Module: ApplicationSettingImplementation

Extended by:

ActiveSupport::Concern

Includes:

Gitlab::Utils::StrongMemoize

Included in:

ApplicationSetting, Gitlab::FakeApplicationSettings

Defined in:

app/models/application_setting_implementation.rb

Constant Summary

STRING_LIST_SEPARATOR =

%r{\s*[,;]\s*     # comma or semicolon, optionally surrounded by whitespace
  |               # or
  \s              # any whitespace character
  |               # or
  [\r\n]          # any number of newline characters
}x

FORBIDDEN_KEY_VALUE =

Setting a key restriction to -1 means that all keys of this type are forbidden.

KeyRestrictionValidator::FORBIDDEN

VALID_RUNNER_REGISTRAR_TYPES =

%w[project group].freeze

DEFAULT_PROTECTED_PATHS =

[
  '/users/password',
  '/users/sign_in',
  '/api/v3/session.json',
  '/api/v3/session',
  '/api/v4/session.json',
  '/api/v4/session',
  '/users',
  '/users/confirmation',
  '/unsubscribes/',
  '/import/github/personal_access_token',
  '/admin/session'
].freeze

DEFAULT_MINIMUM_PASSWORD_LENGTH =

8

DEFAULT_NUMBER_OF_DAYS_BEFORE_REMOVAL =

30

Instance Method Summary

• #add_to_outbound_local_requests_whitelist(values_array) ⇒ Object
• #allow_immediate_namespaces_deletion_for_user?(user) ⇒ Boolean
• #allow_signup? ⇒ Boolean
• #allowed_key_types ⇒ Object
• #archive_builds_older_than ⇒ Object
• #asset_proxy_allowlist ⇒ Object
• #asset_proxy_whitelist=(values) ⇒ Object (also: #asset_proxy_allowlist=)
• #coerce_iframe_rendering_allowlist ⇒ Object
• #commit_email_hostname ⇒ Object
• #default_group_visibility=(level) ⇒ Object
• #default_project_visibility=(level) ⇒ Object
• #default_snippet_visibility=(level) ⇒ Object
• #disabled_oauth_sign_in_sources=(sources) ⇒ Object
• #domain_allowlist_raw ⇒ Object
• #domain_allowlist_raw=(values) ⇒ Object
• #domain_denylist_file=(file) ⇒ Object
• #domain_denylist_raw ⇒ Object
• #domain_denylist_raw=(values) ⇒ Object
• #ensure_key_restrictions! ⇒ Object
• #error_tracking_access_token ⇒ Object
• #health_check_access_token ⇒ Object
• #help_page_support_url_column_exists? ⇒ Boolean
• #home_page_url_column_exists? ⇒ Boolean
• #iframe_rendering_allowlist_raw ⇒ Object
• #iframe_rendering_allowlist_raw=(values) ⇒ Object
• #key_restriction_for(type) ⇒ Object
• #latest_terms ⇒ Object
• #normalized_repository_storage_weights ⇒ Object
• #notes_create_limit_allowlist_raw ⇒ Object
• #notes_create_limit_allowlist_raw=(values) ⇒ Object
• #outbound_local_requests_allowlist_arrays ⇒ Object

  This method separates out the strings stored in the application_setting.outbound_local_requests_whitelist array into 2 arrays; an array of IPAddr objects (‘[IPAddr.new(’127.0.0.1’)]‘), and an array of domain strings (`[’www.example.com’]‘).

• #outbound_local_requests_allowlist_raw ⇒ Object
• #outbound_local_requests_allowlist_raw=(values) ⇒ Object
• #password_authentication_enabled? ⇒ Boolean
• #performance_bar_allowed_group ⇒ Object
• #performance_bar_enabled ⇒ Object

  Return true if the Performance Bar is enabled for a given group.

• #pick_repository_storage ⇒ Object

  Choose one of the available repository storage options based on a normalized weighted probability.

• #protected_paths_for_get_request_raw ⇒ Object
• #protected_paths_for_get_request_raw=(values) ⇒ Object
• #protected_paths_raw ⇒ Object
• #protected_paths_raw=(values) ⇒ Object
• #repository_storages_with_default_weight ⇒ Object
• #reset_memoized_terms ⇒ Object
• #restricted_visibility_levels=(levels) ⇒ Object
• #runners_registration_token ⇒ Object
• #search_rate_limit_allowlist_raw ⇒ Object
• #search_rate_limit_allowlist_raw=(values) ⇒ Object
• #static_objects_external_storage_auth_token=(token) ⇒ Object
• #static_objects_external_storage_enabled? ⇒ Boolean
• #usage_ping_can_be_configured? ⇒ Boolean
• #usage_ping_enabled ⇒ Object (also: #usage_ping_enabled?)
• #usage_ping_features_enabled ⇒ Object (also: #usage_ping_features_enabled?)
• #usage_ping_generation_enabled ⇒ Object (also: #usage_ping_generation_enabled?)
• #user_default_internal_regex_enabled? ⇒ Boolean
• #user_default_internal_regex_instance ⇒ Object
• #users_get_by_id_limit_allowlist_raw ⇒ Object
• #users_get_by_id_limit_allowlist_raw=(values) ⇒ Object

Instance Method Details

#add_to_outbound_local_requests_whitelist(values_array) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 453

def add_to_outbound_local_requests_whitelist(values_array)
  clear_memoization(:outbound_local_requests_allowlist_arrays)

  self.outbound_local_requests_whitelist ||= []
  self.outbound_local_requests_whitelist += values_array

  self.outbound_local_requests_whitelist.uniq!
end

#allow_immediate_namespaces_deletion_for_user?(user) ⇒ Boolean

# File 'app/models/application_setting_implementation.rb', line 710

def allow_immediate_namespaces_deletion_for_user?(user)
  # Keep the previous behavior when the feature flag is disabled
  return true unless Feature.enabled?(:allow_immediate_namespaces_deletion, user)

  allow_immediate_namespaces_deletion? || user&.can_admin_all_resources?
end

#allow_signup? ⇒ Boolean

# File 'app/models/application_setting_implementation.rb', line 657

def allow_signup?
  signup_enabled? && password_authentication_enabled_for_web?
end

#allowed_key_types ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 645

def allowed_key_types
  Gitlab::SSHPublicKey.supported_types.select do |type|
    key_restriction_for(type) != FORBIDDEN_KEY_VALUE
  end
end

#archive_builds_older_than ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 683

def archive_builds_older_than
  archive_builds_in_seconds.seconds.ago if archive_builds_in_seconds
end

#asset_proxy_allowlist ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 544

def asset_proxy_allowlist
  read_attribute(:asset_proxy_whitelist)
end

#asset_proxy_whitelist=(values) ⇒ Object Also known as: asset_proxy_allowlist=

# File 'app/models/application_setting_implementation.rb', line 534

def asset_proxy_whitelist=(values)
  values = strings_to_array(values) if values.is_a?(String)

  # make sure we always allow the running host
  values << Gitlab.config.gitlab.host unless values.include?(Gitlab.config.gitlab.host)

  self[:asset_proxy_whitelist] = values
end

#coerce_iframe_rendering_allowlist ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 516

def coerce_iframe_rendering_allowlist
  self.iframe_rendering_allowlist = iframe_rendering_allowlist.map do |entry|
    # We mandate https://, and always add a trailing slash; we expect the configured
    # list has neither present, so we remove them if present.
    entry
      .sub(%r{\Ahttps?://}i, '')
      .sub(%r{/+\z}, '')
  end.sort
end

#commit_email_hostname ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 548

def commit_email_hostname
  super.presence || self.class.default_commit_email_hostname
end

#default_group_visibility=(level) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 560

def default_group_visibility=(level)
  super(Gitlab::VisibilityLevel.level_value(level))
end

#default_project_visibility=(level) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 552

def default_project_visibility=(level)
  super(Gitlab::VisibilityLevel.level_value(level))
end

#default_snippet_visibility=(level) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 556

def default_snippet_visibility=(level)
  super(Gitlab::VisibilityLevel.level_value(level))
end

#disabled_oauth_sign_in_sources=(sources) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 418

def disabled_oauth_sign_in_sources=(sources)
  sources = (sources || []).map(&:to_s) & Devise.omniauth_providers.map(&:to_s)
  super(sources)
end

#domain_allowlist_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 423

def domain_allowlist_raw
  array_to_string(domain_allowlist)
end

#domain_allowlist_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 431

def domain_allowlist_raw=(values)
  self.domain_allowlist = strings_to_array(values)
end

#domain_denylist_file=(file) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 439

def domain_denylist_file=(file)
  self.domain_denylist_raw = file.read
end

#domain_denylist_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 427

def domain_denylist_raw
  array_to_string(domain_denylist)
end

#domain_denylist_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 435

def domain_denylist_raw=(values)
  self.domain_denylist = strings_to_array(values)
end

#ensure_key_restrictions! ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 691

def ensure_key_restrictions!
  return if Gitlab::Database.read_only?
  return unless Gitlab::FIPS.enabled?

  Gitlab::SSHPublicKey.supported_types.each do |key_type|
    set_max_key_restriction!(key_type)
  end
end

#error_tracking_access_token ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 613

def error_tracking_access_token
  ensure_error_tracking_access_token!
end

#health_check_access_token ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 609

def health_check_access_token
  ensure_health_check_access_token!
end

#help_page_support_url_column_exists? ⇒ Boolean

# File 'app/models/application_setting_implementation.rb', line 414

def help_page_support_url_column_exists?
  ApplicationSetting.database.cached_column_exists?(:help_page_support_url)
end

#home_page_url_column_exists? ⇒ Boolean

# File 'app/models/application_setting_implementation.rb', line 410

def home_page_url_column_exists?
  ApplicationSetting.database.cached_column_exists?(:home_page_url)
end

#iframe_rendering_allowlist_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 526

def iframe_rendering_allowlist_raw
  array_to_string(iframe_rendering_allowlist)
end

#iframe_rendering_allowlist_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 530

def iframe_rendering_allowlist_raw=(values)
  self.iframe_rendering_allowlist = strings_to_array(values)
end

#key_restriction_for(type) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 651

def key_restriction_for(type)
  attr_name = "#{type}_key_restriction"

  has_attribute?(attr_name) ? public_send(attr_name) : FORBIDDEN_KEY_VALUE # rubocop:disable GitlabSecurity/PublicSend
end

#latest_terms ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 674

def latest_terms
  @latest_terms ||= ApplicationSetting::Term.latest
end

#normalized_repository_storage_weights ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 585

def normalized_repository_storage_weights
  strong_memoize(:normalized_repository_storage_weights) do
    repository_storages_weights = repository_storages_weighted.slice(*Gitlab.config.repositories.storages.keys)
    weights_total = repository_storages_weights.values.sum

    repository_storages_weights.transform_values do |w|
      next w if weights_total == 0

      w.to_f / weights_total
    end
  end
end

#notes_create_limit_allowlist_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 492

def notes_create_limit_allowlist_raw
  array_to_string(notes_create_limit_allowlist)
end

#notes_create_limit_allowlist_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 496

def notes_create_limit_allowlist_raw=(values)
  self.notes_create_limit_allowlist = strings_to_array(values).map(&:downcase)
end

#outbound_local_requests_allowlist_arrays ⇒ Object

This method separates out the strings stored in the application_setting.outbound_local_requests_whitelist array into 2 arrays; an array of IPAddr objects (‘[IPAddr.new(’127.0.0.1’)]‘), and an array of domain strings (`[’www.example.com’]‘).

# File 'app/models/application_setting_implementation.rb', line 466

def outbound_local_requests_allowlist_arrays
  strong_memoize(:outbound_local_requests_allowlist_arrays) do
    next [[], []] unless self.outbound_local_requests_whitelist

    ip_allowlist, domain_allowlist = separate_allowlists(self.outbound_local_requests_whitelist)

    [ip_allowlist, domain_allowlist]
  end
end

#outbound_local_requests_allowlist_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 443

def outbound_local_requests_allowlist_raw
  array_to_string(outbound_local_requests_whitelist)
end

#outbound_local_requests_allowlist_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 447

def outbound_local_requests_allowlist_raw=(values)
  clear_memoization(:outbound_local_requests_allowlist_arrays)

  self.outbound_local_requests_whitelist = strings_to_array(values)
end

#password_authentication_enabled? ⇒ Boolean

# File 'app/models/application_setting_implementation.rb', line 661

def password_authentication_enabled?
  password_authentication_enabled_for_web? || password_authentication_enabled_for_git?
end

#performance_bar_allowed_group ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 576

def performance_bar_allowed_group
  Group.find_by_id(performance_bar_allowed_group_id)
end

#performance_bar_enabled ⇒ Object

Return true if the Performance Bar is enabled for a given group

# File 'app/models/application_setting_implementation.rb', line 581

def performance_bar_enabled
  performance_bar_allowed_group_id.present?
end

#pick_repository_storage ⇒ Object

Choose one of the available repository storage options based on a normalized weighted probability.

# File 'app/models/application_setting_implementation.rb', line 599

def pick_repository_storage
  normalized_repository_storage_weights.max_by { |_, weight| rand**(1.0 / weight) }.first
end

#protected_paths_for_get_request_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 484

def protected_paths_for_get_request_raw
  array_to_string(protected_paths_for_get_request)
end

#protected_paths_for_get_request_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 488

def protected_paths_for_get_request_raw=(values)
  self.protected_paths_for_get_request = strings_to_array(values)
end

#protected_paths_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 476

def protected_paths_raw
  array_to_string(protected_paths)
end

#protected_paths_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 480

def protected_paths_raw=(values)
  self.protected_paths = strings_to_array(values)
end

#repository_storages_with_default_weight ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 700

def repository_storages_with_default_weight
  # config file config/gitlab.yml becomes SSOT for this API
  # see https://gitlab.com/gitlab-org/gitlab/-/issues/426091#note_1675160909
  storages_map = Gitlab.config.repositories.storages.keys.map do |storage|
    [storage, repository_storages_weighted[storage] || 0]
  end

  Hash[storages_map]
end

#reset_memoized_terms ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 678

def reset_memoized_terms
  @latest_terms = nil # rubocop:disable Gitlab/ModuleWithInstanceVariables
  latest_terms
end

#restricted_visibility_levels=(levels) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 564

def restricted_visibility_levels=(levels)
  super(levels&.map { |level| Gitlab::VisibilityLevel.level_value(level) })
end

#runners_registration_token ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 603

def runners_registration_token
  return unless Gitlab::CurrentSettings.allow_runner_registration_token

  ensure_runners_registration_token!
end

#search_rate_limit_allowlist_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 508

def search_rate_limit_allowlist_raw
  array_to_string(search_rate_limit_allowlist)
end

#search_rate_limit_allowlist_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 512

def search_rate_limit_allowlist_raw=(values)
  self.search_rate_limit_allowlist = strings_to_array(values).map(&:downcase)
end

#static_objects_external_storage_auth_token=(token) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 568

def static_objects_external_storage_auth_token=(token)
  if token.present?
    set_static_objects_external_storage_auth_token(token)
  else
    self.static_objects_external_storage_auth_token_encrypted = nil
  end
end

#static_objects_external_storage_enabled? ⇒ Boolean

# File 'app/models/application_setting_implementation.rb', line 687

def static_objects_external_storage_enabled?
  static_objects_external_storage_url.present?
end

#usage_ping_can_be_configured? ⇒ Boolean

# File 'app/models/application_setting_implementation.rb', line 617

def usage_ping_can_be_configured?
  Settings.gitlab.usage_ping_enabled
end

#usage_ping_enabled ⇒ Object Also known as: usage_ping_enabled?

# File 'app/models/application_setting_implementation.rb', line 633

def usage_ping_enabled
  usage_ping_can_be_configured? && super
end

#usage_ping_features_enabled ⇒ Object Also known as: usage_ping_features_enabled?

# File 'app/models/application_setting_implementation.rb', line 621

def usage_ping_features_enabled
  return false unless usage_ping_enabled? && super

  if Gitlab.ee? && respond_to?(:include_optional_metrics_in_service_ping)
    return include_optional_metrics_in_service_ping
  end

  true
end

#usage_ping_generation_enabled ⇒ Object Also known as: usage_ping_generation_enabled?

# File 'app/models/application_setting_implementation.rb', line 639

def usage_ping_generation_enabled
  Gitlab::Utils.to_boolean(usage_ping_enabled?) || Gitlab::Utils.to_boolean(super)
end

#user_default_internal_regex_enabled? ⇒ Boolean

# File 'app/models/application_setting_implementation.rb', line 665

def user_default_internal_regex_enabled?
  user_default_external? && user_default_internal_regex.present?
end

#user_default_internal_regex_instance ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 669

def user_default_internal_regex_instance
  Regexp.new(user_default_internal_regex, Regexp::IGNORECASE)
end

#users_get_by_id_limit_allowlist_raw ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 500

def users_get_by_id_limit_allowlist_raw
  array_to_string(users_get_by_id_limit_allowlist)
end

#users_get_by_id_limit_allowlist_raw=(values) ⇒ Object

# File 'app/models/application_setting_implementation.rb', line 504

def users_get_by_id_limit_allowlist_raw=(values)
  self.users_get_by_id_limit_allowlist = strings_to_array(values).map(&:downcase)
end