diff options
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/application_controller.rb | 1 | ||||
-rw-r--r-- | app/controllers/concerns/sessionless_authentication.rb | 12 | ||||
-rw-r--r-- | app/controllers/graphql_controller.rb | 5 | ||||
-rw-r--r-- | app/controllers/groups_controller.rb | 3 |
4 files changed, 11 insertions, 10 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 7cb629dee21..5a2eb2337aa 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -34,6 +34,7 @@ class ApplicationController < ActionController::Base before_action :check_impersonation_availability before_action :required_signup_info + around_action :sessionless_bypass_admin_mode!, if: :sessionless_user? around_action :set_current_context around_action :set_locale around_action :set_session_storage diff --git a/app/controllers/concerns/sessionless_authentication.rb b/app/controllers/concerns/sessionless_authentication.rb index d5c26fca957..a9ef33bf3b9 100644 --- a/app/controllers/concerns/sessionless_authentication.rb +++ b/app/controllers/concerns/sessionless_authentication.rb @@ -5,12 +5,6 @@ # Controller concern to handle PAT, RSS, and static objects token authentication methods # module SessionlessAuthentication - extend ActiveSupport::Concern - - included do - before_action :enable_admin_mode!, if: :sessionless_user? - end - # This filter handles personal access tokens, atom requests with rss tokens, and static object tokens def authenticate_sessionless_user!(request_format) user = Gitlab::Auth::RequestAuthenticator.new(request).find_sessionless_user(request_format) @@ -32,9 +26,9 @@ module SessionlessAuthentication end end - def enable_admin_mode! - return unless Feature.enabled?(:user_mode_in_session) + def sessionless_bypass_admin_mode!(&block) + return yield unless Feature.enabled?(:user_mode_in_session) - current_user_mode.enable_sessionless_admin_mode! + Gitlab::Auth::CurrentUserMode.bypass_session!(current_user.id, &block) end end diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb index d7ff2ded5ae..522d171b5bf 100644 --- a/app/controllers/graphql_controller.rb +++ b/app/controllers/graphql_controller.rb @@ -15,6 +15,11 @@ class GraphqlController < ApplicationController before_action :authorize_access_api! before_action(only: [:execute]) { authenticate_sessionless_user!(:api) } + # Since we deactivate authentication from the main ApplicationController and + # defer it to :authorize_access_api!, we need to override the bypass session + # callback execution order here + around_action :sessionless_bypass_admin_mode!, if: :sessionless_user? + def execute result = multiplex? ? execute_multiplex : execute_query diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 80c7a803392..7175eefcde7 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -195,7 +195,8 @@ class GroupsController < Groups::ApplicationController :require_two_factor_authentication, :two_factor_grace_period, :project_creation_level, - :subgroup_creation_level + :subgroup_creation_level, + :default_branch_protection ] end |