Commit 2ef90053 authored by Robert Speicher's avatar Robert Speicher

Merge branch 'new-gitlab-users-clear_all_authentication_tokens-task' into 'master'

Add a new gitlab:users:clear_all_authentication_tokens task

## What are the relevant issue numbers?

Part of #22537.

See merge request !6745
parents 755c8732 8d8282b4
...@@ -78,6 +78,7 @@ v 8.13.0 (unreleased) ...@@ -78,6 +78,7 @@ v 8.13.0 (unreleased)
- API: expose pipeline data in builds API (!6502, Guilherme Salazar) - API: expose pipeline data in builds API (!6502, Guilherme Salazar)
- Notify the Merger about merge after successful build (Dimitris Karakasilis) - Notify the Merger about merge after successful build (Dimitris Karakasilis)
- Reorder issue and merge request titles to show IDs first. !6503 (Greg Laubenstein) - Reorder issue and merge request titles to show IDs first. !6503 (Greg Laubenstein)
- Add a new gitlab:users:clear_all_authentication_tokens task. !6745
- Reduce queries needed to find users using their SSH keys when pushing commits - Reduce queries needed to find users using their SSH keys when pushing commits
- Prevent rendering the link to all when the author has no access (Katarzyna Kobierska Ula Budziszewska) - Prevent rendering the link to all when the author has no access (Katarzyna Kobierska Ula Budziszewska)
- Fix broken repository 500 errors in project list - Fix broken repository 500 errors in project list
......
...@@ -589,6 +589,11 @@ class User < ActiveRecord::Base ...@@ -589,6 +589,11 @@ class User < ActiveRecord::Base
end end
def set_projects_limit def set_projects_limit
# `User.select(:id)` raises
# `ActiveModel::MissingAttributeError: missing attribute: projects_limit`
# without this safeguard!
return unless self.has_attribute?(:projects_limit)
connection_default_value_defined = new_record? && !projects_limit_changed? connection_default_value_defined = new_record? && !projects_limit_changed?
return unless self.projects_limit.nil? || connection_default_value_defined return unless self.projects_limit.nil? || connection_default_value_defined
......
...@@ -70,3 +70,18 @@ sudo gitlab-rake gitlab:two_factor:disable_for_all_users ...@@ -70,3 +70,18 @@ sudo gitlab-rake gitlab:two_factor:disable_for_all_users
# installation from source # installation from source
bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production
``` ```
## Clear authentication tokens for all users. Important! Data loss!
Clear authentication tokens for all users in the GitLab database. This
task is useful if your users' authentication tokens might have been exposed in
any way. All the existing tokens will become invalid, and new tokens are
automatically generated upon sign-in or user modification.
```
# omnibus-gitlab
sudo gitlab-rake gitlab:users:clear_all_authentication_tokens
# installation from source
bundle exec rake gitlab:users:clear_all_authentication_tokens RAILS_ENV=production
```
namespace :gitlab do
namespace :users do
desc "GitLab | Clear the authentication token for all users"
task clear_all_authentication_tokens: :environment do |t, args|
# Do small batched updates because these updates will be slow and locking
User.select(:id).find_in_batches(batch_size: 100) do |batch|
User.where(id: batch.map(&:id)).update_all(authentication_token: nil)
end
end
end
end
require 'spec_helper'
require 'rake'
describe 'gitlab:users namespace rake task' do
let(:enable_registry) { true }
before :all do
Rake.application.rake_require 'tasks/gitlab/task_helpers'
Rake.application.rake_require 'tasks/gitlab/users'
# empty task as env is already loaded
Rake::Task.define_task :environment
end
def run_rake_task(task_name)
Rake::Task[task_name].reenable
Rake.application.invoke_task task_name
end
describe 'clear_all_authentication_tokens' do
before do
# avoid writing task output to spec progress
allow($stdout).to receive :write
end
context 'gitlab version' do
it 'clears the authentication token for all users' do
create_list(:user, 2)
expect(User.pluck(:authentication_token)).to all(be_present)
run_rake_task('gitlab:users:clear_all_authentication_tokens')
expect(User.pluck(:authentication_token)).to all(be_nil)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment