Add runners token

8cdd54cc · Kamil Trzcinski · e80e3f53 · 8cdd54cc · 8cdd54cc · 8cdd54cc
Commit 8cdd54cc authored Dec 10, 2015 by Kamil Trzcinski
12 changed files
--- a/app/controllers/ci/application_controller.rb
+++ b/app/controllers/ci/application_controller.rb
@@ -6,12 +6,6 @@ module Ci
    private
-    def authenticate_token!
-      unless project.valid_token?(params[:token])
-        return head(403)
-      end
-    end
    def authorize_access_project!
      unless can?(current_user, :read_project, project)
        return page_404

--- a/app/controllers/ci/projects_controller.rb
+++ b/app/controllers/ci/projects_controller.rb
@@ -22,8 +22,7 @@ module Ci
    protected
    def project
-      # TODO: what to do here?
+      @project ||= Project.find_by(ci_id: params[:id].to_i)
-      @project ||= Project.find_by_ci_id(params[:id])
    end
    def no_cache

--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -225,7 +225,7 @@ module Ci
    end
    def valid_token? token
-      project.valid_token? token
+      project.valid_runners_token? token
    end
    def target_url

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -169,9 +169,9 @@ class Project < ActiveRecord::Base
    if: ->(project) { project.avatar.present? && project.avatar_changed? }
  validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
-  before_validation :set_random_token
+  before_validation :set_runners_token_token
-  def set_random_token
+  def set_runners_token_token
-    self.token = SecureRandom.hex(15) if self.token.blank?
+    self.runners_token = SecureRandom.hex(15) if self.runners_token.blank?
  end
  mount_uploader :avatar, AvatarUploader
@@ -270,9 +270,7 @@ class Project < ActiveRecord::Base
    end
    def find_by_ci_id(id)
-      ci_projects = Arel::Table.new(:ci_projects)
+      find_by(ci_id: id.to_i)
-      gitlab_id = ci_projects.where(ci_projects[:id].eq(id)).project(ci_projects[:gitlab_id])
-      find_by("id=(#{gitlab_id.to_sql})")
    end
    def visibility_levels
@@ -831,7 +829,11 @@ class Project < ActiveRecord::Base
    shared_runners_enabled? && Ci::Runner.shared.active.any?(&block)
  end
-  def valid_token? token
+  def valid_runners_token? token
+    self.token && self.token == token
+  end
+  def valid_build_token? token
    self.token && self.token == token
  end

--- a/db/migrate/20151203162135_add_ci_to_project.rb
+++ b/db/migrate/20151203162135_add_ci_to_project.rb
 class AddCiToProject < ActiveRecord::Migration
  def up
+    add_column :projects, :ci_id, :integer
    add_column :projects, :builds_enabled, :boolean, default: true, null: false
    add_column :projects, :shared_runners_enabled, :boolean, default: true, null: false
-    add_column :projects, :token, :string
+    add_column :projects, :runners_token, :string
    add_column :projects, :build_coverage_regex, :string
    add_column :projects, :build_allow_git_fetch, :boolean, default: true, null: false
    add_column :projects, :build_timeout, :integer, default: 3600, null: false

--- a/db/migrate/20151204110613_migrate_ci_to_project.rb
+++ b/db/migrate/20151204110613_migrate_ci_to_project.rb
@@ -5,8 +5,9 @@ class MigrateCiToProject < ActiveRecord::Migration
    migrate_project_id_for_table('ci_variables')
    migrate_project_id_for_builds
-    migrate_project_column('shared_runners_enabled')
+    migrate_project_column('id', 'ci_id')
-    migrate_project_column('token')
+    migrate_project_column('shared_runners_enabled', 'shared_runners_enabled')
+    migrate_project_column('token', 'runners_token')
    migrate_project_column('coverage_regex', 'build_coverage_regex')
    migrate_project_column('allow_git_fetch', 'build_allow_git_fetch')
    migrate_project_column('timeout', 'build_timeout')
@@ -25,7 +26,7 @@ class MigrateCiToProject < ActiveRecord::Migration
  def migrate_project_column(column, new_column = nil)
    new_column ||= column
-    subquery = "SELECT #{column} FROM ci_projects WHERE projects.id = ci_projects.gitlab_id"
+    subquery = "SELECT ci_projects.#{column} FROM ci_projects WHERE projects.id = ci_projects.gitlab_id"
    execute("UPDATE projects SET #{new_column}=(#{subquery}) WHERE #{new_column} IS NULL AND (#{subquery}) IS NOT NULL")
  end

--- a/db/migrate/20151204110832_add_index_to_ci_tables.rb
+++ b/db/migrate/20151204110832_add_index_to_ci_tables.rb
@@ -4,8 +4,9 @@ class AddIndexToCiTables < ActiveRecord::Migration
    add_index :ci_runner_projects, :gl_project_id
    add_index :ci_triggers, :gl_project_id
    add_index :ci_variables, :gl_project_id
-    add_index :projects, :token
+    add_index :projects, :runners_token
    add_index :projects, :builds_enabled
    add_index :projects, [:builds_enabled, :shared_runners_enabled]
+    add_index :projects, [:ci_id]
  end
 end
--- a/lib/ci/api/helpers.rb
+++ b/lib/ci/api/helpers.rb
@@ -13,10 +13,6 @@ module Ci
        forbidden! unless current_runner
      end
-      def authenticate_project_token!(project)
-        forbidden! unless project.valid_token?(params[:project_token])
-      end
      def authenticate_build_token!(build)
        token = (params[BUILD_TOKEN_PARAM] || env[BUILD_TOKEN_HEADER]).to_s
        forbidden! unless token && build.valid_token?(token)

--- a/lib/ci/api/runners.rb
+++ b/lib/ci/api/runners.rb
@@ -36,7 +36,7 @@ module Ci
                tag_list: params[:tag_list],
                is_shared: true
              )
-            elsif project = Project.find_by(token: params[:token])
+            elsif project = Project.find_by(runners_token: params[:token])
              # Create a specific runner for project.
              project.ci_runners.create(
                description: params[:description],

--- a/lib/ci/api/triggers.rb
+++ b/lib/ci/api/triggers.rb
@@ -14,7 +14,7 @@ module Ci
        post ":id/refs/:ref/trigger" do
          required_attributes! [:token]
-          project = Project.find_by_ci_id(params[:id])
+          project = Project.find_by(ci_id: params[:id].to_i)
          trigger = Ci::Trigger.find_by_token(params[:token].to_s)
          not_found! unless project && trigger
          unauthorized! unless trigger.project == project

--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@@ -78,7 +78,7 @@ module Grack
        underscored_service = matched_login['s'].underscore
        if underscored_service == 'gitlab_ci'
-          return project && project.builds_enabled? && project.valid_token?(password)
+          return project && project.builds_enabled? && project.valid_build_token?(password)
        elsif Service.available_services_names.include?(underscored_service)
          service_method = "#{underscored_service}_service"
          service = project.send(service_method)

--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -55,7 +55,7 @@ describe Project, models: true do
    it { is_expected.to have_one(:pushover_service).dependent(:destroy) }
    it { is_expected.to have_one(:asana_service).dependent(:destroy) }
    it { is_expected.to have_many(:ci_commits) }
-    it { is_expected.to have_many(:ci_statuses) }
+    it { is_expected.to have_many(:commit_statuses) }
    it { is_expected.to have_many(:ci_builds) }
    it { is_expected.to have_many(:ci_runner_projects) }
    it { is_expected.to have_many(:ci_runners) }