Commit 5bd0917d authored by David Fernandez's avatar David Fernandez Committed by Sean McGivern

Fix `#current_authenticate_job` with `.authenticate_with`

Properly get the job from the `namespace_inheritable`
parent e1cda699
---
title: Fix `#current_authenticated_job` when used with `.authenticate_with` in Grape APIs
merge_request: 56564
author:
type: fixed
...@@ -48,7 +48,11 @@ module API ...@@ -48,7 +48,11 @@ module API
# Returns the job associated with the token provided for # Returns the job associated with the token provided for
# authentication, if any # authentication, if any
def current_authenticated_job def current_authenticated_job
@current_authenticated_job if try(:namespace_inheritable, :authentication)
ci_build_from_namespace_inheritable
else
@current_authenticated_job # rubocop:disable Gitlab/ModuleWithInstanceVariables
end
end end
# rubocop:disable Gitlab/ModuleWithInstanceVariables # rubocop:disable Gitlab/ModuleWithInstanceVariables
......
...@@ -52,6 +52,11 @@ module API ...@@ -52,6 +52,11 @@ module API
token&.user token&.user
end end
def ci_build_from_namespace_inheritable
token = token_from_namespace_inheritable
token if token.is_a?(::Ci::Build)
end
private private
def find_token_from_raw_credentials(token_types, raw) def find_token_from_raw_credentials(token_types, raw)
......
...@@ -7,6 +7,7 @@ RSpec.describe API::Helpers::Authentication do ...@@ -7,6 +7,7 @@ RSpec.describe API::Helpers::Authentication do
let_it_be(:project, reload: true) { create(:project, :public) } let_it_be(:project, reload: true) { create(:project, :public) }
let_it_be(:personal_access_token) { create(:personal_access_token, user: user) } let_it_be(:personal_access_token) { create(:personal_access_token, user: user) }
let_it_be(:deploy_token) { create(:deploy_token, read_package_registry: true, write_package_registry: true) } let_it_be(:deploy_token) { create(:deploy_token, read_package_registry: true, write_package_registry: true) }
let_it_be(:ci_build) { create(:ci_build, :running, user: user) }
describe 'class methods' do describe 'class methods' do
subject { Class.new.include(described_class::ClassMethods).new } subject { Class.new.include(described_class::ClassMethods).new }
...@@ -176,6 +177,20 @@ RSpec.describe API::Helpers::Authentication do ...@@ -176,6 +177,20 @@ RSpec.describe API::Helpers::Authentication do
end end
end end
describe '#ci_build_from_namespace_inheritable' do
subject { object.ci_build_from_namespace_inheritable }
it 'returns #token_from_namespace_inheritable if it is a ci build' do
expect(object).to receive(:token_from_namespace_inheritable).and_return(ci_build)
expect(subject).to be(ci_build)
end
it 'returns nil if #token_from_namespace_inheritable is not a ci build' do
expect(object).to receive(:token_from_namespace_inheritable).and_return(personal_access_token)
expect(subject).to eq(nil)
end
end
describe '#user_from_namespace_inheritable' do describe '#user_from_namespace_inheritable' do
subject { object.user_from_namespace_inheritable } subject { object.user_from_namespace_inheritable }
......
...@@ -188,6 +188,10 @@ RSpec.describe API::NugetProjectPackages do ...@@ -188,6 +188,10 @@ RSpec.describe API::NugetProjectPackages do
it_behaves_like 'deploy token for package uploads' it_behaves_like 'deploy token for package uploads'
it_behaves_like 'job token for package uploads', authorize_endpoint: true do
let_it_be(:job) { create(:ci_build, :running, user: user) }
end
it_behaves_like 'rejects nuget access with unknown target id' it_behaves_like 'rejects nuget access with unknown target id'
it_behaves_like 'rejects nuget access with invalid target id' it_behaves_like 'rejects nuget access with invalid target id'
...@@ -251,6 +255,10 @@ RSpec.describe API::NugetProjectPackages do ...@@ -251,6 +255,10 @@ RSpec.describe API::NugetProjectPackages do
it_behaves_like 'deploy token for package uploads' it_behaves_like 'deploy token for package uploads'
it_behaves_like 'job token for package uploads' do
let_it_be(:job) { create(:ci_build, :running, user: user) }
end
it_behaves_like 'rejects nuget access with unknown target id' it_behaves_like 'rejects nuget access with unknown target id'
it_behaves_like 'rejects nuget access with invalid target id' it_behaves_like 'rejects nuget access with invalid target id'
......
...@@ -118,7 +118,7 @@ RSpec.describe API::PypiPackages do ...@@ -118,7 +118,7 @@ RSpec.describe API::PypiPackages do
it_behaves_like 'deploy token for package uploads' it_behaves_like 'deploy token for package uploads'
it_behaves_like 'job token for package uploads' it_behaves_like 'job token for package uploads', authorize_endpoint: true
it_behaves_like 'rejects PyPI access with unknown project id' it_behaves_like 'rejects PyPI access with unknown project id'
end end
......
...@@ -100,7 +100,7 @@ RSpec.shared_examples 'job token for package GET requests' do ...@@ -100,7 +100,7 @@ RSpec.shared_examples 'job token for package GET requests' do
end end
end end
RSpec.shared_examples 'job token for package uploads' do RSpec.shared_examples 'job token for package uploads' do |authorize_endpoint: false|
context 'with job token headers' do context 'with job token headers' do
let(:headers) { basic_auth_header(::Gitlab::Auth::CI_JOB_USER, job.token).merge(workhorse_headers) } let(:headers) { basic_auth_header(::Gitlab::Auth::CI_JOB_USER, job.token).merge(workhorse_headers) }
...@@ -111,6 +111,17 @@ RSpec.shared_examples 'job token for package uploads' do ...@@ -111,6 +111,17 @@ RSpec.shared_examples 'job token for package uploads' do
context 'valid token' do context 'valid token' do
it_behaves_like 'returning response status', :success it_behaves_like 'returning response status', :success
unless authorize_endpoint
it 'creates a package with build info' do
expect { subject }.to change { Packages::Package.count }.by(1)
pkg = ::Packages::Package.order_created
.last
expect(pkg.build_infos).to be
end
end
end end
context 'invalid token' do context 'invalid token' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment