Commit 1566d5fd authored by nmilojevic1's avatar nmilojevic1 Committed by Nikola Milojevic

Add ENV variable to control session_store

parent f4756e90
......@@ -18,14 +18,15 @@ cookie_key = if Rails.env.development?
else
"_gitlab_session"
end
if Gitlab::Utils.to_boolean(ENV['GITLAB_LEGACY_SESSION_STORE'], default: false)
sessions_config = Gitlab::Redis::SharedState.params
sessions_config[:namespace] = Gitlab::Redis::SharedState::SESSION_NAMESPACE
if Gitlab::Utils.to_boolean(ENV['GITLAB_REDIS_STORE_WITH_SESSION_STORE'], default: true)
store = Gitlab::Redis::SharedState.store(
namespace: Gitlab::Redis::SharedState::SESSION_NAMESPACE
)
Gitlab::Application.config.session_store(
:redis_store, # Using the cookie_store would enable session replay attacks.
servers: sessions_config,
redis_store: store,
key: cookie_key,
secure: Gitlab.config.gitlab.https,
httponly: true,
......@@ -33,17 +34,17 @@ if Gitlab::Utils.to_boolean(ENV['GITLAB_LEGACY_SESSION_STORE'], default: false)
path: Rails.application.config.relative_url_root.presence || '/'
)
else
store = Gitlab::Redis::SharedState.store(
namespace: Gitlab::Redis::SharedState::SESSION_NAMESPACE
)
sessions_config = Gitlab::Redis::SharedState.params
sessions_config[:namespace] = Gitlab::Redis::SharedState::SESSION_NAMESPACE
Gitlab::Application.config.session_store(
:redis_store, # Using the cookie_store would enable session replay attacks.
redis_store: store,
servers: sessions_config,
key: cookie_key,
expires_in: Settings.gitlab['session_expire_delay'] * 60,
secure: Gitlab.config.gitlab.https,
httponly: true,
secure: Gitlab.config.gitlab.https
expires_in: Settings.gitlab['session_expire_delay'] * 60,
path: Rails.application.config.relative_url_root.presence || '/'
)
end
......
......@@ -10,26 +10,26 @@ RSpec.describe 'Session initializer for GitLab' do
end
describe 'config#session_store' do
context 'when the GITLAB_LEGACY_SESSION_STORE env is enabled' do
context 'when the GITLAB_REDIS_STORE_WITH_SESSION_STORE env is not set' do
before do
stub_env('GITLAB_LEGACY_SESSION_STORE', true)
stub_env('GITLAB_REDIS_STORE_WITH_SESSION_STORE', nil)
end
it 'returns the regular cookie without a suffix' do
expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(servers: kind_of(Hash)))
expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(::Redis::Store)))
load_session_store
end
end
context 'when the GITLAB_LEGACY_SESSION_STORE env is not set' do
context 'when the GITLAB_REDIS_STORE_WITH_SESSION_STORE env is disabled' do
before do
stub_env('GITLAB_LEGACY_SESSION_STORE', nil)
stub_env('GITLAB_REDIS_STORE_WITH_SESSION_STORE', false)
end
it 'returns the regular cookie without a suffix' do
expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(::Redis::Store)))
expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(servers: kind_of(Hash)))
load_session_store
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment