summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2018-02-17 21:29:22 -0800
committerStan Hu <stanhu@gmail.com>2018-02-17 21:30:29 -0800
commit46e6a9f8a0f2dc0ae4e3152646f319a7cb5abcb2 (patch)
tree9b5a2f638c67c3c46975827a794d019986508a7e
parent557db7e635c70bf68a15f7029014301013b30070 (diff)
downloadgitlab-ce-46e6a9f8a0f2dc0ae4e3152646f319a7cb5abcb2.tar.gz
Don't attempt to update user tracked fields if database is in read-onlysh-guard-read-only-user-updates
With Geo, attempting to view an endpoint with a user could result in an Error 500 since Devise attempts to update the last sign-in IP and other details. Closes gitlab-org/gitlab-ee#4972
-rw-r--r--app/models/user.rb2
-rw-r--r--changelogs/unreleased/sh-guard-read-only-user-updates.yml5
-rw-r--r--spec/models/user_spec.rb8
3 files changed, 15 insertions, 0 deletions
diff --git a/app/models/user.rb b/app/models/user.rb
index 5e84d2da805..f5eeba27572 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -59,6 +59,8 @@ class User < ActiveRecord::Base
# Override Devise::Models::Trackable#update_tracked_fields!
# to limit database writes to at most once every hour
def update_tracked_fields!(request)
+ return if Gitlab::Database.read_only?
+
update_tracked_fields(request)
lease = Gitlab::ExclusiveLease.new("user_update_tracked_fields:#{id}", timeout: 1.hour.to_i)
diff --git a/changelogs/unreleased/sh-guard-read-only-user-updates.yml b/changelogs/unreleased/sh-guard-read-only-user-updates.yml
new file mode 100644
index 00000000000..b8dbd840ed9
--- /dev/null
+++ b/changelogs/unreleased/sh-guard-read-only-user-updates.yml
@@ -0,0 +1,5 @@
+---
+title: Don't attempt to update user tracked fields if database is in read-only
+merge_request:
+author:
+type: fixed
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 1815696a8a0..3531de244bd 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -496,6 +496,14 @@ describe User do
user2.update_tracked_fields!(request)
end.to change { user2.reload.current_sign_in_at }
end
+
+ it 'does not write if the DB is in read-only mode' do
+ expect(Gitlab::Database).to receive(:read_only?).and_return(true)
+
+ expect do
+ user.update_tracked_fields!(request)
+ end.not_to change { user.reload.current_sign_in_at }
+ end
end
shared_context 'user keys' do