Commit c2b33d3b authored by James Lopez's avatar James Lopez

added import url exposer to construct URL withunencrypted credentials

parent 06b36c00
...@@ -13,6 +13,7 @@ require 'file_size_validator' ...@@ -13,6 +13,7 @@ require 'file_size_validator'
class ProjectImportData < ActiveRecord::Base class ProjectImportData < ActiveRecord::Base
belongs_to :project belongs_to :project
attr_encrypted :credentials, key: Gitlab::Application.secrets.db_key_base attr_encrypted :credentials, key: Gitlab::Application.secrets.db_key_base
serialize :credentials, JSON
serialize :data, JSON serialize :data, JSON
......
...@@ -7,8 +7,7 @@ module Gitlab ...@@ -7,8 +7,7 @@ module Gitlab
def initialize(project) def initialize(project)
@project = project @project = project
import_data = project.import_data.try(:data) github_session = project.import_data.credentials if import_data
github_session = import_data["github_session"] if import_data
@client = Client.new(github_session["github_access_token"]) @client = Client.new(github_session["github_access_token"])
@formatter = Gitlab::ImportFormatter.new @formatter = Gitlab::ImportFormatter.new
end end
......
...@@ -32,8 +32,8 @@ module Gitlab ...@@ -32,8 +32,8 @@ module Gitlab
def create_import_data(project) def create_import_data(project)
project.create_import_data( project.create_import_data(
credentials: session_data.delete(:github_access_token), credentials: { github_access_token: session_data.delete(:github_access_token) },
data: { "github_session" => session_data }) data: { github_session: session_data })
end end
end end
end end
......
...@@ -12,7 +12,9 @@ module Gitlab ...@@ -12,7 +12,9 @@ module Gitlab
end end
def import_url def import_url
project.import_url.sub(/\.git\z/, ".wiki.git") import_url = Gitlab::ImportUrlExposer.expose(import_url: project.import_url,
credentials: project.import_data.credentials)
import_url.sub(/\.git\z/, ".wiki.git")
end end
end end
end end
......
module Gitlab
# Exposes an import URL that includes the credentials unencrypted.
# Extracted to its own class to prevent unintended use.
module ImportUrlExposer
extend self
def expose(import_url:, credentials: )
import_url.sub("//", "//#{parsed_credentials(credentials)}@")
end
private
def parsed_credentials(credentials)
credentials.values.join(":")
end
end
end
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment