From 3c9d75e045c94e25a53e78257b47c938f9c538a2 Mon Sep 17 00:00:00 2001 From: manojmj Date: Tue, 23 Jul 2019 11:44:09 +0530 Subject: CE Port: Log impersonation actions in audit log This change adds audit logs for user impersonation when an admin starts/stops impersonating another user. --- app/controllers/application_controller.rb | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 75108bf2646..0c80a276fce 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -499,9 +499,7 @@ class ApplicationController < ActionController::Base end def stop_impersonation - impersonated_user = current_user - - Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}") + log_impersonation_event warden.set_user(impersonator, scope: :user) session[:impersonator_id] = nil @@ -509,6 +507,14 @@ class ApplicationController < ActionController::Base impersonated_user end + def impersonated_user + current_user + end + + def log_impersonation_event + Gitlab::AppLogger.info("User #{impersonator.username} has stopped impersonating #{impersonated_user.username}") + end + def impersonator @impersonator ||= User.find(session[:impersonator_id]) if session[:impersonator_id] end -- cgit v1.2.1 From 1ce5bcacdbf56682e05fa63875203bf4d10584bc Mon Sep 17 00:00:00 2001 From: Heinrich Lee Yu Date: Wed, 24 Jul 2019 17:20:54 +0800 Subject: Remove code related to object hierarchy in MySQL These are not required because MySQL is not supported anymore --- app/controllers/application_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0c80a276fce..1d55a073f3b 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -421,7 +421,7 @@ class ApplicationController < ActionController::Base end def manifest_import_enabled? - Group.supports_nested_objects? && Gitlab::CurrentSettings.import_sources.include?('manifest') + Gitlab::CurrentSettings.import_sources.include?('manifest') end def phabricator_import_enabled? -- cgit v1.2.1 From 2bc0f0cfcf7b201df2e55afb5c1360f3d591782a Mon Sep 17 00:00:00 2001 From: Alex Buijs Date: Wed, 31 Jul 2019 16:47:58 +0200 Subject: Add ConfirmEmailWarning concern --- app/controllers/application_controller.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1d55a073f3b..1268972fbc1 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -12,6 +12,7 @@ class ApplicationController < ActionController::Base include EnforcesTwoFactorAuthentication include WithPerformanceBar include SessionlessAuthentication + include ConfirmEmailWarning before_action :authenticate_user! before_action :enforce_terms!, if: :should_enforce_terms? -- cgit v1.2.1 From 10b2383f02c6726b6c07f78f3a3fcd2021e6f9f3 Mon Sep 17 00:00:00 2001 From: George Koltsov Date: Wed, 14 Aug 2019 12:07:42 +0100 Subject: Exclude json content type from workhorse interception --- app/controllers/application_controller.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1d55a073f3b..3bb19e8628a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -116,7 +116,7 @@ class ApplicationController < ActionController::Base def render(*args) super.tap do # Set a header for custom error pages to prevent them from being intercepted by gitlab-workhorse - if response.content_type == 'text/html' && (400..599).cover?(response.status) + if workhorse_excluded_content_types.include?(response.content_type) && (400..599).cover?(response.status) response.headers['X-GitLab-Custom-Error'] = '1' end end @@ -124,6 +124,10 @@ class ApplicationController < ActionController::Base protected + def workhorse_excluded_content_types + @workhorse_excluded_content_types ||= %w(text/html application/json) + end + def append_info_to_payload(payload) super -- cgit v1.2.1 From 2857a40950d23173e4280513a5f318b89d1d0a11 Mon Sep 17 00:00:00 2001 From: George Koltsov Date: Thu, 15 Aug 2019 10:11:35 +0100 Subject: Swap clauses as per code review suggestion --- app/controllers/application_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers/application_controller.rb') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3bb19e8628a..5e65084a110 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -116,7 +116,7 @@ class ApplicationController < ActionController::Base def render(*args) super.tap do # Set a header for custom error pages to prevent them from being intercepted by gitlab-workhorse - if workhorse_excluded_content_types.include?(response.content_type) && (400..599).cover?(response.status) + if (400..599).cover?(response.status) && workhorse_excluded_content_types.include?(response.content_type) response.headers['X-GitLab-Custom-Error'] = '1' end end -- cgit v1.2.1