diff options
Diffstat (limited to 'app/controllers/concerns')
12 files changed, 185 insertions, 154 deletions
diff --git a/app/controllers/concerns/accepts_pending_invitations.rb b/app/controllers/concerns/accepts_pending_invitations.rb index 53dec698fa0..1723058c217 100644 --- a/app/controllers/concerns/accepts_pending_invitations.rb +++ b/app/controllers/concerns/accepts_pending_invitations.rb @@ -8,7 +8,6 @@ module AcceptsPendingInvitations if user.pending_invitations.load.any? user.accept_pending_invitations! - clear_stored_location_for(user: user) after_pending_invitations_hook end end @@ -16,10 +15,4 @@ module AcceptsPendingInvitations def after_pending_invitations_hook # no-op end - - def clear_stored_location_for(user:) - session_key = stored_location_key_for(user) - - session.delete(session_key) - end end diff --git a/app/controllers/concerns/dependency_proxy/group_access.rb b/app/controllers/concerns/dependency_proxy/group_access.rb index 45392625e45..e9fb2563e42 100644 --- a/app/controllers/concerns/dependency_proxy/group_access.rb +++ b/app/controllers/concerns/dependency_proxy/group_access.rb @@ -20,3 +20,5 @@ module DependencyProxy end end end + +DependencyProxy::GroupAccess.prepend_mod_with('DependencyProxy::GroupAccess') diff --git a/app/controllers/concerns/harbor/access.rb b/app/controllers/concerns/harbor/access.rb index 70de72f15fc..211566aeda7 100644 --- a/app/controllers/concerns/harbor/access.rb +++ b/app/controllers/concerns/harbor/access.rb @@ -17,7 +17,7 @@ module Harbor private def harbor_registry_enabled! - render_404 unless Feature.enabled?(:harbor_registry_integration) + render_404 unless Feature.enabled?(:harbor_registry_integration, defined?(group) ? group : project) end def authorize_read_harbor_registry! diff --git a/app/controllers/concerns/integrations/hooks_execution.rb b/app/controllers/concerns/integrations/hooks_execution.rb deleted file mode 100644 index fb26840168f..00000000000 --- a/app/controllers/concerns/integrations/hooks_execution.rb +++ /dev/null @@ -1,95 +0,0 @@ -# frozen_string_literal: true - -module Integrations::HooksExecution - extend ActiveSupport::Concern - - included do - attr_writer :hooks, :hook - end - - def index - self.hooks = relation.select(&:persisted?) - self.hook = relation.new - end - - def create - self.hook = relation.new(hook_params) - hook.save - - unless hook.valid? - self.hooks = relation.select(&:persisted?) - flash[:alert] = hook.errors.full_messages.join.html_safe - end - - redirect_to action: :index - end - - def update - if hook.update(hook_params) - flash[:notice] = _('Hook was successfully updated.') - redirect_to action: :index - else - render 'edit' - end - end - - def destroy - destroy_hook(hook) - - redirect_to action: :index, status: :found - end - - def edit - redirect_to(action: :index) unless hook - end - - private - - def hook_params - permitted = hook_param_names + trigger_values - permitted << { url_variables: [:key, :value] } - - ps = params.require(:hook).permit(*permitted).to_h - - ps[:url_variables] = ps[:url_variables].to_h { [_1[:key], _1[:value].presence] } if ps.key?(:url_variables) - - if action_name == 'update' && ps.key?(:url_variables) - supplied = ps[:url_variables] - ps[:url_variables] = hook.url_variables.merge(supplied).compact - end - - ps - end - - def hook_param_names - %i[enable_ssl_verification token url push_events_branch_filter] - end - - def destroy_hook(hook) - result = WebHooks::DestroyService.new(current_user).execute(hook) - - if result[:status] == :success - flash[:notice] = - if result[:async] - _("%{hook_type} was scheduled for deletion") % { hook_type: hook.model_name.human } - else - _("%{hook_type} was deleted") % { hook_type: hook.model_name.human } - end - else - flash[:alert] = result[:message] - end - end - - def set_hook_execution_notice(result) - http_status = result[:http_status] - message = result[:message] - - if http_status && http_status >= 200 && http_status < 400 - flash[:notice] = "Hook executed successfully: HTTP #{http_status}" - elsif http_status - flash[:alert] = "Hook executed successfully but returned HTTP #{http_status} #{message}" - else - flash[:alert] = "Hook execution failed: #{message}" - end - end -end diff --git a/app/controllers/concerns/issuable_actions.rb b/app/controllers/concerns/issuable_actions.rb index f1d80e37674..7c3401a7e90 100644 --- a/app/controllers/concerns/issuable_actions.rb +++ b/app/controllers/concerns/issuable_actions.rb @@ -193,7 +193,10 @@ module IssuableActions end def render_cached_discussions(discussions, serializer, cache_context) - render_cached(discussions, with: serializer, cache_context: -> (_) { cache_context }, context: self) + render_cached(discussions, + with: serializer, + cache_context: -> (_) { cache_context }, + context: self) end def paginated_discussions diff --git a/app/controllers/concerns/membership_actions.rb b/app/controllers/concerns/membership_actions.rb index fb11bece79c..8a67b62f28b 100644 --- a/app/controllers/concerns/membership_actions.rb +++ b/app/controllers/concerns/membership_actions.rb @@ -150,7 +150,11 @@ module MembershipActions when 'only' [:inherited] else - [:inherited, :direct] + if Feature.enabled?(:webui_members_inherited_users, current_user) + [:inherited, :direct, :shared_from_groups] + else + [:inherited, :direct] + end end end end diff --git a/app/controllers/concerns/packages_access.rb b/app/controllers/concerns/packages_access.rb index 6df2e064bb2..a7d16a5bc88 100644 --- a/app/controllers/concerns/packages_access.rb +++ b/app/controllers/concerns/packages_access.rb @@ -15,6 +15,6 @@ module PackagesAccess end def verify_read_package! - authorize_read_package!(project) + access_denied! unless can?(current_user, :read_package, project&.packages_policy_subject) end end diff --git a/app/controllers/concerns/product_analytics_tracking.rb b/app/controllers/concerns/product_analytics_tracking.rb index 260b433cc6f..8e936782e5a 100644 --- a/app/controllers/concerns/product_analytics_tracking.rb +++ b/app/controllers/concerns/product_analytics_tracking.rb @@ -66,7 +66,17 @@ module ProductAnalyticsTracking i_analytics_dev_ops_score: :route_hll_to_snowplow_phase2, p_analytics_merge_request: :route_hll_to_snowplow_phase2, i_analytics_instance_statistics: :route_hll_to_snowplow_phase2, - g_analytics_contribution: :route_hll_to_snowplow_phase2 + g_analytics_contribution: :route_hll_to_snowplow_phase2, + p_analytics_pipelines: :route_hll_to_snowplow_phase2, + p_analytics_code_reviews: :route_hll_to_snowplow_phase2, + p_analytics_valuestream: :route_hll_to_snowplow_phase2, + p_analytics_insights: :route_hll_to_snowplow_phase2, + p_analytics_issues: :route_hll_to_snowplow_phase2, + p_analytics_repo: :route_hll_to_snowplow_phase2, + g_analytics_insights: :route_hll_to_snowplow_phase2, + g_analytics_issues: :route_hll_to_snowplow_phase2, + g_analytics_productivity: :route_hll_to_snowplow_phase2, + i_analytics_cohorts: :route_hll_to_snowplow_phase2 } Feature.enabled?(events_to_ff[event.to_sym], tracking_namespace_source) diff --git a/app/controllers/concerns/verifies_with_email.rb b/app/controllers/concerns/verifies_with_email.rb index 1a3e7136481..782cae53c3f 100644 --- a/app/controllers/concerns/verifies_with_email.rb +++ b/app/controllers/concerns/verifies_with_email.rb @@ -7,11 +7,9 @@ module VerifiesWithEmail extend ActiveSupport::Concern include ActionView::Helpers::DateHelper - TOKEN_LENGTH = 6 - TOKEN_VALID_FOR_MINUTES = 60 - included do prepend_before_action :verify_with_email, only: :create, unless: -> { two_factor_enabled? } + skip_before_action :required_signup_info, only: :successful_verification end def verify_with_email @@ -76,7 +74,8 @@ module VerifiesWithEmail def send_verification_instructions(user) return if send_rate_limited?(user) - raw_token, encrypted_token = generate_token + service = Users::EmailVerification::GenerateTokenService.new(attr: :unlock_token) + raw_token, encrypted_token = service.execute user.unlock_token = encrypted_token user.lock_access!({ send_instructions: false }) send_verification_instructions_email(user, raw_token) @@ -88,27 +87,20 @@ module VerifiesWithEmail Notify.verification_instructions_email( user.id, token: token, - expires_in: TOKEN_VALID_FOR_MINUTES).deliver_later + expires_in: Users::EmailVerification::ValidateTokenService::TOKEN_VALID_FOR_MINUTES).deliver_later log_verification(user, :instructions_sent) end def verify_token(user, token) - return handle_verification_failure(user, :rate_limited) if verification_rate_limited?(user) - return handle_verification_failure(user, :invalid) unless valid_token?(user, token) - return handle_verification_failure(user, :expired) if expired_token?(user) - - handle_verification_success(user) - end - - def generate_token - raw_token = SecureRandom.random_number(10**TOKEN_LENGTH).to_s.rjust(TOKEN_LENGTH, '0') - encrypted_token = digest_token(raw_token) - [raw_token, encrypted_token] - end + service = Users::EmailVerification::ValidateTokenService.new(attr: :unlock_token, user: user, token: token) + result = service.execute - def digest_token(token) - Devise.token_generator.digest(User, :unlock_token, token) + if result[:status] == :success + handle_verification_success(user) + else + handle_verification_failure(user, result[:reason], result[:message]) + end end def render_sign_in_rate_limited @@ -122,44 +114,17 @@ module VerifiesWithEmail distance_of_time_in_words(interval_in_seconds) end - def verification_rate_limited?(user) - Gitlab::ApplicationRateLimiter.throttled?(:email_verification, scope: user.unlock_token) - end - def send_rate_limited?(user) Gitlab::ApplicationRateLimiter.throttled?(:email_verification_code_send, scope: user) end - def expired_token?(user) - user.locked_at < (Time.current - TOKEN_VALID_FOR_MINUTES.minutes) - end - - def valid_token?(user, token) - user.unlock_token == digest_token(token) - end - - def handle_verification_failure(user, reason) - message = case reason - when :rate_limited - s_("IdentityVerification|You've reached the maximum amount of tries. "\ - 'Wait %{interval} or resend a new code and try again.') % { interval: email_verification_interval } - when :expired - s_('IdentityVerification|The code has expired. Resend a new code and try again.') - when :invalid - s_('IdentityVerification|The code is incorrect. Enter it again, or resend a new code.') - end - + def handle_verification_failure(user, reason, message) user.errors.add(:base, message) log_verification(user, :failed_attempt, reason) prompt_for_email_verification(user) end - def email_verification_interval - interval_in_seconds = Gitlab::ApplicationRateLimiter.rate_limits[:email_verification][:interval] - distance_of_time_in_words(interval_in_seconds) - end - def handle_verification_success(user) user.unlock_access! log_verification(user, :successful) diff --git a/app/controllers/concerns/web_hooks/hook_actions.rb b/app/controllers/concerns/web_hooks/hook_actions.rb new file mode 100644 index 00000000000..ea11f13c7ef --- /dev/null +++ b/app/controllers/concerns/web_hooks/hook_actions.rb @@ -0,0 +1,85 @@ +# frozen_string_literal: true + +module WebHooks + module HookActions + extend ActiveSupport::Concern + include HookExecutionNotice + + included do + attr_writer :hooks, :hook + end + + def index + self.hooks = relation.select(&:persisted?) + self.hook = relation.new + end + + def create + self.hook = relation.new(hook_params) + hook.save + + unless hook.valid? + self.hooks = relation.select(&:persisted?) + flash[:alert] = hook.errors.full_messages.join.html_safe + end + + redirect_to action: :index + end + + def update + if hook.update(hook_params) + flash[:notice] = _('Hook was successfully updated.') + redirect_to action: :index + else + render 'edit' + end + end + + def destroy + destroy_hook(hook) + + redirect_to action: :index, status: :found + end + + def edit + redirect_to(action: :index) unless hook + end + + private + + def hook_params + permitted = hook_param_names + trigger_values + permitted << { url_variables: [:key, :value] } + + ps = params.require(:hook).permit(*permitted).to_h + + ps[:url_variables] = ps[:url_variables].to_h { [_1[:key], _1[:value].presence] } if ps.key?(:url_variables) + + if action_name == 'update' && ps.key?(:url_variables) + supplied = ps[:url_variables] + ps[:url_variables] = hook.url_variables.merge(supplied).compact + end + + ps + end + + def hook_param_names + %i[enable_ssl_verification token url push_events_branch_filter] + end + + def destroy_hook(hook) + result = WebHooks::DestroyService.new(current_user).execute(hook) + + if result[:status] == :success + flash[:notice] = + if result[:async] + format(_("%{hook_type} was scheduled for deletion"), hook_type: hook.model_name.human) + else + format(_("%{hook_type} was deleted"), hook_type: hook.model_name.human) + end + else + flash[:alert] = result[:message] + end + end + end +end diff --git a/app/controllers/concerns/web_hooks/hook_execution_notice.rb b/app/controllers/concerns/web_hooks/hook_execution_notice.rb new file mode 100644 index 00000000000..d651313b30d --- /dev/null +++ b/app/controllers/concerns/web_hooks/hook_execution_notice.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +module WebHooks + module HookExecutionNotice + private + + def set_hook_execution_notice(result) + http_status = result[:http_status] + message = result[:message] + + if http_status && http_status >= 200 && http_status < 400 + flash[:notice] = "Hook executed successfully: HTTP #{http_status}" + elsif http_status + flash[:alert] = "Hook executed successfully but returned HTTP #{http_status} #{message}" + else + flash[:alert] = "Hook execution failed: #{message}" + end + end + end +end diff --git a/app/controllers/concerns/web_hooks/hook_log_actions.rb b/app/controllers/concerns/web_hooks/hook_log_actions.rb new file mode 100644 index 00000000000..f3378d7c857 --- /dev/null +++ b/app/controllers/concerns/web_hooks/hook_log_actions.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +module WebHooks + module HookLogActions + extend ActiveSupport::Concern + include HookExecutionNotice + + included do + before_action :hook, only: [:show, :retry] + before_action :hook_log, only: [:show, :retry] + + respond_to :html + + feature_category :integrations + urgency :low, [:retry] + end + + def show + hide_search_settings + end + + def retry + execute_hook + redirect_to after_retry_redirect_path + end + + private + + # rubocop:disable Gitlab/ModuleWithInstanceVariables + def hook_log + @hook_log ||= hook.web_hook_logs.find(params[:id]) + end + # rubocop:enable Gitlab/ModuleWithInstanceVariables + + def execute_hook + result = hook.execute(hook_log.request_data, hook_log.trigger) + set_hook_execution_notice(result) + end + + def hide_search_settings + @hide_search_settings ||= true + end + end +end |