Show kerberos clone url when kerberos enabled and kerberos url different than http url

9bb1dd00 · Borja Aparicio · 6b028ed8 · 9bb1dd00 · 9bb1dd00 · 9bb1dd00
Commit 9bb1dd00 authored Dec 05, 2015 by Borja Aparicio
10 changed files
--- a/CHANGELOG-EE
+++ b/CHANGELOG-EE
 v 8.3.0 (unreleased)
  - License information can now be retrieved via the API
+  - Show Kerberos clone url when Kerberos enabled and url different than HTTP url (Borja Aparicio)

 v 8.2.0
  - Invalidate stored jira password if the endpoint URL is changed

--- a/app/assets/javascripts/project.js.coffee
+++ b/app/assets/javascripts/project.js.coffee
@@ -4,8 +4,11 @@ class @Project
    $('.js-protocol-switch').click ->
      return if $(@).hasClass('active')

-      # Toggle 'active' for both buttons
-      $('.js-protocol-switch').toggleClass('active')
+
+      # Remove the active class for all buttons (ssh, http, kerberos if shown)
+      $('.active').not($(@)).removeClass('active');
+      # Add the active class for the clicked button
+      $(@).toggleClass('active')

      url = $(@).data('clone')


--- a/app/helpers/button_helper.rb
+++ b/app/helpers/button_helper.rb
@@ -55,4 +55,20 @@ module ButtonHelper
      },
      type: :button
  end
+
+  def kerberos_clone_button(project)
+    klass = 'btn js-protocol-switch'
+    klass << ' active'      if default_clone_protocol == 'kerberos'
+    klass << ' has_tooltip'
+
+    content_tag :button, 'KRB5',
+      class: klass,
+      data: {
+        clone: project.kerberos_url_to_repo,
+        container: 'body',
+        html: 'true',
+        title: 'Get a Kerberos token for your account with kinit<br>to pull or push via Kerberos.'
+      },
+      type: :button
+  end
 end
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -181,6 +181,11 @@ module ProjectsHelper
    current_user ? "ssh" : "http"
  end

+  # Given the current GitLab configuration, check whether the GitLab URL for Kerberos is going to be different than the HTTP URL
+  def alternative_kerberos_url?
+    Gitlab.config.alternative_gitlab_kerberos_url?
+  end
+
  def project_last_activity(project)
    if project.last_activity_at
      time_ago_with_tooltip(project.last_activity_at, placement: 'bottom', html_class: 'last_activity_time_ago')

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -726,6 +726,11 @@ class Project < ActiveRecord::Base
    "#{web_url}.git"
  end

+  # No need to have a Kerberos Web url. Kerberos URL will be used only to clone
+  def kerberos_url_to_repo
+    "#{Gitlab.config.build_gitlab_kerberos_url + Gitlab::Application.routes.url_helpers.namespace_project_path(self.namespace, self)}.git"
+  end
+
  # Check if current branch name is marked as protected in the system
  def protected_branch?(branch_name)
    protected_branches_names.include?(branch_name)

--- a/app/views/shared/_clone_panel.html.haml
+++ b/app/views/shared/_clone_panel.html.haml
@@ -5,6 +5,9 @@
      = ssh_clone_button(project)
    .input-group-btn
      = http_clone_button(project)
+    - if alternative_kerberos_url?
+      .input-group-btn
+        = kerberos_clone_button(project)
  = text_field_tag :project_clone, default_url_to_repo(project), class: "js-select-on-focus form-control", readonly: true
  .input-group-btn
    = clipboard_button(clipboard_target: '#project_clone')
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -54,6 +54,30 @@ class Settings < Settingslogic
      (base_gitlab_url + [gitlab.relative_url_root]).join('')
    end

+    def kerberos_protocol
+      kerberos.https ? "https" : "http"
+    end
+
+    def kerberos_port
+      kerberos.use_dedicated_port ? kerberos.port : gitlab.port
+    end
+
+    # Curl expects username/password for authentication. However when using GSS-Negotiate not credentials should be needed.
+    # By inserting in the Kerberos dedicated URL ":@", we give to curl an empty username and password and GSS auth goes ahead
+    # Known bug reported in http://sourceforge.net/p/curl/bugs/440/ and http://curl.haxx.se/docs/knownbugs.html
+    def build_gitlab_kerberos_url
+      [ kerberos_protocol,
+        "://:@",
+        gitlab.host,
+        ":#{kerberos_port}",
+        gitlab.relative_url_root
+      ].join('')
+    end
+
+    def alternative_gitlab_kerberos_url?
+      kerberos.enabled && (build_gitlab_kerberos_url != build_gitlab_url)
+    end
+
    # check that values in `current` (string or integer) is a contant in `modul`.
    def verify_constant_array(modul, current, default)
      values = default || []

--- a/features/project/create.feature
+++ b/features/project/create.feature
@@ -12,8 +12,9 @@ Feature: Project Create
    And I should see empty project instuctions

  @javascript
-  Scenario: Empty project instructions
+  Scenario: Empty project instructions with Kerberos disabled
    Given I sign in as a user
+    Given KRB5 disabled
    When I visit new project page
    And fill project form with valid data
    Then I see empty project instuctions
@@ -21,3 +22,18 @@ Feature: Project Create
    Then Remote url should update to http link
    And If I click on SSH
    Then Remote url should update to ssh link
+
+  @javascript
+  Scenario: Empty project instructions with Kerberos enabled
+    Given I sign in as a user
+    Given KRB5 enabled
+    When I visit new project page
+    And fill project form with valid data
+    Then I see empty project instuctions
+    And I click on HTTP
+    Then Remote url should update to http link
+    And If I click on SSH
+    Then Remote url should update to ssh link
+    And If I click on KRB5
+    Then Remote url should update to kerberos link
+    And KRB5 disabled
--- a/features/steps/project/create.rb
+++ b/features/steps/project/create.rb
@@ -18,6 +18,16 @@ class Spinach::Features::ProjectCreate < Spinach::FeatureSteps
    expect(page).to have_content Project.last.url_to_repo
  end

+  step 'KRB5 enabled' do
+    # Enable Kerberos in an alternative port to force Kerberos button and URL to show up in the UI
+    allow(Gitlab.config.kerberos).to receive(:enabled).and_return(true)
+    allow(Gitlab.config.kerberos).to receive(:use_dedicated_port).and_return(true)
+  end
+
+  step 'KRB5 disabled' do
+    allow(Gitlab.config.kerberos).to receive(:enabled).and_return(false)
+  end
+
  step 'I see empty project instuctions' do
    expect(page).to have_content "git init"
    expect(page).to have_content "git remote"
@@ -39,4 +49,12 @@ class Spinach::Features::ProjectCreate < Spinach::FeatureSteps
  step 'Remote url should update to ssh link' do
    expect(page).to have_content "git remote add origin #{Project.last.url_to_repo}"
  end
+
+  step 'If I click on KRB5' do
+    click_button 'KRB5'
+  end
+
+  step 'Remote url should update to kerberos link' do
+    expect(page).to have_content "git remote add origin #{Project.last.kerberos_url_to_repo}"
+  end
 end
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -127,6 +127,14 @@ describe Project do
    end
  end

+  describe "#kerberos_url_to_repo" do
+    let(:project) { create(:empty_project, path: "somewhere") }
+
+    it 'should return valid kerberos url for this repo' do
+      expect(project.kerberos_url_to_repo).to eq("#{Gitlab.config.build_gitlab_kerberos_url}/#{project.namespace.path}/somewhere.git")
+    end
+  end
+
  describe 'last_activity methods' do
    let(:project) { create(:project) }
    let(:last_event) { double(created_at: Time.now) }