From 46e6a9f8a0f2dc0ae4e3152646f319a7cb5abcb2 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Sat, 17 Feb 2018 21:29:22 -0800
Subject: [PATCH] Don't attempt to update user tracked fields if database is in
 read-only

With Geo, attempting to view an endpoint with a user could result in an
Error 500 since Devise attempts to update the last sign-in IP and other
details.

Closes gitlab-org/gitlab-ee#4972
---
 app/models/user.rb                                        | 2 ++
 changelogs/unreleased/sh-guard-read-only-user-updates.yml | 5 +++++
 spec/models/user_spec.rb                                  | 8 ++++++++
 3 files changed, 15 insertions(+)
 create mode 100644 changelogs/unreleased/sh-guard-read-only-user-updates.yml

diff --git a/app/models/user.rb b/app/models/user.rb
index 5e84d2da805..f5eeba27572 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -59,6 +59,8 @@ class User < ActiveRecord::Base
   # Override Devise::Models::Trackable#update_tracked_fields!
   # to limit database writes to at most once every hour
   def update_tracked_fields!(request)
+    return if Gitlab::Database.read_only?
+
     update_tracked_fields(request)
 
     lease = Gitlab::ExclusiveLease.new("user_update_tracked_fields:#{id}", timeout: 1.hour.to_i)
diff --git a/changelogs/unreleased/sh-guard-read-only-user-updates.yml b/changelogs/unreleased/sh-guard-read-only-user-updates.yml
new file mode 100644
index 00000000000..b8dbd840ed9
--- /dev/null
+++ b/changelogs/unreleased/sh-guard-read-only-user-updates.yml
@@ -0,0 +1,5 @@
+---
+title: Don't attempt to update user tracked fields if database is in read-only
+merge_request:
+author:
+type: fixed
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 1815696a8a0..3531de244bd 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -496,6 +496,14 @@ describe User do
         user2.update_tracked_fields!(request)
       end.to change { user2.reload.current_sign_in_at }
     end
+
+    it 'does not write if the DB is in read-only mode' do
+      expect(Gitlab::Database).to receive(:read_only?).and_return(true)
+
+      expect do
+        user.update_tracked_fields!(request)
+      end.not_to change { user.reload.current_sign_in_at }
+    end
   end
 
   shared_context 'user keys' do