diff options
Diffstat (limited to 'app/models/application_setting.rb')
-rw-r--r-- | app/models/application_setting.rb | 39 |
1 files changed, 29 insertions, 10 deletions
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index 153257636ba..824a2bd9fa4 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -16,12 +16,6 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord ignore_columns %i[instance_administration_project_id instance_administrators_group_id], remove_with: '16.2', remove_after: '2023-06-22' ignore_column :database_apdex_settings, remove_with: '16.4', remove_after: '2023-08-22' - ignore_columns %i[ - dashboard_notification_limit - dashboard_enforcement_limit - dashboard_limit_new_namespace_creation_enforcement_date - ], remove_with: '16.5', remove_after: '2023-08-22' - ignore_column %i[ relay_state_domain_allowlist in_product_marketing_emails_enabled @@ -36,7 +30,7 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord jitsu_project_xid jitsu_administrator_email ], remove_with: '16.5', remove_after: '2023-09-22' - ignore_columns %i[ai_access_token ai_access_token_iv], remove_with: '16.6', remove_after: '2023-10-22' + ignore_columns %i[encrypted_ai_access_token encrypted_ai_access_token_iv], remove_with: '16.6', remove_after: '2023-10-22' INSTANCE_REVIEW_MIN_USERS = 50 GRAFANA_URL_ERROR_MESSAGE = 'Please check your Grafana URL setting in ' \ @@ -122,6 +116,10 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord validates :default_branch_protection_defaults, json_schema: { filename: 'default_branch_protection_defaults' } validates :default_branch_protection_defaults, bytesize: { maximum: -> { DEFAULT_BRANCH_PROTECTIONS_DEFAULT_MAX_SIZE } } + validates :failed_login_attempts_unlock_period_in_minutes, + allow_nil: true, + numericality: { only_integer: true, greater_than: 0 } + validates :grafana_url, system_hook_url: ADDRESSABLE_URL_VALIDATION_OPTIONS.merge({ blocked_message: "is blocked: %{exception_message}. #{GRAFANA_URL_ERROR_MESSAGE}" @@ -269,6 +267,10 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord presence: true, numericality: { only_integer: true, greater_than_or_equal_to: 0 } + validates :max_login_attempts, + allow_nil: true, + numericality: { only_integer: true, greater_than: 0 } + validates :max_pages_size, presence: true, numericality: { @@ -311,7 +313,7 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord if: :auto_devops_enabled? validates :enabled_git_access_protocol, - inclusion: { in: %w[ssh http], allow_blank: true } + inclusion: { in: ->(_) { enabled_git_access_protocol_values }, allow_blank: true } validates :domain_denylist, presence: { message: 'Domain denylist cannot be empty if denylist is enabled.' }, @@ -657,6 +659,7 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord validates :throttle_authenticated_deprecated_api_period_in_seconds validates :throttle_protected_paths_requests_per_period validates :throttle_protected_paths_period_in_seconds + validates :project_jobs_api_rate_limit end with_options(numericality: { only_integer: true, greater_than_or_equal_to: 0 }) do @@ -805,11 +808,12 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord attr_encrypted :openai_api_key, encryption_options_base_32_aes_256_gcm.merge(encode: false, encode_iv: false) attr_encrypted :anthropic_api_key, encryption_options_base_32_aes_256_gcm.merge(encode: false, encode_iv: false) attr_encrypted :vertex_ai_credentials, encryption_options_base_32_aes_256_gcm.merge(encode: false, encode_iv: false) + attr_encrypted :vertex_ai_access_token, encryption_options_base_32_aes_256_gcm.merge(encode: false, encode_iv: false) # Restricting the validation to `on: :update` only to avoid cyclical dependencies with # License <--> ApplicationSetting. This method calls a license check when we create # ApplicationSetting from defaults which in turn depends on ApplicationSetting record. - # The currect default is defined in the `defaults` method so we don't need to validate + # The correct default is defined in the `defaults` method so we don't need to validate # it here. validates :disable_feed_token, inclusion: { in: [true, false], message: N_('must be a boolean value') }, on: :update @@ -834,6 +838,9 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord allow_nil: false, inclusion: { in: [true, false], message: N_('must be a boolean value') } + validates :math_rendering_limits_enabled, + inclusion: { in: [true, false], message: N_('must be a boolean value') } + before_validation :ensure_uuid! before_validation :coerce_repository_storages_weighted, if: :repository_storages_weighted_changed? before_validation :normalize_default_branch_name @@ -958,19 +965,31 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord false end + def max_login_attempts_column_exists? + self.class.database.cached_column_exists?(:max_login_attempts) + end + + def failed_login_attempts_unlock_period_in_minutes_column_exists? + self.class.database.cached_column_exists?(:failed_login_attempts_unlock_period_in_minutes) + end + private def self.human_attribute_name(attribute, *options) HUMANIZED_ATTRIBUTES[attribute.to_sym] || super end + def self.enabled_git_access_protocol_values + %w[ssh http] + end + def parsed_grafana_url @parsed_grafana_url ||= Gitlab::Utils.parse_url(grafana_url) end def parsed_kroki_url @parsed_kroki_url ||= Gitlab::UrlBlocker.validate!(kroki_url, schemes: %w[http https], enforce_sanitization: true)[0] - rescue Gitlab::UrlBlocker::BlockedUrlError => e + rescue Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError => e self.errors.add( :kroki_url, "is not valid. #{e}" |