kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/app/models/application_setting.rb

227 lines
7.9 KiB
Ruby
Raw Normal View History

Enable frozen string in app/models/*.rb Partially addresses #47424.
2018-07-25 05:30:33 -04:00
# frozen_string_literal: true
Init ApplicationSettings resource with defaults from config file
2015-01-08 03:22:50 -05:00
class ApplicationSetting < ActiveRecord::Base
Use the new CacheableAttributes concern in the ApplicationSetting and Appearance models Signed-off-by: Rémy Coutable <remy@rymai.me>
2018-05-04 13:23:50 -04:00
include CacheableAttributes
Add markdown cache columns to the database, but don't use them yet This commit adds a number of _html columns and, with the exception of Note, starts updating them whenever the content of their partner fields changes. Note has a collision with the note_html attr_accessor; that will be fixed later A background worker for clearing these cache columns is also introduced - use `rake cache:clear` to set it off. You can clear the database or Redis caches separately by running `rake cache:clear:db` or `rake cache:clear:redis`, respectively.
2016-10-06 17:17:11 -04:00
include CacheMarkdownField
Refactor `TokenAuthenticatable` to improve reusability This adds a ability to use multiple different authentication token fields in other models. From now on it is necessary to add authentication token field manually in each class that implements this mixin.
2015-12-10 04:48:37 -05:00
include TokenAuthenticatable
Remove Git circuit breaker Was introduced in the time that GitLab still used NFS, which is not required anymore in most cases. By removing this, the API it calls will return empty responses. This interface has to be removed in the next major release, expected to be 12.0.
2018-10-09 01:59:42 -04:00
include IgnorableColumn
Allow to make builds soft-archived. The soft-archived builds cannot be run after some deadline time. The intent is to aggressively recycle old builds after sometime.
2018-10-23 06:58:41 -04:00
include ChronicDurationAttribute
Add markdown cache columns to the database, but don't use them yet This commit adds a number of _html columns and, with the exception of Note, starts updating them whenever the content of their partner fields changes. Note has a collision with the note_html attr_accessor; that will be fixed later A background worker for clearing these cache columns is also introduced - use `rake cache:clear` to set it off. You can clear the database or Redis caches separately by running `rake cache:clear:db` or `rake cache:clear:redis`, respectively.
2016-10-06 17:17:11 -04:00
Make runners token encryption to be optional
2019-03-15 10:32:15 -04:00
add_authentication_token_field :runners_registration_token, encrypted: -> { Feature.enabled?(:application_settings_tokens_optional_encryption, default_enabled: true) ? :optional : :required }
Add health_check access token, and enforce on the health_check endpoint Also added a health check page to the admin section for resetting the token.
2016-05-09 19:21:22 -04:00
add_authentication_token_field :health_check_access_token
Refactor `TokenAuthenticatable` to improve reusability This adds a ability to use multiple different authentication token fields in other models. From now on it is necessary to add authentication token field manually in each class that implements this mixin.
2015-12-10 04:48:37 -05:00
Update TokenAuthenticatable so methods can be overridden
2019-03-08 10:28:59 -05:00
# Include here so it can override methods from
# `add_authentication_token_field`
# We don't prepend for now because otherwise we'll need to
# fix a lot of tests using allow_any_instance_of
include ApplicationSettingImplementation
Rename ActiverecordSerialize cop This cop has been renamed to ActiveRecordSerialize to match the way "ActiveRecord" is usually written.
2017-07-03 10:01:41 -04:00
serialize :restricted_visibility_levels # rubocop:disable Cop/ActiveRecordSerialize
serialize :import_sources # rubocop:disable Cop/ActiveRecordSerialize
serialize :disabled_oauth_sign_in_sources, Array # rubocop:disable Cop/ActiveRecordSerialize
serialize :domain_whitelist, Array # rubocop:disable Cop/ActiveRecordSerialize
serialize :domain_blacklist, Array # rubocop:disable Cop/ActiveRecordSerialize
serialize :repository_storages # rubocop:disable Cop/ActiveRecordSerialize
Added the ability to block sign ups using a domain blacklist.
2016-07-14 14:19:40 -04:00
Remove Git circuit breaker Was introduced in the time that GitLab still used NFS, which is not required anymore in most cases. By removing this, the API it calls will return empty responses. This interface has to be removed in the next major release, expected to be 12.0.
2018-10-09 01:59:42 -04:00
ignore_column :circuitbreaker_failure_count_threshold
ignore_column :circuitbreaker_failure_reset_time
ignore_column :circuitbreaker_storage_timeout
ignore_column :circuitbreaker_access_retries
ignore_column :circuitbreaker_check_interval
Remove Koding integration and documentation This integration no longer works and does not appear to be supported. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/39697
2018-10-12 20:54:08 -04:00
ignore_column :koding_url
ignore_column :koding_enabled
Remove Git circuit breaker Was introduced in the time that GitLab still used NFS, which is not required anymore in most cases. By removing this, the API it calls will return empty responses. This interface has to be removed in the next major release, expected to be 12.0.
2018-10-09 01:59:42 -04:00
Add markdown cache columns to the database, but don't use them yet This commit adds a number of _html columns and, with the exception of Note, starts updating them whenever the content of their partner fields changes. Note has a collision with the note_html attr_accessor; that will be fixed later A background worker for clearing these cache columns is also introduced - use `rake cache:clear` to set it off. You can clear the database or Redis caches separately by running `rake cache:clear:db` or `rake cache:clear:redis`, respectively.
2016-10-06 17:17:11 -04:00
cache_markdown_field :sign_in_text
cache_markdown_field :help_page_text
cache_markdown_field :shared_runners_text, pipeline: :plain_markdown
cache_markdown_field :after_sign_up_text
Prevent creating multiple ApplicationSetting by forcing it to always have id=1
2017-10-05 15:56:23 -04:00
default_value_for :id, 1
Allow to make builds soft-archived. The soft-archived builds cannot be run after some deadline time. The intent is to aggressively recycle old builds after sometime.
2018-10-23 06:58:41 -04:00
chronic_duration_attr_writer :archive_builds_in_human_readable, :archive_builds_in_seconds
Lazily sets UUID in ApplicationSetting for new installations
2017-04-24 15:12:05 -04:00
validates :uuid, presence: true
Ensure `session_expire_delay` field exists before accessing it Closes #1798
2015-06-13 00:22:55 -04:00
validates :session_expire_delay,
reCAPTCHA is configurable through Admin Settings, no reload needed.
2015-12-28 15:21:34 -05:00
presence: true,
numericality: { only_integer: true, greater_than_or_equal_to: 0 }
Move restricted visibility settings to the UI Add checkboxes to the application settings page for restricted visibility levels, and remove those settings from gitlab.yml.
2015-03-01 10:06:46 -05:00
Rubocop: Style/AlignHash enabled
2015-02-03 00:15:44 -05:00
validates :home_page_url,
reCAPTCHA is configurable through Admin Settings, no reload needed.
2015-12-28 15:21:34 -05:00
allow_blank: true,
url: true,
Help landing page customizations
2017-06-13 12:46:02 -04:00
if: :home_page_url_column_exists?
validates :help_page_support_url,
allow_blank: true,
url: true,
if: :help_page_support_url_column_exists?
Allow to specify home page for non logged-in users
2015-01-16 19:01:15 -05:00
Allow to configure a URL to show after sign out
2015-05-29 11:42:27 -04:00
validates :after_sign_out_path,
reCAPTCHA is configurable through Admin Settings, no reload needed.
2015-12-28 15:21:34 -05:00
allow_blank: true,
url: true
Allow to configure a URL to show after sign out
2015-05-29 11:42:27 -04:00
Validate admin notification email.
2015-10-18 05:58:59 -04:00
validates :admin_notification_email,
Align EmailValidator to validate_email gem implementation. Renamed EmailValidator to DeviseEmailValidator to avoid 'email:' naming collision with ActiveModel::Validations::EmailValidator in 'validates' statement. Make use of the options attribute of the parent class ActiveModel::EachValidator. Add more options: regex.
2018-10-26 18:39:00 -04:00
devise_email: true,
Validate email addresses using Devise.email_regexp Also: - Get rid of legacy :strict_mode - Get rid of custom :email validator - Add some shared examples to spec emails validation
2016-02-09 09:51:06 -05:00
allow_blank: true
Validate admin notification email.
2015-10-18 05:58:59 -04:00
WIP require two factor authentication
2015-12-18 15:29:13 -05:00
validates :two_factor_grace_period,
reCAPTCHA is configurable through Admin Settings, no reload needed.
2015-12-28 15:21:34 -05:00
numericality: { greater_than_or_equal_to: 0 }
validates :recaptcha_site_key,
presence: true,
if: :recaptcha_enabled
validates :recaptcha_private_key,
presence: true,
if: :recaptcha_enabled
WIP require two factor authentication
2015-12-18 15:29:13 -05:00
Add sentry integration
2016-01-18 11:15:10 -05:00
validates :sentry_dsn,
presence: true,
if: :sentry_enabled
Attempted adding separate clientside_sentry settings
2017-04-28 08:23:34 -04:00
validates :clientside_sentry_dsn,
presence: true,
if: :clientside_sentry_enabled
Support Akismet spam checking for creation of issues via API Currently any spam detected by Akismet by non-members via API will be logged in a separate table in the admin page. Closes #5612
2016-01-09 14:30:34 -05:00
validates :akismet_api_key,
presence: true,
if: :akismet_enabled
Add admin settings entries
2017-02-17 08:04:10 -05:00
validates :unique_ips_limit_per_user,
numericality: { greater_than_or_equal_to: 1 },
presence: true,
if: :unique_ips_limit_enabled
validates :unique_ips_limit_time_window,
numericality: { greater_than_or_equal_to: 0 },
presence: true,
if: :unique_ips_limit_enabled
Add support for PlantUML diagrams in Asciidoc. This MR enables rendering of PlantUML diagrams in Asciidoc documents. To add a PlantUML diagram all we need is to include a plantuml block like: ``` [plantuml, id="myDiagram", width="100px", height="100px"] -- bob -> alice : ping alice -> bob : pong -- ``` The plantuml block is substituted by an HTML img element with *src* pointing to an external PlantUML server. This MR also add a PlantUML integration section to the Administrator -> Settings page to configure the PlantUML rendering service and to enable/disable it. Closes: #17603
2016-11-28 12:41:29 -05:00
validates :plantuml_url,
presence: true,
if: :plantuml_enabled
Validate maximum attachment size in application settings `max_attachment_size` in `ApplicationSetting` should be present, only integers greater than zero are valid. Closes #13188
2016-02-05 04:12:36 -05:00
validates :max_attachment_size,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
Initial implementation for default artifacts expiration TODO: Add tests and screenshots
2017-02-14 05:00:37 -05:00
validates :max_artifacts_size,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
Introduce DurationValidator, feedback: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9219#note_24032923
2017-02-24 04:28:24 -05:00
validates :default_artifacts_expire_in, presence: true, duration: true
Initial implementation for default artifacts expiration TODO: Add tests and screenshots
2017-02-14 05:00:37 -05:00
Add Application Setting to configure Container Registry token expire delay (default 5min)
2016-05-30 11:12:50 -04:00
validates :container_registry_token_expire_delay,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
Allow multiple repository storage shards to be enabled, and automatically round-robin between them
2016-11-03 10:12:20 -04:00
validates :repository_storages, presence: true
validate :check_repository_storages
Add Application Setting to configure default Repository Path for new projects
2016-06-29 23:35:00 -04:00
Add validation for auto_devops_domain
2018-01-22 13:29:15 -05:00
validates :auto_devops_domain,
allow_blank: true,
hostname: { allow_numeric_hostname: true, require_valid_tld: true },
if: :auto_devops_enabled?
Rename `enabled_git_access_protocols` to singular.
2016-06-29 15:30:27 -04:00
validates :enabled_git_access_protocol,
Only allow Git Access on the allowed protocol
2016-06-20 21:40:56 -04:00
inclusion: { in: %w(ssh http), allow_blank: true, allow_nil: true }
Add setting that allows admins to choose which Git access protocols are enabled
2016-06-15 18:30:55 -04:00
Added the ability to block sign ups using a domain blacklist.
2016-07-14 14:19:40 -04:00
validates :domain_blacklist,
Default to manual input for `domain_whitelist`, syntax fixes and added new tests.
2016-07-18 18:49:33 -04:00
presence: { message: 'Domain blacklist cannot be empty if Blacklist is enabled.' },
Added the ability to block sign ups using a domain blacklist.
2016-07-14 14:19:40 -04:00
if: :domain_blacklist_enabled?
Refine Git garbage collection
2016-10-27 08:59:52 -04:00
validates :housekeeping_incremental_repack_period,
presence: true,
numericality: { only_integer: true, greater_than: 0 }
validates :housekeeping_full_repack_period,
presence: true,
Allow to use same periods for housekeeping tasks This enables skipping a lesser housekeeping task (incremental or full repack) by consistently scheduling a higher task (respectively full repack or gc) with the same period. Cf. #34981
2017-08-21 05:51:45 -04:00
numericality: { only_integer: true, greater_than_or_equal_to: :housekeeping_incremental_repack_period }
Refine Git garbage collection
2016-10-27 08:59:52 -04:00
validates :housekeeping_gc_period,
presence: true,
Allow to use same periods for housekeeping tasks This enables skipping a lesser housekeeping task (incremental or full repack) by consistently scheduling a higher task (respectively full repack or gc) with the same period. Cf. #34981
2017-08-21 05:51:45 -04:00
numericality: { only_integer: true, greater_than_or_equal_to: :housekeeping_full_repack_period }
Refine Git garbage collection
2016-10-27 08:59:52 -04:00
Introduce maximum session time for terminal websocket connection Store the value in application settings. Expose the value to Workhorse.
2017-01-26 13:16:50 -05:00
validates :terminal_max_session_time,
presence: true,
numericality: { only_integer: true, greater_than_or_equal_to: 0 }
Introduce "polling_interval_multiplier" as application setting Implement module for setting "Poll-Interval" response header. Return 429 in ETag caching middleware when polling is disabled.
2017-04-03 09:17:04 -04:00
validates :polling_interval_multiplier,
presence: true,
numericality: { greater_than_or_equal_to: 0 }
Add timeouts for Gitaly calls
2017-11-29 04:12:12 -05:00
validates :gitaly_timeout_default,
presence: true,
numericality: { only_integer: true, greater_than_or_equal_to: 0 }
validates :gitaly_timeout_medium,
presence: true,
numericality: { only_integer: true, greater_than_or_equal_to: 0 }
validates :gitaly_timeout_medium,
numericality: { less_than_or_equal_to: :gitaly_timeout_default },
if: :gitaly_timeout_default
validates :gitaly_timeout_medium,
numericality: { greater_than_or_equal_to: :gitaly_timeout_fast },
if: :gitaly_timeout_fast
validates :gitaly_timeout_fast,
presence: true,
numericality: { only_integer: true, greater_than_or_equal_to: 0 }
validates :gitaly_timeout_fast,
numericality: { less_than_or_equal_to: :gitaly_timeout_default },
if: :gitaly_timeout_default
Make single diff patch limit configurable - Creates a new column to hold the single patch limit value on application_settings - Allows updating this value through the application_settings API - Calculates single diff patch collapsing limit based on diff_max_patch_bytes column - Updates diff limit documentation - Adds documentation (with warning) as of how one can update this limit
2018-09-24 11:30:49 -04:00
validates :diff_max_patch_bytes,
presence: true,
numericality: { only_integer: true,
greater_than_or_equal_to: Gitlab::Git::Diff::DEFAULT_MAX_PATCH_BYTES,
less_than_or_equal_to: Gitlab::Git::Diff::MAX_PATCH_BYTES_UPPER_BOUND }
Allow whitelisting for "external collaborator by default" setting
2018-08-30 08:53:06 -04:00
validates :user_default_internal_regex, js_regex: true, allow_nil: true
User can keep their commit email private The private commit email is automatically generated in the format: id-username@noreply.HOSTNAME GitLab instance admins are able to change the HOSTNAME portion, that defaults to Gitlab's hostname, to whatever they prefer.
2018-11-07 06:00:21 -05:00
validates :commit_email_hostname, format: { with: /\A[^@]+\z/ }
Allow to make builds soft-archived. The soft-archived builds cannot be run after some deadline time. The intent is to aggressively recycle old builds after sometime.
2018-10-23 06:58:41 -04:00
validates :archive_builds_in_seconds,
allow_nil: true,
numericality: { only_integer: true, greater_than_or_equal_to: 1.day.seconds }
Add local markdown version Cached markdown version is composed both from global and local markdown version. This allows admins to bump version locally when needed (e.g. when external URL is changed).
2019-01-31 06:28:31 -05:00
validates :local_markdown_version,
allow_nil: true,
numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than: 65536 }
Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them.
2017-08-25 09:08:48 -04:00
SUPPORTED_KEY_TYPES.each do |type|
Move the key restriction validation to its own class
2017-08-28 16:58:36 -04:00
validates :"#{type}_key_restriction", presence: true, key_restriction: { type: type }
Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them.
2017-08-25 09:08:48 -04:00
end
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712
2017-08-21 06:30:03 -04:00
More review comments
2017-08-30 16:20:00 -04:00
validates :allowed_key_types, presence: true
Move restricted visibility settings to the UI Add checkboxes to the application settings page for restricted visibility levels, and remove those settings from gitlab.yml.
2015-03-01 10:06:46 -05:00
validates_each :restricted_visibility_levels do |record, attr, value|
Update Rubocop to ruby 2.3
2017-02-07 09:16:46 -05:00
value&.each do |level|
Enable the Style/PreferredHashMethods cop Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-06-02 13:11:26 -04:00
unless Gitlab::VisibilityLevel.options.value?(level)
Update Rubocop to ruby 2.3
2017-02-07 09:16:46 -05:00
record.errors.add(attr, "'#{level}' is not a valid visibility level")
Move restricted visibility settings to the UI Add checkboxes to the application settings page for restricted visibility levels, and remove those settings from gitlab.yml.
2015-03-01 10:06:46 -05:00
end
end
end
Import sources: settings in the admin interface
2015-08-12 02:13:20 -04:00
validates_each :import_sources do |record, attr, value|
Update Rubocop to ruby 2.3
2017-02-07 09:16:46 -05:00
value&.each do |source|
Enable the Style/PreferredHashMethods cop Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-06-02 13:11:26 -04:00
unless Gitlab::ImportSources.options.value?(source)
Update Rubocop to ruby 2.3
2017-02-07 09:16:46 -05:00
record.errors.add(attr, "'#{source}' is not a import source")
Import sources: settings in the admin interface
2015-08-12 02:13:20 -04:00
end
end
end
Store application wide terms This allows admins to define terms in the application settings. Every time the terms are adjusted, a new version is stored and becomes the 'active' version. This allows tracking which specific version was accepted by a user.
2018-04-24 12:28:04 -04:00
validate :terms_exist, if: :enforce_terms?
Lazily sets UUID in ApplicationSetting for new installations
2017-04-24 15:12:05 -04:00
before_validation :ensure_uuid!
Strip whitespace from Sentry URL Adding extra whitespace in the DSN could prevent the server from starting due to InvalidURIErrors in sentry-raven. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/49621
2018-09-12 08:55:29 -04:00
before_validation :strip_sentry_values
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712
2017-08-21 06:30:03 -04:00
Ensure that app settings contains runners registration token
2015-12-10 07:05:59 -05:00
before_save :ensure_runners_registration_token
Add health_check access token, and enforce on the health_check endpoint Also added a health check page to the admin section for resetting the token.
2016-05-09 19:21:22 -04:00
before_save :ensure_health_check_access_token
Ensure that app settings contains runners registration token
2015-12-10 07:05:59 -05:00
Add caching for ApplicationSetting, Ci::ApplicationSetting. ApplicationSetting.current was called in every pages, cache it and expires it after it updated. This changes will avoid a SQL query in every pages (~0.3 - 0.5ms). ```SQL SELECT "application_settings".* FROM "application_settings" ORDER BY "application_settings"."id" DESC LIMIT 1 ```
2015-11-12 04:19:03 -05:00
after_commit do
Store application wide terms This allows admins to define terms in the application settings. Every time the terms are adjusted, a new version is stored and becomes the 'active' version. This allows tracking which specific version was accepted by a user.
2018-04-24 12:28:04 -04:00
reset_memoized_terms
Fix Error 500 when application settings are saved Due to a Rails bug, fetching the application settings from Redis may prevent the attribute methods from being loaded for the `ApplicationSetting` model. More details here: https://github.com/rails/rails/issues/27348 There was also a secondary problem introduced by overriding these association methods which caused all default visibility levels to be set to `nil`. Before, the previous implementation allowed the string "20" to be saved as an integer, while now a table lookup happens before that. We fix this by enforcing the integer value in the controller and default to PRIVATE. Closes #29674
2017-03-18 05:29:25 -04:00
end
Ensure ApplicationSetting#performance_bar_allowed_group_id is properly set when retrieved from cache Signed-off-by: Rémy Coutable <remy@rymai.me>
2018-05-25 12:44:15 -04:00
after_commit :expire_performance_bar_allowed_user_ids_cache, if: -> { previous_changes.key?('performance_bar_allowed_group_id') }
Init ApplicationSettings resource with defaults from config file
2015-01-08 03:22:50 -05:00
end
Copy permalink