Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-01-13 06:14:35 +00:00
parent 2de2cc6833
commit 03d0856547
8 changed files with 22 additions and 85 deletions

View File

@ -21,7 +21,6 @@
#
class ActiveSession
include ActiveModel::Model
include ::Gitlab::Redis::SessionsStoreHelper
SESSION_BATCH_SIZE = 200
ALLOWED_NUMBER_OF_ACTIVE_SESSIONS = 100
@ -66,7 +65,7 @@ class ActiveSession
end
def self.set(user, request)
redis_store_class.with do |redis|
Gitlab::Redis::Sessions.with do |redis|
session_private_id = request.session.id.private_id
client = DeviceDetector.new(request.user_agent)
timestamp = Time.current
@ -107,7 +106,7 @@ class ActiveSession
end
def self.list(user)
redis_store_class.with do |redis|
Gitlab::Redis::Sessions.with do |redis|
cleaned_up_lookup_entries(redis, user).map do |raw_session|
load_raw_session(raw_session)
end
@ -115,7 +114,7 @@ class ActiveSession
end
def self.cleanup(user)
redis_store_class.with do |redis|
Gitlab::Redis::Sessions.with do |redis|
clean_up_old_sessions(redis, user)
cleaned_up_lookup_entries(redis, user)
end
@ -138,7 +137,7 @@ class ActiveSession
def self.destroy_session(user, session_id)
return unless session_id
redis_store_class.with do |redis|
Gitlab::Redis::Sessions.with do |redis|
destroy_sessions(redis, user, [session_id].compact)
end
end
@ -147,7 +146,7 @@ class ActiveSession
sessions = not_impersonated(user)
sessions.reject! { |session| session.current?(current_rack_session) } if current_rack_session
redis_store_class.with do |redis|
Gitlab::Redis::Sessions.with do |redis|
session_ids = sessions.flat_map(&:ids)
destroy_sessions(redis, user, session_ids) if session_ids.any?
end
@ -182,7 +181,7 @@ class ActiveSession
#
# Returns an array of strings
def self.session_ids_for_user(user_id)
redis_store_class.with do |redis|
Gitlab::Redis::Sessions.with do |redis|
redis.smembers(lookup_key_name(user_id))
end
end
@ -195,7 +194,7 @@ class ActiveSession
def self.sessions_from_ids(session_ids)
return [] if session_ids.empty?
redis_store_class.with do |redis|
Gitlab::Redis::Sessions.with do |redis|
session_keys = rack_session_keys(session_ids)
session_keys.each_slice(SESSION_BATCH_SIZE).flat_map do |session_keys_batch|

View File

@ -19,15 +19,7 @@ cookie_key = if Rails.env.development?
"_gitlab_session"
end
store = if Gitlab::Utils.to_boolean(ENV['GITLAB_USE_REDIS_SESSIONS_STORE'], default: true)
Gitlab::Redis::Sessions.store(
namespace: Gitlab::Redis::Sessions::SESSION_NAMESPACE
)
else
Gitlab::Redis::SharedState.store(
namespace: Gitlab::Redis::Sessions::SESSION_NAMESPACE
)
end
store = Gitlab::Redis::Sessions.store(namespace: Gitlab::Redis::Sessions::SESSION_NAMESPACE)
Gitlab::Application.config.session_store(
:redis_store, # Using the cookie_store would enable session replay attacks.

View File

@ -1131,6 +1131,9 @@ A site profile contains the following:
When an API site type is selected, a [host override](#host-override) is used to ensure the API being scanned is on the same host as the target. This is done to reduce the risk of running an active scan against the wrong API.
When configured, request headers and password fields are encrypted using [`aes-256-gcm`](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) before being stored in the database.
This data can only be read and decrypted with a valid secrets file.
#### Site profile validation
> - Site profile validation [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/233020) in GitLab 13.8.

View File

@ -804,6 +804,10 @@ An approval is optional when a license report:
- Contains no software license violations.
- Contains only new licenses that are `allowed` or unknown.
## Warnings
We recommend that you use the most recent version of all containers, and the most recent supported version of all package managers and languages. Using previous versions carries an increased security risk because unsupported versions may no longer benefit from active security reporting and backporting of security fixes.
## Troubleshooting
### ASDF_PYTHON_VERSION does not automatically install the version

View File

@ -2,14 +2,12 @@
module Gitlab
class AnonymousSession
include ::Gitlab::Redis::SessionsStoreHelper
def initialize(remote_ip)
@remote_ip = remote_ip
end
def count_session_ip
redis_store_class.with do |redis|
Gitlab::Redis::Sessions.with do |redis|
redis.pipelined do |pipeline|
pipeline.incr(session_lookup_name)
pipeline.expire(session_lookup_name, 24.hours)
@ -18,13 +16,13 @@ module Gitlab
end
def session_count
redis_store_class.with do |redis|
Gitlab::Redis::Sessions.with do |redis|
redis.get(session_lookup_name).to_i
end
end
def cleanup_session_per_ip_count
redis_store_class.with do |redis|
Gitlab::Redis::Sessions.with do |redis|
redis.del(session_lookup_name)
end
end

View File

@ -1,27 +0,0 @@
# frozen_string_literal: true
module Gitlab
module Redis
module SessionsStoreHelper
extend ActiveSupport::Concern
module StoreMethods
def redis_store_class
use_redis_session_store? ? Gitlab::Redis::Sessions : Gitlab::Redis::SharedState
end
private
def use_redis_session_store?
Gitlab::Utils.to_boolean(ENV['GITLAB_USE_REDIS_SESSIONS_STORE'], default: true)
end
end
include StoreMethods
included do
extend StoreMethods
end
end
end
end

View File

@ -100,15 +100,13 @@ namespace :gitlab do
namespace :sessions do
desc "GitLab | Cleanup | Sessions | Clean ActiveSession lookup keys"
task active_sessions_lookup_keys: :gitlab_environment do
use_redis_session_store = Gitlab::Utils.to_boolean(ENV['GITLAB_USE_REDIS_SESSIONS_STORE'], default: true)
redis_store_class = use_redis_session_store ? Gitlab::Redis::Sessions : Gitlab::Redis::SharedState
session_key_pattern = "#{Gitlab::Redis::Sessions::USER_SESSIONS_LOOKUP_NAMESPACE}:*"
last_save_check = Time.at(0)
wait_time = 10.seconds
cursor = 0
total_users_scanned = 0
redis_store_class.with do |redis|
Gitlab::Redis::Sessions.with do |redis|
begin
cursor, keys = redis.scan(cursor, match: session_key_pattern)
total_users_scanned += keys.count

View File

@ -10,40 +10,10 @@ RSpec.describe 'Session initializer for GitLab' do
end
describe 'config#session_store' do
context 'when the GITLAB_USE_REDIS_SESSIONS_STORE env is not set' do
before do
stub_env('GITLAB_USE_REDIS_SESSIONS_STORE', nil)
end
it 'initialized as a redis_store with a proper servers configuration' do
expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(::Redis::Store)))
it 'initialized with Multistore as ENV var defaults to true' do
expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(::Redis::Store)))
load_session_store
end
end
context 'when the GITLAB_USE_REDIS_SESSIONS_STORE env is disabled' do
before do
stub_env('GITLAB_USE_REDIS_SESSIONS_STORE', false)
end
it 'initialized as a redis_store with a proper servers configuration' do
expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(Redis::Store)))
load_session_store
end
end
context 'when the GITLAB_USE_REDIS_SESSIONS_STORE env is enabled' do
before do
stub_env('GITLAB_USE_REDIS_SESSIONS_STORE', true)
end
it 'initialized as a redis_store with a proper servers configuration' do
expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(::Redis::Store)))
load_session_store
end
load_session_store
end
end
end