Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
1a675dc9
Commit
1a675dc9
authored
Aug 06, 2018
by
Ash McKenzie
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow upload_code ability for auth'd Geo request
parent
3bcb345e
Changes
4
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
254 additions
and
114 deletions
+254
-114
ee/app/controllers/ee/projects/git_http_controller.rb
ee/app/controllers/ee/projects/git_http_controller.rb
+18
-3
ee/lib/ee/gitlab/git_access.rb
ee/lib/ee/gitlab/git_access.rb
+5
-0
ee/spec/lib/gitlab/git_access_spec.rb
ee/spec/lib/gitlab/git_access_spec.rb
+1
-1
ee/spec/requests/git_http_geo_spec.rb
ee/spec/requests/git_http_geo_spec.rb
+230
-110
No files found.
ee/app/controllers/ee/projects/git_http_controller.rb
View file @
1a675dc9
...
@@ -6,11 +6,24 @@ module EE
...
@@ -6,11 +6,24 @@ module EE
override
:render_ok
override
:render_ok
def
render_ok
def
render_ok
set_workhorse_internal_api_content_type
set_workhorse_internal_api_content_type
render
json:
::
Gitlab
::
Workhorse
.
git_http_ok
(
repository
,
wiki?
,
user
,
action_name
,
show_all_refs:
geo_request?
)
render
json:
::
Gitlab
::
Workhorse
.
git_http_ok
(
repository
,
wiki?
,
user
,
action_name
,
show_all_refs:
geo_request?
)
end
end
private
private
def
user
super
||
geo_push_user
&
.
user
end
def
geo_push_user
@geo_push_user
||=
::
Geo
::
PushUser
.
new_from_headers
(
request
.
headers
)
end
def
geo_push_user_headers_provided?
::
Geo
::
PushUser
.
needed_headers_provided?
(
request
.
headers
)
end
def
geo_request?
def
geo_request?
::
Gitlab
::
Geo
::
JwtRequestDecoder
.
geo_auth_attempt?
(
request
.
headers
[
'Authorization'
])
::
Gitlab
::
Geo
::
JwtRequestDecoder
.
geo_auth_attempt?
(
request
.
headers
[
'Authorization'
])
end
end
...
@@ -21,9 +34,11 @@ module EE
...
@@ -21,9 +34,11 @@ module EE
override
:access_actor
override
:access_actor
def
access_actor
def
access_actor
return
:geo
if
geo?
return
super
unless
geo?
return
:geo
unless
geo_push_user_headers_provided?
return
geo_push_user
.
user
if
geo_push_user
.
user
super
raise
::
Gitlab
::
GitAccess
::
UnauthorizedError
,
'Geo push user is invalid.'
end
end
override
:authenticate_user
override
:authenticate_user
...
@@ -32,7 +47,7 @@ module EE
...
@@ -32,7 +47,7 @@ module EE
payload
=
::
Gitlab
::
Geo
::
JwtRequestDecoder
.
new
(
request
.
headers
[
'Authorization'
]).
decode
payload
=
::
Gitlab
::
Geo
::
JwtRequestDecoder
.
new
(
request
.
headers
[
'Authorization'
]).
decode
if
payload
if
payload
@authentication_result
=
::
Gitlab
::
Auth
::
Result
.
new
(
nil
,
project
,
:geo
,
[
:download_code
])
# rubocop:disable Gitlab/ModuleWithInstanceVariables
@authentication_result
=
::
Gitlab
::
Auth
::
Result
.
new
(
nil
,
project
,
:geo
,
[
:download_code
,
:push_code
])
# rubocop:disable Gitlab/ModuleWithInstanceVariables
return
# grant access
return
# grant access
end
end
...
...
ee/lib/ee/gitlab/git_access.rb
View file @
1a675dc9
...
@@ -52,6 +52,11 @@ module EE
...
@@ -52,6 +52,11 @@ module EE
def
geo?
def
geo?
actor
==
:geo
actor
==
:geo
end
end
override
:authed_via_jwt?
def
authed_via_jwt?
geo?
end
end
end
end
end
end
end
ee/spec/lib/gitlab/git_access_spec.rb
View file @
1a675dc9
...
@@ -268,7 +268,7 @@ For more information: #{EE::Gitlab::GeoGitAccess::GEO_SERVER_DOCS_URL}"
...
@@ -268,7 +268,7 @@ For more information: #{EE::Gitlab::GeoGitAccess::GEO_SERVER_DOCS_URL}"
let
(
:actor
)
{
:geo
}
let
(
:actor
)
{
:geo
}
it
{
expect
{
pull_changes
}.
not_to
raise_error
}
it
{
expect
{
pull_changes
}.
not_to
raise_error
}
it
{
expect
{
push_changes
}.
to
raise_unauthorized
(
Gitlab
::
GitAccess
::
ERROR_MESSAGES
[
:
upload
])
}
it
{
expect
{
push_changes
}.
to
raise_unauthorized
(
Gitlab
::
GitAccess
::
ERROR_MESSAGES
[
:
push_code
])
}
end
end
private
private
...
...
ee/spec/requests/git_http_geo_spec.rb
View file @
1a675dc9
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment