Skip to content

Incorrect calculation of seat overage in Licence.rb

Summary

In Licence.rb, there is an assumption that the licence being replaced starts at least 1 year before the licence.starts_at. This is not the case for all licences: Manually issued gitlab licences can be created with a period of exactly one year between starts_at and ends_at, and potentially other durations.

In the following situation this will result in a situation where the new licence of the customer fails to apply:

  • 2018-01-12 - Customer has a lot of active users on their instance: 100.
  • 2018-01-13 - Customer removes 50 users from their instance. Active users: 50.
  • 2018-01-15 - Customer installs a license for 50 users that is valid from 2018-01-15 to 2019-01-15, for a total time span of 1 year.
  • 2019-01-01 - Customer renews its license through the customer portal. It receives a license that is valid for 1 year, plus 2 weeks overlap with the previous license (2019-01-01 to 2020-01-15).
  • The license is validated in gitlab. GitLab validates the licence by comparing the licenses' previous_user_count with the maximum users in the year before the new licence was started. It queries the period between 2018-01-01 and 2019-01-01, and finds the maximum of 100 users (from before the start of the previous licence), and therefore fails to validate the licence because the count of 100 users is bigger than the previous_user_count - even though the number of seats in the previous licence was not violated / no overage was generated.

Steps to reproduce

See above.

Example Project

N/A

What is the current bug behavior?

Licences are validated based on incorrect assumptions

What is the expected correct behavior?

Licences are validated based on correct data.

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

GL 13.5.2, GL 13.5.3

Possible fixes

include a previous_licence_period in the licence as a companion for previous_user_count, to be able to correctly identify the period to use for the the prior_historical_max user count. Or don't issue licences that overlap with the licence they're replacing.

https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/models/license.rb#L559