Commit 97d1ef03 authored by Robert Speicher's avatar Robert Speicher Committed by Rémy Coutable

Merge branch 'new-gitlab-users-clear_all_authentication_tokens-task' into 'master'

Add a new gitlab:users:clear_all_authentication_tokens task

## What are the relevant issue numbers?

Part of #22537.

See merge request !6745
Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent cb846067
......@@ -4,6 +4,7 @@ v 8.12.5
- Switch from request to env in ::API::Helpers. !6615
- Update the mail_room gem to 0.8.1 to fix a race condition with the mailbox watching thread. !6714
- Improve issue load time performance by avoiding ORDER BY in find_by call. !6724
- Add a new gitlab:users:clear_all_authentication_tokens task. !6745
v 8.12.4
- Fix "Copy to clipboard" tooltip to say "Copied!" when clipboard button is clicked. !6294 (lukehowell)
......
......@@ -584,6 +584,11 @@ class User < ActiveRecord::Base
end
def set_projects_limit
# `User.select(:id)` raises
# `ActiveModel::MissingAttributeError: missing attribute: projects_limit`
# without this safeguard!
return unless self.has_attribute?(:projects_limit)
connection_default_value_defined = new_record? && !projects_limit_changed?
return unless self.projects_limit.nil? || connection_default_value_defined
......
......@@ -70,3 +70,18 @@ sudo gitlab-rake gitlab:two_factor:disable_for_all_users
# installation from source
bundle exec rake gitlab:two_factor:disable_for_all_users RAILS_ENV=production
```
## Clear authentication tokens for all users. Important! Data loss!
Clear authentication tokens for all users in the GitLab database. This
task is useful if your users' authentication tokens might have been exposed in
any way. All the existing tokens will become invalid, and new tokens are
automatically generated upon sign-in or user modification.
```
# omnibus-gitlab
sudo gitlab-rake gitlab:users:clear_all_authentication_tokens
# installation from source
bundle exec rake gitlab:users:clear_all_authentication_tokens RAILS_ENV=production
```
namespace :gitlab do
namespace :users do
desc "GitLab | Clear the authentication token for all users"
task clear_all_authentication_tokens: :environment do |t, args|
# Do small batched updates because these updates will be slow and locking
User.select(:id).find_in_batches(batch_size: 100) do |batch|
User.where(id: batch.map(&:id)).update_all(authentication_token: nil)
end
end
end
end
require 'spec_helper'
require 'rake'
describe 'gitlab:users namespace rake task' do
let(:enable_registry) { true }
before :all do
Rake.application.rake_require 'tasks/gitlab/task_helpers'
Rake.application.rake_require 'tasks/gitlab/users'
# empty task as env is already loaded
Rake::Task.define_task :environment
end
def run_rake_task(task_name)
Rake::Task[task_name].reenable
Rake.application.invoke_task task_name
end
describe 'clear_all_authentication_tokens' do
before do
# avoid writing task output to spec progress
allow($stdout).to receive :write
end
context 'gitlab version' do
it 'clears the authentication token for all users' do
create_list(:user, 2)
expect(User.pluck(:authentication_token)).to all(be_present)
run_rake_task('gitlab:users:clear_all_authentication_tokens')
expect(User.pluck(:authentication_token)).to all(be_nil)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment