Merge branch '56309-read-only-controller-doesn-t-account-for-relative-paths-for-admin-sidekiq-route' into 'master'

Allow sidekiq admin requests, regardless of root Closes #56309 See merge request gitlab-org/gitlab-ce!24352
2019-01-16 20:12:54 +00:00 · 2019-01-16 20:12:54 +00:00 · dbe11b9ca5
parent 906c24e463 61111d4c0d
commit dbe11b9ca5
2 changed files with 42 additions and 14 deletions
--- a/lib/gitlab/middleware/read_only/controller.rb
+++ b/lib/gitlab/middleware/read_only/controller.rb
@ -71,12 +71,16 @@ module Gitlab
          @route_hash ||= Rails.application.routes.recognize_path(request.url, { method: request.request_method }) rescue {}
        end

-        # Overridden in EE module
-        def whitelisted_routes
-          grack_route || ReadOnly.internal_routes.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route
+        def relative_url
+          File.join('', Gitlab.config.gitlab.relative_url_root).chomp('/')
        end

-        def grack_route
+        # Overridden in EE module
+        def whitelisted_routes
+          grack_route? || internal_route? || lfs_route? || sidekiq_route?
+        end
+
+        def grack_route?
          # Calling route_hash may be expensive. Only do it if we think there's a possible match
          return false unless
            request.path.end_with?('.git/git-upload-pack', '.git/git-receive-pack')
@ -84,7 +88,11 @@ module Gitlab
          WHITELISTED_GIT_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
        end

-        def lfs_route
+        def internal_route?
+          ReadOnly.internal_routes.any? { |path| request.path.include?(path) }
+        end
+
+        def lfs_route?
          # Calling route_hash may be expensive. Only do it if we think there's a possible match
          unless request.path.end_with?('/info/lfs/objects/batch',
            '/info/lfs/locks', '/info/lfs/locks/verify') ||
@ -95,8 +103,8 @@ module Gitlab
          WHITELISTED_GIT_LFS_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
        end

-        def sidekiq_route
-          request.path.start_with?('/admin/sidekiq')
+        def sidekiq_route?
+          request.path.start_with?("#{relative_url}/admin/sidekiq")
        end
      end
    end
--- a/spec/lib/gitlab/middleware/read_only_spec.rb
+++ b/spec/lib/gitlab/middleware/read_only_spec.rb
@ -101,16 +101,36 @@ describe Gitlab::Middleware::ReadOnly do
        expect(subject).not_to disallow_request
      end

-      it 'expects requests to sidekiq admin to be allowed' do
-        response = request.post('/admin/sidekiq')
+      context 'sidekiq admin requests' do
+        where(:mounted_at) do
+          [
+            '',
+            '/',
+            '/gitlab',
+            '/gitlab/',
+            '/gitlab/gitlab',
+            '/gitlab/gitlab/'
+          ]
+        end

-        expect(response).not_to be_redirect
-        expect(subject).not_to disallow_request
+        with_them do
+          before do
+            stub_config_setting(relative_url_root: mounted_at)
+          end

-        response = request.get('/admin/sidekiq')
+          it 'allows requests' do
+            path = File.join(mounted_at, 'admin/sidekiq')
+            response = request.post(path)

-        expect(response).not_to be_redirect
-        expect(subject).not_to disallow_request
+            expect(response).not_to be_redirect
+            expect(subject).not_to disallow_request
+
+            response = request.get(path)
+
+            expect(response).not_to be_redirect
+            expect(subject).not_to disallow_request
+          end
+        end
      end

      where(:description, :path) do