/gitlab/middleware/read_only/controller.rb @@ -24,6 +24,10 @@ module Gitlab 'projects/compare' => %w{create} }.freeze + WHITELISTED_LOGOUT_ROUTES = { + 'sessions' => %w{destroy} + }.freeze + GRAPHQL_URL = '/api/graphql' def initialize(app, env) @@ -85,7 +89,7 @@ module Gitlab # Overridden in EE module def whitelisted_routes - grack_route? || internal_route? || lfs_route? || compare_git_revisions_route? || sidekiq_route? || graphql_query? + grack_route? || internal_route? || lfs_route? || compare_git_revisions_route? || sidekiq_route? || logout_route? || graphql_query? end def grack_route? @@ -118,6 +122,13 @@ module Gitlab WHITELISTED_GIT_LFS_ROUTES[route_hash[:controller]]&.include?(route_hash[:action]) end + def logout_route? + # Calling route_hash may be expensive. Only do it if we think there's a possible match + return false unless request.post? && request.path.end_with?('/users/sign_out') + + WHITELISTED_LOGOUT_ROUTES[route_hash[:controller]]&.include?(route_hash[:action]) + end + def sidekiq_route? request.path.start_with?("#{relative_url}/admin/sidekiq") end |