Skip to content

G
gitlab-ce
Commit 7746792a authored by Toon Claes's avatar Toon Claes
Browse files
Options

Move Geo stuff from sessions_controller to EE mixin

parent ac586ab4
Show whitespace changes
Inline Side-by-side
Showing with 47 additions and 31 deletions
app/controllers/sessions_controller.rb
View file @ 7746792a
...@@ -9,9 +9,7 @@ class SessionsController < Devise::SessionsController ...@@ -9,9 +9,7 @@ class SessionsController < Devise::SessionsController
prepend_before_action :check_initial_setup, only: [:new] prepend_before_action :check_initial_setup, only: [:new]
prepend_before_action :authenticate_with_two_factor, prepend_before_action :authenticate_with_two_factor,
if: :two_factor_enabled?, only: [:create] if: :two_factor_enabled?, only: [:create]
prepend_before_action :store_redirect_path, only: [:new] prepend_before_action :store_redirect_uri, only: [:new]
before_action :gitlab_geo_login, only: [:new]
before_action :gitlab_geo_logout, only: [:destroy]
before_action :auto_sign_in_with_provider, only: [:new] before_action :auto_sign_in_with_provider, only: [:new]
before_action :load_recaptcha before_action :load_recaptcha
...@@ -88,7 +86,11 @@ class SessionsController < Devise::SessionsController ...@@ -88,7 +86,11 @@ class SessionsController < Devise::SessionsController
end end
end end
def store_redirect_path def stored_redirect_uri
@redirect_to ||= stored_location_for(:redirect)
end
def store_redirect_uri
redirect_uri = redirect_uri =
if request.referer.present? && (params['redirect_to_referer'] == 'yes') if request.referer.present? && (params['redirect_to_referer'] == 'yes')
URI(request.referer) URI(request.referer)
...@@ -98,40 +100,22 @@ class SessionsController < Devise::SessionsController ...@@ -98,40 +100,22 @@ class SessionsController < Devise::SessionsController
# Prevent a 'you are already signed in' message directly after signing: # Prevent a 'you are already signed in' message directly after signing:
# we should never redirect to '/users/sign_in' after signing in successfully. # we should never redirect to '/users/sign_in' after signing in successfully.
if redirect_uri.path == new_user_session_path return true if redirect_uri.path == new_user_session_path
return true
elsif redirect_uri.host == Gitlab.config.gitlab.host && redirect_uri.port == Gitlab.config.gitlab.port redirect_to = redirect_uri.to_s if redirect_allowed_to?(redirect_uri)
redirect_to = redirect_uri.to_s
elsif Gitlab::Geo.geo_node?(host: redirect_uri.host, port: redirect_uri.port)
redirect_to = redirect_uri.to_s
end
@redirect_to = redirect_to @redirect_to = redirect_to
store_location_for(:redirect, redirect_to) store_location_for(:redirect, redirect_to)
end end
def two_factor_enabled? # Overridden in EE
find_user.try(:two_factor_enabled?) def redirect_allowed_to?(uri)
end uri.host == Gitlab.config.gitlab.host &&
uri.port == Gitlab.config.gitlab.port
def gitlab_geo_login
return unless Gitlab::Geo.secondary? # TODO?
return if signed_in?
oauth = Gitlab::Geo::OauthSession.new
# share full url with primary node by oauth state
user_return_to = URI.join(root_url, session[:user_return_to].to_s).to_s
oauth.return_to = @redirect_to || user_return_to
redirect_to oauth_geo_auth_url(state: oauth.generate_oauth_state)
end end
def gitlab_geo_logout def two_factor_enabled?
return unless Gitlab::Geo.secondary? # TODO? find_user&.two_factor_enabled?
oauth = Gitlab::Geo::OauthSession.new(access_token: session[:access_token])
@geo_logout_state = oauth.generate_logout_state
end end
def auto_sign_in_with_provider def auto_sign_in_with_provider
......
ee/app/controllers/ee/sessions_controller.rb
View file @ 7746792a
...@@ -2,13 +2,45 @@ module EE ...@@ -2,13 +2,45 @@ module EE
module SessionsController module SessionsController
extend ActiveSupport::Concern extend ActiveSupport::Concern
prepended do
before_action :gitlab_geo_login, only: [:new]
before_action :gitlab_geo_logout, only: [:destroy]
end
private private
def gitlab_geo_login
return unless ::Gitlab::Geo.secondary?
return if signed_in?
oauth = ::Gitlab::Geo::OauthSession.new
# share full url with primary node by oauth state
user_return_to = URI.join(root_url, session[:user_return_to].to_s).to_s
oauth.return_to = stored_redirect_uri || user_return_to
redirect_to oauth_geo_auth_url(state: oauth.generate_oauth_state)
end
def gitlab_geo_logout
return unless ::Gitlab::Geo.secondary?
oauth = ::Gitlab::Geo::OauthSession.new(access_token: session[:access_token])
@geo_logout_state = oauth.generate_logout_state
end
def log_failed_login def log_failed_login
::AuditEventService.new(request.filtered_parameters['user']['login'], nil, ip_address: request.remote_ip) ::AuditEventService.new(request.filtered_parameters['user']['login'], nil, ip_address: request.remote_ip)
.for_failed_login.unauth_security_event .for_failed_login.unauth_security_event
super super
end end
def redirect_allowed_to?(uri)
raise NotImplementedError unless defined?(super)
# Redirect is not only allowed to current host, but also to other Geo nodes
super || ::Gitlab::Geo.geo_node?(host: uri.host, port: uri.port)
end
end end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7