Add warning when Geo is configured insecurely

284b6e69 · James Lopez · Nick Thomas · a7046b5b · 284b6e69 · 284b6e69
Commit 284b6e69 authored Nov 16, 2017 by James Lopez Committed by Nick Thomas Nov 16, 2017
3 changed files
--- a/changelogs/unreleased-ee/feature-http-geo-warning.yml
+++ b/changelogs/unreleased-ee/feature-http-geo-warning.yml
+---
+title: Add warning when Geo is configured insecurely
+merge_request: 3368
+author:
+type: added
--- a/ee/app/controllers/admin/geo_nodes_controller.rb
+++ b/ee/app/controllers/admin/geo_nodes_controller.rb
 class Admin::GeoNodesController < Admin::ApplicationController
  before_action :check_license, except: [:index, :destroy]
  before_action :load_node, only: [:edit, :update, :destroy, :repair, :toggle, :status]
+  before_action :check_insecure_nodes

  helper EE::GeoHelper

@@ -9,7 +10,7 @@ class Admin::GeoNodesController < Admin::ApplicationController
    @node = GeoNode.new

    unless Gitlab::Geo.license_allows?
-      flash.now[:alert] = 'You need a different license to enable Geo replication'
+      flash_now(:alert, 'You need a different license to enable Geo replication')
    end
  end

@@ -101,4 +102,18 @@ class Admin::GeoNodesController < Admin::ApplicationController
  def load_node
    @node = GeoNode.find(params[:id])
  end
+
+  def check_insecure_nodes
+    if has_insecure_nodes?
+      flash_now(:alert, 'You have configured Geo nodes using an insecure HTTP connection. We recommend the use of HTTPS.')
+    end
+  end
+
+  def has_insecure_nodes?
+    GeoNode.where(schema: 'http').any?
+  end
+
+  def flash_now(type, message)
+    flash.now[type] = flash.now[type].blank? ? message : "#{flash.now[type]}<BR>#{message}".html_safe
+  end
 end
--- a/spec/controllers/admin/geo_nodes_controller_spec.rb
+++ b/spec/controllers/admin/geo_nodes_controller_spec.rb
@@ -46,7 +46,8 @@ describe Admin::GeoNodesController, :postgresql do

      it 'displays a flash message' do
        go
-        expect(controller).to set_flash.now[:alert].to('You need a different license to enable Geo replication')
+
+        expect(flash[:alert]).to include('You need a different license to enable Geo replication')
      end

      it 'does not redirects to the license page' do
@@ -54,6 +55,30 @@ describe Admin::GeoNodesController, :postgresql do
        expect(response).not_to redirect_to(admin_license_path)
      end
    end
+
+    context 'Secured URL' do
+      let(:alert_message) { 'You have configured Geo nodes using an insecure HTTP connection. We recommend the use of HTTPS.' }
+
+      context 'HTTP nodes' do
+        it 'displays a flash message' do
+          create(:geo_node, url: 'http://not.safe')
+
+          go
+
+          expect(flash[:alert]).to include(alert_message)
+        end
+      end
+
+      context 'with HTTPS nodes' do
+        it 'does not display a flash message' do
+          create(:geo_node, url: 'https://much.safer')
+
+          go
+
+          expect(flash[:alert]).not_to include(alert_message)
+        end
+      end
+    end
  end

  describe '#destroy' do