blob: 726781cb30bbcccc6d505fdff3c02e65422a4b17 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
module Ci
class ApplicationController < ActionController::Base
def self.railtie_helpers_paths
"app/helpers/ci"
end
include Ci::UserSessionsHelper
rescue_from Ci::Network::UnauthorizedError, with: :invalid_token
before_filter :default_headers
before_filter :check_config
protect_from_forgery
helper_method :current_user
before_filter :reset_cache
private
def current_user
@current_user ||= session[:ci_current_user]
end
def sign_in(user)
session[:ci_current_user] = user
end
def sign_out
reset_session
end
def authenticate_user!
unless current_user
redirect_to new_ci_user_sessions_path
return
end
end
def authenticate_admin!
unless current_user && current_user.is_admin
redirect_to new_ci_user_sessions_path
return
end
end
def authenticate_public_page!
unless project.public
unless current_user
redirect_to(new_ci_user_sessions_path(state: generate_oauth_state(request.fullpath))) and return
end
unless current_user.can_access_project?(project.gitlab_id)
page_404 and return
end
end
end
def authenticate_token!
unless project.valid_token?(params[:token])
return head(403)
end
end
def authorize_access_project!
unless current_user.can_access_project?(@project.gitlab_id)
return page_404
end
end
def authorize_project_developer!
unless current_user.has_developer_access?(@project.gitlab_id)
return page_404
end
end
def authorize_manage_project!
unless current_user.can_manage_project?(@project.gitlab_id)
return page_404
end
end
def page_404
render file: "#{Rails.root}/public/404.html", status: 404, layout: false
end
# Reset user cache every day for security purposes
def reset_cache
if current_user && current_user.sync_at < (Time.zone.now - 24.hours)
current_user.reset_cache
end
end
def default_headers
headers['X-Frame-Options'] = 'DENY'
headers['X-XSS-Protection'] = '1; mode=block'
end
# JSON for infinite scroll via Pager object
def pager_json(partial, count)
html = render_to_string(
partial,
layout: false,
formats: [:html]
)
render json: {
html: html,
count: count
}
end
def check_config
redirect_to oauth2_ci_help_path unless valid_config?
end
def valid_config?
server = GitlabCi.config.gitlab_server
if server.blank? || server.url.blank? || server.app_id.blank? || server.app_secret.blank?
false
else
true
end
rescue Settingslogic::MissingSetting, NoMethodError
false
end
def invalid_token
reset_session
redirect_to ci_root_path
end
end
end
|
