Commit c155ddd7 authored by Robert Speicher's avatar Robert Speicher
Browse files

Merge branch 'rd-26044-new-option-to-prevent-too-big-git-pushes' into 'master'

Add new setting to Application Settings: receive_max_input_size

Closes #26044

See merge request gitlab-org/gitlab-ce!20758
parents 148f054e 007b81b8
......@@ -220,6 +220,7 @@ def visible_attributes
:recaptcha_enabled,
:recaptcha_private_key,
:recaptcha_site_key,
:receive_max_input_size,
:repository_checks_enabled,
:repository_storages,
:require_two_factor_authentication,
......
......@@ -14,7 +14,10 @@
= f.label :max_attachment_size, 'Maximum attachment size (MB)', class: 'label-bold'
= f.number_field :max_attachment_size, class: 'form-control'
.form-group
= f.label :session_expire_delay, 'Session duration (minutes)', class: 'label-bold'
= f.label :receive_max_input_size, 'Maximum push size (MB)', class: 'label-light'
= f.number_field :receive_max_input_size, class: 'form-control'
.form-group
= f.label :session_expire_delay, 'Session duration (minutes)', class: 'label-light'
= f.number_field :session_expire_delay, class: 'form-control'
%span.form-text.text-muted#session_expire_delay_help_block GitLab restart is required to apply changes
.form-group
......
---
title: Allow admins to configure the maximum Git push size
merge_request: 20758
author:
type: added
# frozen_string_literal: true
# See http://doc.gitlab.com/ce/development/migration_style_guide.html
# for more information on how to write migrations for GitLab.
class AddReceiveMaxInputSizeToApplicationSettings < ActiveRecord::Migration
DOWNTIME = false
def change
add_column :application_settings, :receive_max_input_size, :integer
end
end
......@@ -173,6 +173,7 @@
t.boolean "web_ide_clientside_preview_enabled", default: false, null: false
t.boolean "user_show_add_ssh_key_message", default: true, null: false
t.integer "usage_stats_set_by_user_id"
t.integer "receive_max_input_size"
end
create_table "audit_events", force: :cascade do |t|
......
......@@ -74,6 +74,7 @@ def response_with_status(code: 200, success: true, message: nil, **extra_options
gl_repository: gl_repository,
gl_id: Gitlab::GlId.gl_id(user),
gl_username: user&.username,
git_config_options: [],
# This repository_path is a bogus value but gitlab-shell still requires
# its presence. https://gitlab.com/gitlab-org/gitlab-shell/issues/135
......@@ -81,6 +82,13 @@ def response_with_status(code: 200, success: true, message: nil, **extra_options
gitaly: gitaly_payload(params[:action])
}
# Custom option for git-receive-pack command
receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i
if receive_max_input_size > 0
payload[:git_config_options] << "receive.maxInputSize=#{receive_max_input_size.megabytes}"
end
response_with_status(**payload)
when ::Gitlab::GitAccessResult::CustomAction
response_with_status(code: 300, message: check_result.message, payload: check_result.payload)
......
......@@ -22,18 +22,27 @@ def git_http_ok(repository, is_wiki, user, action, show_all_refs: false)
project = repository.project
{
attrs = {
GL_ID: Gitlab::GlId.gl_id(user),
GL_REPOSITORY: Gitlab::GlRepository.gl_repository(project, is_wiki),
GL_USERNAME: user&.username,
ShowAllRefs: show_all_refs,
Repository: repository.gitaly_repository.to_h,
RepoPath: 'ignored but not allowed to be empty in gitlab-workhorse',
GitConfigOptions: [],
GitalyServer: {
address: Gitlab::GitalyClient.address(project.repository_storage),
token: Gitlab::GitalyClient.token(project.repository_storage)
}
}
# Custom option for git-receive-pack command
receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i
if receive_max_input_size > 0
attrs[:GitConfigOptions] << "receive.maxInputSize=#{receive_max_input_size.megabytes}"
end
attrs
end
def send_git_blob(repository, blob)
......
......@@ -78,5 +78,12 @@
expect(response).to redirect_to(admin_application_settings_path)
expect(ApplicationSetting.current.restricted_visibility_levels).to be_empty
end
it 'updates the receive_max_input_size setting' do
put :update, application_setting: { receive_max_input_size: "1024" }
expect(response).to redirect_to(admin_application_settings_path)
expect(ApplicationSetting.current.receive_max_input_size).to eq(1024)
end
end
end
......@@ -336,6 +336,22 @@ def call_verify(headers)
it { expect { subject }.to raise_exception('Unsupported action: download') }
end
end
context 'when receive_max_input_size has been updated' do
it 'returns custom git config' do
allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { 1 }
expect(subject[:GitConfigOptions]).to be_present
end
end
context 'when receive_max_input_size is empty' do
it 'returns an empty git config' do
allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { nil }
expect(subject[:GitConfigOptions]).to be_empty
end
end
end
describe '.set_key_and_notify' do
......
......@@ -369,6 +369,26 @@
expect(user.reload.last_activity_on).to be_nil
end
end
context 'when receive_max_input_size has been updated' do
it 'returns custom git config' do
allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { 1 }
push(key, project)
expect(json_response["git_config_options"]).to be_present
end
end
context 'when receive_max_input_size is empty' do
it 'returns an empty git config' do
allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { nil }
push(key, project)
expect(json_response["git_config_options"]).to be_empty
end
end
end
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment