Merge branch 'feature-session-expire-seconds-ui' into 'master'

Add session expiration delay configuration through UI application Setting is accessible by the administrator through the UI and defaults to 1 week (the current setting) Answers the following suggestions: * http://feedback.gitlab.com/forums/176466-general/suggestions/6210719-make-session-length-configurable * http://feedback.gitlab.com/forums/176466-general/suggestions/6730512-automatic-logout-after-a-time-being-idle See merge request !774

Merge branch 'feature-session-expire-seconds-ui' into 'master'
9ea8dcb5 · Douwe Maan · c14de4fd · 1d080f57 · 9ea8dcb5 · 9ea8dcb5
Commit 9ea8dcb5 authored Jun 12, 2015 by Douwe Maan
10 changed files
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -5,6 +5,7 @@ v 7.12.0 (unreleased)
  - Update browser gem to version 0.8.0 for IE11 support (Stan Hu)
  - Fix timeout when rendering file with thousands of lines.
  - Add "Remember me" checkbox to LDAP signin form.
+  - Add session expiration delay configuration through UI application settings
  - Don't notify users mentioned in code blocks or blockquotes.
  - Omit link to generate labels if user does not have access to create them (Stan Hu)
  - Show warning when a comment will add 10 or more people to the discussion.

--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -40,6 +40,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
      :home_page_url,
      :after_sign_out_path,
      :max_attachment_size,
+      :session_expire_delay,
      :default_project_visibility,
      :default_snippet_visibility,
      :restricted_signup_domains_raw,

--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -15,6 +15,7 @@
 #  twitter_sharing_enabled      :boolean          default(TRUE)
 #  restricted_visibility_levels :text
 #  max_attachment_size          :integer          default(10), not null
+#  session_expire_delay       :integer          default(10080), not null
 #  default_project_visibility   :integer
 #  default_snippet_visibility   :integer
 #  restricted_signup_domains    :text
@@ -26,6 +27,10 @@ class ApplicationSetting < ActiveRecord::Base
  serialize :restricted_visibility_levels
  serialize :restricted_signup_domains, Array
  attr_accessor :restricted_signup_domains_raw
+  
+  validates :session_expire_delay, 
+  	presence: true, 
+  	numericality: { only_integer: true, greater_than_or_equal_to: 0 }

  validates :home_page_url,
    allow_blank: true,
@@ -61,6 +66,7 @@ class ApplicationSetting < ActiveRecord::Base
      sign_in_text: Settings.extra['sign_in_text'],
      restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'],
      max_attachment_size: Settings.gitlab['max_attachment_size'],
+      session_expire_delay: Settings.gitlab['session_expire_delay'],
      default_project_visibility: Settings.gitlab.default_projects_features['visibility_level'],
      default_snippet_visibility: Settings.gitlab.default_projects_features['visibility_level'],
      restricted_signup_domains: Settings.gitlab['restricted_signup_domains']

--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -84,6 +84,11 @@
      .col-sm-10
        = f.number_field :max_attachment_size, class: 'form-control'
    .form-group
+      = f.label :session_expire_delay, 'Session duration (minutes)', class: 'control-label col-sm-2'
+      .col-sm-10
+        = f.number_field :session_expire_delay, class: 'form-control'
+        %span.help-block#session_expire_delay_help_block GitLab restart is required to apply changes        
+    .form-group
      = f.label :restricted_signup_domains, 'Restricted domains for sign-ups', class: 'control-label col-sm-2'
      .col-sm-10
        = f.text_area :restricted_signup_domains_raw, placeholder: 'domain.com', class: 'form-control'

--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -131,6 +131,7 @@ Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e
 Settings.gitlab['default_projects_features'] ||= {}
 Settings.gitlab['webhook_timeout'] ||= 10
 Settings.gitlab['max_attachment_size'] ||= 10
+Settings.gitlab['session_expire_delay'] ||= 10080
 Settings.gitlab.default_projects_features['issues']         = true if Settings.gitlab.default_projects_features['issues'].nil?
 Settings.gitlab.default_projects_features['merge_requests'] = true if Settings.gitlab.default_projects_features['merge_requests'].nil?
 Settings.gitlab.default_projects_features['wiki']           = true if Settings.gitlab.default_projects_features['wiki'].nil?

--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
 # Be sure to restart your server when you modify this file.

+if ActiveRecord::Base.connection.active?  && ActiveRecord::Base.connection.table_exists?('application_settings')
+  Settings.gitlab['session_expire_delay'] = ApplicationSetting.current.session_expire_delay
+end
+
 Gitlab::Application.config.session_store(
  :redis_store, # Using the cookie_store would enable session replay attacks.
  servers: Gitlab::Application.config.cache_store[1].merge(namespace: 'session:gitlab'), # re-use the Redis config from the Rails cache store
  key: '_gitlab_session',
  secure: Gitlab.config.gitlab.https,
  httponly: true,
-  expire_after: 1.week,
+  expire_after: Settings.gitlab['session_expire_delay'] * 60,
  path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root
-)
+)
\ No newline at end of file
--- a/db/migrate/20150609141121_add_session_expire_delay_for_application_settings.rb
+++ b/db/migrate/20150609141121_add_session_expire_delay_for_application_settings.rb
+class AddSessionExpireDelayForApplicationSettings < ActiveRecord::Migration
+  def change
+    add_column :application_settings, :session_expire_delay, :integer, default: 10080, null: false
+  end
+end
\ No newline at end of file
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20150529150354) do
+ActiveRecord::Schema.define(version: 20150604202921) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -35,6 +35,7 @@ ActiveRecord::Schema.define(version: 20150529150354) do
    t.text     "restricted_signup_domains"
    t.boolean  "user_oauth_applications",      default: true
    t.string   "after_sign_out_path"
+    t.integer  "session_expire_delay",       default: 10080, null: false
  end

  create_table "broadcast_messages", force: true do |t|

--- a/lib/gitlab/current_settings.rb
+++ b/lib/gitlab/current_settings.rb
@@ -21,7 +21,8 @@ module Gitlab
        gravatar_enabled: Settings.gravatar['enabled'],
        sign_in_text: Settings.extra['sign_in_text'],
        restricted_visibility_levels: Settings.gitlab['restricted_visibility_levels'],
-        max_attachment_size: Settings.gitlab['max_attachment_size']
+        max_attachment_size: Settings.gitlab['max_attachment_size'],
+        session_expire_delay: Settings.gitlab['session_expire_delay']
      )
    end
  end

--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -15,6 +15,7 @@
 #  twitter_sharing_enabled      :boolean          default(TRUE)
 #  restricted_visibility_levels :text
 #  max_attachment_size          :integer          default(10), not null
+#  session_expire_delay       :integer          default(10080), not null
 #  default_project_visibility   :integer
 #  default_snippet_visibility   :integer
 #  restricted_signup_domains    :text