Class: PagesDomain

Inherits:

ApplicationRecord

• Object
• ActiveRecord::Base
• ApplicationRecord
• PagesDomain

Includes:

AfterCommitQueue, FromUnion, Presentable

Defined in:

app/models/pages_domain.rb

Constant Summary

VERIFICATION_KEY =

'gitlab-pages-verification-code'

VERIFICATION_THRESHOLD =

3.days.freeze

SSL_RENEWAL_THRESHOLD =

30.days.freeze

Class Method Summary

• .find_by_domain_case_insensitive(domain) ⇒ Object

Instance Method Summary

• #certificate=(certificate) ⇒ Object
• #certificate_text ⇒ Object
• #clear_auto_ssl_failure ⇒ Object
• #enabled? ⇒ Boolean
• #expiration ⇒ Object
• #expired? ⇒ Boolean
• #gitlab_provided_certificate=(certificate) ⇒ Object
• #gitlab_provided_key=(key) ⇒ Object
• #has_intermediates? ⇒ Boolean
• #has_matching_key? ⇒ Boolean
• #https? ⇒ Boolean
• #keyed_verification_code ⇒ Object
• #pages_virtual_domain ⇒ Object
• #subject ⇒ Object
• #to_param ⇒ Object
• #unverified? ⇒ Boolean
• #url ⇒ Object
• #user_provided_certificate ⇒ Object
• #user_provided_certificate=(certificate) ⇒ Object
• #user_provided_key ⇒ Object
• #user_provided_key=(key) ⇒ Object
• #verification_domain ⇒ Object

  Verification codes may be TXT records for domain or verification_domain, to support the use of CNAME records on domain.

• #verified? ⇒ Boolean

Methods included from AfterCommitQueue

#run_after_commit, #run_after_commit_or_now

Methods included from Presentable

#present

Methods inherited from ApplicationRecord

at_most, id_in, id_not_in, iid_in, pluck_primary_key, primary_key_in, safe_ensure_unique, safe_find_or_create_by, safe_find_or_create_by!, underscore, without_order

Class Method Details

.find_by_domain_case_insensitive(domain) ⇒ Object

# File 'app/models/pages_domain.rb', line 79

def self.find_by_domain_case_insensitive(domain)
  find_by("LOWER(domain) = LOWER(?)", domain)
end

Instance Method Details

#certificate=(certificate) ⇒ Object

# File 'app/models/pages_domain.rb', line 177

def certificate=(certificate)
  super(certificate)

  # set nil, if certificate is nil
  self.certificate_valid_not_before = x509&.not_before
  self.certificate_valid_not_after = x509&.not_after
end

#certificate_text ⇒ Object

# File 'app/models/pages_domain.rb', line 159

def certificate_text
  @certificate_text ||= x509.try(:to_text)
end

#clear_auto_ssl_failure ⇒ Object

# File 'app/models/pages_domain.rb', line 219

def clear_auto_ssl_failure
  self.auto_ssl_failed = false
end

#enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/pages_domain.rb', line 91

def enabled?
  !Gitlab::CurrentSettings.pages_domain_verification_enabled? || enabled_until.present?
end

#expiration ⇒ Object

# File 'app/models/pages_domain.rb', line 149

def expiration
  x509&.not_after
end

#expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/pages_domain.rb', line 142

def expired?
  return false unless x509

  current = Time.current
  current < x509.not_before || x509.not_after < current
end

#gitlab_provided_certificate=(certificate) ⇒ Object

# File 'app/models/pages_domain.rb', line 203

def gitlab_provided_certificate=(certificate)
  self.certificate = certificate
  self.certificate_source = 'gitlab_provided' if certificate_changed?
end

#gitlab_provided_key=(key) ⇒ Object

# File 'app/models/pages_domain.rb', line 208

def gitlab_provided_key=(key)
  self.key = key
  self.certificate_source = 'gitlab_provided' if key_changed?
end

#has_intermediates? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/pages_domain.rb', line 121

def has_intermediates?
  return false unless x509

  # self-signed certificates doesn't have the certificate chain
  return true if x509.verify(x509.public_key)

  store = OpenSSL::X509::Store.new
  store.set_default_paths

  # This forces to load all intermediate certificates stored in `certificate`
  Tempfile.open('certificate_chain') do |f|
    f.write(certificate)
    f.flush
    store.add_file(f.path)
  end

  store.verify(x509)
rescue OpenSSL::X509::StoreError
  false
end

#has_matching_key? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/pages_domain.rb', line 113

def has_matching_key?
  return false unless x509
  return false unless pkey

  # We compare the public key stored in certificate with public key from certificate key
  x509.check_private_key(pkey)
end

#https? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/pages_domain.rb', line 95

def https?
  certificate.present?
end

#keyed_verification_code ⇒ Object

# File 'app/models/pages_domain.rb', line 171

def keyed_verification_code
  return unless verification_code.present?

  "#{VERIFICATION_KEY}=#{verification_code}"
end

#pages_virtual_domain ⇒ Object

# File 'app/models/pages_domain.rb', line 213

def pages_virtual_domain
  return unless pages_deployed?

  Pages::VirtualDomain.new([project], domain: self)
end

#subject ⇒ Object

# File 'app/models/pages_domain.rb', line 153

def subject
  return unless x509

  x509.subject.to_s
end

#to_param ⇒ Object

# File 'app/models/pages_domain.rb', line 99

def to_param
  domain
end

#unverified? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/pages_domain.rb', line 87

def unverified?
  !verified?
end

#url ⇒ Object

# File 'app/models/pages_domain.rb', line 103

def url
  return unless domain

  if certificate.present?
    "https://#{domain}"
  else
    "http://#{domain}"
  end
end

#user_provided_certificate ⇒ Object

# File 'app/models/pages_domain.rb', line 194

def user_provided_certificate
  certificate if certificate_user_provided?
end

#user_provided_certificate=(certificate) ⇒ Object

# File 'app/models/pages_domain.rb', line 198

def user_provided_certificate=(certificate)
  self.certificate = certificate
  self.certificate_source = 'user_provided' if certificate_changed?
end

#user_provided_key ⇒ Object

# File 'app/models/pages_domain.rb', line 185

def user_provided_key
  key if certificate_user_provided?
end

#user_provided_key=(key) ⇒ Object

# File 'app/models/pages_domain.rb', line 189

def user_provided_key=(key)
  self.key = key
  self.certificate_source = 'user_provided' if key_changed?
end

#verification_domain ⇒ Object

Verification codes may be TXT records for domain or verification_domain, to support the use of CNAME records on domain.

# File 'app/models/pages_domain.rb', line 165

def verification_domain
  return unless domain.present?

  "_#{VERIFICATION_KEY}.#{domain}"
end

#verified? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/pages_domain.rb', line 83

def verified?
  !!verified_at
end