Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
408faf2c
Commit
408faf2c
authored
Feb 04, 2020
by
Bob Van Landuyt
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Revert "Merge branch 'refactor/admin-mode-in-sidekiq-jobs' into 'master'"
This reverts merge request !21792
parent
c6631e6b
Changes
14
Hide whitespace changes
Inline
Side-by-side
Showing
14 changed files
with
74 additions
and
563 deletions
+74
-563
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+0
-8
changelogs/unreleased/refactor-admin-mode-in-sidekiq-jobs.yml
...gelogs/unreleased/refactor-admin-mode-in-sidekiq-jobs.yml
+0
-5
lib/gitlab/auth/current_user_mode.rb
lib/gitlab/auth/current_user_mode.rb
+6
-55
lib/gitlab/sidekiq_middleware.rb
lib/gitlab/sidekiq_middleware.rb
+0
-2
lib/gitlab/sidekiq_middleware/admin_mode/client.rb
lib/gitlab/sidekiq_middleware/admin_mode/client.rb
+0
-34
lib/gitlab/sidekiq_middleware/admin_mode/server.rb
lib/gitlab/sidekiq_middleware/admin_mode/server.rb
+0
-24
spec/features/admin/admin_mode/workers_spec.rb
spec/features/admin/admin_mode/workers_spec.rb
+0
-77
spec/features/admin/admin_uses_repository_checks_spec.rb
spec/features/admin/admin_uses_repository_checks_spec.rb
+24
-42
spec/lib/gitlab/auth/current_user_mode_spec.rb
spec/lib/gitlab/auth/current_user_mode_spec.rb
+34
-138
spec/lib/gitlab/sidekiq_middleware/admin_mode/client_spec.rb
spec/lib/gitlab/sidekiq_middleware/admin_mode/client_spec.rb
+0
-94
spec/lib/gitlab/sidekiq_middleware/admin_mode/server_spec.rb
spec/lib/gitlab/sidekiq_middleware/admin_mode/server_spec.rb
+0
-72
spec/lib/gitlab/sidekiq_middleware_spec.rb
spec/lib/gitlab/sidekiq_middleware_spec.rb
+2
-4
spec/models/user_spec.rb
spec/models/user_spec.rb
+3
-3
spec/policies/base_policy_spec.rb
spec/policies/base_policy_spec.rb
+5
-5
No files found.
app/controllers/application_controller.rb
View file @
408faf2c
...
...
@@ -37,7 +37,6 @@ class ApplicationController < ActionController::Base
around_action
:set_current_context
around_action
:set_locale
around_action
:set_session_storage
around_action
:set_current_admin
after_action
:set_page_title_header
,
if: :json_request?
after_action
:limit_session_time
,
if:
->
{
!
current_user
}
...
...
@@ -474,13 +473,6 @@ class ApplicationController < ActionController::Base
response
.
headers
[
'Page-Title'
]
=
URI
.
escape
(
page_title
(
'GitLab'
))
end
def
set_current_admin
(
&
block
)
return
yield
unless
Feature
.
enabled?
(
:user_mode_in_session
)
return
yield
unless
current_user
Gitlab
::
Auth
::
CurrentUserMode
.
with_current_admin
(
current_user
,
&
block
)
end
def
html_request?
request
.
format
.
html?
end
...
...
changelogs/unreleased/refactor-admin-mode-in-sidekiq-jobs.yml
deleted
100644 → 0
View file @
c6631e6b
---
title
:
Admin mode support in sidekiq jobs
merge_request
:
21792
author
:
Diego Louzán
type
:
changed
lib/gitlab/auth/current_user_mode.rb
View file @
408faf2c
...
...
@@ -10,54 +10,12 @@ module Gitlab
class
CurrentUserMode
NotRequestedError
=
Class
.
new
(
StandardError
)
# RequestStore entries
CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY
=
{
res: :current_user_mode
,
data: :bypass_session_admin_id
}.
freeze
CURRENT_REQUEST_ADMIN_MODE_USER_RS_KEY
=
{
res: :current_user_mode
,
data: :current_admin
}.
freeze
# SessionStore entries
SESSION_STORE_KEY
=
:current_user_mode
ADMIN_MODE_START_TIME_KEY
=
:admin_mode
ADMIN_MODE_REQUESTED_TIME_KEY
=
:admin_mode_requested
ADMIN_MODE_START_TIME_KEY
=
'admin_mode'
ADMIN_MODE_REQUESTED_TIME_KEY
=
'admin_mode_requested'
MAX_ADMIN_MODE_TIME
=
6
.
hours
ADMIN_MODE_REQUESTED_GRACE_PERIOD
=
5
.
minutes
class
<<
self
# Admin mode activation requires storing a flag in the user session. Using this
# method when scheduling jobs in Sidekiq will bypass the session check for a
# user that was already in admin mode
def
bypass_session!
(
admin_id
)
Gitlab
::
SafeRequestStore
[
CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY
]
=
admin_id
Gitlab
::
AppLogger
.
debug
(
"Bypassing session in admin mode for:
#{
admin_id
}
"
)
yield
ensure
Gitlab
::
SafeRequestStore
.
delete
(
CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY
)
end
def
bypass_session_admin_id
Gitlab
::
SafeRequestStore
[
CURRENT_REQUEST_BYPASS_SESSION_ADMIN_ID_RS_KEY
]
end
# Store in the current request the provided user model (only if in admin mode)
# and yield
def
with_current_admin
(
admin
)
return
yield
unless
self
.
new
(
admin
).
admin_mode?
Gitlab
::
SafeRequestStore
[
CURRENT_REQUEST_ADMIN_MODE_USER_RS_KEY
]
=
admin
Gitlab
::
AppLogger
.
debug
(
"Admin mode active for:
#{
admin
.
username
}
"
)
yield
ensure
Gitlab
::
SafeRequestStore
.
delete
(
CURRENT_REQUEST_ADMIN_MODE_USER_RS_KEY
)
end
def
current_admin
Gitlab
::
SafeRequestStore
[
CURRENT_REQUEST_ADMIN_MODE_USER_RS_KEY
]
end
end
def
initialize
(
user
)
@user
=
user
end
...
...
@@ -84,7 +42,7 @@ module Gitlab
raise
NotRequestedError
unless
admin_mode_requested?
reset_request_store
_cache_entries
reset_request_store
current_session_data
[
ADMIN_MODE_REQUESTED_TIME_KEY
]
=
nil
current_session_data
[
ADMIN_MODE_START_TIME_KEY
]
=
Time
.
now
...
...
@@ -97,7 +55,7 @@ module Gitlab
def
disable_admin_mode!
return
unless
user
&
.
admin?
reset_request_store
_cache_entries
reset_request_store
current_session_data
[
ADMIN_MODE_REQUESTED_TIME_KEY
]
=
nil
current_session_data
[
ADMIN_MODE_START_TIME_KEY
]
=
nil
...
...
@@ -106,7 +64,7 @@ module Gitlab
def
request_admin_mode!
return
unless
user
&
.
admin?
reset_request_store
_cache_entries
reset_request_store
current_session_data
[
ADMIN_MODE_REQUESTED_TIME_KEY
]
=
Time
.
now
end
...
...
@@ -115,12 +73,10 @@ module Gitlab
attr_reader
:user
# RequestStore entry to cache #admin_mode? result
def
admin_mode_rs_key
@admin_mode_rs_key
||=
{
res: :current_user_mode
,
user:
user
.
id
,
method: :admin_mode?
}
end
# RequestStore entry to cache #admin_mode_requested? result
def
admin_mode_requested_rs_key
@admin_mode_requested_rs_key
||=
{
res: :current_user_mode
,
user:
user
.
id
,
method: :admin_mode_requested?
}
end
...
...
@@ -130,7 +86,6 @@ module Gitlab
end
def
any_session_with_admin_mode?
return
true
if
bypass_session?
return
true
if
current_session_data
.
initiated?
&&
current_session_data
[
ADMIN_MODE_START_TIME_KEY
].
to_i
>
MAX_ADMIN_MODE_TIME
.
ago
.
to_i
all_sessions
.
any?
do
|
session
|
...
...
@@ -148,11 +103,7 @@ module Gitlab
current_session_data
[
ADMIN_MODE_REQUESTED_TIME_KEY
].
to_i
>
ADMIN_MODE_REQUESTED_GRACE_PERIOD
.
ago
.
to_i
end
def
bypass_session?
user
&
.
id
&&
user
.
id
==
self
.
class
.
bypass_session_admin_id
end
def
reset_request_store_cache_entries
def
reset_request_store
Gitlab
::
SafeRequestStore
.
delete
(
admin_mode_rs_key
)
Gitlab
::
SafeRequestStore
.
delete
(
admin_mode_requested_rs_key
)
end
...
