Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
710cd82c
Commit
710cd82c
authored
Apr 05, 2017
by
Rémy Coutable
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Set Git-specific env in /api/internal/allowed
Signed-off-by:
Rémy Coutable
<
remy@rymai.me
>
parent
05aa038c
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
31 additions
and
20 deletions
+31
-20
lib/api/helpers/internal_helpers.rb
lib/api/helpers/internal_helpers.rb
+3
-3
lib/api/internal.rb
lib/api/internal.rb
+9
-15
spec/requests/api/internal_spec.rb
spec/requests/api/internal_spec.rb
+19
-2
No files found.
lib/api/helpers/internal_helpers.rb
View file @
710cd82c
...
@@ -53,12 +53,12 @@ module API
...
@@ -53,12 +53,12 @@ module API
]
]
end
end
def
parse_
allowed_environment_variables
def
parse_
env
return
if
params
[
:env
].
blank?
return
{}
if
params
[
:env
].
blank?
JSON
.
parse
(
params
[
:env
])
JSON
.
parse
(
params
[
:env
])
rescue
JSON
::
ParserError
rescue
JSON
::
ParserError
{}
end
end
end
end
end
end
...
...
lib/api/internal.rb
View file @
710cd82c
...
@@ -11,14 +11,16 @@ module API
...
@@ -11,14 +11,16 @@ module API
# Params:
# Params:
# key_id - ssh key id for Git over SSH
# key_id - ssh key id for Git over SSH
# user_id - user id for Git over HTTP
# user_id - user id for Git over HTTP
# protocol - Git access protocol being used, e.g. HTTP or SSH
# project - project path with namespace
# project - project path with namespace
# action - git action (git-upload-pack or git-receive-pack)
# action - git action (git-upload-pack or git-receive-pack)
# ref - branch name
# changes - changes as "oldrev newrev ref", see Gitlab::ChangesList
# forced_push - forced_push
# protocol - Git access protocol being used, e.g. HTTP or SSH
post
"/allowed"
do
post
"/allowed"
do
status
200
status
200
# Stores some Git-specific env thread-safely
Gitlab
::
Git
::
Env
.
set
(
parse_env
)
actor
=
actor
=
if
params
[
:key_id
]
if
params
[
:key_id
]
Key
.
find_by
(
id:
params
[
:key_id
])
Key
.
find_by
(
id:
params
[
:key_id
])
...
@@ -30,18 +32,10 @@ module API
...
@@ -30,18 +32,10 @@ module API
actor
.
update_last_used_at
if
actor
.
is_a?
(
Key
)
actor
.
update_last_used_at
if
actor
.
is_a?
(
Key
)
access
=
access_checker
=
wiki?
?
Gitlab
::
GitAccessWiki
:
Gitlab
::
GitAccess
if
wiki?
access_status
=
access_checker
Gitlab
::
GitAccessWiki
.
new
(
actor
,
project
,
protocol
,
authentication_abilities:
ssh_authentication_abilities
)
.
new
(
actor
,
project
,
protocol
,
authentication_abilities:
ssh_authentication_abilities
)
else
.
check
(
params
[
:action
],
params
[
:changes
])
Gitlab
::
GitAccess
.
new
(
actor
,
project
,
protocol
,
authentication_abilities:
ssh_authentication_abilities
,
env:
parse_allowed_environment_variables
)
end
access_status
=
access
.
check
(
params
[
:action
],
params
[
:changes
])
response
=
{
status:
access_status
.
status
,
message:
access_status
.
message
}
response
=
{
status:
access_status
.
status
,
message:
access_status
.
message
}
...
...
spec/requests/api/internal_spec.rb
View file @
710cd82c
...
@@ -153,6 +153,22 @@ describe API::Internal, api: true do
...
@@ -153,6 +153,22 @@ describe API::Internal, api: true do
project
.
team
<<
[
user
,
:developer
]
project
.
team
<<
[
user
,
:developer
]
end
end
context
'with env passed as a JSON'
do
it
'sets env in RequestStore'
do
expect
(
Gitlab
::
Git
::
Env
).
to
receive
(
:set
).
with
({
'GIT_OBJECT_DIRECTORY'
=>
'foo'
,
'GIT_ALTERNATE_OBJECT_DIRECTORIES'
=>
'bar'
})
push
(
key
,
project
.
wiki
,
env:
{
GIT_OBJECT_DIRECTORY
:
'foo'
,
GIT_ALTERNATE_OBJECT_DIRECTORIES
:
'bar'
}.
to_json
)
expect
(
response
).
to
have_http_status
(
200
)
end
end
context
"git push with project.wiki"
do
context
"git push with project.wiki"
do
it
'responds with success'
do
it
'responds with success'
do
push
(
key
,
project
.
wiki
)
push
(
key
,
project
.
wiki
)
...
@@ -463,7 +479,7 @@ describe API::Internal, api: true do
...
@@ -463,7 +479,7 @@ describe API::Internal, api: true do
)
)
end
end
def
push
(
key
,
project
,
protocol
=
'ssh'
)
def
push
(
key
,
project
,
protocol
=
'ssh'
,
env:
nil
)
post
(
post
(
api
(
"/internal/allowed"
),
api
(
"/internal/allowed"
),
changes:
'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master'
,
changes:
'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master'
,
...
@@ -471,7 +487,8 @@ describe API::Internal, api: true do
...
@@ -471,7 +487,8 @@ describe API::Internal, api: true do
project:
project
.
repository
.
path_to_repo
,
project:
project
.
repository
.
path_to_repo
,
action:
'git-receive-pack'
,
action:
'git-receive-pack'
,
secret_token:
secret_token
,
secret_token:
secret_token
,
protocol:
protocol
protocol:
protocol
,
env:
env
)
)
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment