diff options
author | Stan Hu <stanhu@gmail.com> | 2018-02-17 21:29:22 -0800 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-02-17 21:30:29 -0800 |
commit | 46e6a9f8a0f2dc0ae4e3152646f319a7cb5abcb2 (patch) | |
tree | 9b5a2f638c67c3c46975827a794d019986508a7e | |
parent | 557db7e635c70bf68a15f7029014301013b30070 (diff) | |
download | gitlab-ce-46e6a9f8a0f2dc0ae4e3152646f319a7cb5abcb2.tar.gz |
Don't attempt to update user tracked fields if database is in read-onlysh-guard-read-only-user-updates
With Geo, attempting to view an endpoint with a user could result in an
Error 500 since Devise attempts to update the last sign-in IP and other
details.
Closes gitlab-org/gitlab-ee#4972
-rw-r--r-- | app/models/user.rb | 2 | ||||
-rw-r--r-- | changelogs/unreleased/sh-guard-read-only-user-updates.yml | 5 | ||||
-rw-r--r-- | spec/models/user_spec.rb | 8 |
3 files changed, 15 insertions, 0 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 5e84d2da805..f5eeba27572 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -59,6 +59,8 @@ class User < ActiveRecord::Base # Override Devise::Models::Trackable#update_tracked_fields! # to limit database writes to at most once every hour def update_tracked_fields!(request) + return if Gitlab::Database.read_only? + update_tracked_fields(request) lease = Gitlab::ExclusiveLease.new("user_update_tracked_fields:#{id}", timeout: 1.hour.to_i) diff --git a/changelogs/unreleased/sh-guard-read-only-user-updates.yml b/changelogs/unreleased/sh-guard-read-only-user-updates.yml new file mode 100644 index 00000000000..b8dbd840ed9 --- /dev/null +++ b/changelogs/unreleased/sh-guard-read-only-user-updates.yml @@ -0,0 +1,5 @@ +--- +title: Don't attempt to update user tracked fields if database is in read-only +merge_request: +author: +type: fixed diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 1815696a8a0..3531de244bd 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -496,6 +496,14 @@ describe User do user2.update_tracked_fields!(request) end.to change { user2.reload.current_sign_in_at } end + + it 'does not write if the DB is in read-only mode' do + expect(Gitlab::Database).to receive(:read_only?).and_return(true) + + expect do + user.update_tracked_fields!(request) + end.not_to change { user.reload.current_sign_in_at } + end end shared_context 'user keys' do |