gitlab-org--gitlab-foss/app/controllers/admin/application_settings_controller.rb

# frozen_string_literal: true

class Admin::ApplicationSettingsController < Admin::ApplicationController
  include InternalRedirect

  before_action :set_application_setting
  before_action :whitelist_query_limiting, only: [:usage_data]

  VALID_SETTING_PANELS = %w(general integrations repository
                            ci_cd reporting metrics_and_profiling
                            network preferences).freeze

  VALID_SETTING_PANELS.each do |action|
    define_method(action) { perform_update if submitted? }
  end

  def show
    render :general
  end

  def update
    perform_update
  end

  def usage_data
    respond_to do |format|
      format.html do
        usage_data_json = JSON.pretty_generate(Gitlab::UsageData.data)

        render html: Gitlab::Highlight.highlight('payload.json', usage_data_json, language: 'json')
      end
      format.json { render json: Gitlab::UsageData.to_json }
    end
  end

  def reset_registration_token
    @application_setting.reset_runners_registration_token!

    flash[:notice] = _('New runners registration token has been generated!')
    redirect_to admin_runners_path
  end

  def reset_health_check_token
    @application_setting.reset_health_check_access_token!
    flash[:notice] = _('New health check access token has been generated!')
    redirect_back_or_default
  end

  def clear_repository_check_states
    RepositoryCheck::ClearWorker.perform_async

    redirect_to(
      admin_application_settings_path,
      notice: _('Started asynchronous removal of all repository check states.')
    )
  end

  # Getting ToS url requires `directory` api call to Let's Encrypt
  # which could result in 500 error/slow rendering on settings page
  # Because of that we use separate controller action
  def lets_encrypt_terms_of_service
    redirect_to ::Gitlab::LetsEncrypt.terms_of_service_url
  end

  private

  def set_application_setting
    @application_setting = ApplicationSetting.current_without_cache
  end

  def whitelist_query_limiting
    Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/63107')
  end

  def application_setting_params
    params[:application_setting] ||= {}

    if params[:application_setting].key?(:enabled_oauth_sign_in_sources)
      enabled_oauth_sign_in_sources = params[:application_setting].delete(:enabled_oauth_sign_in_sources)
      enabled_oauth_sign_in_sources&.delete("")

      params[:application_setting][:disabled_oauth_sign_in_sources] =
        AuthHelper.button_based_providers.map(&:to_s) -
        Array(enabled_oauth_sign_in_sources)
    end

    params[:application_setting][:import_sources]&.delete("")
    params[:application_setting][:restricted_visibility_levels]&.delete("")
    params[:application_setting].delete(:elasticsearch_aws_secret_access_key) if params[:application_setting][:elasticsearch_aws_secret_access_key].blank?
    # TODO Remove domain_blacklist_raw in APIv5 (See https://gitlab.com/gitlab-org/gitlab-foss/issues/67204)
    params.delete(:domain_blacklist_raw) if params[:domain_blacklist_file]
    params.delete(:domain_blacklist_raw) if params[:domain_blacklist]
    params.delete(:domain_whitelist_raw) if params[:domain_whitelist]

    params.require(:application_setting).permit(
      visible_application_setting_attributes
    )
  end

  def recheck_user_consent?
    return false unless session[:ask_for_usage_stats_consent]
    return false unless params[:application_setting]

    params[:application_setting].key?(:usage_ping_enabled) || params[:application_setting].key?(:version_check_enabled)
  end

  def visible_application_setting_attributes
    [
      *::ApplicationSettingsHelper.visible_attributes,
      *::ApplicationSettingsHelper.external_authorization_service_attributes,
      :lets_encrypt_notification_email,
      :lets_encrypt_terms_of_service_accepted,
      :domain_blacklist_file,
      :raw_blob_request_limit,
      disabled_oauth_sign_in_sources: [],
      import_sources: [],
      repository_storages: [],
      restricted_visibility_levels: []
    ]
  end

  def submitted?
    request.patch?
  end

  def perform_update
    successful = ApplicationSettings::UpdateService
      .new(@application_setting, current_user, application_setting_params)
      .execute

    if recheck_user_consent?
      session[:ask_for_usage_stats_consent] = current_user.requires_usage_stats_consent?
    end

    redirect_path = referer_path(request) || admin_application_settings_path

    respond_to do |format|
      if successful
        format.json { head :ok }
        format.html { redirect_to redirect_path, notice: _('Application settings saved successfully') }
      else
        format.json { head :bad_request }
        format.html { render_update_error }
      end
    end
  end

  def render_update_error
    action = valid_setting_panels.include?(action_name) ? action_name : :general

    render action
  end

  # overridden in EE
  def valid_setting_panels
    VALID_SETTING_PANELS
  end
end

Admin::ApplicationSettingsController.prepend_if_ee('EE::Admin::ApplicationSettingsController')
Enable frozen string in app/controllers/*/.rb Enables frozen string for the following: * app/controllers/.rb app/controllers/admin/*/.rb * app/controllers/boards/*/.rb * app/controllers/ci/*/.rb * app/controllers/concerns/*/.rb Partially addresses #47424. 2018-09-14 01:42:05 -04:00			`# frozen_string_literal: true`

Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00			`class Admin::ApplicationSettingsController < Admin::ApplicationController`
Add empty controller actions and utilize referer_path helper 2018-09-19 06:57:14 -04:00			`include InternalRedirect`
Whitelist query limiting admin usage data endpoint 2019-06-12 11:59:16 -04:00
Fixed the Rails/ActionFilter cop Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com> 2015-04-16 08:03:37 -04:00			`before_action :set_application_setting`
Whitelist query limiting admin usage data endpoint 2019-06-12 11:59:16 -04:00			`before_action :whitelist_query_limiting, only: [:usage_data]`
Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00
Add latest changes from gitlab-org/gitlab@master 2019-10-07 17:07:54 -04:00			`VALID_SETTING_PANELS = %w(general integrations repository`
Update application settings using correct action Updating multiple application settings panels through a single action causes the incorrect action to be shown when there are errors. Instead, make each panel action handle both updating and display. 2019-02-20 11:56:19 -05:00			`ci_cd reporting metrics_and_profiling`
Add latest changes from gitlab-org/gitlab@master 2019-10-07 17:07:54 -04:00			`network preferences).freeze`
Add empty controller actions and utilize referer_path helper 2018-09-19 06:57:14 -04:00
Add latest changes from gitlab-org/gitlab@master 2019-09-16 17:06:30 -04:00			`VALID_SETTING_PANELS.each do \|action\|`
			`define_method(action) { perform_update if submitted? }`
Add empty controller actions and utilize referer_path helper 2018-09-19 06:57:14 -04:00			`end`

Add latest changes from gitlab-org/gitlab@master 2019-09-16 17:06:30 -04:00			`def show`
			`render :general`
Add empty controller actions and utilize referer_path helper 2018-09-19 06:57:14 -04:00			`end`

Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00			`def update`
Update application settings using correct action Updating multiple application settings panels through a single action causes the incorrect action to be shown when there are errors. Instead, make each panel action handle both updating and display. 2019-02-20 11:56:19 -05:00			`perform_update`
Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00			`end`

Port 'Add more usage data to EE ping' to CE CE port of https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/735 2017-04-05 08:29:48 -04:00			`def usage_data`
			`respond_to do \|format\|`
Add user cohorts table to admin area This table shows the percentage of users who registered in the last twelve months, who last signed in during or later than each of those twelve months, by month. It is only enabled when the usage ping is enabled, and the page also shows pretty-printed usage ping data. The cohorts table is generated in Ruby from some basic SQL queries, because performing the gap-filling and running sums needed in both MySQL and Postgres is painful. 2017-03-30 11:48:33 -04:00			`format.html do`
Remove the `pretty` parameter for `usage_data` 2017-08-17 17:50:29 -04:00			`usage_data_json = JSON.pretty_generate(Gitlab::UsageData.data)`
Add user cohorts table to admin area This table shows the percentage of users who registered in the last twelve months, who last signed in during or later than each of those twelve months, by month. It is only enabled when the usage ping is enabled, and the page also shows pretty-printed usage ping data. The cohorts table is generated in Ruby from some basic SQL queries, because performing the gap-filling and running sums needed in both MySQL and Postgres is painful. 2017-03-30 11:48:33 -04:00
Make Highlight accept language param This replaces the repository param. This allows more flexiblity as sometimes we have highlight content not related to repository. Sometimes we know ahead of time the language of the content. Lastly language determination seems better fit as a logic in the Blob class. `repository` param is only used to determine the language, which seems to be the responsiblity of Blob. 2018-09-06 00:34:25 -04:00			`render html: Gitlab::Highlight.highlight('payload.json', usage_data_json, language: 'json')`
Add user cohorts table to admin area This table shows the percentage of users who registered in the last twelve months, who last signed in during or later than each of those twelve months, by month. It is only enabled when the usage ping is enabled, and the page also shows pretty-printed usage ping data. The cohorts table is generated in Ruby from some basic SQL queries, because performing the gap-filling and running sums needed in both MySQL and Postgres is painful. 2017-03-30 11:48:33 -04:00			`end`
Port 'Add more usage data to EE ping' to CE CE port of https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/735 2017-04-05 08:29:48 -04:00			`format.json { render json: Gitlab::UsageData.to_json }`
			`end`
			`end`

Simplify runner registration token resetting This icommit adds several changes related to the same topic - resetting a Runner registration token: 1. On Project settings page it adds a button for resetting the registration token and it removes the Runner token field that was confusing all GitLab users. 2. On Group settings page it adds the same button for resetting the registration token. 3. On Admin Runners settings page it moves the button to the same place as in Project and Group settings and it changes slightly the page layout to make it more similar to Group and Project setting pages. 4. It refactorizes a little the partial that prints runner registration description. Thanks to this Project, Group and Admin settings of the Runner are re-using the same code to generate the button. 5. Updates the translations of changed text. 2018-09-10 17:57:03 -04:00			`def reset_registration_token`
Add CI runners registration token reset button 2015-12-11 04:22:05 -05:00			`@application_setting.reset_runners_registration_token!`
Simplify runner registration token resetting This icommit adds several changes related to the same topic - resetting a Runner registration token: 1. On Project settings page it adds a button for resetting the registration token and it removes the Runner token field that was confusing all GitLab users. 2. On Group settings page it adds the same button for resetting the registration token. 3. On Admin Runners settings page it moves the button to the same place as in Project and Group settings and it changes slightly the page layout to make it more similar to Group and Project setting pages. 4. It refactorizes a little the partial that prints runner registration description. Thanks to this Project, Group and Admin settings of the Runner are re-using the same code to generate the button. 5. Updates the translations of changed text. 2018-09-10 17:57:03 -04:00
Externalize strings in admin controllers - Update PO file 2019-03-21 09:31:05 -04:00			`flash[:notice] = _('New runners registration token has been generated!')`
Use a new admin runners path when reseting runners token 2015-12-14 08:03:58 -05:00			`redirect_to admin_runners_path`
Add CI runners registration token reset button 2015-12-11 04:22:05 -05:00			`end`

Add health_check access token, and enforce on the health_check endpoint Also added a health check page to the admin section for resetting the token. 2016-05-09 19:21:22 -04:00			`def reset_health_check_token`
			`@application_setting.reset_health_check_access_token!`
Externalize strings in admin controllers - Update PO file 2019-03-21 09:31:05 -04:00			`flash[:notice] = _('New health check access token has been generated!')`
Fix deprecation: redirect_to :back is deprecated 2018-12-17 12:36:09 -05:00			`redirect_back_or_default`
Add health_check access token, and enforce on the health_check endpoint Also added a health check page to the admin section for resetting the token. 2016-05-09 19:21:22 -04:00			`end`

Move 'clear checks' button to applicatoin settings 2016-04-12 11:32:58 -04:00			`def clear_repository_check_states`
Clear repository check columns asynchronously 2016-04-13 09:56:05 -04:00			`RepositoryCheck::ClearWorker.perform_async`
Move 'clear checks' button to applicatoin settings 2016-04-12 11:32:58 -04:00
			`redirect_to(`
			`admin_application_settings_path,`
Externalize strings in admin controllers - Update PO file 2019-03-21 09:31:05 -04:00			`notice: _('Started asynchronous removal of all repository check states.')`
Move 'clear checks' button to applicatoin settings 2016-04-12 11:32:58 -04:00			`)`
			`end`

Add Let's Encrypt client Part of adding Let's Encrypt certificates for pages domains Add acme-client gem Client is being initialized by private key stored in secrets.yml Let's Encrypt account is being created lazily. If it's already created, Acme::Client just gets account_kid by calling new_account method Make Let's Encrypt client an instance Wrap order and challenge classes 2019-05-16 05:32:25 -04:00			# Getting ToS url requires `directory` api call to Let's Encrypt
			`# which could result in 500 error/slow rendering on settings page`
			`# Because of that we use separate controller action`
			`def lets_encrypt_terms_of_service`
			`redirect_to ::Gitlab::LetsEncrypt.terms_of_service_url`
			`end`

Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00			`private`

			`def set_application_setting`
Fix broken specs due to cached application settings The /admin panel will now always return an uncached application setting to ensure it always has the most current info. 2019-07-01 19:44:54 -04:00			`@application_setting = ApplicationSetting.current_without_cache`
Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00			`end`

Whitelist query limiting admin usage data endpoint 2019-06-12 11:59:16 -04:00			`def whitelist_query_limiting`
Add latest changes from gitlab-org/gitlab@master 2019-09-18 10:02:45 -04:00			`Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-foss/issues/63107')`
Whitelist query limiting admin usage data endpoint 2019-06-12 11:59:16 -04:00			`end`

Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00			`def application_setting_params`
[Rails5] Fix admin/application_settings_controller The `RAILS5=1 rspec spec/controllers/admin/application_settings_controller_spec.rb` command throws the error: Failures: 1) Admin::ApplicationSettingsController PUT #update falls back to defaults when settings are omitted Failure/Error: import_sources = params[:application_setting][:import_sources] NoMethodError: undefined method `[]' for nil:NilClass # ./app/controllers/admin/application_settings_controller.rb:62:in `application_setting_params' This commit fixes it. 2018-04-10 21:33:11 -04:00			`params[:application_setting] \|\|= {}`
Import sources: settings in the admin interface 2015-08-12 02:13:20 -04:00
Don't reset application settings oauth providers by mistake Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2018-04-13 11:54:08 -04:00			`if params[:application_setting].key?(:enabled_oauth_sign_in_sources)`
			`enabled_oauth_sign_in_sources = params[:application_setting].delete(:enabled_oauth_sign_in_sources)`
			`enabled_oauth_sign_in_sources&.delete("")`
On Application Settings Page let the user select the enabled OAuth Sign in sources instead of the disabled ones 2016-05-10 04:29:19 -04:00
Don't reset application settings oauth providers by mistake Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2018-04-13 11:54:08 -04:00			`params[:application_setting][:disabled_oauth_sign_in_sources] =`
			`AuthHelper.button_based_providers.map(&:to_s) -`
			`Array(enabled_oauth_sign_in_sources)`
			`end`
Allow admin to disable all restricted visibility levels 2017-07-05 06:45:58 -04:00
Don't reset application settings import sources If form does not have import sources checkboxes we should not reset import sources to empty. This fixes issue when import sources got reset after user modifies unrelated settings section like GitLab pages Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2018-04-13 07:52:54 -04:00			`params[:application_setting][:import_sources]&.delete("")`
Allow admin to disable all restricted visibility levels 2017-07-05 06:45:58 -04:00			`params[:application_setting][:restricted_visibility_levels]&.delete("")`
Hide AWS secret on Admin Integration page 2019-11-26 12:02:31 -05:00			`params[:application_setting].delete(:elasticsearch_aws_secret_access_key) if params[:application_setting][:elasticsearch_aws_secret_access_key].blank?`
Add latest changes from gitlab-org/gitlab@master 2019-09-18 10:02:45 -04:00			`# TODO Remove domain_blacklist_raw in APIv5 (See https://gitlab.com/gitlab-org/gitlab-foss/issues/67204)`
Added the ability to block sign ups using a domain blacklist. 2016-07-14 14:19:40 -04:00			`params.delete(:domain_blacklist_raw) if params[:domain_blacklist_file]`
Show domain_blacklist and domain_whitelist in the settings API 2019-07-25 09:09:04 -04:00			`params.delete(:domain_blacklist_raw) if params[:domain_blacklist]`
			`params.delete(:domain_whitelist_raw) if params[:domain_whitelist]`
On Application Settings Page let the user select the enabled OAuth Sign in sources instead of the disabled ones 2016-05-10 04:29:19 -04:00
Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00			`params.require(:application_setting).permit(`
Make the attribute list for application settings reusable 2017-07-13 12:03:52 -04:00			`visible_application_setting_attributes`
Refactor authorized params in Admin::ApplicationSettingsController Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-01-10 08:40:08 -05:00			`)`
			`end`

Ask user explicitly about usage stats agreement 2018-09-07 10:32:28 -04:00			`def recheck_user_consent?`
			`return false unless session[:ask_for_usage_stats_consent]`
			`return false unless params[:application_setting]`

			`params[:application_setting].key?(:usage_ping_enabled) \|\| params[:application_setting].key?(:version_check_enabled)`
			`end`

Make the attribute list for application settings reusable 2017-07-13 12:03:52 -04:00			`def visible_application_setting_attributes`
Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE 2019-04-09 11:38:58 -04:00			`[`
			`*::ApplicationSettingsHelper.visible_attributes,`
			`*::ApplicationSettingsHelper.external_authorization_service_attributes,`
Remove auto ssl feature flags * remove feature flag for admin settings * remove feature flag for domain settings 2019-07-12 12:53:44 -04:00			`:lets_encrypt_notification_email,`
			`:lets_encrypt_terms_of_service_accepted,`
Reorder allowed params for `ApplicationSetting` and add more details to docs. 2016-07-19 18:08:40 -04:00			`:domain_blacklist_file,`
Add RateLimiter to RawController * Limits raw requests to 300 per minute and per raw path. * Add a new attribute to ApplicationSettings so user can change this value on their instance. * Uses Gitlab::ActionRateLimiter to limit the raw requests. * Add a new method into ActionRateLimiter to log the event into auth.log Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/48717 2019-07-24 15:49:31 -04:00			`:raw_blob_request_limit,`
Refactor authorized params in Admin::ApplicationSettingsController Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-01-10 08:40:08 -05:00			`disabled_oauth_sign_in_sources: [],`
			`import_sources: [],`
Allow multiple repository storage shards to be enabled, and automatically round-robin between them 2016-11-03 10:12:20 -04:00			`repository_storages: [],`
Remove background job throttling feature We remove this feature as it never worked properly 2018-09-14 10:27:31 -04:00			`restricted_visibility_levels: []`
Refactor authorized params in Admin::ApplicationSettingsController Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-01-10 08:40:08 -05:00			`]`
Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00			`end`
Add Let's Encrypt application settings Store Let's Encrypt account email in application settings Also add explicit terms of service consent 2019-04-27 00:38:01 -04:00
Update application settings using correct action Updating multiple application settings panels through a single action causes the incorrect action to be shown when there are errors. Instead, make each panel action handle both updating and display. 2019-02-20 11:56:19 -05:00			`def submitted?`
			`request.patch?`
			`end`

			`def perform_update`
			`successful = ApplicationSettings::UpdateService`
			`.new(@application_setting, current_user, application_setting_params)`
			`.execute`

			`if recheck_user_consent?`
			`session[:ask_for_usage_stats_consent] = current_user.requires_usage_stats_consent?`
			`end`

			`redirect_path = referer_path(request) \|\| admin_application_settings_path`

			`respond_to do \|format\|`
			`if successful`
			`format.json { head :ok }`
			`format.html { redirect_to redirect_path, notice: _('Application settings saved successfully') }`
			`else`
			`format.json { head :bad_request }`
			`format.html { render_update_error }`
			`end`
			`end`
			`end`

			`def render_update_error`
Add latest changes from gitlab-org/gitlab@master 2019-10-07 17:07:54 -04:00			`action = valid_setting_panels.include?(action_name) ? action_name : :general`
Update application settings using correct action Updating multiple application settings panels through a single action causes the incorrect action to be shown when there are errors. Instead, make each panel action handle both updating and display. 2019-02-20 11:56:19 -05:00
			`render action`
			`end`
Add latest changes from gitlab-org/gitlab@master 2019-10-07 17:07:54 -04:00
			`# overridden in EE`
			`def valid_setting_panels`
			`VALID_SETTING_PANELS`
			`end`
Init ApplicationSettings resource with defaults from config file 2015-01-08 03:22:50 -05:00			`end`
Add latest changes from gitlab-org/gitlab@master 2019-09-13 09:26:31 -04:00
			`Admin::ApplicationSettingsController.prepend_if_ee('EE::Admin::ApplicationSettingsController')`