Commit a4ef92d2 authored by Stan Hu's avatar Stan Hu

Fix errors when pushing with an expired license

When a user pushed to a GitLab EE license that had an expired license,
it would fail with one of two errors:

In the current GitLab 13.1 branch it would show:

```
undefined method `license_message' for LicenseHelper:Module
```

However, previous versions would show:

```
undefined method `full_sanitizer' for Gitlab::GitAccess:Class
```

The latter error occurred because the view helper strip_tags only works
in a view. We now explicitly define `strip_tags` to use the same
sanitizer.

Closes https://gitlab.com/gitlab-org/gitlab/-/issues/217031
parent ac4de842
---
title: Fix errors when pushing with an expired license
merge_request: 34458
author:
type: fixed
......@@ -5,8 +5,8 @@ module EE
module GitAccess
prepend GeoGitAccess
extend ::Gitlab::Utils::Override
include ActionView::Helpers::SanitizeHelper
include PathLocksHelper
include SubscribableBannerHelper
override :check
def check(cmd, changes)
......@@ -98,11 +98,15 @@ module EE
def check_if_license_blocks_changes!
if ::License.block_changes?
message = ::LicenseHelper.license_message(signed_in: true, is_admin: (user && user.admin?))
message = license_message(signed_in: true, is_admin: (user && user.admin?))
raise ::Gitlab::GitAccess::ForbiddenError, strip_tags(message)
end
end
def strip_tags(html)
Rails::Html::FullSanitizer.new.sanitize(html)
end
override :check_size_limit?
def check_size_limit?
strong_memoize(:check_size_limit) do
......
......@@ -600,6 +600,18 @@ RSpec.describe Gitlab::GitAccess do
end
end
context "when license blocks changes" do
before do
create_current_license(starts_at: 1.month.ago.to_date, block_changes_at: Date.current, notify_admins_at: Date.current)
user.update_attribute(:admin, true)
project.add_role(user, :developer)
end
it 'raises an error' do
expect { push_changes(changes[:any]) }.to raise_error(Gitlab::GitAccess::ForbiddenError, /Your subscription will expire/)
end
end
context "group-specific access control" do
let(:user) { create(:user) }
let(:group) { create(:group) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment