grack_auth.rb 1.4 KB
Newer Older
1 2 3 4
module Grack
  class Auth < Rack::Auth::Basic

    def valid?
Saito's avatar
Saito committed
5 6 7
      # Authentication with username and password
      email, password = @auth.credentials
      user = User.find_by_email(email)
8 9 10 11
      return false unless user.try(:valid_password?, password)

      # Need this patch because the rails mount
      @env['PATH_INFO'] = @env['REQUEST_PATH']
Saito's avatar
Saito committed
12 13 14 15 16 17 18 19 20 21 22 23

      # Find project by PATH_INFO from env
      if m = /^\/([\w-]+).git/.match(@env['PATH_INFO']).to_a
        return false unless project = Project.find_by_path(m.last)
      end

      # Git upload and receive
      if @env['REQUEST_METHOD'] == 'GET'
        true
      elsif @env['REQUEST_METHOD'] == 'POST'
        if @env['REQUEST_URI'].end_with?('git-upload-pack')
          return project.dev_access_for?(user)
24 25 26 27 28 29
        elsif @env['REQUEST_URI'].end_with?('git-receive-pack')
          if project.protected_branches.map(&:name).include?(current_ref)
            project.master_access_for?(user)
          else
            project.dev_access_for?(user)
          end
Saito's avatar
Saito committed
30 31 32
        else
          false
        end
33 34
      else
        false
Saito's avatar
Saito committed
35 36
      end
    end# valid?
37 38 39 40 41 42 43 44 45 46 47

    def current_ref
      if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
        input = Zlib::GzipReader.new(@request.body).string
      else
        input = @request.body.string
      end

      oldrev, newrev, ref = input.split(' ')
      /refs\/heads\/([\w-]+)/.match(ref).to_a.last
    end
Saito's avatar
Saito committed
48 49
  end# Auth
end# Grack