Commit e046e4c1 authored by Rémy Coutable's avatar Rémy Coutable

Namespace access token session key in `Import::GithubController`

Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent 20aff5cd
class Import::GiteaController < Import::GithubController class Import::GiteaController < Import::GithubController
def new def new
if session[:access_token].present? && session[:host_url].present? if session[access_token_key].present? && session[host_key].present?
redirect_to status_import_url redirect_to status_import_url
end end
end end
def personal_access_token def personal_access_token
session[:host_url] = params[:gitea_host_url] session[host_key] = params[host_key]
super super
end end
def status def status
@gitea_host_url = session[:host_url] @gitea_host_url = session[host_key]
super super
end end
private private
def host_key
:"#{provider}_host_url"
end
# Overriden methods # Overriden methods
def provider def provider
:gitea :gitea
...@@ -29,13 +33,13 @@ class Import::GiteaController < Import::GithubController ...@@ -29,13 +33,13 @@ class Import::GiteaController < Import::GithubController
end end
def provider_auth def provider_auth
if session[:access_token].blank? || session[:host_url].blank? if session[access_token_key].blank? || session[host_key].blank?
redirect_to new_import_gitea_url, redirect_to new_import_gitea_url,
alert: 'You need to specify both an Access Token and a Host URL.' alert: 'You need to specify both an Access Token and a Host URL.'
end end
end end
def client_options def client_options
{ host: session[:host_url], api_version: 'v1' } { host: session[host_key], api_version: 'v1' }
end end
end end
...@@ -7,18 +7,18 @@ class Import::GithubController < Import::BaseController ...@@ -7,18 +7,18 @@ class Import::GithubController < Import::BaseController
def new def new
if logged_in_with_provider? if logged_in_with_provider?
go_to_provider_for_permissions go_to_provider_for_permissions
elsif session[:access_token] elsif session[access_token_key]
redirect_to status_import_url redirect_to status_import_url
end end
end end
def callback def callback
session[:access_token] = client.get_token(params[:code]) session[access_token_key] = client.get_token(params[:code])
redirect_to status_import_url redirect_to status_import_url
end end
def personal_access_token def personal_access_token
session[:access_token] = params[:personal_access_token] session[access_token_key] = params[:personal_access_token]
redirect_to status_import_url redirect_to status_import_url
end end
...@@ -52,7 +52,7 @@ class Import::GithubController < Import::BaseController ...@@ -52,7 +52,7 @@ class Import::GithubController < Import::BaseController
private private
def client def client
@client ||= Gitlab::GithubImport::Client.new(session[:access_token], client_options) @client ||= Gitlab::GithubImport::Client.new(session[access_token_key], client_options)
end end
def verify_import_enabled def verify_import_enabled
...@@ -80,13 +80,17 @@ class Import::GithubController < Import::BaseController ...@@ -80,13 +80,17 @@ class Import::GithubController < Import::BaseController
end end
def provider_unauthorized def provider_unauthorized
session[:access_token] = nil session[access_token_key] = nil
redirect_to new_import_url, redirect_to new_import_url,
alert: "Access denied to your #{Gitlab::ImportSources.title(provider.to_s)} account." alert: "Access denied to your #{Gitlab::ImportSources.title(provider.to_s)} account."
end end
def access_token_key
:"#{provider}_access_token"
end
def access_params def access_params
{ github_access_token: session[:access_token] } { github_access_token: session[access_token_key] }
end end
# The following methods are overriden in subclasses # The following methods are overriden in subclasses
...@@ -99,7 +103,7 @@ class Import::GithubController < Import::BaseController ...@@ -99,7 +103,7 @@ class Import::GithubController < Import::BaseController
end end
def provider_auth def provider_auth
if session[:access_token].blank? if session[access_token_key].blank?
go_to_provider_for_permissions go_to_provider_for_permissions
end end
end end
......
...@@ -9,7 +9,7 @@ describe Import::GiteaController do ...@@ -9,7 +9,7 @@ describe Import::GiteaController do
include_context 'a GitHub-ish import controller' include_context 'a GitHub-ish import controller'
def assign_host_url def assign_host_url
session[:host_url] = host_url session[:gitea_host_url] = host_url
end end
describe "GET new" do describe "GET new" do
......
...@@ -29,7 +29,7 @@ describe Import::GithubController do ...@@ -29,7 +29,7 @@ describe Import::GithubController do
get :callback get :callback
expect(session[:access_token]).to eq(token) expect(session[:github_access_token]).to eq(token)
expect(controller).to redirect_to(status_import_github_url) expect(controller).to redirect_to(status_import_github_url)
end end
end end
......
...@@ -4,6 +4,10 @@ ...@@ -4,6 +4,10 @@
# Note: You have access to `email_value` which is the email address value # Note: You have access to `email_value` which is the email address value
# being currently tested). # being currently tested).
def assign_session_token(provider)
session[:"#{provider}_access_token"] = 'asdasd12345'
end
shared_examples 'a GitHub-ish import controller: POST personal_access_token' do shared_examples 'a GitHub-ish import controller: POST personal_access_token' do
let(:status_import_url) { public_send("status_import_#{provider}_url") } let(:status_import_url) { public_send("status_import_#{provider}_url") }
...@@ -15,7 +19,7 @@ shared_examples 'a GitHub-ish import controller: POST personal_access_token' do ...@@ -15,7 +19,7 @@ shared_examples 'a GitHub-ish import controller: POST personal_access_token' do
post :personal_access_token, personal_access_token: token post :personal_access_token, personal_access_token: token
expect(session[:access_token]).to eq(token) expect(session[:"#{provider}_access_token"]).to eq(token)
expect(controller).to redirect_to(status_import_url) expect(controller).to redirect_to(status_import_url)
end end
end end
...@@ -24,7 +28,7 @@ shared_examples 'a GitHub-ish import controller: GET new' do ...@@ -24,7 +28,7 @@ shared_examples 'a GitHub-ish import controller: GET new' do
let(:status_import_url) { public_send("status_import_#{provider}_url") } let(:status_import_url) { public_send("status_import_#{provider}_url") }
it "redirects to status if we already have a token" do it "redirects to status if we already have a token" do
assign_session_token assign_session_token(provider)
allow(controller).to receive(:logged_in_with_provider?).and_return(false) allow(controller).to receive(:logged_in_with_provider?).and_return(false)
get :new get :new
...@@ -48,7 +52,7 @@ shared_examples 'a GitHub-ish import controller: GET status' do ...@@ -48,7 +52,7 @@ shared_examples 'a GitHub-ish import controller: GET status' do
let(:extra_assign_expectations) { {} } let(:extra_assign_expectations) { {} }
before do before do
assign_session_token assign_session_token(provider)
end end
it "assigns variables" do it "assigns variables" do
...@@ -80,7 +84,7 @@ shared_examples 'a GitHub-ish import controller: GET status' do ...@@ -80,7 +84,7 @@ shared_examples 'a GitHub-ish import controller: GET status' do
get :status get :status
expect(session[:access_token]).to eq(nil) expect(session[:"#{provider}_access_token"]).to be_nil
expect(controller).to redirect_to(new_import_url) expect(controller).to redirect_to(new_import_url)
expect(flash[:alert]).to eq("Access denied to your #{Gitlab::ImportSources.title(provider.to_s)} account.") expect(flash[:alert]).to eq("Access denied to your #{Gitlab::ImportSources.title(provider.to_s)} account.")
end end
...@@ -100,11 +104,11 @@ shared_examples 'a GitHub-ish import controller: POST create' do ...@@ -100,11 +104,11 @@ shared_examples 'a GitHub-ish import controller: POST create' do
before do before do
stub_client(user: provider_user, repo: provider_repo) stub_client(user: provider_user, repo: provider_repo)
assign_session_token assign_session_token(provider)
end end
context "when the repository owner is the Gitea user" do context "when the repository owner is the provider user" do
context "when the Gitea user and GitLab user's usernames match" do context "when the provider user and GitLab user's usernames match" do
it "takes the current user's namespace" do it "takes the current user's namespace" do
expect(Gitlab::GithubImport::ProjectCreator). expect(Gitlab::GithubImport::ProjectCreator).
to receive(:new).with(provider_repo, provider_repo.name, user.namespace, user, access_params, type: provider). to receive(:new).with(provider_repo, provider_repo.name, user.namespace, user, access_params, type: provider).
...@@ -114,7 +118,7 @@ shared_examples 'a GitHub-ish import controller: POST create' do ...@@ -114,7 +118,7 @@ shared_examples 'a GitHub-ish import controller: POST create' do
end end
end end
context "when the Gitea user and GitLab user's usernames don't match" do context "when the provider user and GitLab user's usernames don't match" do
let(:provider_username) { "someone_else" } let(:provider_username) { "someone_else" }
it "takes the current user's namespace" do it "takes the current user's namespace" do
...@@ -127,15 +131,15 @@ shared_examples 'a GitHub-ish import controller: POST create' do ...@@ -127,15 +131,15 @@ shared_examples 'a GitHub-ish import controller: POST create' do
end end
end end
context "when the repository owner is not the Gitea user" do context "when the repository owner is not the provider user" do
let(:other_username) { "someone_else" } let(:other_username) { "someone_else" }
before do before do
provider_repo.owner = OpenStruct.new(login: other_username) provider_repo.owner = OpenStruct.new(login: other_username)
assign_session_token assign_session_token(provider)
end end
context "when a namespace with the Gitea user's username already exists" do context "when a namespace with the provider user's username already exists" do
let!(:existing_namespace) { create(:namespace, name: other_username, owner: user) } let!(:existing_namespace) { create(:namespace, name: other_username, owner: user) }
context "when the namespace is owned by the GitLab user" do context "when the namespace is owned by the GitLab user" do
...@@ -164,7 +168,7 @@ shared_examples 'a GitHub-ish import controller: POST create' do ...@@ -164,7 +168,7 @@ shared_examples 'a GitHub-ish import controller: POST create' do
end end
end end
context "when a namespace with the Gitea user's username doesn't exist" do context "when a namespace with the provider user's username doesn't exist" do
context "when current user can create namespaces" do context "when current user can create namespaces" do
it "creates the namespace" do it "creates the namespace" do
expect(Gitlab::GithubImport::ProjectCreator). expect(Gitlab::GithubImport::ProjectCreator).
......
...@@ -30,8 +30,4 @@ module ImportSpecHelper ...@@ -30,8 +30,4 @@ module ImportSpecHelper
) )
allow(Gitlab.config.omniauth).to receive(:providers).and_return([provider]) allow(Gitlab.config.omniauth).to receive(:providers).and_return([provider])
end end
def assign_session_token
session[:access_token] = 'asdasd12345'
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment