Module: ApplicationSettingImplementation

Extended by:

ActiveSupport::Concern

Includes:

Gitlab::Utils::StrongMemoize

Included in:

ApplicationSetting, Gitlab::FakeApplicationSettings

Defined in:

app/models/application_setting_implementation.rb

Constant Summary

STRING_LIST_SEPARATOR =

%r{\s*[,;]\s*     # comma or semicolon, optionally surrounded by whitespace
  |               # or
  \s              # any whitespace character
  |               # or
  [\r\n]          # any number of newline characters
}x

FORBIDDEN_KEY_VALUE =

Setting a key restriction to ‘-1` means that all keys of this type are forbidden.

KeyRestrictionValidator::FORBIDDEN

VALID_RUNNER_REGISTRAR_TYPES =

%w[project group].freeze

DEFAULT_PROTECTED_PATHS =

[
  '/users/password',
  '/users/sign_in',
  '/api/v3/session.json',
  '/api/v3/session',
  '/api/v4/session.json',
  '/api/v4/session',
  '/users',
  '/users/confirmation',
  '/unsubscribes/',
  '/import/github/personal_access_token',
  '/admin/session'
].freeze

DEFAULT_MINIMUM_PASSWORD_LENGTH =

8

Instance Method Summary

• #add_to_outbound_local_requests_whitelist(values_array) ⇒ Object
• #allow_signup? ⇒ Boolean
• #allowed_key_types ⇒ Object
• #archive_builds_older_than ⇒ Object
• #asset_proxy_allowlist ⇒ Object
• #asset_proxy_whitelist=(values) ⇒ Object (also: #asset_proxy_allowlist=)
• #commit_email_hostname ⇒ Object
• #default_group_visibility=(level) ⇒ Object
• #default_project_visibility=(level) ⇒ Object
• #default_snippet_visibility=(level) ⇒ Object
• #disabled_oauth_sign_in_sources=(sources) ⇒ Object
• #domain_allowlist_raw ⇒ Object
• #domain_allowlist_raw=(values) ⇒ Object
• #domain_denylist_file=(file) ⇒ Object
• #domain_denylist_raw ⇒ Object
• #domain_denylist_raw=(values) ⇒ Object
• #ensure_key_restrictions! ⇒ Object
• #error_tracking_access_token ⇒ Object
• #health_check_access_token ⇒ Object
• #help_page_support_url_column_exists? ⇒ Boolean
• #home_page_url_column_exists? ⇒ Boolean
• #key_restriction_for(type) ⇒ Object
• #latest_terms ⇒ Object
• #normalized_repository_storage_weights ⇒ Object
• #notes_create_limit_allowlist_raw ⇒ Object
• #notes_create_limit_allowlist_raw=(values) ⇒ Object
• #outbound_local_requests_allowlist_arrays ⇒ Object

  This method separates out the strings stored in the application_setting.outbound_local_requests_whitelist array into 2 arrays; an array of IPAddr objects (‘[IPAddr.new(’127.0.0.1’)]‘), and an array of domain strings (`[’www.example.com’]‘).

• #outbound_local_requests_allowlist_raw ⇒ Object
• #outbound_local_requests_allowlist_raw=(values) ⇒ Object
• #password_authentication_enabled? ⇒ Boolean
• #performance_bar_allowed_group ⇒ Object
• #performance_bar_enabled ⇒ Object

  Return true if the Performance Bar is enabled for a given group.

• #pick_repository_storage ⇒ Object

  Choose one of the available repository storage options based on a normalized weighted probability.

• #protected_paths_for_get_request_raw ⇒ Object
• #protected_paths_for_get_request_raw=(values) ⇒ Object
• #protected_paths_raw ⇒ Object
• #protected_paths_raw=(values) ⇒ Object
• #repository_storages ⇒ Object
• #reset_memoized_terms ⇒ Object
• #restricted_visibility_levels=(levels) ⇒ Object
• #runners_registration_token ⇒ Object
• #search_rate_limit_allowlist_raw ⇒ Object
• #search_rate_limit_allowlist_raw=(values) ⇒ Object
• #static_objects_external_storage_auth_token=(token) ⇒ Object
• #static_objects_external_storage_enabled? ⇒ Boolean
• #usage_ping_can_be_configured? ⇒ Boolean
• #usage_ping_enabled ⇒ Object (also: #usage_ping_enabled?)
• #usage_ping_features_enabled? ⇒ Boolean
• #user_default_internal_regex_enabled? ⇒ Boolean
• #user_default_internal_regex_instance ⇒ Object
• #users_get_by_id_limit_allowlist_raw ⇒ Object
• #users_get_by_id_limit_allowlist_raw=(values) ⇒ Object

Instance Method Details

#add_to_outbound_local_requests_whitelist(values_array) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 355

def add_to_outbound_local_requests_whitelist(values_array)
  clear_memoization(:outbound_local_requests_allowlist_arrays)

  self.outbound_local_requests_whitelist ||= []
  self.outbound_local_requests_whitelist += values_array

  self.outbound_local_requests_whitelist.uniq!
end

#allow_signup? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/application_setting_implementation.rb', line 528

def allow_signup?
  signup_enabled? && password_authentication_enabled_for_web?
end

#allowed_key_types ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 516

def allowed_key_types
  Gitlab::SSHPublicKey.supported_types.select do |type|
    key_restriction_for(type) != FORBIDDEN_KEY_VALUE
  end
end

#archive_builds_older_than ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 554

def archive_builds_older_than
  archive_builds_in_seconds.seconds.ago if archive_builds_in_seconds
end

#asset_proxy_allowlist ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 428

def asset_proxy_allowlist
  read_attribute(:asset_proxy_whitelist)
end

#asset_proxy_whitelist=(values) ⇒ Object Also known as: asset_proxy_allowlist=

# File 'app/models/application_setting_implementation.rb', line 418

def asset_proxy_whitelist=(values)
  values = strings_to_array(values) if values.is_a?(String)

  # make sure we always allow the running host
  values << Gitlab.config.gitlab.host unless values.include?(Gitlab.config.gitlab.host)

  self[:asset_proxy_whitelist] = values
end

#commit_email_hostname ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 436

def commit_email_hostname
  super.presence || self.class.default_commit_email_hostname
end

#default_group_visibility=(level) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 448

def default_group_visibility=(level)
  super(Gitlab::VisibilityLevel.level_value(level))
end

#default_project_visibility=(level) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 440

def default_project_visibility=(level)
  super(Gitlab::VisibilityLevel.level_value(level))
end

#default_snippet_visibility=(level) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 444

def default_snippet_visibility=(level)
  super(Gitlab::VisibilityLevel.level_value(level))
end

#disabled_oauth_sign_in_sources=(sources) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 320

def disabled_oauth_sign_in_sources=(sources)
  sources = (sources || []).map(&:to_s) & Devise.omniauth_providers.map(&:to_s)
  super(sources)
end

#domain_allowlist_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 325

def domain_allowlist_raw
  array_to_string(domain_allowlist)
end

#domain_allowlist_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 333

def domain_allowlist_raw=(values)
  self.domain_allowlist = strings_to_array(values)
end

#domain_denylist_file=(file) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 341

def domain_denylist_file=(file)
  self.domain_denylist_raw = file.read
end

#domain_denylist_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 329

def domain_denylist_raw
  array_to_string(domain_denylist)
end

#domain_denylist_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 337

def domain_denylist_raw=(values)
  self.domain_denylist = strings_to_array(values)
end

#ensure_key_restrictions! ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 562

def ensure_key_restrictions!
  return if Gitlab::Database.read_only?
  return unless Gitlab::FIPS.enabled?

  Gitlab::SSHPublicKey.supported_types.each do |key_type|
    set_max_key_restriction!(key_type)
  end
end

#error_tracking_access_token ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 499

def error_tracking_access_token
  ensure_error_tracking_access_token!
end

#health_check_access_token ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 495

def health_check_access_token
  ensure_health_check_access_token!
end

#help_page_support_url_column_exists? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/application_setting_implementation.rb', line 316

def help_page_support_url_column_exists?
  ApplicationSetting.database.cached_column_exists?(:help_page_support_url)
end

#home_page_url_column_exists? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/application_setting_implementation.rb', line 312

def home_page_url_column_exists?
  ApplicationSetting.database.cached_column_exists?(:home_page_url)
end

#key_restriction_for(type) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 522

def key_restriction_for(type)
  attr_name = "#{type}_key_restriction"

  has_attribute?(attr_name) ? public_send(attr_name) : FORBIDDEN_KEY_VALUE # rubocop:disable GitlabSecurity/PublicSend
end

#latest_terms ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 545

def latest_terms
  @latest_terms ||= ApplicationSetting::Term.latest
end

#normalized_repository_storage_weights ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 473

def normalized_repository_storage_weights
  strong_memoize(:normalized_repository_storage_weights) do
    repository_storages_weights = repository_storages_weighted.slice(*Gitlab.config.repositories.storages.keys)
    weights_total = repository_storages_weights.values.sum

    repository_storages_weights.transform_values do |w|
      next w if weights_total == 0

      w.to_f / weights_total
    end
  end
end

#notes_create_limit_allowlist_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 394

def notes_create_limit_allowlist_raw
  array_to_string(notes_create_limit_allowlist)
end

#notes_create_limit_allowlist_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 398

def notes_create_limit_allowlist_raw=(values)
  self.notes_create_limit_allowlist = strings_to_array(values).map(&:downcase)
end

#outbound_local_requests_allowlist_arrays ⇒ Object

This method separates out the strings stored in the application_setting.outbound_local_requests_whitelist array into 2 arrays; an array of IPAddr objects (‘[IPAddr.new(’127.0.0.1’)]‘), and an array of domain strings (`[’www.example.com’]‘).

# File 'app/models/application_setting_implementation.rb', line 368

def outbound_local_requests_allowlist_arrays
  strong_memoize(:outbound_local_requests_allowlist_arrays) do
    next [[], []] unless self.outbound_local_requests_whitelist

    ip_allowlist, domain_allowlist = separate_allowlists(self.outbound_local_requests_whitelist)

    [ip_allowlist, domain_allowlist]
  end
end

#outbound_local_requests_allowlist_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 345

def outbound_local_requests_allowlist_raw
  array_to_string(outbound_local_requests_whitelist)
end

#outbound_local_requests_allowlist_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 349

def outbound_local_requests_allowlist_raw=(values)
  clear_memoization(:outbound_local_requests_allowlist_arrays)

  self.outbound_local_requests_whitelist = strings_to_array(values)
end

#password_authentication_enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/application_setting_implementation.rb', line 532

def password_authentication_enabled?
  password_authentication_enabled_for_web? || password_authentication_enabled_for_git?
end

#performance_bar_allowed_group ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 464

def performance_bar_allowed_group
  Group.find_by_id(performance_bar_allowed_group_id)
end

#performance_bar_enabled ⇒ Object

Return true if the Performance Bar is enabled for a given group

# File 'app/models/application_setting_implementation.rb', line 469

def performance_bar_enabled
  performance_bar_allowed_group_id.present?
end

#pick_repository_storage ⇒ Object

Choose one of the available repository storage options based on a normalized weighted probability.

# File 'app/models/application_setting_implementation.rb', line 487

def pick_repository_storage
  normalized_repository_storage_weights.max_by { |_, weight| rand**(1.0 / weight) }.first
end

#protected_paths_for_get_request_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 386

def protected_paths_for_get_request_raw
  array_to_string(protected_paths_for_get_request)
end

#protected_paths_for_get_request_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 390

def protected_paths_for_get_request_raw=(values)
  self.protected_paths_for_get_request = strings_to_array(values)
end

#protected_paths_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 378

def protected_paths_raw
  array_to_string(protected_paths)
end

#protected_paths_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 382

def protected_paths_raw=(values)
  self.protected_paths = strings_to_array(values)
end

#repository_storages ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 432

def repository_storages
  Array(read_attribute(:repository_storages))
end

#reset_memoized_terms ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 549

def reset_memoized_terms
  @latest_terms = nil # rubocop:disable Gitlab/ModuleWithInstanceVariables
  latest_terms
end

#restricted_visibility_levels=(levels) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 452

def restricted_visibility_levels=(levels)
  super(levels&.map { |level| Gitlab::VisibilityLevel.level_value(level) })
end

#runners_registration_token ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 491

def runners_registration_token
  ensure_runners_registration_token!
end

#search_rate_limit_allowlist_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 410

def search_rate_limit_allowlist_raw
  array_to_string(search_rate_limit_allowlist)
end

#search_rate_limit_allowlist_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 414

def search_rate_limit_allowlist_raw=(values)
  self.search_rate_limit_allowlist = strings_to_array(values).map(&:downcase)
end

#static_objects_external_storage_auth_token=(token) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 456

def static_objects_external_storage_auth_token=(token)
  if token.present?
    set_static_objects_external_storage_auth_token(token)
  else
    self.static_objects_external_storage_auth_token_encrypted = nil
  end
end

#static_objects_external_storage_enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/application_setting_implementation.rb', line 558

def static_objects_external_storage_enabled?
  static_objects_external_storage_url.present?
end

#usage_ping_can_be_configured? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/application_setting_implementation.rb', line 503

def usage_ping_can_be_configured?
  Settings.gitlab.usage_ping_enabled
end

#usage_ping_enabled ⇒ Object Also known as: usage_ping_enabled?

# File 'app/models/application_setting_implementation.rb', line 511

def usage_ping_enabled
  usage_ping_can_be_configured? && super
end

#usage_ping_features_enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/application_setting_implementation.rb', line 507

def usage_ping_features_enabled?
  usage_ping_enabled? && usage_ping_features_enabled
end

#user_default_internal_regex_enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/application_setting_implementation.rb', line 536

def user_default_internal_regex_enabled?
  user_default_external? && user_default_internal_regex.present?
end

#user_default_internal_regex_instance ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 540

def user_default_internal_regex_instance
  Regexp.new(user_default_internal_regex, Regexp::IGNORECASE)
end

#users_get_by_id_limit_allowlist_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 402

def users_get_by_id_limit_allowlist_raw
  array_to_string(users_get_by_id_limit_allowlist)
end

#users_get_by_id_limit_allowlist_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 406

def users_get_by_id_limit_allowlist_raw=(values)
  self.users_get_by_id_limit_allowlist = strings_to_array(values).map(&:downcase)
end