Commit eede0323 authored by Stan Hu's avatar Stan Hu

Backport GitHub Enterprise import support from EE

These changes were pulled from GitLab EE to support configuring
an alternative API URL than the default https://api.github.com.
In addition, the `verify_ssl` flag allows users to disable SSL cert
checking.

One modification: add a default `args` option if it does not exist
to avoid breaking existing configurations.
parent c01ff1f5
...@@ -8,6 +8,7 @@ v 8.8.0 (unreleased) ...@@ -8,6 +8,7 @@ v 8.8.0 (unreleased)
- Replace Devise Async with Devise ActiveJob integration. !3902 (Connor Shea) - Replace Devise Async with Devise ActiveJob integration. !3902 (Connor Shea)
- Allow "NEWS" and "CHANGES" as alternative names for CHANGELOG. !3768 (Connor Shea) - Allow "NEWS" and "CHANGES" as alternative names for CHANGELOG. !3768 (Connor Shea)
- Added button to toggle whitespaces changes on diff view - Added button to toggle whitespaces changes on diff view
- Backport GitLab Enterprise support from EE
v 8.7.1 (unreleased) v 8.7.1 (unreleased)
- Throttle the update of `project.last_activity_at` to 1 minute. !3848 - Throttle the update of `project.last_activity_at` to 1 minute. !3848
......
...@@ -350,6 +350,8 @@ production: &base ...@@ -350,6 +350,8 @@ production: &base
# - { name: 'github', # - { name: 'github',
# app_id: 'YOUR_APP_ID', # app_id: 'YOUR_APP_ID',
# app_secret: 'YOUR_APP_SECRET', # app_secret: 'YOUR_APP_SECRET',
# url: "https://github.com/",
# verify_ssl: true,
# args: { scope: 'user:email' } } # args: { scope: 'user:email' } }
# - { name: 'bitbucket', # - { name: 'bitbucket',
# app_id: 'YOUR_APP_ID', # app_id: 'YOUR_APP_ID',
......
...@@ -140,6 +140,30 @@ Settings.omniauth.cas3['session_duration'] ||= 8.hours ...@@ -140,6 +140,30 @@ Settings.omniauth.cas3['session_duration'] ||= 8.hours
Settings.omniauth['session_tickets'] ||= Settingslogic.new({}) Settings.omniauth['session_tickets'] ||= Settingslogic.new({})
Settings.omniauth.session_tickets['cas3'] = 'ticket' Settings.omniauth.session_tickets['cas3'] = 'ticket'
# Fill out omniauth-gitlab settings. It is needed for easy set up GHE or GH by just specifying url.
github_default_url = "https://github.com"
github_settings = Settings.omniauth['providers'].find { |provider| provider["name"] == "github"}
if github_settings
# For compatibility with old config files (before 7.8)
# where people dont have url in github settings
if github_settings['url'].blank?
github_settings['url'] = github_default_url
end
github_settings["args"] ||= Settingslogic.new({})
if github_settings["url"].include?(github_default_url)
github_settings["args"]["client_options"] = OmniAuth::Strategies::GitHub.default_options[:client_options]
else
github_settings["args"]["client_options"] = {
"site" => File.join(github_settings["url"], "api/v3"),
"authorize_url" => File.join(github_settings["url"], "login/oauth/authorize"),
"token_url" => File.join(github_settings["url"], "login/oauth/access_token")
}
end
end
Settings['shared'] ||= Settingslogic.new({}) Settings['shared'] ||= Settingslogic.new({})
Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root) Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root)
......
...@@ -60,12 +60,26 @@ GitHub will generate an application ID and secret key for you to use. ...@@ -60,12 +60,26 @@ GitHub will generate an application ID and secret key for you to use.
For installation from source: For installation from source:
For GitHub.com:
```
- { name: 'github', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { scope: 'user:email' } }
```
For GitHub Enterprise:
``` ```
- { name: 'github', app_id: 'YOUR_APP_ID', - { name: 'github', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET', app_secret: 'YOUR_APP_SECRET',
url: "https://github.example.com/",
args: { scope: 'user:email' } } args: { scope: 'user:email' } }
``` ```
__Replace `https://github.example.com/` with your GitHub URL__
1. Change 'YOUR_APP_ID' to the client ID from the GitHub application page from step 7. 1. Change 'YOUR_APP_ID' to the client ID from the GitHub application page from step 7.
1. Change 'YOUR_APP_SECRET' to the client secret from the GitHub application page from step 7. 1. Change 'YOUR_APP_SECRET' to the client secret from the GitHub application page from step 7.
......
...@@ -7,12 +7,19 @@ module Gitlab ...@@ -7,12 +7,19 @@ module Gitlab
@client = ::OAuth2::Client.new( @client = ::OAuth2::Client.new(
config.app_id, config.app_id,
config.app_secret, config.app_secret,
github_options github_options.merge(ssl: { verify: config['verify_ssl'] })
) )
if access_token if access_token
::Octokit.auto_paginate = true ::Octokit.auto_paginate = true
@api = ::Octokit::Client.new(access_token: access_token)
@api = ::Octokit::Client.new(
access_token: access_token,
api_endpoint: github_options[:site],
connection_options: {
ssl: { verify: config['verify_ssl'] }
}
)
end end
end end
...@@ -42,11 +49,11 @@ module Gitlab ...@@ -42,11 +49,11 @@ module Gitlab
private private
def config def config
Gitlab.config.omniauth.providers.find{|provider| provider.name == "github"} Gitlab.config.omniauth.providers.find { |provider| provider.name == "github" }
end end
def github_options def github_options
OmniAuth::Strategies::GitHub.default_options[:client_options].to_h.symbolize_keys config["args"]["client_options"].deep_symbolize_keys
end end
end end
end end
......
...@@ -22,6 +22,8 @@ describe Import::GithubController do ...@@ -22,6 +22,8 @@ describe Import::GithubController do
token = "asdasd12345" token = "asdasd12345"
allow_any_instance_of(Gitlab::GithubImport::Client). allow_any_instance_of(Gitlab::GithubImport::Client).
to receive(:get_token).and_return(token) to receive(:get_token).and_return(token)
allow_any_instance_of(Gitlab::GithubImport::Client).
to receive(:github_options).and_return({})
stub_omniauth_provider('github') stub_omniauth_provider('github')
get :callback get :callback
......
...@@ -2,15 +2,49 @@ require 'spec_helper' ...@@ -2,15 +2,49 @@ require 'spec_helper'
describe Gitlab::GithubImport::Client, lib: true do describe Gitlab::GithubImport::Client, lib: true do
let(:token) { '123456' } let(:token) { '123456' }
let(:client) { Gitlab::GithubImport::Client.new(token) } let(:github_provider) { Settingslogic.new('app_id' => 'asd123', 'app_secret' => 'asd123', 'name' => 'github', 'args' => { 'client_options' => {} }) }
subject(:client) { described_class.new(token) }
before do before do
Gitlab.config.omniauth.providers << OpenStruct.new(app_id: "asd123", app_secret: "asd123", name: "github") allow(Gitlab.config.omniauth).to receive(:providers).and_return([github_provider])
end end
it 'all OAuth2 client options are symbols' do it 'convert OAuth2 client options to symbols' do
client.client.options.keys.each do |key| client.client.options.keys.each do |key|
expect(key).to be_kind_of(Symbol) expect(key).to be_kind_of(Symbol)
end end
end end
it 'does not crash (e.g. Settingslogic::MissingSetting) when verify_ssl config is not present' do
expect { client.api }.not_to raise_error
end
context 'allow SSL verification to be configurable on API' do
before do
github_provider['verify_ssl'] = false
end
it 'uses supplied value' do
expect(client.client.options[:connection_opts][:ssl]).to eq({ verify: false })
expect(client.api.connection_options[:ssl]).to eq({ verify: false })
end
end
context 'when provider does not specity an API endpoint' do
it 'uses GitHub root API endpoint' do
expect(client.api.api_endpoint).to eq 'https://api.github.com/'
end
end
context 'when provider specify a custom API endpoint' do
before do
github_provider['args']['client_options']['site'] = 'https://github.company.com/'
end
it 'uses the custom API endpoint' do
expect(OmniAuth::Strategies::GitHub).not_to receive(:default_options)
expect(client.api.api_endpoint).to eq 'https://github.company.com/'
end
end
end end
...@@ -112,9 +112,16 @@ describe Projects::ImportService, services: true do ...@@ -112,9 +112,16 @@ describe Projects::ImportService, services: true do
def stub_github_omniauth_provider def stub_github_omniauth_provider
provider = OpenStruct.new( provider = OpenStruct.new(
name: 'github', 'name' => 'github',
app_id: 'asd123', 'app_id' => 'asd123',
app_secret: 'asd123' 'app_secret' => 'asd123',
'args' => {
'client_options' => {
'site' => 'https://github.com/api/v3',
'authorize_url' => 'https://github.com/login/oauth/authorize',
'token_url' => 'https://github.com/login/oauth/access_token'
}
}
) )
Gitlab.config.omniauth.providers << provider Gitlab.config.omniauth.providers << provider
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment