Add saml_discovery_token unauthenticated access

This will allow us to determine if the existance of a private group can be revealed to a user

Add saml_discovery_token unauthenticated access
This will allow us to determine if the existance of a private group can be revealed to a user
9e8d2dfc · James Edwards-Jones · 34888f9a · 9e8d2dfc · 9e8d2dfc · 9e8d2dfc
Commit 9e8d2dfc authored May 21, 2018 by James Edwards-Jones
4 changed files
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -1761,6 +1761,7 @@ ActiveRecord::Schema.define(version: 20181107054254) do
    t.string "runners_token"
    t.datetime_with_timezone "trial_ends_on"
    t.integer "file_template_project_id"
+    t.string "saml_discovery_token"
    t.index ["created_at"], name: "index_namespaces_on_created_at", using: :btree
    t.index ["ldap_sync_last_successful_update_at"], name: "index_namespaces_on_ldap_sync_last_successful_update_at", using: :btree
    t.index ["ldap_sync_last_update_at"], name: "index_namespaces_on_ldap_sync_last_update_at", using: :btree

--- a/ee/app/models/ee/group.rb
+++ b/ee/app/models/ee/group.rb
@@ -112,6 +112,17 @@ module EE
      update_column(:ldap_sync_error, ::Gitlab::UrlSanitizer.sanitize(error_message))
    end

+    # This token conveys that the anonymous user is allowed to know of the group
+    # Used to avoid revealing that a group exists on a given path
+    def saml_discovery_token
+      super.presence || begin
+        self.saml_discovery_token = Devise.friendly_token(8)
+
+        save if ::Gitlab::Database.read_write?
+        super
+      end
+    end
+
    def project_creation_level
      super || ::Gitlab::CurrentSettings.default_project_creation
    end

--- a/ee/db/migrate/20180520211048_add_discovery_token_to_namespaces.rb
+++ b/ee/db/migrate/20180520211048_add_discovery_token_to_namespaces.rb
+# frozen_string_literal: true
+
+class AddDiscoveryTokenToNamespaces < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def change
+    add_column :namespaces, :saml_discovery_token, :string
+  end
+end
--- a/ee/spec/models/group_spec.rb
+++ b/ee/spec/models/group_spec.rb
@@ -292,4 +292,37 @@ describe Group do
      end
    end
  end
+
+  describe '#saml_discovery_token' do
+    it 'returns existing tokens' do
+      group = create(:group, saml_discovery_token: 'existing')
+
+      expect(group.saml_discovery_token).to eq 'existing'
+    end
+
+    context 'when missing on read' do
+      it 'generates a token' do
+        expect(group.saml_discovery_token.length).to eq 8
+      end
+
+      it 'saves the generated token' do
+        expect { group.saml_discovery_token }.to change { group.reload.read_attribute(:saml_discovery_token) }
+      end
+
+      context 'in read only mode' do
+        before do
+          allow(Gitlab::Database).to receive(:read_only?).and_return(true)
+          allow(group).to receive(:create_or_update).and_raise(ActiveRecord::ReadOnlyRecord)
+        end
+
+        it "doesn't raise an error as that could expose group existance" do
+          expect { group.saml_discovery_token }.not_to raise_error
+        end
+
+        it 'returns a random value to prevent access' do
+          expect(group.saml_discovery_token).not_to be_blank
+        end
+      end
+    end
+  end
 end