This method, #route_not_found, is executed as the final fallback for
unrecognized routes (as the name might imply.) We want to avoid
`#authenticate_user!` when calling `#route_not_found`;
`#authenticate_user!` can, depending on the request format, return a 401
instead of redirecting to a login page. This opens a subtle security
exploit where anonymous users will receive a 401 response when
attempting to access a private repo, while a recognized user will
receive a 404, exposing the existence of the private, hidden repo.
This sets up all the basics for importing Phabricator tasks into
GitLab issues.
To import all tasks from a Phabricator instance into GitLab, we'll
import all of them into a new project that will have its repository
disabled.
The import is hooked into a regular ProjectImport setup, but similar
to the GitHub parallel importer takes care of all the imports itself.
In this iteration, we're importing each page of tasks in a separate
sidekiq job.
The first thing we do when requesting a new page of tasks is schedule
the next page to be imported. But to avoid deadlocks, we only allow a
single job per worker type to run at the same time.
For now we're only importing basic Issue information, this should be
extended to richer information.
This change is a fairly straightforward refactor to extract the tracing
and correlation-id code from the gitlab rails codebase into the new
LabKit-Ruby project.
The corresponding import into LabKit-Ruby was in
https://gitlab.com/gitlab-org/labkit-ruby/merge_requests/1
The code itself remains very similar for now.
Extracting it allows us to reuse it in other projects, such as
Gitaly-Ruby. This will give us the advantages of correlation-ids and
distributed tracing in that project too.
`queue_duration` is a useful metric that is currently in api_json.log
but not in production_json.log. We should add it because it tells us how
long the request sat in Workhorse before Unicorn processed it. Having
this field enables the support team to better troubleshoot when delays
began to happen.
The Correlation ID is taken or generated from received X-Request-ID.
Then it is being passed to all executed services (sidekiq workers
or gitaly calls).
The Correlation ID is logged in all structured logs as `correlation_id`.
Adds gitlab.impersonation_enabled config option defaulting to true to
keep the current default behaviour.
Only the act of impersonation is modified, impersonation token
management is not affected.
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"
See merge request gitlab/gitlabhq!2583
In Rails 5 catches invalid UTF8 characters in querystring in a
params middleware, errors are handled by a params middleware and
raises a BadRequest exception. This means that these UTF8 errors
are not raised deeper in application stack and these can't also
be handled on application level.
If we would want to have custom handler for these errors, we would
have to create a new middleware and insert it before actionpack's
params middleware and rescue BadRequest exceptions there. But there
is no need to do this currently (see discussion on
https://gitlab.com/gitlab-org/gitlab-ce/issues/51908)
Was introduced in the time that GitLab still used NFS, which is not
required anymore in most cases. By removing this, the API it calls will
return empty responses. This interface has to be removed in the next
major release, expected to be 12.0.
By default, all sessions are given the same expiration time configured in the
session store (e.g. 1 week). However, unauthenticated users can generate a lot
of sessions, primarily for CSRF verification. It makes sense to reduce the TTL
for unauthenticated to something much lower than the default (e.g. 1 hour) to
limit Redis memory. In addition, Rails creates a new session after login,
so the short TTL doesn't even need to be extended.
Closes#48101
Since Rails 5.0 the `protect_from_forgery` callback doesn't run first by
default anymore. [1]
Instead it gets inserted into callbacks chain where callbacks get
called in order.
This commit forces the callback to run first.
[1]: 3979403781
The `errors/access_denied` page should not fail to render when no
message is provided.
When accessing something as a sessionless user, we should also display
the terms message if possible.
We have a number of import errors occurring with 422 errors, and
it's hard to determine why they are happening. This change will
surface the errors in the log lines.
Relates to #47365
When we want to show an access denied message to a user, we don't have
to hide the resource's existence.
So in that case we render a 403, this 403 is not handled by nginx on
omnibus installs, making sure the message is visible to the user.
Before we would block the `sign_out` request when the user did not
accept the terms, therefore redirecting them to the terms again.
By allowing all request to devise controllers, we avoid this problem.
This enforces the terms in the web application. These cases are
specced:
- Logging in: When terms are enforced, and a user logs in that has not
accepted the terms, they are presented with the screen. They get
directed to their customized root path afterwards.
- Signing up: After signing up, the first screen the user is presented
with the screen to accept the terms. After they accept they are
directed to the dashboard.
- While a session is active:
- For a GET: The user will be directed to the terms page first,
after they accept the terms, they will be directed to the page
they were going to
- For any other request: They are directed to the terms, after they
accept the terms, they are directed back to the page they came
from to retry the request. Any information entered would be
persisted in localstorage and available on the page.
Rails 5.0 requires to explicitly permit attributes when building a URL
using current `params` object.
The `safe_params` helper allows developers to just call `safe_params.merge(...)`
instead of manually adding `permit` to every call.
https://github.com/rails/rails/pull/20868
The default 404 handler would return the Content-Type format based on the
given format extension. This would cause the Rails CSRF protection to flag an
error, since the .js extension gets mapped to text/javascript format.
Closes#40771
Devise sets `current_user`, but not all controllers authenticate users by
session tokens. Try to use the controller-defined `authenticated_user` if
`current_user` is not available.
Closesgitlab-org/gitlab-ee#3611
When sign-in is disabled:
- skip password expiration checks
- prevent password reset requests
- don’t show Password tab in User Settings
- don’t allow login with username/password for Git over HTTP requests
- render 404 on requests to Profiles::PasswordsController
A `performance_team` Flipper group has been created. By default this
group is nil but this can be customized in `gitlab.yml` via the
performance_bar.allowed_group setting.
Signed-off-by: Rémy Coutable <remy@rymai.me>
Support noticed that a number of exceptions, such as
"Encoding::CompatibilityError (incompatible character encodings: UTF-8 and
ASCII-8BIT)", failed to report to Sentry. The `rescue_from` in the
ApplicationController prevented these exceptions from being recorded.
This change ensures that these exceptions are properly captured.
Yorick Peterse
GitLab Release Tools Bot
GitLab Bot
Kerri Miller
dineshpanda
Grzegorz Bizon
George Koltsov
Alex Buijs
Heinrich Lee Yu
manojmj
Stan Hu
James Edwards-Jones
Bob Van Landuyt
Andrew Newdigate
Martin Wortschack
Rémy Coutable
Luke Bennett
Jasper Maes
Jarka Košanová
Kamil Trzciński
Imre Farkas
Cindy Pallares
Sean McGivern
James Lopez
Jan Provaznik
Zeger-Jan van de Weg
David
Igor Kapkov
Felipe Artur
gfyoung
Peter Leitzen
Tim Zallmann
Grzegorz Bizon
Sean McGivern
Dmitriy Zaporozhets
blackst0ne
Paul Slaughter
Francisco Javier López
Horatiu Eugen Vlad
Mario de la Ossa
Markus Koller
Tiago Botelho
Michael Kozono
Jacopo
Douwe Maan
Toon Claes
Bob Van Landuyt
Robin Bobbitt