Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
iv
gitlab-ce
Commits
17c6bec7
Commit
17c6bec7
authored
Jun 03, 2016
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
WIP
parent
acfbeced
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
34 additions
and
17 deletions
+34
-17
CHANGELOG
CHANGELOG
+1
-0
lib/gitlab/backend/grack_auth.rb
lib/gitlab/backend/grack_auth.rb
+1
-1
lib/gitlab/lfs/response.rb
lib/gitlab/lfs/response.rb
+4
-3
lib/gitlab/lfs/router.rb
lib/gitlab/lfs/router.rb
+3
-2
spec/lib/gitlab/lfs/lfs_router_spec.rb
spec/lib/gitlab/lfs/lfs_router_spec.rb
+25
-11
No files found.
CHANGELOG
View file @
17c6bec7
...
@@ -22,6 +22,7 @@ v 8.9.0 (unreleased)
...
@@ -22,6 +22,7 @@ v 8.9.0 (unreleased)
- Remove 'main language' feature
- Remove 'main language' feature
- Pipelines can be canceled only when there are running builds
- Pipelines can be canceled only when there are running builds
- Use downcased path to container repository as this is expected path by Docker
- Use downcased path to container repository as this is expected path by Docker
- Allow to use CI token to fetch LFS objects
- Projects pending deletion will render a 404 page
- Projects pending deletion will render a 404 page
- Measure queue duration between gitlab-workhorse and Rails
- Measure queue duration between gitlab-workhorse and Rails
- Make authentication service for Container Registry to be compatible with < Docker 1.11
- Make authentication service for Container Registry to be compatible with < Docker 1.11
...
...
lib/gitlab/backend/grack_auth.rb
View file @
17c6bec7
...
@@ -33,7 +33,7 @@ module Grack
...
@@ -33,7 +33,7 @@ module Grack
auth!
auth!
lfs_response
=
Gitlab
::
Lfs
::
Router
.
new
(
project
,
@user
,
@request
).
try_call
lfs_response
=
Gitlab
::
Lfs
::
Router
.
new
(
project
,
@user
,
@
ci
,
@
request
).
try_call
return
lfs_response
unless
lfs_response
.
nil?
return
lfs_response
unless
lfs_response
.
nil?
if
project
&&
authorized_request?
if
project
&&
authorized_request?
...
...
lib/gitlab/lfs/response.rb
View file @
17c6bec7
...
@@ -2,10 +2,11 @@ module Gitlab
...
@@ -2,10 +2,11 @@ module Gitlab
module
Lfs
module
Lfs
class
Response
class
Response
def
initialize
(
project
,
user
,
request
)
def
initialize
(
project
,
user
,
ci
,
request
)
@origin_project
=
project
@origin_project
=
project
@project
=
storage_project
(
project
)
@project
=
storage_project
(
project
)
@user
=
user
@user
=
user
@ci
=
ci
@env
=
request
.
env
@env
=
request
.
env
@request
=
request
@request
=
request
end
end
...
@@ -189,7 +190,7 @@ module Gitlab
...
@@ -189,7 +190,7 @@ module Gitlab
return
render_not_enabled
unless
Gitlab
.
config
.
lfs
.
enabled
return
render_not_enabled
unless
Gitlab
.
config
.
lfs
.
enabled
unless
@project
.
public?
unless
@project
.
public?
return
render_unauthorized
unless
@user
return
render_unauthorized
unless
@user
||
@ci
return
render_forbidden
unless
user_can_fetch?
return
render_forbidden
unless
user_can_fetch?
end
end
...
@@ -210,7 +211,7 @@ module Gitlab
...
@@ -210,7 +211,7 @@ module Gitlab
def
user_can_fetch?
def
user_can_fetch?
# Check user access against the project they used to initiate the pull
# Check user access against the project they used to initiate the pull
@user
.
can?
(
:download_code
,
@origin_project
)
@
ci
||
@
user
.
can?
(
:download_code
,
@origin_project
)
end
end
def
user_can_push?
def
user_can_push?
...
...
lib/gitlab/lfs/router.rb
View file @
17c6bec7
module
Gitlab
module
Gitlab
module
Lfs
module
Lfs
class
Router
class
Router
def
initialize
(
project
,
user
,
request
)
def
initialize
(
project
,
user
,
ci
,
request
)
@project
=
project
@project
=
project
@user
=
user
@user
=
user
@ci
=
ci
@env
=
request
.
env
@env
=
request
.
env
@request
=
request
@request
=
request
end
end
...
@@ -80,7 +81,7 @@ module Gitlab
...
@@ -80,7 +81,7 @@ module Gitlab
def
lfs
def
lfs
return
unless
@project
return
unless
@project
Gitlab
::
Lfs
::
Response
.
new
(
@project
,
@user
,
@request
)
Gitlab
::
Lfs
::
Response
.
new
(
@project
,
@user
,
@
ci
,
@
request
)
end
end
def
sanitize_tmp_filename
(
name
)
def
sanitize_tmp_filename
(
name
)
...
...
spec/lib/gitlab/lfs/lfs_router_spec.rb
View file @
17c6bec7
...
@@ -17,12 +17,15 @@ describe Gitlab::Lfs::Router, lib: true do
...
@@ -17,12 +17,15 @@ describe Gitlab::Lfs::Router, lib: true do
}
}
end
end
let
(
:lfs_router_auth
)
{
new_lfs_router
(
project
,
user
)
}
let
(
:lfs_router_auth
)
{
new_lfs_router
(
project
,
user:
user
)
}
let
(
:lfs_router_noauth
)
{
new_lfs_router
(
project
,
nil
)
}
let
(
:lfs_router_ci_auth
)
{
new_lfs_router
(
project
,
ci:
true
)
}
let
(
:lfs_router_public_auth
)
{
new_lfs_router
(
public_project
,
user
)
}
let
(
:lfs_router_noauth
)
{
new_lfs_router
(
project
)
}
let
(
:lfs_router_public_noauth
)
{
new_lfs_router
(
public_project
,
nil
)
}
let
(
:lfs_router_public_auth
)
{
new_lfs_router
(
public_project
,
user:
user
)
}
let
(
:lfs_router_forked_noauth
)
{
new_lfs_router
(
forked_project
,
nil
)
}
let
(
:lfs_router_public_ci_auth
)
{
new_lfs_router
(
public_project
,
ci:
true
)
}
let
(
:lfs_router_forked_auth
)
{
new_lfs_router
(
forked_project
,
user_two
)
}
let
(
:lfs_router_public_noauth
)
{
new_lfs_router
(
public_project
)
}
let
(
:lfs_router_forked_noauth
)
{
new_lfs_router
(
forked_project
)
}
let
(
:lfs_router_forked_auth
)
{
new_lfs_router
(
forked_project
,
user:
user_two
)
}
let
(
:lfs_router_forked_ci_auth
)
{
new_lfs_router
(
forked_project
,
ci:
true
)
}
let
(
:sample_oid
)
{
"b68143e6463773b1b6c6fd009a76c32aeec041faff32ba2ed42fd7f708a17f80"
}
let
(
:sample_oid
)
{
"b68143e6463773b1b6c6fd009a76c32aeec041faff32ba2ed42fd7f708a17f80"
}
let
(
:sample_size
)
{
499013
}
let
(
:sample_size
)
{
499013
}
...
@@ -104,6 +107,17 @@ describe Gitlab::Lfs::Router, lib: true do
...
@@ -104,6 +107,17 @@ describe Gitlab::Lfs::Router, lib: true do
expect
(
lfs_router_auth
.
try_call
[
1
][
'X-Sendfile'
]).
to
eq
(
lfs_object
.
file
.
path
)
expect
(
lfs_router_auth
.
try_call
[
1
][
'X-Sendfile'
]).
to
eq
(
lfs_object
.
file
.
path
)
end
end
end
end
context
'when CI is authorized'
do
it
"responds with status 200"
do
expect
(
lfs_router_ci_auth
.
try_call
.
first
).
to
eq
(
200
)
end
it
"responds with the file location"
do
expect
(
lfs_router_ci_auth
.
try_call
[
1
][
'Content-Type'
]).
to
eq
(
"application/octet-stream"
)
expect
(
lfs_router_ci_auth
.
try_call
[
1
][
'X-Sendfile'
]).
to
eq
(
lfs_object
.
file
.
path
)
end
end
end
end
context
'without required headers'
do
context
'without required headers'
do
...
@@ -525,7 +539,7 @@ describe Gitlab::Lfs::Router, lib: true do
...
@@ -525,7 +539,7 @@ describe Gitlab::Lfs::Router, lib: true do
end
end
describe
'when user is unauthenticated'
do
describe
'when user is unauthenticated'
do
let
(
:lfs_router_noauth
)
{
new_lfs_router
(
project
,
nil
)
}
let
(
:lfs_router_noauth
)
{
new_lfs_router
(
project
)
}
context
'and request is sent by gitlab-workhorse to authorize the request'
do
context
'and request is sent by gitlab-workhorse to authorize the request'
do
before
do
before
do
...
@@ -584,7 +598,7 @@ describe Gitlab::Lfs::Router, lib: true do
...
@@ -584,7 +598,7 @@ describe Gitlab::Lfs::Router, lib: true do
end
end
describe
'when user is unauthenticated'
do
describe
'when user is unauthenticated'
do
let
(
:lfs_router_noauth
)
{
new_lfs_router
(
project
,
nil
)
}
let
(
:lfs_router_noauth
)
{
new_lfs_router
(
project
)
}
context
'and request is sent by gitlab-workhorse to authorize the request'
do
context
'and request is sent by gitlab-workhorse to authorize the request'
do
before
do
before
do
...
@@ -716,7 +730,7 @@ describe Gitlab::Lfs::Router, lib: true do
...
@@ -716,7 +730,7 @@ describe Gitlab::Lfs::Router, lib: true do
describe
'and second project not related to fork or a source project'
do
describe
'and second project not related to fork or a source project'
do
let
(
:second_project
)
{
create
(
:project
)
}
let
(
:second_project
)
{
create
(
:project
)
}
let
(
:lfs_router_second_project
)
{
new_lfs_router
(
second_project
,
user
)
}
let
(
:lfs_router_second_project
)
{
new_lfs_router
(
second_project
,
user
:
user
)
}
before
do
before
do
public_project
.
lfs_objects
<<
lfs_object
public_project
.
lfs_objects
<<
lfs_object
...
@@ -745,8 +759,8 @@ describe Gitlab::Lfs::Router, lib: true do
...
@@ -745,8 +759,8 @@ describe Gitlab::Lfs::Router, lib: true do
ActionController
::
HttpAuthentication
::
Basic
.
encode_credentials
(
user
.
username
,
user
.
password
)
ActionController
::
HttpAuthentication
::
Basic
.
encode_credentials
(
user
.
username
,
user
.
password
)
end
end
def
new_lfs_router
(
project
,
user
)
def
new_lfs_router
(
project
,
user
:
nil
,
ci:
false
)
Gitlab
::
Lfs
::
Router
.
new
(
project
,
user
,
request
)
Gitlab
::
Lfs
::
Router
.
new
(
project
,
user
,
ci
,
request
)
end
end
def
header_for_upload_authorize
(
project
)
def
header_for_upload_authorize
(
project
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment