Commit 67d6a79e authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'ce-ee-master' into ee-master

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

Conflicts:
	VERSION
	config/initializers/1_settings.rb
	config/initializers/7_omniauth.rb
parents a6a0bb4f c0a5d043
...@@ -39,3 +39,4 @@ public/assets/ ...@@ -39,3 +39,4 @@ public/assets/
.envrc .envrc
dump.rdb dump.rdb
tags tags
.gitlab_shell_secret
7.4.0.rc1-ee 7.5.0.pre-ee
...@@ -75,7 +75,7 @@ ...@@ -75,7 +75,7 @@
} }
.participants { .participants {
margin-bottom: 10px; margin-bottom: 20px;
} }
.issues_bulk_update { .issues_bulk_update {
......
...@@ -113,30 +113,36 @@ ...@@ -113,30 +113,36 @@
font-size: 15px; font-size: 15px;
border-bottom: 1px solid #BBB; border-bottom: 1px solid #BBB;
color: #777; color: #777;
background-color: #F5F5F5;
&.ci-success { &.ci-success {
color: $bg_success; color: $bg_success;
border-color: $border_success; border-color: $border_success;
background-color: #F1FAF1;
} }
&.ci-pending { &.ci-pending {
color: #548; color: #548;
border-color: #548; border-color: #548;
background-color: #F4F1FA;
} }
&.ci-running { &.ci-running {
color: $bg_warning; color: $bg_warning;
border-color: $border_warning; border-color: $border_warning;
background-color: #FAF5F1;
} }
&.ci-failed { &.ci-failed {
color: $bg_danger; color: $bg_danger;
border-color: $border_danger; border-color: $border_danger;
background-color: #FAF1F1;
} }
&.ci-error { &.ci-error {
color: $bg_danger; color: $bg_danger;
border-color: $border_danger; border-color: $border_danger;
background-color: #FAF1F1;
} }
} }
......
...@@ -46,5 +46,5 @@ ...@@ -46,5 +46,5 @@
%br %br
Public projects are an easy way to allow everyone to have read-only access. Public projects are an easy way to allow everyone to have read-only access.
.link_holder .link_holder
= link_to explore_projects_path, class: "btn btn-new" do = link_to trending_explore_projects_path, class: "btn btn-new" do
Browse public projects » Browse public projects »
# Be sure to restart your server when you modify this file.
require 'securerandom'
# Your secret key for verifying the gitlab_shell.
secret_file = Rails.root.join('.gitlab_shell_secret')
gitlab_shell_symlink = File.join(Gitlab.config.gitlab_shell.path, '.gitlab_shell_secret')
unless File.exist? secret_file
# Generate a new token of 16 random hexadecimal characters and store it in secret_file.
token = SecureRandom.hex(16)
File.write(secret_file, token)
end
if File.exist?(Gitlab.config.gitlab_shell.path) && !File.exist?(gitlab_shell_symlink)
FileUtils.symlink(secret_file, gitlab_shell_symlink)
end
\ No newline at end of file
...@@ -510,6 +510,10 @@ Code above produces next output: ...@@ -510,6 +510,10 @@ Code above produces next output:
| cell 1 | cell 2 | | cell 1 | cell 2 |
| cell 3 | cell 4 | | cell 3 | cell 4 |
**Note**
The row of dashes between the table header and body must have at least three dashes in each column.
## References ## References
- This document leveraged heavily from the [Markdown-Cheatsheet](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet). - This document leveraged heavily from the [Markdown-Cheatsheet](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet).
......
...@@ -67,6 +67,10 @@ module API ...@@ -67,6 +67,10 @@ module API
unauthorized! unless current_user unauthorized! unless current_user
end end
def authenticate_by_gitlab_shell_token!
unauthorized! unless secret_token == params['secret_token']
end
def authenticated_as_admin! def authenticated_as_admin!
forbidden! unless current_user.is_admin? forbidden! unless current_user.is_admin?
end end
...@@ -193,5 +197,9 @@ module API ...@@ -193,5 +197,9 @@ module API
abilities abilities
end end
end end
def secret_token
File.read(Rails.root.join('.gitlab_shell_secret'))
end
end end
end end
module API module API
# Internal access API # Internal access API
class Internal < Grape::API class Internal < Grape::API
before {
authenticate_by_gitlab_shell_token!
}
namespace 'internal' do namespace 'internal' do
# Check if git command is allowed to project # Check if git command is allowed to project
# #
......
...@@ -91,8 +91,7 @@ server { ...@@ -91,8 +91,7 @@ server {
# resolver_timeout 10s; # resolver_timeout 10s;
## [Optional] Generate a stronger DHE parameter: ## [Optional] Generate a stronger DHE parameter:
## cd /etc/ssl/certs ## sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
## sudo openssl dhparam -out dhparam.pem 4096
## ##
# ssl_dhparam /etc/ssl/certs/dhparam.pem; # ssl_dhparam /etc/ssl/certs/dhparam.pem;
......
...@@ -5,10 +5,11 @@ describe API::API, api: true do ...@@ -5,10 +5,11 @@ describe API::API, api: true do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:key) { create(:key, user: user) } let(:key) { create(:key, user: user) }
let(:project) { create(:project) } let(:project) { create(:project) }
let(:secret_token) { File.read Rails.root.join('.gitlab_shell_secret') }
describe "GET /internal/check", no_db: true do describe "GET /internal/check", no_db: true do
it do it do
get api("/internal/check") get api("/internal/check"), secret_token: secret_token
response.status.should == 200 response.status.should == 200
json_response['api_version'].should == API::API.version json_response['api_version'].should == API::API.version
...@@ -17,7 +18,7 @@ describe API::API, api: true do ...@@ -17,7 +18,7 @@ describe API::API, api: true do
describe "GET /internal/discover" do describe "GET /internal/discover" do
it do it do
get(api("/internal/discover"), key_id: key.id) get(api("/internal/discover"), key_id: key.id, secret_token: secret_token)
response.status.should == 200 response.status.should == 200
...@@ -159,7 +160,8 @@ describe API::API, api: true do ...@@ -159,7 +160,8 @@ describe API::API, api: true do
api("/internal/allowed"), api("/internal/allowed"),
key_id: key.id, key_id: key.id,
project: project.path_with_namespace, project: project.path_with_namespace,
action: 'git-upload-pack' action: 'git-upload-pack',
secret_token: secret_token
) )
end end
...@@ -169,7 +171,8 @@ describe API::API, api: true do ...@@ -169,7 +171,8 @@ describe API::API, api: true do
changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master', changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master',
key_id: key.id, key_id: key.id,
project: project.path_with_namespace, project: project.path_with_namespace,
action: 'git-receive-pack' action: 'git-receive-pack',
secret_token: secret_token
) )
end end
...@@ -179,7 +182,8 @@ describe API::API, api: true do ...@@ -179,7 +182,8 @@ describe API::API, api: true do
ref: 'master', ref: 'master',
key_id: key.id, key_id: key.id,
project: project.path_with_namespace, project: project.path_with_namespace,
action: 'git-upload-archive' action: 'git-upload-archive',
secret_token: secret_token
) )
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment