debian-mirror-gitlab/app/models/application_setting.rb

# frozen_string_literal: true

class ApplicationSetting < ApplicationRecord
  include CacheableAttributes
  include CacheMarkdownField
  include TokenAuthenticatable
  include IgnorableColumn
  include ChronicDurationAttribute

  add_authentication_token_field :runners_registration_token, encrypted: -> { Feature.enabled?(:application_settings_tokens_optional_encryption, default_enabled: true) ? :optional : :required }
  add_authentication_token_field :health_check_access_token

  # Include here so it can override methods from
  # `add_authentication_token_field`
  # We don't prepend for now because otherwise we'll need to
  # fix a lot of tests using allow_any_instance_of
  include ApplicationSettingImplementation

  attr_encrypted :asset_proxy_secret_key,
                 mode: :per_attribute_iv,
                 insecure_mode: true,
                 key: Settings.attr_encrypted_db_key_base_truncated,
                 algorithm: 'aes-256-cbc'

  serialize :restricted_visibility_levels # rubocop:disable Cop/ActiveRecordSerialize
  serialize :import_sources # rubocop:disable Cop/ActiveRecordSerialize
  serialize :disabled_oauth_sign_in_sources, Array # rubocop:disable Cop/ActiveRecordSerialize
  serialize :domain_whitelist, Array # rubocop:disable Cop/ActiveRecordSerialize
  serialize :domain_blacklist, Array # rubocop:disable Cop/ActiveRecordSerialize
  serialize :repository_storages # rubocop:disable Cop/ActiveRecordSerialize
  serialize :asset_proxy_whitelist, Array # rubocop:disable Cop/ActiveRecordSerialize

  ignore_column :koding_url
  ignore_column :koding_enabled
  ignore_column :sentry_enabled
  ignore_column :sentry_dsn
  ignore_column :clientside_sentry_enabled
  ignore_column :clientside_sentry_dsn

  cache_markdown_field :sign_in_text
  cache_markdown_field :help_page_text
  cache_markdown_field :shared_runners_text, pipeline: :plain_markdown
  cache_markdown_field :after_sign_up_text

  default_value_for :id, 1

  chronic_duration_attr_writer :archive_builds_in_human_readable, :archive_builds_in_seconds

  validates :uuid, presence: true

  validates :session_expire_delay,
            presence: true,
            numericality: { only_integer: true, greater_than_or_equal_to: 0 }

  validates :home_page_url,
            allow_blank: true,
            addressable_url: true,
            if: :home_page_url_column_exists?

  validates :help_page_support_url,
            allow_blank: true,
            addressable_url: true,
            if: :help_page_support_url_column_exists?

  validates :after_sign_out_path,
            allow_blank: true,
            addressable_url: true

  validates :admin_notification_email,
            devise_email: true,
            allow_blank: true

  validates :two_factor_grace_period,
            numericality: { greater_than_or_equal_to: 0 }

  validates :recaptcha_site_key,
            presence: true,
            if: :recaptcha_or_login_protection_enabled

  validates :recaptcha_private_key,
            presence: true,
            if: :recaptcha_or_login_protection_enabled

  validates :akismet_api_key,
            presence: true,
            if: :akismet_enabled

  validates :unique_ips_limit_per_user,
            numericality: { greater_than_or_equal_to: 1 },
            presence: true,
            if: :unique_ips_limit_enabled

  validates :unique_ips_limit_time_window,
            numericality: { greater_than_or_equal_to: 0 },
            presence: true,
            if: :unique_ips_limit_enabled

  validates :plantuml_url,
            presence: true,
            if: :plantuml_enabled

  validates :max_attachment_size,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

  validates :max_artifacts_size,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

  validates :default_artifacts_expire_in, presence: true, duration: true

  validates :container_registry_token_expire_delay,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

  validates :repository_storages, presence: true
  validate :check_repository_storages

  validates :auto_devops_domain,
            allow_blank: true,
            hostname: { allow_numeric_hostname: true, require_valid_tld: true },
            if: :auto_devops_enabled?

  validates :enabled_git_access_protocol,
            inclusion: { in: %w(ssh http), allow_blank: true, allow_nil: true }

  validates :domain_blacklist,
            presence: { message: 'Domain blacklist cannot be empty if Blacklist is enabled.' },
            if: :domain_blacklist_enabled?

  validates :housekeeping_incremental_repack_period,
            presence: true,
            numericality: { only_integer: true, greater_than: 0 }

  validates :housekeeping_full_repack_period,
            presence: true,
            numericality: { only_integer: true, greater_than_or_equal_to: :housekeeping_incremental_repack_period }

  validates :housekeeping_gc_period,
            presence: true,
            numericality: { only_integer: true, greater_than_or_equal_to: :housekeeping_full_repack_period }

  validates :terminal_max_session_time,
            presence: true,
            numericality: { only_integer: true, greater_than_or_equal_to: 0 }

  validates :polling_interval_multiplier,
            presence: true,
            numericality: { greater_than_or_equal_to: 0 }

  validates :gitaly_timeout_default,
            presence: true,
            numericality: { only_integer: true, greater_than_or_equal_to: 0 }

  validates :gitaly_timeout_medium,
            presence: true,
            numericality: { only_integer: true, greater_than_or_equal_to: 0 }
  validates :gitaly_timeout_medium,
            numericality: { less_than_or_equal_to: :gitaly_timeout_default },
            if: :gitaly_timeout_default
  validates :gitaly_timeout_medium,
            numericality: { greater_than_or_equal_to: :gitaly_timeout_fast },
            if: :gitaly_timeout_fast

  validates :gitaly_timeout_fast,
            presence: true,
            numericality: { only_integer: true, greater_than_or_equal_to: 0 }
  validates :gitaly_timeout_fast,
            numericality: { less_than_or_equal_to: :gitaly_timeout_default },
            if: :gitaly_timeout_default

  validates :diff_max_patch_bytes,
            presence: true,
            numericality: { only_integer: true,
                            greater_than_or_equal_to: Gitlab::Git::Diff::DEFAULT_MAX_PATCH_BYTES,
                            less_than_or_equal_to: Gitlab::Git::Diff::MAX_PATCH_BYTES_UPPER_BOUND }

  validates :user_default_internal_regex, js_regex: true, allow_nil: true

  validates :commit_email_hostname, format: { with: /\A[^@]+\z/ }

  validates :archive_builds_in_seconds,
            allow_nil: true,
            numericality: { only_integer: true, greater_than_or_equal_to: 1.day.seconds }

  validates :local_markdown_version,
            allow_nil: true,
            numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than: 65536 }

  validates :asset_proxy_url,
            presence: true,
            allow_blank: false,
            url: true,
            if: :asset_proxy_enabled?

  validates :asset_proxy_secret_key,
            presence: true,
            allow_blank: false,
            if: :asset_proxy_enabled?

  SUPPORTED_KEY_TYPES.each do |type|
    validates :"#{type}_key_restriction", presence: true, key_restriction: { type: type }
  end

  validates :allowed_key_types, presence: true

  validates_each :restricted_visibility_levels do |record, attr, value|
    value&.each do |level|
      unless Gitlab::VisibilityLevel.options.value?(level)
        record.errors.add(attr, _("'%{level}' is not a valid visibility level") % { level: level })
      end
    end
  end

  validates_each :import_sources do |record, attr, value|
    value&.each do |source|
      unless Gitlab::ImportSources.options.value?(source)
        record.errors.add(attr, _("'%{source}' is not a import source") % { source: source })
      end
    end
  end

  validate :terms_exist, if: :enforce_terms?

  validates :external_authorization_service_default_label,
            presence: true,
            if: :external_authorization_service_enabled

  validates :external_authorization_service_url,
            addressable_url: true, allow_blank: true,
            if: :external_authorization_service_enabled

  validates :external_authorization_service_timeout,
            numericality: { greater_than: 0, less_than_or_equal_to: 10 },
            if: :external_authorization_service_enabled

  validates :external_auth_client_key,
            presence: true,
            if: -> (setting) { setting.external_auth_client_cert.present? }

  validates :lets_encrypt_notification_email,
            devise_email: true,
            format: { without: /@example\.(com|org|net)\z/,
                      message: N_("Let's Encrypt does not accept emails on example.com") },
            allow_blank: true

  validates :lets_encrypt_notification_email,
            presence: true,
            if: :lets_encrypt_terms_of_service_accepted?

  validates_with X509CertificateCredentialsValidator,
                 certificate: :external_auth_client_cert,
                 pkey: :external_auth_client_key,
                 pass: :external_auth_client_key_pass,
                 if: -> (setting) { setting.external_auth_client_cert.present? }

  attr_encrypted :external_auth_client_key,
                 mode: :per_attribute_iv,
                 key: Settings.attr_encrypted_db_key_base_truncated,
                 algorithm: 'aes-256-gcm',
                 encode: true

  attr_encrypted :external_auth_client_key_pass,
                 mode: :per_attribute_iv,
                 key: Settings.attr_encrypted_db_key_base_truncated,
                 algorithm: 'aes-256-gcm',
                 encode: true

  attr_encrypted :lets_encrypt_private_key,
                 mode: :per_attribute_iv,
                 key: Settings.attr_encrypted_db_key_base_truncated,
                 algorithm: 'aes-256-gcm',
                 encode: true

  before_validation :ensure_uuid!

  before_save :ensure_runners_registration_token
  before_save :ensure_health_check_access_token

  after_commit do
    reset_memoized_terms
  end
  after_commit :expire_performance_bar_allowed_user_ids_cache, if: -> { previous_changes.key?('performance_bar_allowed_group_id') }

  def self.create_from_defaults
    transaction(requires_new: true) do
      super
    end
  rescue ActiveRecord::RecordNotUnique
    # We already have an ApplicationSetting record, so just return it.
    current_without_cache
  end

  # By default, the backend is Rails.cache, which uses
  # ActiveSupport::Cache::RedisStore. Since loading ApplicationSetting
  # can cause a significant amount of load on Redis, let's cache it in
  # memory.
  def self.cache_backend
    Gitlab::ThreadMemoryCache.cache_backend
  end

  def recaptcha_or_login_protection_enabled
    recaptcha_enabled || login_recaptcha_protection_enabled
  end
end
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`# frozen_string_literal: true`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`class ApplicationSetting < ApplicationRecord`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`include CacheableAttributes`
New upstream version 8.13.3+dfsg1 2016-11-03 12:29:30 +05:30			`include CacheMarkdownField`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`include TokenAuthenticatable`
New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`include IgnorableColumn`
			`include ChronicDurationAttribute`
New upstream version 8.13.3+dfsg1 2016-11-03 12:29:30 +05:30
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`add_authentication_token_field :runners_registration_token, encrypted: -> { Feature.enabled?(:application_settings_tokens_optional_encryption, default_enabled: true) ? :optional : :required }`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`add_authentication_token_field :health_check_access_token`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`# Include here so it can override methods from`
			# `add_authentication_token_field`
			`# We don't prepend for now because otherwise we'll need to`
			`# fix a lot of tests using allow_any_instance_of`
			`include ApplicationSettingImplementation`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`attr_encrypted :asset_proxy_secret_key,`
			`mode: :per_attribute_iv,`
			`insecure_mode: true,`
			`key: Settings.attr_encrypted_db_key_base_truncated,`
			`algorithm: 'aes-256-cbc'`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`serialize :restricted_visibility_levels # rubocop:disable Cop/ActiveRecordSerialize`
			`serialize :import_sources # rubocop:disable Cop/ActiveRecordSerialize`
			`serialize :disabled_oauth_sign_in_sources, Array # rubocop:disable Cop/ActiveRecordSerialize`
			`serialize :domain_whitelist, Array # rubocop:disable Cop/ActiveRecordSerialize`
			`serialize :domain_blacklist, Array # rubocop:disable Cop/ActiveRecordSerialize`
			`serialize :repository_storages # rubocop:disable Cop/ActiveRecordSerialize`
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`serialize :asset_proxy_whitelist, Array # rubocop:disable Cop/ActiveRecordSerialize`
Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30
New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`ignore_column :koding_url`
			`ignore_column :koding_enabled`
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`ignore_column :sentry_enabled`
			`ignore_column :sentry_dsn`
			`ignore_column :clientside_sentry_enabled`
			`ignore_column :clientside_sentry_dsn`
New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30
New upstream version 8.13.3+dfsg1 2016-11-03 12:29:30 +05:30			`cache_markdown_field :sign_in_text`
			`cache_markdown_field :help_page_text`
			`cache_markdown_field :shared_runners_text, pipeline: :plain_markdown`
			`cache_markdown_field :after_sign_up_text`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`default_value_for :id, 1`

New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`chronic_duration_attr_writer :archive_builds_in_human_readable, :archive_builds_in_seconds`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`validates :uuid, presence: true`

Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`validates :session_expire_delay,`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`presence: true,`
			`numericality: { only_integer: true, greater_than_or_equal_to: 0 }`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
			`validates :home_page_url,`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`allow_blank: true,`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`addressable_url: true,`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`if: :home_page_url_column_exists?`

			`validates :help_page_support_url,`
			`allow_blank: true,`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`addressable_url: true,`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`if: :help_page_support_url_column_exists?`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`validates :after_sign_out_path,`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`allow_blank: true,`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`addressable_url: true`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30			`validates :admin_notification_email,`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`devise_email: true,`
Imported Upstream version 8.5.8+dfsg 2016-04-02 18:10:28 +05:30			`allow_blank: true`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30
			`validates :two_factor_grace_period,`
			`numericality: { greater_than_or_equal_to: 0 }`

			`validates :recaptcha_site_key,`
			`presence: true,`
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`if: :recaptcha_or_login_protection_enabled`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30
			`validates :recaptcha_private_key,`
			`presence: true,`
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`if: :recaptcha_or_login_protection_enabled`
Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30
Imported Upstream version 8.5.8+dfsg 2016-04-02 18:10:28 +05:30			`validates :akismet_api_key,`
			`presence: true,`
			`if: :akismet_enabled`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`validates :unique_ips_limit_per_user,`
			`numericality: { greater_than_or_equal_to: 1 },`
			`presence: true,`
			`if: :unique_ips_limit_enabled`

			`validates :unique_ips_limit_time_window,`
			`numericality: { greater_than_or_equal_to: 0 },`
			`presence: true,`
			`if: :unique_ips_limit_enabled`

			`validates :plantuml_url,`
			`presence: true,`
			`if: :plantuml_enabled`

Imported Upstream version 8.5.8+dfsg 2016-04-02 18:10:28 +05:30			`validates :max_attachment_size,`
			`presence: true,`
			`numericality: { only_integer: true, greater_than: 0 }`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`validates :max_artifacts_size,`
			`presence: true,`
			`numericality: { only_integer: true, greater_than: 0 }`

			`validates :default_artifacts_expire_in, presence: true, duration: true`

Imported Upstream version 8.9.0+debian~rc4 2016-06-16 23:09:34 +05:30			`validates :container_registry_token_expire_delay,`
			`presence: true,`
			`numericality: { only_integer: true, greater_than: 0 }`

New upstream version 8.13.6+dfsg1 2016-11-24 13:41:30 +05:30			`validates :repository_storages, presence: true`
			`validate :check_repository_storages`
Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`validates :auto_devops_domain,`
			`allow_blank: true,`
			`hostname: { allow_numeric_hostname: true, require_valid_tld: true },`
			`if: :auto_devops_enabled?`

Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30			`validates :enabled_git_access_protocol,`
			`inclusion: { in: %w(ssh http), allow_blank: true, allow_nil: true }`

			`validates :domain_blacklist,`
			`presence: { message: 'Domain blacklist cannot be empty if Blacklist is enabled.' },`
			`if: :domain_blacklist_enabled?`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`validates :housekeeping_incremental_repack_period,`
			`presence: true,`
			`numericality: { only_integer: true, greater_than: 0 }`

			`validates :housekeeping_full_repack_period,`
			`presence: true,`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`numericality: { only_integer: true, greater_than_or_equal_to: :housekeeping_incremental_repack_period }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
			`validates :housekeeping_gc_period,`
			`presence: true,`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`numericality: { only_integer: true, greater_than_or_equal_to: :housekeeping_full_repack_period }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
			`validates :terminal_max_session_time,`
			`presence: true,`
			`numericality: { only_integer: true, greater_than_or_equal_to: 0 }`

			`validates :polling_interval_multiplier,`
			`presence: true,`
			`numericality: { greater_than_or_equal_to: 0 }`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`validates :gitaly_timeout_default,`
			`presence: true,`
			`numericality: { only_integer: true, greater_than_or_equal_to: 0 }`

			`validates :gitaly_timeout_medium,`
			`presence: true,`
			`numericality: { only_integer: true, greater_than_or_equal_to: 0 }`
			`validates :gitaly_timeout_medium,`
			`numericality: { less_than_or_equal_to: :gitaly_timeout_default },`
			`if: :gitaly_timeout_default`
			`validates :gitaly_timeout_medium,`
			`numericality: { greater_than_or_equal_to: :gitaly_timeout_fast },`
			`if: :gitaly_timeout_fast`

			`validates :gitaly_timeout_fast,`
			`presence: true,`
			`numericality: { only_integer: true, greater_than_or_equal_to: 0 }`
			`validates :gitaly_timeout_fast,`
			`numericality: { less_than_or_equal_to: :gitaly_timeout_default },`
			`if: :gitaly_timeout_default`

New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`validates :diff_max_patch_bytes,`
			`presence: true,`
			`numericality: { only_integer: true,`
			`greater_than_or_equal_to: Gitlab::Git::Diff::DEFAULT_MAX_PATCH_BYTES,`
			`less_than_or_equal_to: Gitlab::Git::Diff::MAX_PATCH_BYTES_UPPER_BOUND }`

New upstream version 11.3.10+dfsg 2018-11-20 20:47:30 +05:30			`validates :user_default_internal_regex, js_regex: true, allow_nil: true`

New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`validates :commit_email_hostname, format: { with: /\A[^@]+\z/ }`

			`validates :archive_builds_in_seconds,`
			`allow_nil: true,`
			`numericality: { only_integer: true, greater_than_or_equal_to: 1.day.seconds }`

New upstream version 11.8.0 2019-03-02 22:35:43 +05:30			`validates :local_markdown_version,`
			`allow_nil: true,`
			`numericality: { only_integer: true, greater_than_or_equal_to: 0, less_than: 65536 }`

New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`validates :asset_proxy_url,`
			`presence: true,`
			`allow_blank: false,`
			`url: true,`
			`if: :asset_proxy_enabled?`

			`validates :asset_proxy_secret_key,`
			`presence: true,`
			`allow_blank: false,`
			`if: :asset_proxy_enabled?`

New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30			`SUPPORTED_KEY_TYPES.each do \|type\|`
			`validates :"#{type}_key_restriction", presence: true, key_restriction: { type: type }`
			`end`

			`validates :allowed_key_types, presence: true`

Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`validates_each :restricted_visibility_levels do \|record, attr, value\|`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`value&.each do \|level\|`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`unless Gitlab::VisibilityLevel.options.value?(level)`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`record.errors.add(attr, _("'%{level}' is not a valid visibility level") % { level: level })`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`
			`end`
			`end`

Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30			`validates_each :import_sources do \|record, attr, value\|`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`value&.each do \|source\|`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`unless Gitlab::ImportSources.options.value?(source)`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`record.errors.add(attr, _("'%{source}' is not a import source") % { source: source })`
Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30			`end`
			`end`
			`end`

New upstream version 10.8.7+dfsg 2018-10-15 14:42:47 +05:30			`validate :terms_exist, if: :enforce_terms?`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`validates :external_authorization_service_default_label,`
			`presence: true,`
			`if: :external_authorization_service_enabled`

			`validates :external_authorization_service_url,`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`addressable_url: true, allow_blank: true,`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`if: :external_authorization_service_enabled`

			`validates :external_authorization_service_timeout,`
			`numericality: { greater_than: 0, less_than_or_equal_to: 10 },`
			`if: :external_authorization_service_enabled`

			`validates :external_auth_client_key,`
			`presence: true,`
			`if: -> (setting) { setting.external_auth_client_cert.present? }`

New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`validates :lets_encrypt_notification_email,`
			`devise_email: true,`
			`format: { without: /@example\.(com\|org\|net)\z/,`
			`message: N_("Let's Encrypt does not accept emails on example.com") },`
			`allow_blank: true`

			`validates :lets_encrypt_notification_email,`
			`presence: true,`
			`if: :lets_encrypt_terms_of_service_accepted?`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`validates_with X509CertificateCredentialsValidator,`
			`certificate: :external_auth_client_cert,`
			`pkey: :external_auth_client_key,`
			`pass: :external_auth_client_key_pass,`
			`if: -> (setting) { setting.external_auth_client_cert.present? }`

			`attr_encrypted :external_auth_client_key,`
			`mode: :per_attribute_iv,`
			`key: Settings.attr_encrypted_db_key_base_truncated,`
			`algorithm: 'aes-256-gcm',`
			`encode: true`

			`attr_encrypted :external_auth_client_key_pass,`
			`mode: :per_attribute_iv,`
			`key: Settings.attr_encrypted_db_key_base_truncated,`
			`algorithm: 'aes-256-gcm',`
			`encode: true`

New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`attr_encrypted :lets_encrypt_private_key,`
			`mode: :per_attribute_iv,`
			`key: Settings.attr_encrypted_db_key_base_truncated,`
			`algorithm: 'aes-256-gcm',`
			`encode: true`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`before_validation :ensure_uuid!`
New upstream version 10.5.5+dfsg 2018-03-17 18:26:18 +05:30
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30			`before_save :ensure_runners_registration_token`
Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`before_save :ensure_health_check_access_token`
Imported Upstream version 8.3.0+dfsg 2015-12-23 02:04:40 +05:30
Imported Upstream version 8.2.1 2015-11-26 14:37:03 +05:30			`after_commit do`
New upstream version 10.8.7+dfsg 2018-10-15 14:42:47 +05:30			`reset_memoized_terms`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`after_commit :expire_performance_bar_allowed_user_ids_cache, if: -> { previous_changes.key?('performance_bar_allowed_group_id') }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
			`def self.create_from_defaults`
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`transaction(requires_new: true) do`
			`super`
			`end`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`rescue ActiveRecord::RecordNotUnique`
			`# We already have an ApplicationSetting record, so just return it.`
			`current_without_cache`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`end`
New upstream version 12.0.8 2019-09-04 21:01:54 +05:30
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30			`# By default, the backend is Rails.cache, which uses`
			`# ActiveSupport::Cache::RedisStore. Since loading ApplicationSetting`
			`# can cause a significant amount of load on Redis, let's cache it in`
			`# memory.`
			`def self.cache_backend`
			`Gitlab::ThreadMemoryCache.cache_backend`
			`end`

New upstream version 12.0.8 2019-09-04 21:01:54 +05:30			`def recaptcha_or_login_protection_enabled`
			`recaptcha_enabled \|\| login_recaptcha_protection_enabled`
			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`