gitlab-org--gitlab-foss/app/models/application_setting.rb

class ApplicationSetting < ActiveRecord::Base
  include TokenAuthenticatable
  add_authentication_token_field :runners_registration_token
  add_authentication_token_field :health_check_access_token

  CACHE_KEY = 'application_setting.last'

  serialize :restricted_visibility_levels
  serialize :import_sources
  serialize :disabled_oauth_sign_in_sources, Array
  serialize :restricted_signup_domains, Array
  attr_accessor :restricted_signup_domains_raw

  validates :session_expire_delay,
            presence: true,
            numericality: { only_integer: true, greater_than_or_equal_to: 0 }

  validates :home_page_url,
            allow_blank: true,
            url: true,
            if: :home_page_url_column_exist

  validates :after_sign_out_path,
            allow_blank: true,
            url: true

  validates :admin_notification_email,
            email: true,
            allow_blank: true

  validates :two_factor_grace_period,
            numericality: { greater_than_or_equal_to: 0 }

  validates :recaptcha_site_key,
            presence: true,
            if: :recaptcha_enabled

  validates :recaptcha_private_key,
            presence: true,
            if: :recaptcha_enabled

  validates :sentry_dsn,
            presence: true,
            if: :sentry_enabled

  validates :akismet_api_key,
            presence: true,
            if: :akismet_enabled

  validates :max_attachment_size,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

  validates :container_registry_token_expire_delay,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

  validates_each :restricted_visibility_levels do |record, attr, value|
    unless value.nil?
      value.each do |level|
        unless Gitlab::VisibilityLevel.options.has_value?(level)
          record.errors.add(attr, "'#{level}' is not a valid visibility level")
        end
      end
    end
  end

  validates_each :import_sources do |record, attr, value|
    unless value.nil?
      value.each do |source|
        unless Gitlab::ImportSources.options.has_value?(source)
          record.errors.add(attr, "'#{source}' is not a import source")
        end
      end
    end
  end

  validates_each :disabled_oauth_sign_in_sources do |record, attr, value|
    unless value.nil?
      value.each do |source|
        unless Devise.omniauth_providers.include?(source.to_sym)
          record.errors.add(attr, "'#{source}' is not an OAuth sign-in source")
        end
      end
    end
  end

  before_save :ensure_runners_registration_token
  before_save :ensure_health_check_access_token

  after_commit do
    Rails.cache.write(CACHE_KEY, self)
  end

  def self.current
    Rails.cache.fetch(CACHE_KEY) do
      ApplicationSetting.last
    end
  end

  def self.expire
    Rails.cache.delete(CACHE_KEY)
  end

  def self.cached
    Rails.cache.fetch(CACHE_KEY)
  end

  def self.create_from_defaults
    create(
      default_projects_limit: Settings.gitlab['default_projects_limit'],
      default_branch_protection: Settings.gitlab['default_branch_protection'],
      signup_enabled: Settings.gitlab['signup_enabled'],
      signin_enabled: Settings.gitlab['signin_enabled'],
      gravatar_enabled: Settings.gravatar['enabled'],
      sign_in_text: nil,
      after_sign_up_text: nil,
      help_page_text: nil,
      shared_runners_text: nil,
      restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'],
      max_attachment_size: Settings.gitlab['max_attachment_size'],
      session_expire_delay: Settings.gitlab['session_expire_delay'],
      default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],
      default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],
      restricted_signup_domains: Settings.gitlab['restricted_signup_domains'],
      import_sources: ['github','bitbucket','gitlab','gitorious','google_code','fogbugz','git'],
      shared_runners_enabled: Settings.gitlab_ci['shared_runners_enabled'],
      max_artifacts_size: Settings.artifacts['max_size'],
      require_two_factor_authentication: false,
      two_factor_grace_period: 48,
      recaptcha_enabled: false,
      akismet_enabled: false,
      repository_checks_enabled: true,
      disabled_oauth_sign_in_sources: [],
      send_user_confirmation_email: false,
      container_registry_token_expire_delay: 5,
    )
  end

  def home_page_url_column_exist
    ActiveRecord::Base.connection.column_exists?(:application_settings, :home_page_url)
  end

  def restricted_signup_domains_raw
    self.restricted_signup_domains.join("\n") unless self.restricted_signup_domains.nil?
  end

  def restricted_signup_domains_raw=(values)
    self.restricted_signup_domains = []
    self.restricted_signup_domains = values.split(
      /\s*[,;]\s*     # comma or semicolon, optionally surrounded by whitespace
      |               # or
      \s              # any whitespace character
      |               # or
      [\r\n]          # any number of newline characters
      /x)
    self.restricted_signup_domains.reject! { |d| d.empty? }
  end

  def runners_registration_token
    ensure_runners_registration_token!
  end

  def health_check_access_token
    ensure_health_check_access_token!
  end
end
Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00			`class ApplicationSetting < ActiveRecord::Base`
Refactor `TokenAuthenticatable` to improve reusability This adds a ability to use multiple different authentication token fields in other models. From now on it is necessary to add authentication token field manually in each class that implements this mixin. 2015-12-10 04:48:37 -05:00			`include TokenAuthenticatable`
			`add_authentication_token_field :runners_registration_token`
Add health_check access token, and enforce on the health_check endpoint Also added a health check page to the admin section for resetting the token. 2016-05-09 19:21:22 -04:00			`add_authentication_token_field :health_check_access_token`
Refactor `TokenAuthenticatable` to improve reusability This adds a ability to use multiple different authentication token fields in other models. From now on it is necessary to add authentication token field manually in each class that implements this mixin. 2015-12-10 04:48:37 -05:00
Fix application settings cache not expiring after changes cache_key is an instance method that relies on updated_at. When changes were made, the time-dependent key was being used instead of X.application_setting.last. Closes #3609 2015-12-03 03:09:10 -05:00			`CACHE_KEY = 'application_setting.last'`

Move restricted visibility settings to the UI Add checkboxes to the application settings page for restricted visibility levels, and remove those settings from gitlab.yml. 2015-03-01 10:06:46 -05:00			`serialize :restricted_visibility_levels`
Import sources: settings in the admin interface 2015-08-12 02:13:20 -04:00			`serialize :import_sources`
Serialize application setting as Array by default 2016-05-23 00:36:25 -04:00			`serialize :disabled_oauth_sign_in_sources, Array`
Add application setting to restrict user signups to e-mail domains This feature was requested long ago: http://feedback.gitlab.com/forums/176466-general/suggestions/4118466-ability-to-register-only-from-ceratain-domains This MR is based off !253 but changed to use application settings and use wildcard strings to give more flexibility in pattern matching. Regexps seemed overkill and easy to get wrong. Only restrict e-mail addresses upon creation 2015-05-02 09:53:32 -04:00			`serialize :restricted_signup_domains, Array`
			`attr_accessor :restricted_signup_domains_raw`
Ensure `session_expire_delay` field exists before accessing it Closes #1798 2015-06-13 00:22:55 -04:00
			`validates :session_expire_delay,`
reCAPTCHA is configurable through Admin Settings, no reload needed. 2015-12-28 15:21:34 -05:00			`presence: true,`
			`numericality: { only_integer: true, greater_than_or_equal_to: 0 }`
Move restricted visibility settings to the UI Add checkboxes to the application settings page for restricted visibility levels, and remove those settings from gitlab.yml. 2015-03-01 10:06:46 -05:00
Rubocop: Style/AlignHash enabled 2015-02-03 00:15:44 -05:00			`validates :home_page_url,`
reCAPTCHA is configurable through Admin Settings, no reload needed. 2015-12-28 15:21:34 -05:00			`allow_blank: true,`
			`url: true,`
			`if: :home_page_url_column_exist`
Allow to specify home page for non logged-in users 2015-01-16 19:01:15 -05:00
Allow to configure a URL to show after sign out 2015-05-29 11:42:27 -04:00			`validates :after_sign_out_path,`
reCAPTCHA is configurable through Admin Settings, no reload needed. 2015-12-28 15:21:34 -05:00			`allow_blank: true,`
			`url: true`
Allow to configure a URL to show after sign out 2015-05-29 11:42:27 -04:00
Validate admin notification email. 2015-10-18 05:58:59 -04:00			`validates :admin_notification_email,`
Re-add EmailValidator to avoid the repetition of format: { with: Devise.email_regexp } 2016-02-09 11:59:47 -05:00			`email: true,`
Validate email addresses using Devise.email_regexp Also: - Get rid of legacy :strict_mode - Get rid of custom :email validator - Add some shared examples to spec emails validation 2016-02-09 09:51:06 -05:00			`allow_blank: true`
Validate admin notification email. 2015-10-18 05:58:59 -04:00
WIP require two factor authentication 2015-12-18 15:29:13 -05:00			`validates :two_factor_grace_period,`
reCAPTCHA is configurable through Admin Settings, no reload needed. 2015-12-28 15:21:34 -05:00			`numericality: { greater_than_or_equal_to: 0 }`

			`validates :recaptcha_site_key,`
			`presence: true,`
			`if: :recaptcha_enabled`

			`validates :recaptcha_private_key,`
			`presence: true,`
			`if: :recaptcha_enabled`
WIP require two factor authentication 2015-12-18 15:29:13 -05:00
Add sentry integration 2016-01-18 11:15:10 -05:00			`validates :sentry_dsn,`
			`presence: true,`
			`if: :sentry_enabled`

Support Akismet spam checking for creation of issues via API Currently any spam detected by Akismet by non-members via API will be logged in a separate table in the admin page. Closes #5612 2016-01-09 14:30:34 -05:00			`validates :akismet_api_key,`
			`presence: true,`
			`if: :akismet_enabled`

Validate maximum attachment size in application settings `max_attachment_size` in `ApplicationSetting` should be present, only integers greater than zero are valid. Closes #13188 2016-02-05 04:12:36 -05:00			`validates :max_attachment_size,`
			`presence: true,`
			`numericality: { only_integer: true, greater_than: 0 }`

Add Application Setting to configure Container Registry token expire delay (default 5min) 2016-05-30 11:12:50 -04:00			`validates :container_registry_token_expire_delay,`
			`presence: true,`
			`numericality: { only_integer: true, greater_than: 0 }`

Move restricted visibility settings to the UI Add checkboxes to the application settings page for restricted visibility levels, and remove those settings from gitlab.yml. 2015-03-01 10:06:46 -05:00			`validates_each :restricted_visibility_levels do \|record, attr, value\|`
Fix restricted visibility bugs Check for nil values in the restricted_visibility_level validation method, and set the restricted visibility request parameter to `[]` when it's missing from the request. 2015-03-16 15:59:50 -04:00			`unless value.nil?`
			`value.each do \|level\|`
			`unless Gitlab::VisibilityLevel.options.has_value?(level)`
			`record.errors.add(attr, "'#{level}' is not a valid visibility level")`
			`end`
Move restricted visibility settings to the UI Add checkboxes to the application settings page for restricted visibility levels, and remove those settings from gitlab.yml. 2015-03-01 10:06:46 -05:00			`end`
			`end`
			`end`

Import sources: settings in the admin interface 2015-08-12 02:13:20 -04:00			`validates_each :import_sources do \|record, attr, value\|`
			`unless value.nil?`
			`value.each do \|source\|`
			`unless Gitlab::ImportSources.options.has_value?(source)`
			`record.errors.add(attr, "'#{source}' is not a import source")`
			`end`
			`end`
			`end`
			`end`

validate disabled_oauth_sign_in_sources in ApplicationSe 2016-05-04 08:57:00 -04:00			`validates_each :disabled_oauth_sign_in_sources do \|record, attr, value\|`
			`unless value.nil?`
			`value.each do \|source\|`
			`unless Devise.omniauth_providers.include?(source.to_sym)`
typo 2016-05-10 03:21:14 -04:00			`record.errors.add(attr, "'#{source}' is not an OAuth sign-in source")`
validate disabled_oauth_sign_in_sources in ApplicationSe 2016-05-04 08:57:00 -04:00			`end`
			`end`
			`end`
			`end`

Ensure that app settings contains runners registration token 2015-12-10 07:05:59 -05:00			`before_save :ensure_runners_registration_token`
Add health_check access token, and enforce on the health_check endpoint Also added a health check page to the admin section for resetting the token. 2016-05-09 19:21:22 -04:00			`before_save :ensure_health_check_access_token`
Ensure that app settings contains runners registration token 2015-12-10 07:05:59 -05:00
Add caching for ApplicationSetting, Ci::ApplicationSetting. ApplicationSetting.current was called in every pages, cache it and expires it after it updated. This changes will avoid a SQL query in every pages (~0.3 - 0.5ms). ```SQL SELECT "application_settings".* FROM "application_settings" ORDER BY "application_settings"."id" DESC LIMIT 1 ``` 2015-11-12 04:19:03 -05:00			`after_commit do`
Fix application settings cache not expiring after changes cache_key is an instance method that relies on updated_at. When changes were made, the time-dependent key was being used instead of X.application_setting.last. Closes #3609 2015-12-03 03:09:10 -05:00			`Rails.cache.write(CACHE_KEY, self)`
Add caching for ApplicationSetting, Ci::ApplicationSetting. ApplicationSetting.current was called in every pages, cache it and expires it after it updated. This changes will avoid a SQL query in every pages (~0.3 - 0.5ms). ```SQL SELECT "application_settings".* FROM "application_settings" ORDER BY "application_settings"."id" DESC LIMIT 1 ``` 2015-11-12 04:19:03 -05:00			`end`

Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00			`def self.current`
Fix application settings cache not expiring after changes cache_key is an instance method that relies on updated_at. When changes were made, the time-dependent key was being used instead of X.application_setting.last. Closes #3609 2015-12-03 03:09:10 -05:00			`Rails.cache.fetch(CACHE_KEY) do`
Add caching for ApplicationSetting, Ci::ApplicationSetting. ApplicationSetting.current was called in every pages, cache it and expires it after it updated. This changes will avoid a SQL query in every pages (~0.3 - 0.5ms). ```SQL SELECT "application_settings".* FROM "application_settings" ORDER BY "application_settings"."id" DESC LIMIT 1 ``` 2015-11-12 04:19:03 -05:00			`ApplicationSetting.last`
			`end`
Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00			`end`
Create ApplicationSettings if does not exist in runtime 2015-01-08 14:26:16 -05:00
Expire application settings from cache at startup If a DB migration occurs, there's a chance that the application settings are loaded from the cache and provide stale values, causing Error 500s. This ensures that at startup the settings are always refreshed. Closes #3643 2015-11-25 14:30:33 -05:00			`def self.expire`
Fix application settings cache not expiring after changes cache_key is an instance method that relies on updated_at. When changes were made, the time-dependent key was being used instead of X.application_setting.last. Closes #3609 2015-12-03 03:09:10 -05:00			`Rails.cache.delete(CACHE_KEY)`
Expire application settings from cache at startup If a DB migration occurs, there's a chance that the application settings are loaded from the cache and provide stale values, causing Error 500s. This ensures that at startup the settings are always refreshed. Closes #3643 2015-11-25 14:30:33 -05:00			`end`

Try and use cache for application settings even when the db is not connected 2016-05-29 15:53:30 -04:00			`def self.cached`
			`Rails.cache.fetch(CACHE_KEY)`
			`end`

Create ApplicationSettings if does not exist in runtime 2015-01-08 14:26:16 -05:00			`def self.create_from_defaults`
			`create(`
			`default_projects_limit: Settings.gitlab['default_projects_limit'],`
Allow configuring protection of the default branch upon first push 2015-01-25 10:33:54 -05:00			`default_branch_protection: Settings.gitlab['default_branch_protection'],`
Create ApplicationSettings if does not exist in runtime 2015-01-08 14:26:16 -05:00			`signup_enabled: Settings.gitlab['signup_enabled'],`
			`signin_enabled: Settings.gitlab['signin_enabled'],`
			`gravatar_enabled: Settings.gravatar['enabled'],`
Allow custom text on 'almost there' page Add a new application setting, after_sign_up_text. This is text to be rendered as Markdown and shown on the 'almost there' page after a user signs up, but before they've confirmed their account. Tweak the styles for that page so that centered lists look reasonable. 2016-05-09 11:12:53 -04:00			`sign_in_text: nil,`
			`after_sign_up_text: nil,`
			`help_page_text: nil,`
			`shared_runners_text: nil,`
Support configurable attachment size via Application Settings Fix bug where error messages from Dropzone would not be displayed on the issues page Closes #1258 2015-03-20 08:11:12 -04:00			`restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'],`
Add new admin settings Add new global application settings for default project and snippet visibility levels. 2015-04-26 01:01:52 -04:00			`max_attachment_size: Settings.gitlab['max_attachment_size'],`
session_expire_seconds => session_expire_delay delay is in seconds more legible code in session_store Added `GitLab restart required` help block to session_expire_delay 2015-06-05 13:16:32 -04:00			`session_expire_delay: Settings.gitlab['session_expire_delay'],`
Add new admin settings Add new global application settings for default project and snippet visibility levels. 2015-04-26 01:01:52 -04:00			`default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],`
Add application setting to restrict user signups to e-mail domains This feature was requested long ago: http://feedback.gitlab.com/forums/176466-general/suggestions/4118466-ability-to-register-only-from-ceratain-domains This MR is based off !253 but changed to use application settings and use wildcard strings to give more flexibility in pattern matching. Regexps seemed overkill and easy to get wrong. Only restrict e-mail addresses upon creation 2015-05-02 09:53:32 -04:00			`default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],`
Import sources: settings in the admin interface 2015-08-12 02:13:20 -04:00			`restricted_signup_domains: Settings.gitlab['restricted_signup_domains'],`
Enable shared runners for all new projects 2015-11-03 08:45:41 -05:00			`import_sources: ['github','bitbucket','gitlab','gitorious','google_code','fogbugz','git'],`
			`shared_runners_enabled: Settings.gitlab_ci['shared_runners_enabled'],`
Expose artifacts path 2015-11-22 08:27:30 -05:00			`max_artifacts_size: Settings.artifacts['max_size'],`
WIP require two factor authentication 2015-12-18 15:29:13 -05:00			`require_two_factor_authentication: false,`
Support Akismet spam checking for creation of issues via API Currently any spam detected by Akismet by non-members via API will be logged in a separate table in the admin page. Closes #5612 2016-01-09 14:30:34 -05:00			`two_factor_grace_period: 48,`
			`recaptcha_enabled: false,`
Add repository_checks_enabled setting 2016-04-12 10:21:23 -04:00			`akismet_enabled: false,`
			`repository_checks_enabled: true,`
fix default send confirmation value 2016-05-16 11:42:34 -04:00			`disabled_oauth_sign_in_sources: [],`
Add Application Setting to configure Container Registry token expire delay (default 5min) 2016-05-30 11:12:50 -04:00			`send_user_confirmation_email: false,`
			`container_registry_token_expire_delay: 5,`
Create ApplicationSettings if does not exist in runtime 2015-01-08 14:26:16 -05:00			`)`
			`end`
Validate application settings only if column exists 2015-01-16 20:22:17 -05:00
			`def home_page_url_column_exist`
			`ActiveRecord::Base.connection.column_exists?(:application_settings, :home_page_url)`
			`end`
Add application setting to restrict user signups to e-mail domains This feature was requested long ago: http://feedback.gitlab.com/forums/176466-general/suggestions/4118466-ability-to-register-only-from-ceratain-domains This MR is based off !253 but changed to use application settings and use wildcard strings to give more flexibility in pattern matching. Regexps seemed overkill and easy to get wrong. Only restrict e-mail addresses upon creation 2015-05-02 09:53:32 -04:00
			`def restricted_signup_domains_raw`
			`self.restricted_signup_domains.join("\n") unless self.restricted_signup_domains.nil?`
			`end`

			`def restricted_signup_domains_raw=(values)`
			`self.restricted_signup_domains = []`
			`self.restricted_signup_domains = values.split(`
Fixed Rubocop offenses 2015-12-14 21:53:52 -05:00			`/\s[,;]\s # comma or semicolon, optionally surrounded by whitespace`
			`\| # or`
			`\s # any whitespace character`
			`\| # or`
			`[\r\n] # any number of newline characters`
			`/x)`
Add application setting to restrict user signups to e-mail domains This feature was requested long ago: http://feedback.gitlab.com/forums/176466-general/suggestions/4118466-ability-to-register-only-from-ceratain-domains This MR is based off !253 but changed to use application settings and use wildcard strings to give more flexibility in pattern matching. Regexps seemed overkill and easy to get wrong. Only restrict e-mail addresses upon creation 2015-05-02 09:53:32 -04:00			`self.restricted_signup_domains.reject! { \|d\| d.empty? }`
			`end`
Use method that creates runners registration token `runners_registration_token` now creates a new token if it is blank. 2015-12-23 04:48:10 -05:00
			`def runners_registration_token`
			`ensure_runners_registration_token!`
			`end`
Add health_check access token, and enforce on the health_check endpoint Also added a health check page to the admin section for resetting the token. 2016-05-09 19:21:22 -04:00
			`def health_check_access_token`
			`ensure_health_check_access_token!`
			`end`
Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00			`end`