Commit 8f7f2ba0 authored by Michael Kozono's avatar Michael Kozono

Merge branch 'sh-change-throttle-protected-paths-default' into 'master'

Disable protected path throttling by default

Closes #34212

See merge request gitlab-org/gitlab!19185
parents 0b6fd279 7c6e3d01
---
title: Disable protected path throttling by default
merge_request: 19185
author:
type: fixed
# frozen_string_literal: true
class ChangeDefaultValueOfThrottleProtectedPaths < ActiveRecord::Migration[5.2]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
def up
change_column_default :application_settings, :throttle_protected_paths_enabled, false
# Because we already set the value to true in the previous
# migration, this feature was switched on inadvertently in GitLab
# 12.4. This migration toggles it back off to ensure we don't
# inadvertently block legitimate users. The admin will have to
# re-enable it in the application settings.
unless omnibus_protected_paths_present?
execute "UPDATE application_settings SET throttle_protected_paths_enabled = #{false_value}"
end
end
def down
change_column_default :application_settings, :throttle_protected_paths_enabled, true
execute "UPDATE application_settings SET throttle_protected_paths_enabled = #{true_value}"
end
private
def omnibus_protected_paths_present?
Rack::Attack.throttles.key?('protected paths')
rescue e
say "Error while checking if Omnibus protected paths were already enabled: #{e.message}"
say 'Continuing. Protected paths will remain enabled.'
# Return true so we don't take a risk
true
end
end
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2019_10_17_180026) do ActiveRecord::Schema.define(version: 2019_10_26_041447) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "pg_trgm" enable_extension "pg_trgm"
...@@ -331,7 +331,7 @@ ActiveRecord::Schema.define(version: 2019_10_17_180026) do ...@@ -331,7 +331,7 @@ ActiveRecord::Schema.define(version: 2019_10_17_180026) do
t.string "encrypted_asset_proxy_secret_key_iv" t.string "encrypted_asset_proxy_secret_key_iv"
t.string "static_objects_external_storage_url", limit: 255 t.string "static_objects_external_storage_url", limit: 255
t.string "static_objects_external_storage_auth_token", limit: 255 t.string "static_objects_external_storage_auth_token", limit: 255
t.boolean "throttle_protected_paths_enabled", default: true, null: false t.boolean "throttle_protected_paths_enabled", default: false, null: false
t.integer "throttle_protected_paths_requests_per_period", default: 10, null: false t.integer "throttle_protected_paths_requests_per_period", default: 10, null: false
t.integer "throttle_protected_paths_period_in_seconds", default: 60, null: false t.integer "throttle_protected_paths_period_in_seconds", default: 60, null: false
t.string "protected_paths", limit: 255, default: ["/users/password", "/users/sign_in", "/api/v3/session.json", "/api/v3/session", "/api/v4/session.json", "/api/v4/session", "/users", "/users/confirmation", "/unsubscribes/", "/import/github/personal_access_token"], array: true t.string "protected_paths", limit: 255, default: ["/users/password", "/users/sign_in", "/api/v3/session.json", "/api/v3/session", "/api/v4/session.json", "/api/v4/session", "/users", "/users/confirmation", "/unsubscribes/", "/import/github/personal_access_token"], array: true
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment