2015-01-08 03:22:50 -05:00
|
|
|
class ApplicationSetting < ActiveRecord::Base
|
2016-10-06 17:17:11 -04:00
|
|
|
include CacheMarkdownField
|
2015-12-10 04:48:37 -05:00
|
|
|
include TokenAuthenticatable
|
2016-10-06 17:17:11 -04:00
|
|
|
|
2015-12-10 04:48:37 -05:00
|
|
|
add_authentication_token_field :runners_registration_token
|
2016-05-09 19:21:22 -04:00
|
|
|
add_authentication_token_field :health_check_access_token
|
2015-12-10 04:48:37 -05:00
|
|
|
|
2017-02-21 18:32:18 -05:00
|
|
|
CACHE_KEY = 'application_setting.last'.freeze
|
2016-07-15 14:20:45 -04:00
|
|
|
DOMAIN_LIST_SEPARATOR = %r{\s*[,;]\s* # comma or semicolon, optionally surrounded by whitespace
|
|
|
|
| # or
|
|
|
|
\s # any whitespace character
|
|
|
|
| # or
|
|
|
|
[\r\n] # any number of newline characters
|
|
|
|
}x
|
2015-12-03 03:09:10 -05:00
|
|
|
|
2015-03-01 10:06:46 -05:00
|
|
|
serialize :restricted_visibility_levels
|
2015-08-12 02:13:20 -04:00
|
|
|
serialize :import_sources
|
2016-05-23 00:36:25 -04:00
|
|
|
serialize :disabled_oauth_sign_in_sources, Array
|
2016-07-15 19:30:38 -04:00
|
|
|
serialize :domain_whitelist, Array
|
2016-07-14 14:19:40 -04:00
|
|
|
serialize :domain_blacklist, Array
|
2016-11-03 10:12:20 -04:00
|
|
|
serialize :repository_storages
|
2016-11-10 12:36:52 -05:00
|
|
|
serialize :sidekiq_throttling_queues, Array
|
2016-07-14 14:19:40 -04:00
|
|
|
|
2016-10-06 17:17:11 -04:00
|
|
|
cache_markdown_field :sign_in_text
|
|
|
|
cache_markdown_field :help_page_text
|
|
|
|
cache_markdown_field :shared_runners_text, pipeline: :plain_markdown
|
|
|
|
cache_markdown_field :after_sign_up_text
|
|
|
|
|
2016-07-15 19:30:38 -04:00
|
|
|
attr_accessor :domain_whitelist_raw, :domain_blacklist_raw
|
2015-06-13 00:22:55 -04:00
|
|
|
|
2017-04-24 15:12:05 -04:00
|
|
|
validates :uuid, presence: true
|
|
|
|
|
2015-06-13 00:22:55 -04:00
|
|
|
validates :session_expire_delay,
|
2015-12-28 15:21:34 -05:00
|
|
|
presence: true,
|
|
|
|
numericality: { only_integer: true, greater_than_or_equal_to: 0 }
|
2015-03-01 10:06:46 -05:00
|
|
|
|
2015-02-03 00:15:44 -05:00
|
|
|
validates :home_page_url,
|
2015-12-28 15:21:34 -05:00
|
|
|
allow_blank: true,
|
|
|
|
url: true,
|
|
|
|
if: :home_page_url_column_exist
|
2015-01-16 19:01:15 -05:00
|
|
|
|
2015-05-29 11:42:27 -04:00
|
|
|
validates :after_sign_out_path,
|
2015-12-28 15:21:34 -05:00
|
|
|
allow_blank: true,
|
|
|
|
url: true
|
2015-05-29 11:42:27 -04:00
|
|
|
|
2015-10-18 05:58:59 -04:00
|
|
|
validates :admin_notification_email,
|
2016-02-09 11:59:47 -05:00
|
|
|
email: true,
|
2016-02-09 09:51:06 -05:00
|
|
|
allow_blank: true
|
2015-10-18 05:58:59 -04:00
|
|
|
|
2015-12-18 15:29:13 -05:00
|
|
|
validates :two_factor_grace_period,
|
2015-12-28 15:21:34 -05:00
|
|
|
numericality: { greater_than_or_equal_to: 0 }
|
|
|
|
|
|
|
|
validates :recaptcha_site_key,
|
|
|
|
presence: true,
|
|
|
|
if: :recaptcha_enabled
|
|
|
|
|
|
|
|
validates :recaptcha_private_key,
|
|
|
|
presence: true,
|
|
|
|
if: :recaptcha_enabled
|
2015-12-18 15:29:13 -05:00
|
|
|
|
2016-01-18 11:15:10 -05:00
|
|
|
validates :sentry_dsn,
|
|
|
|
presence: true,
|
|
|
|
if: :sentry_enabled
|
|
|
|
|
2017-04-28 08:23:34 -04:00
|
|
|
validates :clientside_sentry_dsn,
|
|
|
|
presence: true,
|
|
|
|
if: :clientside_sentry_enabled
|
|
|
|
|
2016-01-09 14:30:34 -05:00
|
|
|
validates :akismet_api_key,
|
|
|
|
presence: true,
|
|
|
|
if: :akismet_enabled
|
|
|
|
|
2017-02-17 08:04:10 -05:00
|
|
|
validates :unique_ips_limit_per_user,
|
|
|
|
numericality: { greater_than_or_equal_to: 1 },
|
|
|
|
presence: true,
|
|
|
|
if: :unique_ips_limit_enabled
|
|
|
|
|
|
|
|
validates :unique_ips_limit_time_window,
|
|
|
|
numericality: { greater_than_or_equal_to: 0 },
|
|
|
|
presence: true,
|
|
|
|
if: :unique_ips_limit_enabled
|
|
|
|
|
2016-07-25 23:59:39 -04:00
|
|
|
validates :koding_url,
|
|
|
|
presence: true,
|
|
|
|
if: :koding_enabled
|
|
|
|
|
2016-11-28 12:41:29 -05:00
|
|
|
validates :plantuml_url,
|
|
|
|
presence: true,
|
|
|
|
if: :plantuml_enabled
|
|
|
|
|
2016-02-05 04:12:36 -05:00
|
|
|
validates :max_attachment_size,
|
|
|
|
presence: true,
|
|
|
|
numericality: { only_integer: true, greater_than: 0 }
|
|
|
|
|
2017-02-14 05:00:37 -05:00
|
|
|
validates :max_artifacts_size,
|
|
|
|
presence: true,
|
|
|
|
numericality: { only_integer: true, greater_than: 0 }
|
|
|
|
|
2017-02-24 04:28:24 -05:00
|
|
|
validates :default_artifacts_expire_in, presence: true, duration: true
|
2017-02-14 05:00:37 -05:00
|
|
|
|
2016-05-30 11:12:50 -04:00
|
|
|
validates :container_registry_token_expire_delay,
|
|
|
|
presence: true,
|
|
|
|
numericality: { only_integer: true, greater_than: 0 }
|
|
|
|
|
2016-11-03 10:12:20 -04:00
|
|
|
validates :repository_storages, presence: true
|
|
|
|
validate :check_repository_storages
|
2016-06-29 23:35:00 -04:00
|
|
|
|
2016-06-29 15:30:27 -04:00
|
|
|
validates :enabled_git_access_protocol,
|
2016-06-20 21:40:56 -04:00
|
|
|
inclusion: { in: %w(ssh http), allow_blank: true, allow_nil: true }
|
2016-06-15 18:30:55 -04:00
|
|
|
|
2016-07-14 14:19:40 -04:00
|
|
|
validates :domain_blacklist,
|
2016-07-18 18:49:33 -04:00
|
|
|
presence: { message: 'Domain blacklist cannot be empty if Blacklist is enabled.' },
|
2016-07-14 14:19:40 -04:00
|
|
|
if: :domain_blacklist_enabled?
|
|
|
|
|
2016-11-04 18:54:24 -04:00
|
|
|
validates :sidekiq_throttling_factor,
|
|
|
|
numericality: { greater_than: 0, less_than: 1 },
|
|
|
|
presence: { message: 'Throttling factor cannot be empty if Sidekiq Throttling is enabled.' },
|
|
|
|
if: :sidekiq_throttling_enabled?
|
|
|
|
|
|
|
|
validates :sidekiq_throttling_queues,
|
|
|
|
presence: { message: 'Queues to throttle cannot be empty if Sidekiq Throttling is enabled.' },
|
|
|
|
if: :sidekiq_throttling_enabled?
|
|
|
|
|
2016-10-27 08:59:52 -04:00
|
|
|
validates :housekeeping_incremental_repack_period,
|
|
|
|
presence: true,
|
|
|
|
numericality: { only_integer: true, greater_than: 0 }
|
|
|
|
|
|
|
|
validates :housekeeping_full_repack_period,
|
|
|
|
presence: true,
|
|
|
|
numericality: { only_integer: true, greater_than: :housekeeping_incremental_repack_period }
|
|
|
|
|
|
|
|
validates :housekeeping_gc_period,
|
|
|
|
presence: true,
|
|
|
|
numericality: { only_integer: true, greater_than: :housekeeping_full_repack_period }
|
|
|
|
|
2017-01-26 13:16:50 -05:00
|
|
|
validates :terminal_max_session_time,
|
|
|
|
presence: true,
|
|
|
|
numericality: { only_integer: true, greater_than_or_equal_to: 0 }
|
|
|
|
|
2017-04-03 09:17:04 -04:00
|
|
|
validates :polling_interval_multiplier,
|
|
|
|
presence: true,
|
|
|
|
numericality: { greater_than_or_equal_to: 0 }
|
|
|
|
|
2015-03-01 10:06:46 -05:00
|
|
|
validates_each :restricted_visibility_levels do |record, attr, value|
|
2017-02-07 09:16:46 -05:00
|
|
|
value&.each do |level|
|
|
|
|
unless Gitlab::VisibilityLevel.options.has_value?(level)
|
|
|
|
record.errors.add(attr, "'#{level}' is not a valid visibility level")
|
2015-03-01 10:06:46 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-08-12 02:13:20 -04:00
|
|
|
validates_each :import_sources do |record, attr, value|
|
2017-02-07 09:16:46 -05:00
|
|
|
value&.each do |source|
|
|
|
|
unless Gitlab::ImportSources.options.has_value?(source)
|
|
|
|
record.errors.add(attr, "'#{source}' is not a import source")
|
2015-08-12 02:13:20 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-05-04 08:57:00 -04:00
|
|
|
validates_each :disabled_oauth_sign_in_sources do |record, attr, value|
|
2017-02-07 09:16:46 -05:00
|
|
|
value&.each do |source|
|
|
|
|
unless Devise.omniauth_providers.include?(source.to_sym)
|
|
|
|
record.errors.add(attr, "'#{source}' is not an OAuth sign-in source")
|
2016-05-04 08:57:00 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-04-24 15:12:05 -04:00
|
|
|
before_validation :ensure_uuid!
|
2015-12-10 07:05:59 -05:00
|
|
|
before_save :ensure_runners_registration_token
|
2016-05-09 19:21:22 -04:00
|
|
|
before_save :ensure_health_check_access_token
|
2015-12-10 07:05:59 -05:00
|
|
|
|
2015-11-12 04:19:03 -05:00
|
|
|
after_commit do
|
2015-12-03 03:09:10 -05:00
|
|
|
Rails.cache.write(CACHE_KEY, self)
|
2015-11-12 04:19:03 -05:00
|
|
|
end
|
|
|
|
|
2015-01-08 03:22:50 -05:00
|
|
|
def self.current
|
2017-03-18 05:29:25 -04:00
|
|
|
ensure_cache_setup
|
|
|
|
|
2015-12-03 03:09:10 -05:00
|
|
|
Rails.cache.fetch(CACHE_KEY) do
|
2015-11-12 04:19:03 -05:00
|
|
|
ApplicationSetting.last
|
|
|
|
end
|
2015-01-08 03:22:50 -05:00
|
|
|
end
|
2015-01-08 14:26:16 -05:00
|
|
|
|
2015-11-25 14:30:33 -05:00
|
|
|
def self.expire
|
2015-12-03 03:09:10 -05:00
|
|
|
Rails.cache.delete(CACHE_KEY)
|
2017-01-26 06:45:14 -05:00
|
|
|
rescue
|
|
|
|
# Gracefully handle when Redis is not available. For example,
|
2017-01-27 15:36:52 -05:00
|
|
|
# omnibus may fail here during gitlab:assets:compile.
|
2015-11-25 14:30:33 -05:00
|
|
|
end
|
|
|
|
|
2016-05-29 15:53:30 -04:00
|
|
|
def self.cached
|
2017-03-18 05:29:25 -04:00
|
|
|
ensure_cache_setup
|
2016-05-29 15:53:30 -04:00
|
|
|
Rails.cache.fetch(CACHE_KEY)
|
|
|
|
end
|
|
|
|
|
2017-03-18 05:29:25 -04:00
|
|
|
def self.ensure_cache_setup
|
|
|
|
# This is a workaround for a Rails bug that causes attribute methods not
|
|
|
|
# to be loaded when read from cache: https://github.com/rails/rails/issues/27348
|
|
|
|
ApplicationSetting.define_attribute_methods
|
|
|
|
end
|
|
|
|
|
2017-01-26 06:46:02 -05:00
|
|
|
def self.defaults_ce
|
|
|
|
{
|
|
|
|
after_sign_up_text: nil,
|
|
|
|
akismet_enabled: false,
|
|
|
|
container_registry_token_expire_delay: 5,
|
2017-02-14 09:54:46 -05:00
|
|
|
default_artifacts_expire_in: '30 days',
|
2017-01-26 06:46:02 -05:00
|
|
|
default_branch_protection: Settings.gitlab['default_branch_protection'],
|
|
|
|
default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],
|
|
|
|
default_projects_limit: Settings.gitlab['default_projects_limit'],
|
|
|
|
default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],
|
2017-02-17 08:50:02 -05:00
|
|
|
default_group_visibility: Settings.gitlab.default_projects_features['visibility_level'],
|
2017-01-26 06:46:02 -05:00
|
|
|
disabled_oauth_sign_in_sources: [],
|
|
|
|
domain_whitelist: Settings.gitlab['domain_whitelist'],
|
|
|
|
gravatar_enabled: Settings.gravatar['enabled'],
|
|
|
|
help_page_text: nil,
|
2017-02-06 07:48:46 -05:00
|
|
|
unique_ips_limit_per_user: 10,
|
|
|
|
unique_ips_limit_time_window: 3600,
|
|
|
|
unique_ips_limit_enabled: false,
|
2017-01-26 06:46:02 -05:00
|
|
|
housekeeping_bitmaps_enabled: true,
|
|
|
|
housekeeping_enabled: true,
|
|
|
|
housekeeping_full_repack_period: 50,
|
|
|
|
housekeeping_gc_period: 200,
|
|
|
|
housekeeping_incremental_repack_period: 10,
|
|
|
|
import_sources: Gitlab::ImportSources.values,
|
|
|
|
koding_enabled: false,
|
|
|
|
koding_url: nil,
|
|
|
|
max_artifacts_size: Settings.artifacts['max_size'],
|
|
|
|
max_attachment_size: Settings.gitlab['max_attachment_size'],
|
|
|
|
plantuml_enabled: false,
|
|
|
|
plantuml_url: nil,
|
|
|
|
recaptcha_enabled: false,
|
|
|
|
repository_checks_enabled: true,
|
|
|
|
repository_storages: ['default'],
|
|
|
|
require_two_factor_authentication: false,
|
|
|
|
restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'],
|
|
|
|
session_expire_delay: Settings.gitlab['session_expire_delay'],
|
|
|
|
send_user_confirmation_email: false,
|
|
|
|
shared_runners_enabled: Settings.gitlab_ci['shared_runners_enabled'],
|
|
|
|
shared_runners_text: nil,
|
|
|
|
sidekiq_throttling_enabled: false,
|
|
|
|
sign_in_text: nil,
|
|
|
|
signin_enabled: Settings.gitlab['signin_enabled'],
|
|
|
|
signup_enabled: Settings.gitlab['signup_enabled'],
|
2017-02-14 05:00:37 -05:00
|
|
|
terminal_max_session_time: 0,
|
2017-01-26 06:46:02 -05:00
|
|
|
two_factor_grace_period: 48,
|
2017-04-03 09:17:04 -04:00
|
|
|
user_default_external: false,
|
2017-04-05 08:19:59 -04:00
|
|
|
polling_interval_multiplier: 1,
|
|
|
|
usage_ping_enabled: true
|
2017-01-26 06:46:02 -05:00
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.defaults
|
|
|
|
defaults_ce
|
|
|
|
end
|
|
|
|
|
2015-01-08 14:26:16 -05:00
|
|
|
def self.create_from_defaults
|
2017-01-26 06:46:02 -05:00
|
|
|
create(defaults)
|
2015-01-08 14:26:16 -05:00
|
|
|
end
|
2015-01-16 20:22:17 -05:00
|
|
|
|
2017-02-20 13:25:35 -05:00
|
|
|
def self.human_attribute_name(attr, _options = {})
|
|
|
|
if attr == :default_artifacts_expire_in
|
|
|
|
'Default artifacts expiration'
|
|
|
|
else
|
|
|
|
super
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-01-16 20:22:17 -05:00
|
|
|
def home_page_url_column_exist
|
|
|
|
ActiveRecord::Base.connection.column_exists?(:application_settings, :home_page_url)
|
|
|
|
end
|
2015-05-02 09:53:32 -04:00
|
|
|
|
2016-11-12 19:00:21 -05:00
|
|
|
def sidekiq_throttling_column_exists?
|
|
|
|
ActiveRecord::Base.connection.column_exists?(:application_settings, :sidekiq_throttling_enabled)
|
|
|
|
end
|
|
|
|
|
2016-07-15 19:30:38 -04:00
|
|
|
def domain_whitelist_raw
|
2017-02-07 09:16:46 -05:00
|
|
|
self.domain_whitelist&.join("\n")
|
2015-05-02 09:53:32 -04:00
|
|
|
end
|
|
|
|
|
2016-07-14 14:19:40 -04:00
|
|
|
def domain_blacklist_raw
|
2017-02-07 09:16:46 -05:00
|
|
|
self.domain_blacklist&.join("\n")
|
2016-07-14 14:19:40 -04:00
|
|
|
end
|
|
|
|
|
2016-07-15 19:30:38 -04:00
|
|
|
def domain_whitelist_raw=(values)
|
|
|
|
self.domain_whitelist = []
|
|
|
|
self.domain_whitelist = values.split(DOMAIN_LIST_SEPARATOR)
|
|
|
|
self.domain_whitelist.reject! { |d| d.empty? }
|
|
|
|
self.domain_whitelist
|
2015-05-02 09:53:32 -04:00
|
|
|
end
|
2015-12-23 04:48:10 -05:00
|
|
|
|
2016-07-14 14:19:40 -04:00
|
|
|
def domain_blacklist_raw=(values)
|
|
|
|
self.domain_blacklist = []
|
2016-07-15 14:20:45 -04:00
|
|
|
self.domain_blacklist = values.split(DOMAIN_LIST_SEPARATOR)
|
2016-07-14 14:19:40 -04:00
|
|
|
self.domain_blacklist.reject! { |d| d.empty? }
|
2016-07-15 14:20:45 -04:00
|
|
|
self.domain_blacklist
|
2016-07-14 14:19:40 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def domain_blacklist_file=(file)
|
|
|
|
self.domain_blacklist_raw = file.read
|
|
|
|
end
|
|
|
|
|
2016-11-03 10:12:20 -04:00
|
|
|
def repository_storages
|
2016-11-04 08:56:53 -04:00
|
|
|
Array(read_attribute(:repository_storages))
|
2016-11-03 10:12:20 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
# repository_storage is still required in the API. Remove in 9.0
|
|
|
|
def repository_storage
|
|
|
|
repository_storages.first
|
|
|
|
end
|
|
|
|
|
|
|
|
def repository_storage=(value)
|
|
|
|
self.repository_storages = [value]
|
|
|
|
end
|
|
|
|
|
2017-03-02 03:22:44 -05:00
|
|
|
def default_project_visibility=(level)
|
|
|
|
super(Gitlab::VisibilityLevel.level_value(level))
|
|
|
|
end
|
|
|
|
|
|
|
|
def default_snippet_visibility=(level)
|
|
|
|
super(Gitlab::VisibilityLevel.level_value(level))
|
|
|
|
end
|
|
|
|
|
|
|
|
def default_group_visibility=(level)
|
|
|
|
super(Gitlab::VisibilityLevel.level_value(level))
|
|
|
|
end
|
|
|
|
|
|
|
|
def restricted_visibility_levels=(levels)
|
|
|
|
super(levels.map { |level| Gitlab::VisibilityLevel.level_value(level) })
|
|
|
|
end
|
|
|
|
|
2016-11-03 10:12:20 -04:00
|
|
|
# Choose one of the available repository storage options. Currently all have
|
|
|
|
# equal weighting.
|
|
|
|
def pick_repository_storage
|
|
|
|
repository_storages.sample
|
|
|
|
end
|
|
|
|
|
2015-12-23 04:48:10 -05:00
|
|
|
def runners_registration_token
|
|
|
|
ensure_runners_registration_token!
|
|
|
|
end
|
2016-05-09 19:21:22 -04:00
|
|
|
|
|
|
|
def health_check_access_token
|
|
|
|
ensure_health_check_access_token!
|
|
|
|
end
|
2016-11-03 10:12:20 -04:00
|
|
|
|
2016-11-12 19:00:21 -05:00
|
|
|
def sidekiq_throttling_enabled?
|
|
|
|
return false unless sidekiq_throttling_column_exists?
|
|
|
|
|
|
|
|
sidekiq_throttling_enabled
|
|
|
|
end
|
|
|
|
|
2016-11-03 10:12:20 -04:00
|
|
|
private
|
|
|
|
|
2017-04-24 15:12:05 -04:00
|
|
|
def ensure_uuid!
|
|
|
|
return if uuid?
|
|
|
|
|
|
|
|
self.uuid = SecureRandom.uuid
|
|
|
|
end
|
|
|
|
|
2016-11-03 10:12:20 -04:00
|
|
|
def check_repository_storages
|
|
|
|
invalid = repository_storages - Gitlab.config.repositories.storages.keys
|
|
|
|
errors.add(:repository_storages, "can't include: #{invalid.join(", ")}") unless
|
|
|
|
invalid.empty?
|
|
|
|
end
|
2015-01-08 03:22:50 -05:00
|
|
|
end
|