diff options
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 96 |
1 files changed, 48 insertions, 48 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b7eb6af6d67..9f94d5eb3af 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true -require 'gon' -require 'fogbugz' +require "gon" +require "fogbugz" class ApplicationController < ActionController::Base include Gitlab::GonHelper @@ -45,8 +45,8 @@ class ApplicationController < ActionController::Base # Adds `no-store` to the DEFAULT_CACHE_CONTROL, to prevent security # concerns due to caching private data. - DEFAULT_GITLAB_CACHE_CONTROL = "#{ActionDispatch::Http::Cache::Response::DEFAULT_CACHE_CONTROL}, no-store".freeze - DEFAULT_GITLAB_CONTROL_NO_CACHE = "#{DEFAULT_GITLAB_CACHE_CONTROL}, no-cache".freeze + DEFAULT_GITLAB_CACHE_CONTROL = "#{ActionDispatch::Http::Cache::Response::DEFAULT_CACHE_CONTROL}, no-store" + DEFAULT_GITLAB_CONTROL_NO_CACHE = "#{DEFAULT_GITLAB_CACHE_CONTROL}, no-cache" rescue_from Encoding::CompatibilityError do |exception| log_exception(exception) @@ -73,7 +73,7 @@ class ApplicationController < ActionController::Base rescue_from GRPC::Unavailable, Gitlab::Git::CommandError do |exception| log_exception(exception) - headers['Retry-After'] = exception.retry_after if exception.respond_to?(:retry_after) + headers["Retry-After"] = exception.retry_after if exception.respond_to?(:retry_after) render_503 end @@ -105,18 +105,18 @@ class ApplicationController < ActionController::Base return if current_user # Rack sets this header, but not all tests may have it: https://github.com/rack/rack/blob/fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77/lib/rack/session/abstract/id.rb#L251-L259 - return unless request.env['rack.session.options'] + return unless request.env["rack.session.options"] # This works because Rack uses these options every time a request is handled: # https://github.com/rack/rack/blob/fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77/lib/rack/session/abstract/id.rb#L342 - request.env['rack.session.options'][:expire_after] = Settings.gitlab['unauthenticated_session_expire_delay'] + request.env["rack.session.options"][:expire_after] = Settings.gitlab["unauthenticated_session_expire_delay"] end def render(*args) super.tap do # Set a header for custom error pages to prevent them from being intercepted by gitlab-workhorse - if response.content_type == 'text/html' && (400..599).cover?(response.status) - response.headers['X-GitLab-Custom-Error'] = '1' + if response.content_type == "text/html" && (400..599).cover?(response.status) + response.headers["X-GitLab-Custom-Error"] = "1" end end end @@ -137,7 +137,7 @@ class ApplicationController < ActionController::Base payload[:username] = logged_user.try(:username) end - if response.status == 422 && response.body.present? && response.content_type == 'application/json'.freeze + if response.status == 422 && response.body.present? && response.content_type == "application/json" payload[:response] = response.body end @@ -193,9 +193,9 @@ class ApplicationController < ActionController::Base format.any { head status } format.html do render template, - layout: "errors", - status: status, - locals: { message: message } + layout: "errors", + status: status, + locals: {message: message} end end end @@ -215,7 +215,7 @@ class ApplicationController < ActionController::Base respond_to do |format| format.html { render "errors/not_found", layout: "errors", status: 404 } # Prevent the Rails CSRF protector from thinking a missing .js file is a JavaScript file - format.js { render json: '', status: :not_found, content_type: 'application/json' } + format.js { render json: "", status: :not_found, content_type: "application/json" } format.any { head :not_found } end end @@ -238,20 +238,20 @@ class ApplicationController < ActionController::Base end def no_cache_headers - headers['Cache-Control'] = DEFAULT_GITLAB_CONTROL_NO_CACHE - headers['Pragma'] = 'no-cache' # HTTP 1.0 compatibility - headers['Expires'] = 'Fri, 01 Jan 1990 00:00:00 GMT' + headers["Cache-Control"] = DEFAULT_GITLAB_CONTROL_NO_CACHE + headers["Pragma"] = "no-cache" # HTTP 1.0 compatibility + headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT" end def default_headers - headers['X-Frame-Options'] = 'DENY' - headers['X-XSS-Protection'] = '1; mode=block' - headers['X-UA-Compatible'] = 'IE=edge' - headers['X-Content-Type-Options'] = 'nosniff' + headers["X-Frame-Options"] = "DENY" + headers["X-XSS-Protection"] = "1; mode=block" + headers["X-UA-Compatible"] = "IE=edge" + headers["X-Content-Type-Options"] = "nosniff" if current_user - headers['Cache-Control'] = default_cache_control - headers['Pragma'] = 'no-cache' # HTTP 1.0 compatibility + headers["Cache-Control"] = default_cache_control + headers["Pragma"] = "no-cache" # HTTP 1.0 compatibility end end @@ -266,9 +266,9 @@ class ApplicationController < ActionController::Base def validate_user_service_ticket! return unless signed_in? && session[:service_tickets] - valid = session[:service_tickets].all? do |provider, ticket| + valid = session[:service_tickets].all? { |provider, ticket| Gitlab::Auth::OAuth::Session.valid?