Commit 0c7300cd authored by Ash McKenzie's avatar Ash McKenzie

Merge branch...

Merge branch '8723-geo-remove-gitlab-lfstoken-legacyredisdevisetoken-implementation-and-usage-geo' into 'master'

Geo: Remove Gitlab::LfsToken::LegacyRedisDeviseToken implementation

Closes gitlab-ee#8723

See merge request gitlab-org/gitlab-ce!28546
parents 1645cec1 07a35325
---
title: 'Geo: Remove Gitlab::LfsToken::LegacyRedisDeviseToken implementation and usage'
merge_request: 28546
author:
type: changed
...@@ -35,8 +35,7 @@ module Gitlab ...@@ -35,8 +35,7 @@ module Gitlab
end end
def token_valid?(token_to_check) def token_valid?(token_to_check)
HMACToken.new(actor).token_valid?(token_to_check) || HMACToken.new(actor).token_valid?(token_to_check)
LegacyRedisDeviseToken.new(actor).token_valid?(token_to_check)
end end
def deploy_key_pushable?(project) def deploy_key_pushable?(project)
...@@ -103,44 +102,5 @@ module Gitlab ...@@ -103,44 +102,5 @@ module Gitlab
Settings.attr_encrypted_db_key_base.first(16) Settings.attr_encrypted_db_key_base.first(16)
end end
end end
# TODO: LegacyRedisDeviseToken and references need to be removed after
# next released milestone
#
class LegacyRedisDeviseToken
TOKEN_LENGTH = 50
DEFAULT_EXPIRY_TIME = 1800 * 1000 # 30 mins
def initialize(actor)
@actor = actor
end
def token_valid?(token_to_check)
Devise.secure_compare(stored_token, token_to_check)
end
def stored_token
Gitlab::Redis::SharedState.with { |redis| redis.get(state_key) }
end
# This method exists purely to facilitate legacy testing to ensure the
# same redis key is used.
#
def store_new_token(expiry_time_in_ms = DEFAULT_EXPIRY_TIME)
Gitlab::Redis::SharedState.with do |redis|
new_token = Devise.friendly_token(TOKEN_LENGTH)
redis.set(state_key, new_token, px: expiry_time_in_ms)
new_token
end
end
private
attr_reader :actor
def state_key
"gitlab:lfs_token:#{actor.class.name.underscore}_#{actor.id}"
end
end
end end
end end
...@@ -77,12 +77,6 @@ describe Gitlab::LfsToken, :clean_gitlab_redis_shared_state do ...@@ -77,12 +77,6 @@ describe Gitlab::LfsToken, :clean_gitlab_redis_shared_state do
let(:actor) { create(:user, username: 'test_user_lfs_1') } let(:actor) { create(:user, username: 'test_user_lfs_1') }
let(:lfs_token) { described_class.new(actor) } let(:lfs_token) { described_class.new(actor) }
context 'for an HMAC token' do
before do
# We're not interested in testing LegacyRedisDeviseToken here
allow(Gitlab::LfsToken::LegacyRedisDeviseToken).to receive_message_chain(:new, :token_valid?).and_return(false)
end
context 'where the token is invalid' do context 'where the token is invalid' do
context "because it's junk" do context "because it's junk" do
it 'returns false' do it 'returns false' do
...@@ -115,7 +109,6 @@ describe Gitlab::LfsToken, :clean_gitlab_redis_shared_state do ...@@ -115,7 +109,6 @@ describe Gitlab::LfsToken, :clean_gitlab_redis_shared_state do
end end
end end
end end
end
context 'where the token is valid' do context 'where the token is valid' do
it 'returns true' do it 'returns true' do
...@@ -123,53 +116,6 @@ describe Gitlab::LfsToken, :clean_gitlab_redis_shared_state do ...@@ -123,53 +116,6 @@ describe Gitlab::LfsToken, :clean_gitlab_redis_shared_state do
end end
end end
end end
context 'for a LegacyRedisDevise token' do
before do
# We're not interested in testing HMACToken here
allow_any_instance_of(Gitlab::LfsToken::HMACToken).to receive(:token_valid?).and_return(false)
end
context 'where the token is invalid' do
context "because it's junk" do
it 'returns false' do
expect(lfs_token.token_valid?('junk')).to be_falsey
end
end
context "because it's been fiddled with" do
it 'returns false' do
generated_token = Gitlab::LfsToken::LegacyRedisDeviseToken.new(actor).store_new_token
fiddled_token = generated_token.tap { |token| token[0] = 'E' }
expect(lfs_token.token_valid?(fiddled_token)).to be_falsey
end
end
context "because it was generated with a different secret" do
it 'returns false' do
different_actor = create(:user, username: 'test_user_lfs_2')
different_secret_token = described_class.new(different_actor).token
expect(lfs_token.token_valid?(different_secret_token)).to be_falsey
end
end
context "because it's expired" do
it 'returns false' do
generated_token = Gitlab::LfsToken::LegacyRedisDeviseToken.new(actor).store_new_token(1)
# We need a real sleep here because we need to wait for redis to expire the key.
sleep(0.01)
expect(lfs_token.token_valid?(generated_token)).to be_falsey
end
end
end
context 'where the token is valid' do
it 'returns true' do
generated_token = Gitlab::LfsToken::LegacyRedisDeviseToken.new(actor).store_new_token
expect(lfs_token.token_valid?(generated_token)).to be_truthy
end
end
end
end end
describe '#deploy_key_pushable?' do describe '#deploy_key_pushable?' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment