`current_application_settings` belongs on `Gitlab::CurrentSettings`

The initializers including this were doing so at the top level, so every object
loaded after them had a `current_application_settings` method. However, if
someone had rack-attack enabled (which was loaded before these initializers), it
would try to load the API, and fail, because `Gitlab::CurrentSettings` didn't
have that method.

To fix this:

1. Don't include `Gitlab::CurrentSettings` at the top level. We do not need
   `Object.new.current_application_settings` to work.
2. Make `Gitlab::CurrentSettings` explicitly `extend self`, as we already use it
   like that in several places.
3. Change the initializers to use that new form.

app/controllers/concerns/requires_whitelisted_monitoring_client.rb

@@ -1,5 +1,8 @@
 module RequiresWhitelistedMonitoringClient
   extend ActiveSupport::Concern
+
+  include Gitlab::CurrentSettings
+
   included do
     before_action :validate_ip_whitelisted_or_valid_token!
   end

app/helpers/application_helper.rb

@@ -202,7 +202,7 @@ module ApplicationHelper
   end
 
   def support_url
-    current_application_settings.help_page_support_url.presence || promo_url + '/getting-help/'
+    Gitlab::CurrentSettings.current_application_settings.help_page_support_url.presence || promo_url + '/getting-help/'
   end
 
   def page_filter_path(options = {})

app/helpers/application_settings_helper.rb

@@ -1,5 +1,8 @@
 module ApplicationSettingsHelper
   extend self
+
+  include Gitlab::CurrentSettings
+
   delegate  :gravatar_enabled?,
             :signup_enabled?,
             :password_authentication_enabled?,

app/helpers/auth_helper.rb

@@ -1,4 +1,6 @@
 module AuthHelper
+  include Gitlab::CurrentSettings
+
   PROVIDERS_WITH_ICONS = %w(twitter github gitlab bitbucket google_oauth2 facebook azure_oauth2 authentiq).freeze
   FORM_BASED_PROVIDERS = [/\Aldap/, 'crowd'].freeze
 

app/helpers/projects_helper.rb

@@ -1,4 +1,6 @@
 module ProjectsHelper
+  include Gitlab::CurrentSettings
+
   def link_to_project(project)
     link_to [project.namespace.becomes(Namespace), project], title: h(project.name) do
       title = content_tag(:span, project.name, class: 'project-name')

app/mailers/base_mailer.rb

@@ -1,11 +1,13 @@
 class BaseMailer < ActionMailer::Base
+  include Gitlab::CurrentSettings
+
   around_action :render_with_default_locale
 
   helper ApplicationHelper
   helper MarkupHelper
 
   attr_accessor :current_user
-  helper_method :current_user, :can?
+  helper_method :current_user, :can?, :current_application_settings
 
   default from:     proc { default_sender_address.format }
   default reply_to: proc { default_reply_to_address.format }

app/models/concerns/spammable.rb

@@ -28,7 +28,7 @@ module Spammable
 
   def submittable_as_spam?
     if user_agent_detail
-      user_agent_detail.submittable? && current_application_settings.akismet_enabled
+      user_agent_detail.submittable? && Gitlab::CurrentSettings.current_application_settings.akismet_enabled
     else
       false
     end

app/models/project.rb

@@ -19,6 +19,7 @@ class Project < ActiveRecord::Base
   include Routable
 
   extend Gitlab::ConfigHelper
+  extend Gitlab::CurrentSettings
 
   BoardLimitExceeded = Class.new(StandardError)
 

app/models/protected_branch.rb

@@ -2,6 +2,8 @@ class ProtectedBranch < ActiveRecord::Base
   include Gitlab::ShellAdapter
   include ProtectedRef
 
+  extend Gitlab::CurrentSettings
+
   protected_ref_access_levels :merge, :push
 
   # Check if branch name is marked as protected in the system

app/models/snippet.rb

@@ -10,6 +10,8 @@ class Snippet < ActiveRecord::Base
   include Spammable
   include Editable
 
+  extend Gitlab::CurrentSettings
+
   cache_markdown_field :title, pipeline: :single_line
   cache_markdown_field :description
   cache_markdown_field :content

app/models/user.rb

@@ -2,6 +2,7 @@ require 'carrierwave/orm/activerecord'
 
 class User < ActiveRecord::Base
   extend Gitlab::ConfigHelper
+  extend Gitlab::CurrentSettings
 
   include Gitlab::ConfigHelper
   include Gitlab::CurrentSettings

app/policies/base_policy.rb

@@ -1,8 +1,6 @@
 require_dependency 'declarative_policy'
 
 class BasePolicy < DeclarativePolicy::Base
-  include Gitlab::CurrentSettings
-
   desc "User is an instance admin"
   with_options scope: :user, score: 0
   condition(:admin) { @user&.admin? }
@@ -15,6 +13,6 @@ class BasePolicy < DeclarativePolicy::Base
 
   desc "The application is restricted from public visibility"
   condition(:restricted_public_level, scope: :global) do
-    current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
+    Gitlab::CurrentSettings.current_application_settings.restricted_visibility_levels.include?(Gitlab::VisibilityLevel::PUBLIC)
   end
 end

app/services/akismet_service.rb

@@ -1,4 +1,6 @@
 class AkismetService
+  include Gitlab::CurrentSettings
+
   attr_accessor :owner, :text, :options
 
   def initialize(owner, text, options = {})

app/services/auth/container_registry_authentication_service.rb

@@ -1,6 +1,6 @@
 module Auth
   class ContainerRegistryAuthenticationService < BaseService
-    include Gitlab::CurrentSettings
+    extend Gitlab::CurrentSettings
 
     AUDIENCE = 'container_registry'.freeze
 

app/services/projects/update_pages_service.rb

@@ -1,5 +1,7 @@
 module Projects
   class UpdatePagesService < BaseService
+    include Gitlab::CurrentSettings
+
     BLOCK_SIZE = 32.kilobytes
     MAX_SIZE = 1.terabyte
     SITE_PATH = 'public/'.freeze

app/services/upload_service.rb

@@ -1,4 +1,6 @@
 class UploadService
+  include Gitlab::CurrentSettings
+
   def initialize(model, file, uploader_class = FileUploader)
     @model, @file, @uploader_class = model, file, uploader_class
   end

app/services/users/build_service.rb

@@ -1,5 +1,7 @@
 module Users
   class BuildService < BaseService
+    include Gitlab::CurrentSettings
+
     def initialize(current_user, params = {})
       @current_user = current_user
       @params = params.dup

config/initializers/sentry.rb

@@ -1,19 +1,18 @@
 # Be sure to restart your server when you modify this file.
 
 require 'gitlab/current_settings'
-include Gitlab::CurrentSettings
 
 if Rails.env.production?
   # allow it to fail: it may do so when create_from_defaults is executed before migrations are actually done
   begin
-    sentry_enabled = current_application_settings.sentry_enabled
+    sentry_enabled = Gitlab::CurrentSettings.current_application_settings.sentry_enabled
   rescue
     sentry_enabled = false
   end
 
   if sentry_enabled
     Raven.configure do |config|
-      config.dsn = current_application_settings.sentry_dsn
+      config.dsn = Gitlab::CurrentSettings.current_application_settings.sentry_dsn
       config.release = Gitlab::REVISION
 
       # Sanitize fields based on those sanitized from Rails.

config/initializers/session_store.rb

@@ -1,11 +1,10 @@
 # Be sure to restart your server when you modify this file.
 
 require 'gitlab/current_settings'
-include Gitlab::CurrentSettings
 
 # allow it to fail: it may do so when create_from_defaults is executed before migrations are actually done
 begin
-  Settings.gitlab['session_expire_delay'] = current_application_settings.session_expire_delay || 10080
+  Settings.gitlab['session_expire_delay'] = Gitlab::CurrentSettings.current_application_settings.session_expire_delay || 10080
 rescue
   Settings.gitlab['session_expire_delay'] ||= 10080
 end

lib/api/helpers/runner.rb

@@ -1,6 +1,8 @@
 module API
   module Helpers
     module Runner
+      include Gitlab::CurrentSettings
+
       JOB_TOKEN_HEADER = 'HTTP_JOB_TOKEN'.freeze
       JOB_TOKEN_PARAM = :token
       UPDATE_RUNNER_EVERY = 10 * 60

lib/email_template_interceptor.rb

@@ -1,6 +1,6 @@
 # Read about interceptors in http://guides.rubyonrails.org/action_mailer_basics.html#intercepting-emails
 class EmailTemplateInterceptor
-  include Gitlab::CurrentSettings
+  extend Gitlab::CurrentSettings
 
   def self.delivering_email(message)
     # Remove HTML part if HTML emails are disabled.

lib/gitlab/asciidoc.rb

@@ -6,6 +6,8 @@ module Gitlab
   # Parser/renderer for the AsciiDoc format that uses Asciidoctor and filters
   # the resulting HTML through HTML pipeline filters.
   module Asciidoc
+    extend Gitlab::CurrentSettings
+
     DEFAULT_ADOC_ATTRS = [
       'showtitle', 'idprefix=user-content-', 'idseparator=-', 'env=gitlab',
       'env-gitlab', 'source-highlighter=html-pipeline', 'icons=font'

lib/gitlab/auth.rb

@@ -19,6 +19,8 @@ module Gitlab
     OPTIONAL_SCOPES = (AVAILABLE_SCOPES + OPENID_SCOPES - DEFAULT_SCOPES).freeze
 
     class << self
+      include Gitlab::CurrentSettings
+
       def find_for_git_client(login, password, project:, ip:)
         raise "Must provide an IP for rate limiting" if ip.nil?
 

lib/gitlab/current_settings.rb

@@ -1,5 +1,7 @@
 module Gitlab
   module CurrentSettings
+    extend self
+
     def current_application_settings
       if RequestStore.active?
         RequestStore.fetch(:current_application_settings) { ensure_application_settings! }

lib/gitlab/gon_helper.rb

@@ -3,6 +3,7 @@
 module Gitlab
   module GonHelper
     include WebpackHelper
+    include Gitlab::CurrentSettings
 
     def add_gon_variables
       gon.api_version            = 'v4'

lib/gitlab/metrics/influx_db.rb

@@ -1,7 +1,7 @@
 module Gitlab
   module Metrics
     module InfluxDb
-      extend Gitlab::CurrentSettings
+      include Gitlab::CurrentSettings
       extend self
 
       MUTEX = Mutex.new

lib/gitlab/performance_bar.rb

@@ -1,6 +1,6 @@
 module Gitlab
   module PerformanceBar
-    include Gitlab::CurrentSettings
+    extend Gitlab::CurrentSettings
 
     ALLOWED_USER_IDS_KEY = 'performance_bar_allowed_user_ids:v2'.freeze
     EXPIRY_TIME = 5.minutes

lib/gitlab/polling_interval.rb

@@ -1,6 +1,6 @@
 module Gitlab
   class PollingInterval
-    include Gitlab::CurrentSettings
+    extend Gitlab::CurrentSettings
 
     HEADER_NAME = 'Poll-Interval'.freeze
 

lib/gitlab/protocol_access.rb

@@ -1,5 +1,7 @@
 module Gitlab
   module ProtocolAccess
+    extend Gitlab::CurrentSettings
+
     def self.allowed?(protocol)
       if protocol == 'web'
         true

lib/gitlab/recaptcha.rb

@@ -1,5 +1,7 @@
 module Gitlab
   module Recaptcha
+    extend Gitlab::CurrentSettings
+
     def self.load_configurations!
       if current_application_settings.recaptcha_enabled
         ::Recaptcha.configure do |config|

lib/gitlab/sentry.rb

@@ -1,5 +1,7 @@
 module Gitlab
   module Sentry
+    extend Gitlab::CurrentSettings
+
     def self.enabled?
       Rails.env.production? && current_application_settings.sentry_enabled?
     end

lib/gitlab/usage_data.rb

@@ -1,8 +1,8 @@
 module Gitlab
   class UsageData
-    include Gitlab::CurrentSettings
-
     class << self
+      include Gitlab::CurrentSettings
+
       def data(force_refresh: false)
         Rails.cache.fetch('usage_data', force: force_refresh, expires_in: 2.weeks) { uncached_data }
       end

lib/tasks/import.rake

@@ -80,7 +80,7 @@ class GithubImport
   end
 
   def visibility_level
-    @repo['private'] ? Gitlab::VisibilityLevel::PRIVATE : current_application_settings.default_project_visibility
+    @repo['private'] ? Gitlab::VisibilityLevel::PRIVATE : Gitlab::CurrentSettings.current_application_settings.default_project_visibility
   end
 end
 

spec/helpers/version_check_helper_spec.rb

@@ -4,7 +4,7 @@ describe VersionCheckHelper do
   describe '#version_status_badge' do
     it 'should return nil if not dev environment and not enabled' do
       allow(Rails.env).to receive(:production?) { false }
-      allow(current_application_settings).to receive(:version_check_enabled) { false }
+      allow(helper.current_application_settings).to receive(:version_check_enabled) { false }
 
       expect(helper.version_status_badge).to be(nil)
     end
@@ -12,7 +12,7 @@ describe VersionCheckHelper do
     context 'when production and enabled' do
       before do
         allow(Rails.env).to receive(:production?) { true }
-        allow(current_application_settings).to receive(:version_check_enabled) { true }
+        allow(helper.current_application_settings).to receive(:version_check_enabled) { true }
         allow_any_instance_of(VersionCheck).to receive(:url) { 'https://version.host.com/check.svg?gitlab_info=xxx' }
 
         @image_tag = helper.version_status_badge

spec/lib/gitlab/auth/unique_ips_limiter_spec.rb

@@ -41,7 +41,7 @@ describe Gitlab::Auth::UniqueIpsLimiter, :clean_gitlab_redis_shared_state do
 
     context 'allow 2 unique ips' do
       before do
-        current_application_settings.update!(unique_ips_limit_per_user: 2)
+        Gitlab::CurrentSettings.current_application_settings.update!(unique_ips_limit_per_user: 2)
       end
 
       it 'blocks user trying to login from third ip' do

spec/support/stub_env.rb

@@ -1,5 +1,7 @@
 # Inspired by https://github.com/ljkbennett/stub_env/blob/master/lib/stub_env/helpers.rb
 module StubENV
+  include Gitlab::CurrentSettings
+
   def stub_env(key_or_hash, value = nil)
     init_stub unless env_stubbed?
     if key_or_hash.is_a? Hash

spec/views/admin/dashboard/index.html.haml_spec.rb

@@ -9,6 +9,7 @@ describe 'admin/dashboard/index.html.haml' do
     assign(:groups, create_list(:group, 1))
 
     allow(view).to receive(:admin?).and_return(true)
+    allow(view).to receive(:current_application_settings).and_return(Gitlab::CurrentSettings.current_application_settings)
   end
 
   it "shows version of GitLab Workhorse" do

spec/views/devise/shared/_signin_box.html.haml_spec.rb

@@ -5,6 +5,7 @@ describe 'devise/shared/_signin_box' do
     before do
       stub_devise
       assign(:ldap_servers, [])
+      allow(view).to receive(:current_application_settings).and_return(Gitlab::CurrentSettings.current_application_settings)
     end
 
     it 'is shown when Crowd is enabled' do

spec/views/help/index.html.haml_spec.rb

@@ -37,5 +37,6 @@ describe 'help/index' do
   def stub_helpers
     allow(view).to receive(:markdown).and_return('')
     allow(view).to receive(:version_status_badge).and_return('')
+    allow(view).to receive(:current_application_settings).and_return(Gitlab::CurrentSettings.current_application_settings)
   end
 end

spec/views/layouts/_head.html.haml_spec.rb

@@ -1,6 +1,10 @@
 require 'spec_helper'
 
 describe 'layouts/_head' do
+  before do
+    allow(view).to receive(:current_application_settings).and_return(Gitlab::CurrentSettings.current_application_settings)
+  end
+
   it 'escapes HTML-safe strings in page_title' do
     stub_helper_with_safe_string(:page_title)
 

spec/views/projects/commits/_commit.html.haml_spec.rb

@@ -1,6 +1,10 @@
 require 'spec_helper'
 
 describe 'projects/commits/_commit.html.haml' do
+  before do
+    allow(view).to receive(:current_application_settings).and_return(Gitlab::CurrentSettings.current_application_settings)
+  end
+
   context 'with a singed commit' do
     let(:project) { create(:project, :repository) }
     let(:repository) { project.repository }

spec/views/projects/edit.html.haml_spec.rb

@@ -10,7 +10,9 @@ describe 'projects/edit' do
     assign(:project, project)
 
     allow(controller).to receive(:current_user).and_return(user)
-    allow(view).to receive_messages(current_user: user, can?: true)
+    allow(view).to receive_messages(current_user: user,
+                                    can?: true,
+                                    current_application_settings: Gitlab::CurrentSettings.current_application_settings)
   end
 
   context 'LFS enabled setting' do

spec/views/projects/merge_requests/creations/_new_submit.html.haml_spec.rb

@@ -14,6 +14,7 @@ describe 'projects/merge_requests/creations/_new_submit.html.haml' do
     allow(view).to receive(:can?).and_return(true)
     allow(view).to receive(:url_for).and_return('#')
     allow(view).to receive(:current_user).and_return(merge_request.author)
+    allow(view).to receive(:current_application_settings).and_return(Gitlab::CurrentSettings.current_application_settings)
   end
 
   context 'when there are pipelines for merge request but no pipeline for last commit' do

spec/views/projects/merge_requests/show.html.haml_spec.rb

@@ -25,7 +25,9 @@ describe 'projects/merge_requests/show.html.haml' do
     assign(:notes, [])
     assign(:pipelines, Ci::Pipeline.none)
 
-    allow(view).to receive_messages(current_user: user, can?: true)
+    allow(view).to receive_messages(current_user: user,
+                                    can?: true,
+                                    current_application_settings: Gitlab::CurrentSettings.current_application_settings)
   end
 
   context 'when the merge request is closed' do

spec/views/projects/tree/show.html.haml_spec.rb

@@ -12,6 +12,7 @@ describe 'projects/tree/show' do
 
     allow(view).to receive(:can?).and_return(true)
     allow(view).to receive(:can_collaborate_with_project?).and_return(true)
+    allow(view).to receive(:current_application_settings).and_return(Gitlab::CurrentSettings.current_application_settings)
   end
 
   context 'for branch names ending on .json' do

spec/views/shared/projects/_project.html.haml_spec.rb

@@ -3,6 +3,10 @@ require 'spec_helper'
 describe 'shared/projects/_project.html.haml' do
   let(:project) { create(:project) }
 
+  before do
+    allow(view).to receive(:current_application_settings).and_return(Gitlab::CurrentSettings.current_application_settings)
+  end
+
   it 'should render creator avatar if project has a creator' do
     render 'shared/projects/project', use_creator_avatar: true, project: project