(provider, ticket) - end + } unless valid session[:service_tickets] = nil @@ -288,7 +288,7 @@ class ApplicationController < ActionController::Base end def ldap_security_check - if current_user && current_user.requires_ldap_check? + if current_user&.requires_ldap_check? return unless current_user.try_obtain_ldap_lease unless Gitlab::Auth::LDAP::Access.allowed?(current_user) @@ -317,7 +317,7 @@ class ApplicationController < ActionController::Base render json: { html: html, - count: count + count: count, } end @@ -339,8 +339,8 @@ class ApplicationController < ActionController::Base end def require_email - if current_user && current_user.temp_oauth_email? && session[:impersonator_id].nil? - return redirect_to profile_path, notice: 'Please complete your profile with email address' + if current_user&.temp_oauth_email? && session[:impersonator_id].nil? + redirect_to profile_path, notice: "Please complete your profile with email address" end end @@ -357,10 +357,10 @@ class ApplicationController < ActionController::Base # Redirect to the source if it was a post, so the user can re-submit after # accepting the terms. redirect_path = if request.get? - request.fullpath - else - URI(request.referer).path if request.referer - end + request.fullpath + else + URI(request.referer).path if request.referer + end flash[:notice] = message redirect_to terms_path(redirect: redirect_path), status: :found @@ -372,15 +372,15 @@ class ApplicationController < ActionController::Base end def bitbucket_server_import_enabled? - Gitlab::CurrentSettings.import_sources.include?('bitbucket_server') + Gitlab::CurrentSettings.import_sources.include?("bitbucket_server") end def github_import_enabled? - Gitlab::CurrentSettings.import_sources.include?('github') + Gitlab::CurrentSettings.import_sources.include?("github") end def gitea_import_enabled? - Gitlab::CurrentSettings.import_sources.include?('gitea') + Gitlab::CurrentSettings.import_sources.include?("gitea") end def github_import_configured? @@ -388,7 +388,7 @@ class ApplicationController < ActionController::Base end def gitlab_import_enabled? - request.host != 'gitlab.com' && Gitlab::CurrentSettings.import_sources.include?('gitlab') + request.host != "gitlab.com" && Gitlab::CurrentSettings.import_sources.include?("gitlab") end def gitlab_import_configured? @@ -396,7 +396,7 @@ class ApplicationController < ActionController::Base end def bitbucket_import_enabled? - Gitlab::CurrentSettings.import_sources.include?('bitbucket') + Gitlab::CurrentSettings.import_sources.include?("bitbucket") end def bitbucket_import_configured? @@ -404,23 +404,23 @@ class ApplicationController < ActionController::Base end def google_code_import_enabled? - Gitlab::CurrentSettings.import_sources.include?('google_code') + Gitlab::CurrentSettings.import_sources.include?("google_code") end def fogbugz_import_enabled? - Gitlab::CurrentSettings.import_sources.include?('fogbugz') + Gitlab::CurrentSettings.import_sources.include?("fogbugz") end def git_import_enabled? - Gitlab::CurrentSettings.import_sources.include?('git') + Gitlab::CurrentSettings.import_sources.include?("git") end def gitlab_project_import_enabled? - Gitlab::CurrentSettings.import_sources.include?('gitlab_project') + Gitlab::CurrentSettings.import_sources.include?("gitlab_project") end def manifest_import_enabled? - Group.supports_nested_objects? && Gitlab::CurrentSettings.import_sources.include?('manifest') + Group.supports_nested_objects? && Gitlab::CurrentSettings.import_sources.include?("manifest") end # U2F (universal 2nd factor) devices need a unique identifier for the application @@ -436,11 +436,11 @@ class ApplicationController < ActionController::Base def set_page_title_header # Per https://tools.ietf.org/html/rfc5987, headers need to be ISO-8859-1, not UTF-8 - response.headers['Page-Title'] = URI.escape(page_title('GitLab')) + response.headers["Page-Title"] = URI.escape(page_title("GitLab")) end def peek_request? - request.path.start_with?('/-/peek') + request.path.start_with?("/-/peek") end def json_request? @@ -456,7 +456,7 @@ class ApplicationController < ActionController::Base def set_usage_stats_consent_flag return unless current_user return if sessionless_user? - return if session.has_key?(:ask_for_usage_stats_consent) + return if session.key?(:ask_for_usage_stats_consent) session[:ask_for_usage_stats_consent] = current_user.requires_usage_stats_consent? @@ -469,7 +469,7 @@ class ApplicationController < ActionController::Base application_setting_params = { usage_ping_enabled: false, version_check_enabled: false, - skip_usage_stats_user: true + skip_usage_stats_user: true, } settings = Gitlab::CurrentSettings.current_application_settings @@ -483,7 +483,7 @@ class ApplicationController < ActionController::Base unless Gitlab.config.gitlab.impersonation_enabled stop_impersonation - access_denied! _('Impersonation has been disabled') + access_denied! _("Impersonation has been disabled") end end |