Disable lookup of other ActiveSessions to determine admin mode status

36cfd946 · Diego Louzán · Imre Farkas · 37e4fc93 · 36cfd946 · 36cfd946
Commit 36cfd946 authored Mar 19, 2020 by Diego Louzán Committed by Imre Farkas Mar 19, 2020
3 changed files
--- a/changelogs/unreleased/refactor-admin-mode-single-session.yml
+++ b/changelogs/unreleased/refactor-admin-mode-single-session.yml
+---
+title: Disable lookup of other ActiveSessions to determine admin mode status
+merge_request: 27318
+author: Diego Louzán
+type: changed
--- a/lib/gitlab/auth/current_user_mode.rb
+++ b/lib/gitlab/auth/current_user_mode.rb
@@ -77,7 +77,7 @@ module Gitlab
        return false unless user
        Gitlab::SafeRequestStore.fetch(admin_mode_rs_key) do
-          user.admin? && any_session_with_admin_mode?
+          user.admin? && session_with_admin_mode?
        end
      end
@@ -136,19 +136,10 @@ module Gitlab
        @current_session ||= Gitlab::NamespacedSessionStore.new(SESSION_STORE_KEY)
      end
-      def any_session_with_admin_mode?
+      def session_with_admin_mode?
        return true if bypass_session?
-        return true if current_session_data.initiated? && current_session_data[ADMIN_MODE_START_TIME_KEY].to_i > MAX_ADMIN_MODE_TIME.ago.to_i
-        all_sessions.any? do |session|
+        current_session_data.initiated? && current_session_data[ADMIN_MODE_START_TIME_KEY].to_i > MAX_ADMIN_MODE_TIME.ago.to_i
-          session[ADMIN_MODE_START_TIME_KEY].to_i > MAX_ADMIN_MODE_TIME.ago.to_i
-        end
-      end
-      def all_sessions
-        @all_sessions ||= ActiveSession.list_sessions(user).lazy.map do |session|
-          Gitlab::NamespacedSessionStore.new(SESSION_STORE_KEY, session.with_indifferent_access )
-        end
      end
      def admin_mode_requested_in_grace_period?

--- a/spec/lib/gitlab/auth/current_user_mode_spec.rb
+++ b/spec/lib/gitlab/auth/current_user_mode_spec.rb
@@ -151,13 +151,13 @@ describe Gitlab::Auth::CurrentUserMode, :do_not_mock_admin_mode, :request_store
              allow(ActiveSession).to receive(:list_sessions).with(user).and_return([session, another_session])
            end
-            it 'can be enabled in one and seen in the other' do
+            it 'cannot be enabled in one and seen in the other' do
              Gitlab::Session.with_session(another_session) do
                another_subject.request_admin_mode!
                another_subject.enable_admin_mode!(password: user.password)
              end
-              expect(subject.admin_mode?).to be(true)
+              expect(subject.admin_mode?).to be(false)
            end
          end
        end