Validate kroki_url

a55112b8 · Guillaume Grossetie · 8f0d318b · a55112b8
Commit a55112b8 authored Oct 27, 2020 by Guillaume Grossetie
Hide whitespace changes
Inline Side-by-side

Showing with 31 additions and 8 deletions

app/models/application_setting.rb app/models/application_setting.rb +31 -8

No files found.
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -13,6 +13,9 @@ class ApplicationSetting < ApplicationRecord
  GRAFANA_URL_ERROR_MESSAGE = 'Please check your Grafana URL setting in ' \
    'Admin Area > Settings > Metrics and profiling > Metrics - Grafana'

+  KROKI_URL_ERROR_MESSAGE = 'Please check your Kroki URL setting in ' \
+    'Admin Area > Settings > General > Kroki'
+
  add_authentication_token_field :runners_registration_token, encrypted: -> { Feature.enabled?(:application_settings_tokens_optional_encryption) ? :optional : :required }
  add_authentication_token_field :health_check_access_token
  add_authentication_token_field :static_objects_external_storage_auth_token
@@ -129,8 +132,12 @@ class ApplicationSetting < ApplicationRecord
            if: :unique_ips_limit_enabled

  validates :kroki_url,
-            presence: true,
-            if: :kroki_enabled
+            system_hook_url: {
+                blocked_message: "is blocked: %{exception_message}. " + KROKI_URL_ERROR_MESSAGE
+            },
+            if: :kroki_url_absolute?
+
+  validate :validate_kroki_url

  validates :plantuml_url,
            presence: true,
@@ -433,18 +440,21 @@ class ApplicationSetting < ApplicationRecord
  after_commit :expire_performance_bar_allowed_user_ids_cache, if: -> { previous_changes.key?('performance_bar_allowed_group_id') }

  def validate_grafana_url
-    unless parsed_grafana_url
-      self.errors.add(
-        :grafana_url,
-        "must be a valid relative or absolute URL. #{GRAFANA_URL_ERROR_MESSAGE}"
-      )
-    end
+    validate_url(parsed_grafana_url, :grafana_url, GRAFANA_URL_ERROR_MESSAGE)
  end

  def grafana_url_absolute?
    parsed_grafana_url&.absolute?
  end

+  def validate_kroki_url
+    validate_url(parsed_kroki_url, :kroki_url, KROKI_URL_ERROR_MESSAGE)
+  end
+
+  def kroki_url_absolute?
+    parsed_kroki_url&.absolute?
+  end
+
  def sourcegraph_url_is_com?
    !!(sourcegraph_url =~ /\Ahttps:\/\/(www\.)?sourcegraph\.com/)
  end
@@ -507,6 +517,19 @@ class ApplicationSetting < ApplicationRecord
  def parsed_grafana_url
    @parsed_grafana_url ||= Gitlab::Utils.parse_url(grafana_url)
  end
+
+  def parsed_kroki_url
+    @parsed_kroki_url ||= Gitlab::Utils.parse_url(kroki_url)
+  end
+
+  def validate_url(parsed_url, name, error_message)
+    unless parsed_url
+      self.errors.add(
+          name,
+          "must be a valid relative or absolute URL. #{error_message}"
+      )
+    end
+  end
 end

 ApplicationSetting.prepend_if_ee('EE::ApplicationSetting')