Commit 86cea3a5 authored by Shinya Maeda's avatar Shinya Maeda

Merge branch...

Merge branch 'feature/sm/35954-create-kubernetes-cluster-on-gke-from-k8s-service' of https://gitlab.com/gitlab-org/gitlab-ce into feature/sm/35954-create-kubernetes-cluster-on-gke-from-k8s-service
parents 830c770a f9d490db
...@@ -9,16 +9,21 @@ module GoogleApi ...@@ -9,16 +9,21 @@ module GoogleApi
session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] = session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] =
expires_at.to_s expires_at.to_s
key, _ = GoogleApi::CloudPlatform::Client state_redirect_uri = redirect_uri_from_session_key(params[:state])
.session_key_for_second_redirect_uri(secure: params[:state])
second_redirect_uri = session[key] if state_redirect_uri
redirect_to state_redirect_uri
if second_redirect_uri.present?
redirect_to second_redirect_uri
else else
redirect_to root_path redirect_to root_path
end end
end end
private
def redirect_uri_from_session_key(state)
key = GoogleApi::CloudPlatform::Client
.session_key_for_redirect_uri(params[:state])
session[key] if key
end
end end
end end
...@@ -16,13 +16,11 @@ class Projects::ClustersController < Projects::ApplicationController ...@@ -16,13 +16,11 @@ class Projects::ClustersController < Projects::ApplicationController
def login def login
begin begin
GoogleApi::CloudPlatform::Client.session_key_for_second_redirect_uri.tap do |key, secure| state = generate_session_key_redirect(namespace_project_clusters_url.to_s)
session[key] = namespace_project_clusters_url.to_s
@authorize_url = GoogleApi::CloudPlatform::Client.new( @authorize_url = GoogleApi::CloudPlatform::Client.new(
nil, callback_google_api_auth_url, nil, callback_google_api_auth_url,
state: secure).authorize_url state: state).authorize_url
end
rescue GoogleApi::Auth::ConfigMissingError rescue GoogleApi::Auth::ConfigMissingError
# no-op # no-op
end end
...@@ -122,6 +120,12 @@ class Projects::ClustersController < Projects::ApplicationController ...@@ -122,6 +120,12 @@ class Projects::ClustersController < Projects::ApplicationController
session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at]
end end
def generate_session_key_redirect(uri)
GoogleApi::CloudPlatform::Client.new_session_key_for_redirect_uri do |key|
session[key] = uri
end
end
def authorize_update_cluster! def authorize_update_cluster!
access_denied! unless can?(current_user, :update_cluster, cluster) access_denied! unless can?(current_user, :update_cluster, cluster)
end end
......
...@@ -16,9 +16,14 @@ module GoogleApi ...@@ -16,9 +16,14 @@ module GoogleApi
:cloud_platform_expires_at :cloud_platform_expires_at
end end
def session_key_for_second_redirect_uri(secure: nil) def new_session_key_for_redirect_uri
secure = SecureRandom.hex unless secure SecureRandom.hex.tap do |state|
return "cloud_platform_second_redirect_uri_#{secure}", secure yield session_key_for_redirect_uri(state)
end
end
def session_key_for_redirect_uri(state)
"cloud_platform_second_redirect_uri_#{state}"
end end
end end
......
...@@ -24,20 +24,19 @@ describe GoogleApi::AuthorizationsController do ...@@ -24,20 +24,19 @@ describe GoogleApi::AuthorizationsController do
.to eq(expires_at) .to eq(expires_at)
end end
context 'when second redirection url key is stored in state' do context 'when redirect uri key is stored in state' do
set(:project) { create(:project) } set(:project) { create(:project) }
let(:second_redirect_uri) { project_clusters_url(project).to_s } let(:redirect_uri) { project_clusters_url(project).to_s }
before do before do
GoogleApi::CloudPlatform::Client @state = GoogleApi::CloudPlatform::Client
.session_key_for_second_redirect_uri.tap do |key, secure| .new_session_key_for_redirect_uri do |key|
@state = secure session[key] = redirect_uri
session[key] = second_redirect_uri
end end
end end
it 'redirects to the URL stored in state param' do it 'redirects to the URL stored in state param' do
expect(subject).to redirect_to(second_redirect_uri) expect(subject).to redirect_to(redirect_uri)
end end
end end
......
...@@ -190,7 +190,7 @@ describe Projects::ClustersController do ...@@ -190,7 +190,7 @@ describe Projects::ClustersController do
subject subject
expect(response).to have_http_status(:ok) expect(response).to have_http_status(:ok)
expect(response.body).to include("Save changes") expect(response.body).to include("Save")
end end
it "allows remove integration" do it "allows remove integration" do
......
...@@ -69,14 +69,14 @@ feature 'Clusters', :js do ...@@ -69,14 +69,14 @@ feature 'Clusters', :js do
end end
it 'user sees an cluster details page' do it 'user sees an cluster details page' do
expect(page).to have_button('Save changes') expect(page).to have_button('Save')
expect(page.find(:css, '.cluster-name').value).to eq(cluster.gcp_cluster_name) expect(page.find(:css, '.cluster-name').value).to eq(cluster.gcp_cluster_name)
end end
context 'when user disables the cluster' do context 'when user disables the cluster' do
before do before do
page.find(:css, '.js-toggle-cluster').click page.find(:css, '.js-toggle-cluster').click
click_button 'Save changes' click_button 'Save'
end end
it 'user sees the succeccful message' do it 'user sees the succeccful message' do
......
...@@ -4,26 +4,20 @@ describe GoogleApi::CloudPlatform::Client do ...@@ -4,26 +4,20 @@ describe GoogleApi::CloudPlatform::Client do
let(:token) { 'token' } let(:token) { 'token' }
let(:client) { described_class.new(token, nil) } let(:client) { described_class.new(token, nil) }
describe '.session_key_for_second_redirect_uri' do describe '.session_key_for_redirect_uri' do
subject { described_class.session_key_for_second_redirect_uri(secure: secure) } let(:state) { 'random_string' }
context 'when pass a postfix' do subject { described_class.session_key_for_redirect_uri(state) }
let(:secure) { SecureRandom.hex }
it 'creates a required session key' do it 'creates a new session key' do
key, _ = described_class.session_key_for_second_redirect_uri(secure: secure) is_expected.to eq('cloud_platform_second_redirect_uri_random_string')
expect(key).to eq("cloud_platform_second_redirect_uri_#{secure}")
end
end end
end
context 'when pass a postfix' do describe '.new_session_key_for_redirect_uri' do
let(:secure) { nil } it 'generates a new session key' do
expect { |b| described_class.new_session_key_for_redirect_uri(&b) }
it 'creates a new session key' do .to yield_with_args(String)
key, secure = described_class.session_key_for_second_redirect_uri
expect(key).to include('cloud_platform_second_redirect_uri_')
expect(secure).not_to be_nil
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment