From 567a25b63032a82fd188177ea7a29a92ca2dc381 Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Sat, 13 Jun 2015 00:22:55 -0400 Subject: [PATCH] Ensure `session_expire_delay` field exists before accessing it Closes #1798 --- app/models/application_setting.rb | 8 ++++---- config/initializers/session_store.rb | 8 ++++---- db/schema.rb | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index 29f8fac470b..fee52694099 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -27,10 +27,10 @@ class ApplicationSetting < ActiveRecord::Base serialize :restricted_visibility_levels serialize :restricted_signup_domains, Array attr_accessor :restricted_signup_domains_raw - - validates :session_expire_delay, - presence: true, - numericality: { only_integer: true, greater_than_or_equal_to: 0 } + + validates :session_expire_delay, + presence: true, + numericality: { only_integer: true, greater_than_or_equal_to: 0 } validates :home_page_url, allow_blank: true, diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 43077fb575e..6d274cd95a1 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,8 +1,8 @@ # Be sure to restart your server when you modify this file. -if ActiveRecord::Base.connection.active? && ActiveRecord::Base.connection.table_exists?('application_settings') - Settings.gitlab['session_expire_delay'] = ApplicationSetting.current.session_expire_delay -end +require 'gitlab/current_settings' +include Gitlab::CurrentSettings +Settings.gitlab['session_expire_delay'] = current_application_settings.session_expire_delay Gitlab::Application.config.session_store( :redis_store, # Using the cookie_store would enable session replay attacks. @@ -12,4 +12,4 @@ Gitlab::Application.config.session_store( httponly: true, expire_after: Settings.gitlab['session_expire_delay'] * 60, path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root -) \ No newline at end of file +) diff --git a/db/schema.rb b/db/schema.rb index 04f887274de..9a9d4a85e4b 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20150604202921) do +ActiveRecord::Schema.define(version: 20150609141121) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -29,13 +29,13 @@ ActiveRecord::Schema.define(version: 20150604202921) do t.boolean "twitter_sharing_enabled", default: true t.text "restricted_visibility_levels" t.boolean "version_check_enabled", default: true - t.integer "max_attachment_size", default: 10, null: false + t.integer "max_attachment_size", default: 10, null: false t.integer "default_project_visibility" t.integer "default_snippet_visibility" t.text "restricted_signup_domains" t.boolean "user_oauth_applications", default: true t.string "after_sign_out_path" - t.integer "session_expire_delay", default: 10080, null: false + t.integer "session_expire_delay", default: 10080, null: false end create_table "broadcast_messages", force: true do |t| @@ -496,12 +496,12 @@ ActiveRecord::Schema.define(version: 20150604202921) do t.string "bitbucket_access_token" t.string "bitbucket_access_token_secret" t.string "location" - t.string "public_email", default: "", null: false t.string "encrypted_otp_secret" t.string "encrypted_otp_secret_iv" t.string "encrypted_otp_secret_salt" t.boolean "otp_required_for_login" t.text "otp_backup_codes" + t.string "public_email", default: "", null: false end add_index "users", ["admin"], name: "index_users_on_admin", using: :btree