...
lib/gitlab/sidekiq_middleware.rb
View file @
408faf2c
...
...
@@ -17,7 +17,6 @@ module Gitlab
chain
.
add
Gitlab
::
SidekiqMiddleware
::
BatchLoader
chain
.
add
Labkit
::
Middleware
::
Sidekiq
::
Server
chain
.
add
Gitlab
::
SidekiqMiddleware
::
InstrumentationLogger
chain
.
add
Gitlab
::
SidekiqMiddleware
::
AdminMode
::
Server
chain
.
add
Gitlab
::
SidekiqStatus
::
ServerMiddleware
chain
.
add
Gitlab
::
SidekiqMiddleware
::
WorkerContext
::
Server
end
...
...
@@ -32,7 +31,6 @@ module Gitlab
chain
.
add
Gitlab
::
SidekiqMiddleware
::
ClientMetrics
chain
.
add
Gitlab
::
SidekiqMiddleware
::
WorkerContext
::
Client
# needs to be before the Labkit middleware
chain
.
add
Labkit
::
Middleware
::
Sidekiq
::
Client
chain
.
add
Gitlab
::
SidekiqMiddleware
::
AdminMode
::
Client
end
end
end
...
...
lib/gitlab/sidekiq_middleware/admin_mode/client.rb
deleted
100644 → 0
View file @
c6631e6b
# frozen_string_literal: true
module
Gitlab
module
SidekiqMiddleware
module
AdminMode
# Checks if admin mode is enabled for the request creating the sidekiq job
# by examining if admin mode has been enabled for the user
# If enabled then it injects a job field that persists through the job execution
class
Client
def
call
(
_worker_class
,
job
,
_queue
,
_redis_pool
)
return
yield
unless
Feature
.
enabled?
(
:user_mode_in_session
)
# Admin mode enabled in the original request or in a nested sidekiq job
admin_mode_user_id
=
find_admin_user_id
if
admin_mode_user_id
job
[
'admin_mode_user_id'
]
||=
admin_mode_user_id
Gitlab
::
AppLogger
.
debug
(
"AdminMode::Client injected admin mode for job:
#{
job
.
inspect
}
"
)
end
yield
end
private
def
find_admin_user_id
Gitlab
::
Auth
::
CurrentUserMode
.
current_admin
&
.
id
||
Gitlab
::
Auth
::
CurrentUserMode
.
bypass_session_admin_id
end
end
end
end
end
lib/gitlab/sidekiq_middleware/admin_mode/server.rb
deleted
100644 → 0
View file @
c6631e6b
# frozen_string_literal: true
module
Gitlab
module
SidekiqMiddleware
module
AdminMode
class
Server
def
call
(
_worker
,
job
,
_queue
)
return
yield
unless
Feature
.
enabled?
(
:user_mode_in_session
)
admin_mode_user_id
=
job
[
'admin_mode_user_id'
]
# Do not bypass session if this job was not enabled with admin mode on
return
yield
unless
admin_mode_user_id
Gitlab
::
Auth
::
CurrentUserMode
.
bypass_session!
(
admin_mode_user_id
)
do
Gitlab
::
AppLogger
.
debug
(
"AdminMode::Server bypasses session for admin mode in job:
#{
job
.
inspect
}
"
)
yield
end
end
end
end
end
end
spec/features/admin/admin_mode/workers_spec.rb
deleted
100644 → 0
View file @
c6631e6b
# frozen_string_literal: true
require
'spec_helper'
# Test an operation that triggers background jobs requiring administrative rights
describe
'Admin mode for workers'
,
:do_not_mock_admin_mode
,
:request_store
,
:clean_gitlab_redis_shared_state
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:user_to_delete
)
{
create
(
:user
)
}
before
do
add_sidekiq_middleware
sign_in
(
user
)
end
context
'as a regular user'
do
it
'cannot delete user'
do
visit
admin_user_path
(
user_to_delete
)
expect
(
page
).
to
have_gitlab_http_status
(
:not_found
)
end
end
context
'as an admin user'
do
let
(
:user
)
{
create
(
:admin
)
}
context
'when admin mode disabled'
do
it
'cannot delete user'
,
:js
do
visit
admin_user_path
(
user_to_delete
)
expect
(
page
).
to
have_content
(
'Re-authentication required'
)
end
end
context
'when admin mode enabled'
,
:delete
do
before
do
gitlab_enable_admin_mode_sign_in
(
user
)
end
it
'can delete user'
,
:js
do
visit
admin_user_path
(
user_to_delete
)
click_button
'Delete user'
page
.
within
'.modal-dialog'
do
find
(
"input[name='username']"
).
send_keys
(
user_to_delete
.
name
)
click_button
'Delete user'
wait_for_requests
end
expect
(
page
).
to
have_content
(
'The user is being deleted.'
)
# Perform jobs while logged out so that admin mode is only enabled in job metadata
execute_jobs_signed_out
(
user
)
visit
admin_user_path
(
user_to_delete
)
expect
(
page
).
to
have_title
(
'Not Found'
)
end
end
end
def
add_sidekiq_middleware
Sidekiq
::
Testing
.
server_middleware
do
|
chain
|
chain
.
add
Gitlab
::
SidekiqMiddleware
::
AdminMode
::
Server
end
end
def
execute_jobs_signed_out
(
user
)
gitlab_sign_out
Sidekiq
::
Worker
.
drain_all
sign_in
(
user
)
gitlab_enable_admin_mode_sign_in
(
user
)
end
end
spec/features/admin/admin_uses_repository_checks_spec.rb
View file @
408faf2c
...
...
@@ -2,64 +2,46 @@
require
'spec_helper'
describe
'Admin uses repository checks'
,
:request_store
,
:clean_gitlab_redis_shared_state
,
:do_not_mock_admin_mode
do
describe
'Admin uses repository checks'
do
include
StubENV
let
(
:admin
)
{
create
(
:admin
)
}
before
do
stub_env
(
'IN_MEMORY_APPLICATION_SETTINGS'
,
'false'
)
sign_in
(
admin
)
sign_in
(
create
(
:admin
)
)
end
context
'when admin mode is disabled'
do
it
'admin project page requires admin mode'
do
project
=
create
(
:project
)
visit_admin_project_page
(
project
)
it
'to trigger a single check'
do
project
=
create
(
:project
)
visit_admin_project_page
(
project
)
expect
(
page
).
not_to
have_css
(
'.repository-check'
)
expect
(
page
).
to
have_content
(
'Enter Admin Mode'
)
page
.
within
(
'.repository-check'
)
do
click_button
'Trigger repository check'
end
end
context
'when admin mode is enabled'
do
before
do
gitlab_enable_admin_mode_sign_in
(
admin
)
end
it
'to trigger a single check'
,
:js
do
project
=
create
(
:project
)
visit_admin_project_page
(
project
)
page
.
within
(
'.repository-check'
)
do
click_button
'Trigger repository check'
end
expect
(
page
).
to
have_content
(
'Repository check was triggered'
)
end
expect
(
page
).
to
have_content
(
'Repository check was triggered'
)
end
it
'to see a single failed repository check'
,
:js
do
project
=
create
(
:project
)
project
.
update_columns
(
last_repository_check_failed:
true
,
last_repository_check_at:
Time
.
now
)
visit_admin_project_page
(
project
)
it
'to see a single failed repository check'
,
:js
do
project
=
create
(
:project
)
project
.
update_columns
(
last_repository_check_failed:
true
,
last_repository_check_at:
Time
.
now
)
visit_admin_project_page
(
project
)
page
.
within
(
'.alert'
)
do
expect
(
page
.
text
).
to
match
(
/Last repository check \(just now\) failed/
)
end
page
.
within
(
'.alert'
)
do
expect
(
page
.
text
).
to
match
(
/Last repository check \(just now\) failed/
)
end
end
it
'to clear all repository checks'
,
:js
do
visit
repository_admin_application_settings_path
it
'to clear all repository checks'
,
:js
do
visit
repository_admin_application_settings_path
expect
(
RepositoryCheck
::
ClearWorker
).
to
receive
(
:perform_async
)
expect
(
RepositoryCheck
::
ClearWorker
).
to
receive
(
:perform_async
)
accept_confirm
{
find
(
:link
,
'Clear all repository checks'
).
send_keys
(
:return
)
}
accept_confirm
{
find
(
:link
,
'Clear all repository checks'
).
send_keys
(
:return
)
}
expect
(
page
).
to
have_content
(
'Started asynchronous removal of all repository check states.'
)
end
expect
(
page
).
to
have_content
(
'Started asynchronous removal of all repository check states.'
)
end
def
visit_admin_project_page
(
project
)
...
...
spec/lib/gitlab/auth/current_user_mode_spec.rb
View file @
408faf2c
...
...
@@ -2,10 +2,10 @@
require
'spec_helper'
describe
Gitlab
::
Auth
::
CurrentUserMode
,
:do_not_mock_admin_mode
,
:request_store
do
describe
Gitlab
::
Auth
::
CurrentUserMode
,
:do_not_mock_admin_mode
do
include_context
'custom session'
let
(
:user
)
{
build
_stubbed
(
:user
)
}
let
(
:user
)
{
build
(
:user
)
}
subject
{
described_class
.
new
(
user
)
}
...
...
@@ -13,66 +13,54 @@ describe Gitlab::Auth::CurrentUserMode, :do_not_mock_admin_mode, :request_store
allow
(
ActiveSession
).
to
receive
(
:list_sessions
).
with
(
user
).
and_return
([
session
])
end
shared_examples
'admin mode cannot be enabled'
do
it
'is false by default'
do
expect
(
subject
.
admin_mode?
).
to
be
(
false
)
end
it
'cannot be enabled with a valid password'
do
subject
.
enable_admin_mode!
(
password:
user
.
password
)
expect
(
subject
.
admin_mode?
).
to
be
(
false
)
end
it
'cannot be enabled with an invalid password'
do
subject
.
enable_admin_mode!
(
password:
nil
)
expect
(
subject
.
admin_mode?
).
to
be
(
false
)
end
describe
'#admin_mode?'
,
:request_store
do
context
'when the user is a regular user'
do
it
'is false by default'
do
expect
(
subject
.
admin_mode?
).
to
be
(
false
)
end
it
'cannot be enabled with empty params
'
do
subject
.
enable_admin_mode!
it
'cannot be enabled with a valid password
'
do
subject
.
enable_admin_mode!
(
password:
user
.
password
)
expect
(
subject
.
admin_mode?
).
to
be
(
false
)
end
expect
(
subject
.
admin_mode?
).
to
be
(
false
)
end
it
'disable has no effect'
do
subject
.
enable_admin_mode!
subject
.
disable_admin_mode!
it
'cannot be enabled with an invalid password'
do
subject
.
enable_admin_mode!
(
password:
nil
)
expect
(
subject
.
admin_mode?
).
to
be
(
false
)
end
expect
(
subject
.
admin_mode?
).
to
be
(
false
)
end
context
'skipping password validation'
do
it
'cannot be enabled with a valid password'
do
subject
.
enable_admin_mode!
(
password:
user
.
password
,
skip_password_validation:
true
)
it
'cannot be enabled with empty params'
do
subject
.
enable_admin_mode!
expect
(
subject
.
admin_mode?
).
to
be
(
false
)
end
it
'cannot be enabled with an invalid password'
do
subject
.
enable_admin_mode!
(
skip_password_validation:
true
)
it
'disable has no effect'
do
subject
.
enable_admin_mode!
subject
.
disable_admin_mode!
expect
(
subject
.
admin_mode?
).
to
be
(
false
)
end
end
end
describe
'#admin_mode?
'
do
context
'when the user is a regular user
'
do
it_behaves_like
'admin mode cannot be enabled'
context
'skipping password validation
'
do
it
'cannot be enabled with a valid password
'
do
subject
.
enable_admin_mode!
(
password:
user
.
password
,
skip_password_validation:
true
)
context
'bypassing session'
do
it_behaves_like
'admin mode cannot be enabled'
do
around
do
|
example
|
described_class
.
bypass_session!
(
user
.
id
)
{
example
.
run
}
end
expect
(
subject
.
admin_mode?
).
to
be
(
false
)
end
it
'cannot be enabled with an invalid password'
do
subject
.
enable_admin_mode!
(
skip_password_validation:
true
)
expect
(
subject
.
admin_mode?
).
to
be
(
false
)
end
end
end
context
'when the user is an admin'
do
let
(
:user
)
{
build
_stubbed
(
:user
,
:admin
)
}
let
(
:user
)
{
build
(
:user
,
:admin
)
}
context
'when admin mode not requested'
do
it
'is false by default'
do
...
...
@@ -160,36 +148,11 @@ describe Gitlab::Auth::CurrentUserMode, :do_not_mock_admin_mode, :request_store
end
end
end
context
'bypassing session'
do
it
'is active by default'
do
described_class
.
bypass_session!
(
user
.
id
)
do
expect
(
subject
.
admin_mode?
).
to
be
(
true
)
end
end
it
'enable has no effect'
do
described_class
.
bypass_session!
(
user
.
id
)
do
subject
.
request_admin_mode!
subject
.
enable_admin_mode!
(
password:
user
.
password
)
expect
(
subject
.
admin_mode?
).
to
be
(
true
)
end
end
it
'disable has no effect'
do
described_class
.
bypass_session!
(
user
.
id
)
do
subject
.
disable_admin_mode!
expect
(
subject
.
admin_mode?
).
to
be
(
true
)
end
end
end
end
end
describe
'#enable_admin_mode!'
do
let
(
:user
)
{
build
_stubbed
(
:user
,
:admin
)
}
let
(
:user
)
{
build
(
:user
,
:admin
)
}
it
'creates a timestamp in the session'
do
subject
.
request_admin_mode!
...
...
@@ -200,7 +163,7 @@ describe Gitlab::Auth::CurrentUserMode, :do_not_mock_admin_mode, :request_store
end
describe
'#enable_sessionless_admin_mode!'
do
let
(
:user
)
{
build
_stubbed
(
:user
,
:admin
)
}
let
(
:user
)
{
build
(
:user
,
:admin
)
}
it
'enabled admin mode without password'
do
subject
.
enable_sessionless_admin_mode!
...
...
@@ -210,7 +173,7 @@ describe Gitlab::Auth::CurrentUserMode, :do_not_mock_admin_mode, :request_store
end
describe
'#disable_admin_mode!'
do
let
(
:user
)
{
build
_stubbed
(
:user
,
:admin
)
}
let
(
:user
)
{
build
(
:user
,
:admin
)
}
it
'sets the session timestamp to nil'
do
subject
.
request_admin_mode!
...
...
@@ -220,73 +183,6 @@ describe Gitlab::Auth::CurrentUserMode, :do_not_mock_admin_mode, :request_store
end
end
describe
'.bypass_session!'
do
context
'with a regular user'
do
it
'admin mode is false'
do
described_class
.
bypass_session!
(
user
.
id
)
do
expect
(
subject
.
admin_mode?
).
to
be
(
false
)
expect
(
described_class
.
bypass_session_admin_id
).
to
be
(
user
.
id
)
end
expect
(
described_class
.
bypass_session_admin_id
).
to
be_nil
end
end
context
'with an admin user'
do
let
(
:user
)
{
build_stubbed
(
:user
,
:admin
)
}
it
'admin mode is true'
do
described_class
.
bypass_session!
(
user
.
id
)
do
expect
(
subject
.
admin_mode?
).
to
be
(
true
)
expect
(
described_class
.
bypass_session_admin_id
).
to
be
(
user
.
id
)
end
expect
(
described_class
.
bypass_session_admin_id
).
to
be_nil
end
end
end
describe
'.with_current_request_admin_mode'
do
context
'with a regular user'
do
it
'user is not available inside nor outside the yielded block'
do
described_class
.
with_current_admin
(
user
)
do
expect
(
described_class
.
current_admin
).
to
be_nil
end
expect
(
described_class
.
bypass_session_admin_id
).
to
be_nil
end
end
context
'with an admin user'
do
let
(
:user
)
{
build_stubbed
(
:user
,
:admin
)
}
context
'admin mode is disabled'
do
it
'user is not available inside nor outside the yielded block'
do
described_class
.
with_current_admin
(
user
)
do
expect
(
described_class
.
current_admin
).
to
be_nil
end
expect
(
described_class
.
bypass_session_admin_id
).
to
be_nil
end
end
context
'admin mode is enabled'
do
before
do
subject
.
request_admin_mode!
subject
.
enable_admin_mode!
(
password:
user
.
password
)
end
it
'user is available only inside the yielded block'
do
described_class
.
with_current_admin
(
user
)
do
expect
(
described_class
.
current_admin
).
to
be
(
user
)
end
expect
(
described_class
.
current_admin
).
to
be_nil
end
end
end
end
def
expected_session_entry
(
value_matcher
)
{
Gitlab
::
Auth
::
CurrentUserMode
::
SESSION_STORE_KEY
=>
a_hash_including
(
...
...
spec/lib/gitlab/sidekiq_middleware/admin_mode/client_spec.rb
deleted
100644 → 0
View file @
c6631e6b
# frozen_string_literal: true
require
'spec_helper'
describe
Gitlab
::
SidekiqMiddleware
::
AdminMode
::
Client
,
:do_not_mock_admin_mode
,
:request_store
do
include
AdminModeHelper
let
(
:worker
)
do
Class
.
new
do
def
perform
;
end
end
end
let
(
:job
)
{
{}
}
let
(
:queue
)
{
:test
}
it
'yields block'
do
expect
do
|
b
|
subject
.
call
(
worker
,
job
,
queue
,
nil
,
&
b
)
end
.
to
yield_control
.
once
end
context
'user is a regular user'
do
it
'no admin mode field in payload'
do
subject
.
call
(
worker
,
job
,
queue
,
nil
)
{
nil
}
expect
(
job
).
not_to
include
(
'admin_mode_user_id'
)
end
end
context
'user is an administrator'
do
let
(
:admin
)
{
create
(
:admin
)
}
context
'admin mode disabled'
do
it
'no admin mode field in payload'
do
subject
.
call
(
worker
,
job
,
queue
,
nil
)
{
nil
}
expect
(
job
).
not_to
include
(
'admin_mode_user_id'
)
end
end
context
'admin mode enabled'
do
before
do
enable_admin_mode!
(
admin
)
end
context
'when sidekiq required context not set'
do
it
'no admin mode field in payload'
do
subject
.
call
(
worker
,
job
,
queue
,
nil
)
{
nil
}
expect
(
job
).
not_to
include
(
'admin_mode_user_id'
)
end
end
context
'when user stored in current request'
do
it
'has admin mode field in payload'
do
Gitlab
::
Auth
::
CurrentUserMode
.
with_current_admin
(
admin
)
do
subject
.
call
(
worker
,
job
,
queue
,
nil
)
{
nil
}
expect
(
job
).
to
include
(
'admin_mode_user_id'
=>
admin
.
id
)
end
end
end
context
'when bypassing session'
do
it
'has admin mode field in payload'
do
Gitlab
::
Auth
::
CurrentUserMode
.
bypass_session!
(
admin
.
id
)
do
subject
.
call
(
worker
,
job
,
queue
,
nil
)
{
nil
}
expect
(
job
).
to
include
(
'admin_mode_user_id'
=>
admin
.
id
)
end
end
end
end
end
context
'admin mode feature disabled'
do
before
do
stub_feature_flags
(
user_mode_in_session:
false
)
end
it
'yields block'
do
expect
do
|
b
|
subject
.
call
(
worker
,
job
,
queue
,
nil
,
&
b
)
end
.
to
yield_control
.
once
end
it
'no admin mode field in payload'
do
subject
.
call
(
worker
,
job
,
queue
,
nil
)
{
nil
}
expect
(
job
).
not_to
include
(
'admin_mode_user_id'
)
end
end
end
spec/lib/gitlab/sidekiq_middleware/admin_mode/server_spec.rb
deleted
100644 → 0
View file @
c6631e6b
# frozen_string_literal: true
require
'spec_helper'
describe
Gitlab
::
SidekiqMiddleware
::
AdminMode
::
Server
,
:do_not_mock_admin_mode
,
:request_store
do
include
AdminModeHelper
let
(
:worker
)
do
Class
.
new
do
def
perform
;
end
end
end
let
(
:job
)
{
{}
}
let
(
:queue
)
{
:test
}
it
'yields block'
do
expect
do
|
b
|
subject
.
call
(
worker
,
job
,
queue
,
&
b
)
end
.
to
yield_control
.
once
end
context
'job has no admin mode field'
do
it
'session is not bypassed'
do
subject
.
call
(
worker
,
job
,
queue
)
do
expect
(
Gitlab
::
Auth
::
CurrentUserMode
.
bypass_session_admin_id
).
to
be_nil
end
end
end
context
'job has admin mode field'
do
let
(
:admin
)
{
create
(
:admin
)
}
context
'nil admin mode id'
do
let
(
:job
)
{
{
'admin_mode_user_id'
=>
nil
}
}
it
'session is not bypassed'
do
subject
.
call
(
worker
,
job
,
queue
)
do
expect
(
Gitlab
::
Auth
::
CurrentUserMode
.
bypass_session_admin_id
).
to
be_nil
end
end
end
context
'valid admin mode id'
do
let
(
:job
)
{
{
'admin_mode_user_id'
=>
admin
.
id
}
}
it
'session is bypassed'
do
subject
.
call
(
worker
,
job
,
queue
)
do
expect
(
Gitlab
::
Auth
::
CurrentUserMode
.
bypass_session_admin_id
).
to
be
(
admin
.
id
)
end
end
end
end
context
'admin mode feature disabled'
do
before
do
stub_feature_flags
(
user_mode_in_session:
false
)
end
it
'yields block'
do
expect
do
|
b
|
subject
.
call
(
worker
,
job
,
queue
,
&
b
)
end
.
to
yield_control
.
once
end
it
'session is not bypassed'
do
subject
.
call
(
worker
,
job
,
queue
)
do
expect
(
Gitlab
::
Auth
::
CurrentUserMode
.
bypass_session_admin_id
).
to
be_nil
end
end
end
end
spec/lib/gitlab/sidekiq_middleware_spec.rb
View file @
408faf2c
...
...
@@ -45,8 +45,7 @@ describe Gitlab::SidekiqMiddleware do
Gitlab
::
SidekiqMiddleware
::
ArgumentsLogger
,
Gitlab
::
SidekiqMiddleware
::
MemoryKiller
,
Gitlab
::
SidekiqMiddleware
::
RequestStoreMiddleware
,
Gitlab
::
SidekiqMiddleware
::
WorkerContext
::
Server
,
Gitlab
::
SidekiqMiddleware
::
AdminMode
::
Server
Gitlab
::
SidekiqMiddleware
::
WorkerContext
::
Server
]
end
let
(
:enabled_sidekiq_middlewares
)
{
all_sidekiq_middlewares
-
disabled_sidekiq_middlewares
}
...
...
@@ -116,8 +115,7 @@ describe Gitlab::SidekiqMiddleware do
Gitlab
::
SidekiqStatus
::
ClientMiddleware
,
Gitlab
::
SidekiqMiddleware
::
ClientMetrics
,
Gitlab
::
SidekiqMiddleware
::
WorkerContext
::
Client
,
Labkit
::
Middleware
::
Sidekiq
::
Client
,
Gitlab
::
SidekiqMiddleware
::
AdminMode
::
Client
Labkit
::
Middleware
::
Sidekiq
::
Client
]
end
...
...
spec/models/user_spec.rb
View file @
408faf2c
...
...
@@ -2985,9 +2985,9 @@ describe User, :do_not_mock_admin_mode do
end
end
describe
'#can_read_all_resources?'
,
:request_store
do
describe
'#can_read_all_resources?'
do
it
'returns false for regular user'
do
user
=
build
_stubbed
(
:user
)
user
=
build
(
:user
)
expect
(
user
.
can_read_all_resources?
).
to
be_falsy
end
...
...
@@ -2995,7 +2995,7 @@ describe User, :do_not_mock_admin_mode do
context
'for admin user'
do
include_context
'custom session'
let
(
:user
)
{
build
_stubbed
(
:user
,
:admin
)
}
let
(
:user
)
{
build
(
:user
,
:admin
)
}
context
'when admin mode is disabled'
do
it
'returns false'
do
...
...
spec/policies/base_policy_spec.rb
View file @
408faf2c
...
...
@@ -23,8 +23,8 @@ describe BasePolicy, :do_not_mock_admin_mode do
end
describe
'read cross project'
do
let
(
:current_user
)
{
build_stubbed
(
:user
)
}
let
(
:user
)
{
build_stubbed
(
:user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:user
)
{
create
(
:user
)
}
subject
{
described_class
.
new
(
current_user
,
[
user
])
}
...
...
@@ -38,7 +38,7 @@ describe BasePolicy, :do_not_mock_admin_mode do
it
{
is_expected
.
not_to
be_allowed
(
:read_cross_project
)
}
context
'for admins'
do
let
(
:current_user
)
{
build
_stubbed
(
:admin
)
}
let
(
:current_user
)
{
build
(
:admin
)
}
subject
{
described_class
.
new
(
current_user
,
nil
)
}
...
...
@@ -56,14 +56,14 @@ describe BasePolicy, :do_not_mock_admin_mode do
end
describe
'full private access'
do
let
(
:current_user
)
{
build_stubbed
(
:user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
subject
{
described_class
.
new
(
current_user
,
nil
)
}
it
{
is_expected
.
not_to
be_allowed
(
:read_all_resources
)
}
context
'for admins'
do
let
(
:current_user
)
{
build
_stubbed
(
:admin
)
}
let
(
:current_user
)
{
build
(
:admin
)
}
it
'allowed when in admin mode'
do
enable_admin_mode!
(
current_user
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment