diff options
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 67 |
1 files changed, 27 insertions, 40 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b5695322eb6..54e3275662b 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -18,6 +18,9 @@ class ApplicationController < ActionController::Base include Gitlab::Tracking::ControllerConcern include Gitlab::Experimentation::ControllerConcern include InitializesCurrentUserMode + include Impersonation + include Gitlab::Logging::CloudflareHelper + include Gitlab::Utils::StrongMemoize before_action :authenticate_user!, except: [:route_not_found] before_action :enforce_terms!, if: :should_enforce_terms? @@ -35,6 +38,10 @@ class ApplicationController < ActionController::Base before_action :check_impersonation_availability before_action :required_signup_info + # Make sure the `auth_user` is memoized so it can be logged, we do this after + # all other before filters that could have set the user. + before_action :auth_user + prepend_around_action :set_current_context around_action :sessionless_bypass_admin_mode!, if: :sessionless_user? @@ -141,16 +148,19 @@ class ApplicationController < ActionController::Base payload[:ua] = request.env["HTTP_USER_AGENT"] payload[:remote_ip] = request.remote_ip + payload[Labkit::Correlation::CorrelationId::LOG_KEY] = Labkit::Correlation::CorrelationId.current_id + payload[:metadata] = @current_context logged_user = auth_user - if logged_user.present? payload[:user_id] = logged_user.try(:id) payload[:username] = logged_user.try(:username) end payload[:queue_duration_s] = request.env[::Gitlab::Middleware::RailsQueueDuration::GITLAB_RAILS_QUEUE_DURATION_KEY] + + store_cloudflare_headers!(payload, request) end ## @@ -158,10 +168,12 @@ class ApplicationController < ActionController::Base # (e.g. tokens) to authenticate the user, whereas Devise sets current_user. # def auth_user - if user_signed_in? - current_user - else - try(:authenticated_user) + strong_memoize(:auth_user) do + if user_signed_in? + current_user + else + try(:authenticated_user) + end end end @@ -453,11 +465,16 @@ class ApplicationController < ActionController::Base def set_current_context(&block) Gitlab::ApplicationContext.with_context( - user: -> { auth_user }, - project: -> { @project }, - namespace: -> { @group }, - caller_id: full_action_name, - &block) + # Avoid loading the auth_user again after the request. Otherwise calling + # `auth_user` again would also trigger the Warden callbacks again + user: -> { auth_user if strong_memoized?(:auth_user) }, + project: -> { @project if @project&.persisted? }, + namespace: -> { @group if @group&.persisted? }, + caller_id: full_action_name) do + yield + ensure + @current_context = Labkit::Context.current.to_h + end end def set_locale(&block) @@ -525,36 +542,6 @@ class ApplicationController < ActionController::Base .execute end - def check_impersonation_availability - return unless session[:impersonator_id] - - unless Gitlab.config.gitlab.impersonation_enabled - stop_impersonation - access_denied! _('Impersonation has been disabled') - end - end - - def stop_impersonation - log_impersonation_event - - warden.set_user(impersonator, scope: :user) - session[:impersonator_id] = nil - - impersonated_user - end - - def impersonated_user - current_user - end - - def log_impersonation_event - Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}") - end - - def impersonator - @impersonator ||= User.find(session[:impersonator_id]) if session[:impersonator_id] - end - def sentry_context(&block) Gitlab::ErrorTracking.with_context(current_user, &block) end |