Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
8ef3bc5d
Commit
8ef3bc5d
authored
Jun 15, 2017
by
Michael Kozono
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add “Project moved” error to Git-over-HTTP
parent
af784cc6
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
37 additions
and
40 deletions
+37
-40
app/controllers/projects/git_http_client_controller.rb
app/controllers/projects/git_http_client_controller.rb
+8
-38
app/controllers/projects/git_http_controller.rb
app/controllers/projects/git_http_controller.rb
+1
-1
spec/requests/git_http_spec.rb
spec/requests/git_http_spec.rb
+28
-1
No files found.
app/controllers/projects/git_http_client_controller.rb
View file @
8ef3bc5d
...
...
@@ -4,7 +4,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController
include
ActionController
::
HttpAuthentication
::
Basic
include
KerberosSpnegoHelper
attr_reader
:authentication_result
attr_reader
:authentication_result
,
:redirected_path
delegate
:actor
,
:authentication_abilities
,
to: :authentication_result
,
allow_nil:
true
...
...
@@ -14,7 +14,6 @@ class Projects::GitHttpClientController < Projects::ApplicationController
skip_before_action
:verify_authenticity_token
skip_before_action
:repository
before_action
:authenticate_user
before_action
:ensure_project_found!
private
...
...
@@ -68,38 +67,14 @@ class Projects::GitHttpClientController < Projects::ApplicationController
headers
[
'Www-Authenticate'
]
=
challenges
.
join
(
"
\n
"
)
if
challenges
.
any?
end
def
ensure_project_found!
render_not_found
if
project
.
blank?
end
def
project
return
@project
if
defined?
(
@project
)
project_id
,
_
=
project_id_with_suffix
@project
=
if
project_id
.
blank?
nil
else
Project
.
find_by_full_path
(
"
#{
params
[
:namespace_id
]
}
/
#{
project_id
}
"
)
end
end
parse_repo_path
unless
defined?
(
@project
)
# This method returns two values so that we can parse
# params[:project_id] (untrusted input!) in exactly one place.
def
project_id_with_suffix
id
=
params
[
:project_id
]
||
''
%w[.wiki.git .git]
.
each
do
|
suffix
|
if
id
.
end_with?
(
suffix
)
# Be careful to only remove the suffix from the end of 'id'.
# Accidentally removing it from the middle is how security
# vulnerabilities happen!
return
[
id
.
slice
(
0
,
id
.
length
-
suffix
.
length
),
suffix
]
end
end
@project
end
# Something is wrong with params[:project_id]; do not pass it on.
[
nil
,
nil
]
def
parse_repo_path
@project
,
@wiki
,
@redirected_path
=
Gitlab
::
RepoPath
.
parse
(
"
#{
params
[
:namespace_id
]
}
/
#{
params
[
:project_id
]
}
"
)
end
def
render_missing_personal_token
...
...
@@ -114,14 +89,9 @@ class Projects::GitHttpClientController < Projects::ApplicationController
end
def
wiki?
return
@wiki
if
defined?
(
@wiki
)
_
,
suffix
=
project_id_with_suffix
@wiki
=
suffix
==
'.wiki.git'
end
parse_repo_path
unless
defined?
(
@wiki
)
def
render_not_found
render
plain:
'Not Found'
,
status: :not_found
@wiki
end
def
handle_basic_authentication
(
login
,
password
)
...
...
app/controllers/projects/git_http_controller.rb
View file @
8ef3bc5d
...
...
@@ -56,7 +56,7 @@ class Projects::GitHttpController < Projects::GitHttpClientController
end
def
access
@access
||=
access_klass
.
new
(
access_actor
,
project
,
'http'
,
authentication_abilities:
authentication_abilities
)
@access
||=
access_klass
.
new
(
access_actor
,
project
,
'http'
,
authentication_abilities:
authentication_abilities
,
redirected_path:
redirected_path
)
end
def
access_actor
...
...
spec/requests/git_http_spec.rb
View file @
8ef3bc5d
...
...
@@ -505,6 +505,33 @@ describe 'Git HTTP requests', lib: true do
Rack
::
Attack
::
Allow2Ban
.
reset
(
ip
,
options
)
end
end
context
'and the user requests a redirected path'
do
let!
(
:redirect
)
{
project
.
route
.
create_redirect
(
'foo/bar'
)
}
let
(
:path
)
{
"
#{
redirect
.
path
}
.git"
}
let
(
:project_moved_message
)
do
<<-
MSG
.
strip_heredoc
Project '
#{
redirect
.
path
}
' was moved to '
#{
project
.
full_path
}
'.
Please update your Git remote and try again:
git remote set-url origin
#{
project
.
http_url_to_repo
}
MSG
end
it
'downloads get status 404 with "project was moved" message'
do
clone_get
(
path
,
env
)
expect
(
response
).
to
have_http_status
(
:not_found
)
expect
(
response
.
body
).
to
match
(
project_moved_message
)
end
it
'uploads get status 404 with "project was moved" message'
do
upload
(
path
,
env
)
do
|
response
|
expect
(
response
).
to
have_http_status
(
:not_found
)
expect
(
response
.
body
).
to
match
(
project_moved_message
)
end
end
end
end
context
"when the user doesn't have access to the project"
do
...
...
@@ -680,7 +707,7 @@ describe 'Git HTTP requests', lib: true do
end
context
"POST git-receive-pack"
do
it
"fail
e
s to find a route"
do
it
"fails to find a route"
do
expect
{
push_post
(
project
.
path_with_namespace
)
}.
to
raise_error
(
ActionController
::
RoutingError
)
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment