Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
2de2cc6833
commit
03d0856547
|
@ -21,7 +21,6 @@
|
|||
#
|
||||
class ActiveSession
|
||||
include ActiveModel::Model
|
||||
include ::Gitlab::Redis::SessionsStoreHelper
|
||||
|
||||
SESSION_BATCH_SIZE = 200
|
||||
ALLOWED_NUMBER_OF_ACTIVE_SESSIONS = 100
|
||||
|
@ -66,7 +65,7 @@ class ActiveSession
|
|||
end
|
||||
|
||||
def self.set(user, request)
|
||||
redis_store_class.with do |redis|
|
||||
Gitlab::Redis::Sessions.with do |redis|
|
||||
session_private_id = request.session.id.private_id
|
||||
client = DeviceDetector.new(request.user_agent)
|
||||
timestamp = Time.current
|
||||
|
@ -107,7 +106,7 @@ class ActiveSession
|
|||
end
|
||||
|
||||
def self.list(user)
|
||||
redis_store_class.with do |redis|
|
||||
Gitlab::Redis::Sessions.with do |redis|
|
||||
cleaned_up_lookup_entries(redis, user).map do |raw_session|
|
||||
load_raw_session(raw_session)
|
||||
end
|
||||
|
@ -115,7 +114,7 @@ class ActiveSession
|
|||
end
|
||||
|
||||
def self.cleanup(user)
|
||||
redis_store_class.with do |redis|
|
||||
Gitlab::Redis::Sessions.with do |redis|
|
||||
clean_up_old_sessions(redis, user)
|
||||
cleaned_up_lookup_entries(redis, user)
|
||||
end
|
||||
|
@ -138,7 +137,7 @@ class ActiveSession
|
|||
def self.destroy_session(user, session_id)
|
||||
return unless session_id
|
||||
|
||||
redis_store_class.with do |redis|
|
||||
Gitlab::Redis::Sessions.with do |redis|
|
||||
destroy_sessions(redis, user, [session_id].compact)
|
||||
end
|
||||
end
|
||||
|
@ -147,7 +146,7 @@ class ActiveSession
|
|||
sessions = not_impersonated(user)
|
||||
sessions.reject! { |session| session.current?(current_rack_session) } if current_rack_session
|
||||
|
||||
redis_store_class.with do |redis|
|
||||
Gitlab::Redis::Sessions.with do |redis|
|
||||
session_ids = sessions.flat_map(&:ids)
|
||||
destroy_sessions(redis, user, session_ids) if session_ids.any?
|
||||
end
|
||||
|
@ -182,7 +181,7 @@ class ActiveSession
|
|||
#
|
||||
# Returns an array of strings
|
||||
def self.session_ids_for_user(user_id)
|
||||
redis_store_class.with do |redis|
|
||||
Gitlab::Redis::Sessions.with do |redis|
|
||||
redis.smembers(lookup_key_name(user_id))
|
||||
end
|
||||
end
|
||||
|
@ -195,7 +194,7 @@ class ActiveSession
|
|||
def self.sessions_from_ids(session_ids)
|
||||
return [] if session_ids.empty?
|
||||
|
||||
redis_store_class.with do |redis|
|
||||
Gitlab::Redis::Sessions.with do |redis|
|
||||
session_keys = rack_session_keys(session_ids)
|
||||
|
||||
session_keys.each_slice(SESSION_BATCH_SIZE).flat_map do |session_keys_batch|
|
||||
|
|
|
@ -19,15 +19,7 @@ cookie_key = if Rails.env.development?
|
|||
"_gitlab_session"
|
||||
end
|
||||
|
||||
store = if Gitlab::Utils.to_boolean(ENV['GITLAB_USE_REDIS_SESSIONS_STORE'], default: true)
|
||||
Gitlab::Redis::Sessions.store(
|
||||
namespace: Gitlab::Redis::Sessions::SESSION_NAMESPACE
|
||||
)
|
||||
else
|
||||
Gitlab::Redis::SharedState.store(
|
||||
namespace: Gitlab::Redis::Sessions::SESSION_NAMESPACE
|
||||
)
|
||||
end
|
||||
store = Gitlab::Redis::Sessions.store(namespace: Gitlab::Redis::Sessions::SESSION_NAMESPACE)
|
||||
|
||||
Gitlab::Application.config.session_store(
|
||||
:redis_store, # Using the cookie_store would enable session replay attacks.
|
||||
|
|
|
@ -1131,6 +1131,9 @@ A site profile contains the following:
|
|||
|
||||
When an API site type is selected, a [host override](#host-override) is used to ensure the API being scanned is on the same host as the target. This is done to reduce the risk of running an active scan against the wrong API.
|
||||
|
||||
When configured, request headers and password fields are encrypted using [`aes-256-gcm`](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) before being stored in the database.
|
||||
This data can only be read and decrypted with a valid secrets file.
|
||||
|
||||
#### Site profile validation
|
||||
|
||||
> - Site profile validation [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/233020) in GitLab 13.8.
|
||||
|
|
|
@ -804,6 +804,10 @@ An approval is optional when a license report:
|
|||
- Contains no software license violations.
|
||||
- Contains only new licenses that are `allowed` or unknown.
|
||||
|
||||
## Warnings
|
||||
|
||||
We recommend that you use the most recent version of all containers, and the most recent supported version of all package managers and languages. Using previous versions carries an increased security risk because unsupported versions may no longer benefit from active security reporting and backporting of security fixes.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### ASDF_PYTHON_VERSION does not automatically install the version
|
||||
|
|
|
@ -2,14 +2,12 @@
|
|||
|
||||
module Gitlab
|
||||
class AnonymousSession
|
||||
include ::Gitlab::Redis::SessionsStoreHelper
|
||||
|
||||
def initialize(remote_ip)
|
||||
@remote_ip = remote_ip
|
||||
end
|
||||
|
||||
def count_session_ip
|
||||
redis_store_class.with do |redis|
|
||||
Gitlab::Redis::Sessions.with do |redis|
|
||||
redis.pipelined do |pipeline|
|
||||
pipeline.incr(session_lookup_name)
|
||||
pipeline.expire(session_lookup_name, 24.hours)
|
||||
|
@ -18,13 +16,13 @@ module Gitlab
|
|||
end
|
||||
|
||||
def session_count
|
||||
redis_store_class.with do |redis|
|
||||
Gitlab::Redis::Sessions.with do |redis|
|
||||
redis.get(session_lookup_name).to_i
|
||||
end
|
||||
end
|
||||
|
||||
def cleanup_session_per_ip_count
|
||||
redis_store_class.with do |redis|
|
||||
Gitlab::Redis::Sessions.with do |redis|
|
||||
redis.del(session_lookup_name)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Gitlab
|
||||
module Redis
|
||||
module SessionsStoreHelper
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
module StoreMethods
|
||||
def redis_store_class
|
||||
use_redis_session_store? ? Gitlab::Redis::Sessions : Gitlab::Redis::SharedState
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def use_redis_session_store?
|
||||
Gitlab::Utils.to_boolean(ENV['GITLAB_USE_REDIS_SESSIONS_STORE'], default: true)
|
||||
end
|
||||
end
|
||||
|
||||
include StoreMethods
|
||||
|
||||
included do
|
||||
extend StoreMethods
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -100,15 +100,13 @@ namespace :gitlab do
|
|||
namespace :sessions do
|
||||
desc "GitLab | Cleanup | Sessions | Clean ActiveSession lookup keys"
|
||||
task active_sessions_lookup_keys: :gitlab_environment do
|
||||
use_redis_session_store = Gitlab::Utils.to_boolean(ENV['GITLAB_USE_REDIS_SESSIONS_STORE'], default: true)
|
||||
redis_store_class = use_redis_session_store ? Gitlab::Redis::Sessions : Gitlab::Redis::SharedState
|
||||
session_key_pattern = "#{Gitlab::Redis::Sessions::USER_SESSIONS_LOOKUP_NAMESPACE}:*"
|
||||
last_save_check = Time.at(0)
|
||||
wait_time = 10.seconds
|
||||
cursor = 0
|
||||
total_users_scanned = 0
|
||||
|
||||
redis_store_class.with do |redis|
|
||||
Gitlab::Redis::Sessions.with do |redis|
|
||||
begin
|
||||
cursor, keys = redis.scan(cursor, match: session_key_pattern)
|
||||
total_users_scanned += keys.count
|
||||
|
|
|
@ -10,40 +10,10 @@ RSpec.describe 'Session initializer for GitLab' do
|
|||
end
|
||||
|
||||
describe 'config#session_store' do
|
||||
context 'when the GITLAB_USE_REDIS_SESSIONS_STORE env is not set' do
|
||||
before do
|
||||
stub_env('GITLAB_USE_REDIS_SESSIONS_STORE', nil)
|
||||
end
|
||||
it 'initialized as a redis_store with a proper servers configuration' do
|
||||
expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(::Redis::Store)))
|
||||
|
||||
it 'initialized with Multistore as ENV var defaults to true' do
|
||||
expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(::Redis::Store)))
|
||||
|
||||
load_session_store
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the GITLAB_USE_REDIS_SESSIONS_STORE env is disabled' do
|
||||
before do
|
||||
stub_env('GITLAB_USE_REDIS_SESSIONS_STORE', false)
|
||||
end
|
||||
|
||||
it 'initialized as a redis_store with a proper servers configuration' do
|
||||
expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(Redis::Store)))
|
||||
|
||||
load_session_store
|
||||
end
|
||||
end
|
||||
|
||||
context 'when the GITLAB_USE_REDIS_SESSIONS_STORE env is enabled' do
|
||||
before do
|
||||
stub_env('GITLAB_USE_REDIS_SESSIONS_STORE', true)
|
||||
end
|
||||
|
||||
it 'initialized as a redis_store with a proper servers configuration' do
|
||||
expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(::Redis::Store)))
|
||||
|
||||
load_session_store
|
||||
end
|
||||
load_session_store
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue