blob: 0d27134279e3bc2c83a87f5cbc5fba5d3907d1c4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
class ApplicationController < ActionController::Base
include UserSessionsHelper
rescue_from Network::UnauthorizedError, with: :invalid_token
before_filter :default_headers
before_filter :check_config
protect_from_forgery
helper_method :current_user
before_filter :reset_cache
private
def current_user
@current_user ||= session[:current_user]
end
def sign_in(user)
session[:current_user] = user
end
def sign_out
reset_session
end
def authenticate_user!
unless current_user
redirect_to new_user_sessions_path
return
end
end
def authenticate_admin!
unless current_user && current_user.is_admin
redirect_to new_user_sessions_path
return
end
end
def authenticate_public_page!
unless project.public
unless current_user
redirect_to(new_user_sessions_path(state: generate_oauth_state(request.fullpath))) and return
end
unless current_user.can_access_project?(project.gitlab_id)
page_404 and return
end
end
end
def authenticate_token!
unless project.valid_token?(params[:token])
return head(403)
end
end
def authorize_access_project!
unless current_user.can_access_project?(@project.gitlab_id)
return page_404
end
end
def authorize_project_developer!
unless current_user.has_developer_access?(@project.gitlab_id)
return page_404
end
end
def authorize_manage_project!
unless current_user.can_manage_project?(@project.gitlab_id)
return page_404
end
end
def page_404
render file: "#{Rails.root}/public/404.html", status: 404, layout: false
end
# Reset user cache every day for security purposes
def reset_cache
if current_user && current_user.sync_at < (Time.zone.now - 24.hours)
current_user.reset_cache
end
end
def default_headers
headers['X-Frame-Options'] = 'DENY'
headers['X-XSS-Protection'] = '1; mode=block'
end
# JSON for infinite scroll via Pager object
def pager_json(partial, count)
html = render_to_string(
partial,
layout: false,
formats: [:html]
)
render json: {
html: html,
count: count
}
end
def check_config
redirect_to oauth2_help_path unless valid_config?
end
def valid_config?
server = GitlabCi.config.gitlab_server
if server.blank? || server.url.blank? || server.app_id.blank? || server.app_secret.blank?
false
else
true
end
rescue Settingslogic::MissingSetting, NoMethodError
false
end
def invalid_token
reset_session
redirect_to :root
end
end
|
