Commit d85d238a authored by Thong Kuah's avatar Thong Kuah

Extract literal string into constant

This string was used in two places but they are definitely related.
repo_url is building the basic auth string that will be acceped by
build_access_token_check
parent fa909a4a
...@@ -596,7 +596,7 @@ module Ci ...@@ -596,7 +596,7 @@ module Ci
def repo_url def repo_url
return unless token return unless token
auth = "gitlab-ci-token:#{token}@" auth = "#{::Gitlab::Auth::CI_JOB_USER}:#{token}@"
project.http_url_to_repo.sub(%r{^https?://}) do |prefix| project.http_url_to_repo.sub(%r{^https?://}) do |prefix|
prefix + auth prefix + auth
end end
......
...@@ -26,6 +26,8 @@ module Gitlab ...@@ -26,6 +26,8 @@ module Gitlab
# Default scopes for OAuth applications that don't define their own # Default scopes for OAuth applications that don't define their own
DEFAULT_SCOPES = [:api].freeze DEFAULT_SCOPES = [:api].freeze
CI_JOB_USER = 'gitlab-ci-token'
class << self class << self
prepend_if_ee('EE::Gitlab::Auth') # rubocop: disable Cop/InjectEnterpriseEditionModule prepend_if_ee('EE::Gitlab::Auth') # rubocop: disable Cop/InjectEnterpriseEditionModule
...@@ -254,7 +256,7 @@ module Gitlab ...@@ -254,7 +256,7 @@ module Gitlab
end end
def build_access_token_check(login, password) def build_access_token_check(login, password)
return unless login == 'gitlab-ci-token' return unless login == CI_JOB_USER
return unless password return unless password
build = find_build_by_token(password) build = find_build_by_token(password)
......
...@@ -149,7 +149,9 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do ...@@ -149,7 +149,9 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
end end
context 'build token' do context 'build token' do
subject { gl_auth.find_for_git_client('gitlab-ci-token', build.token, project: project, ip: 'ip') } subject { gl_auth.find_for_git_client(username, build.token, project: project, ip: 'ip') }
let(:username) { 'gitlab-ci-token' }
context 'for running build' do context 'for running build' do
let!(:build) { create(:ci_build, :running) } let!(:build) { create(:ci_build, :running) }
...@@ -170,6 +172,14 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do ...@@ -170,6 +172,14 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
expect(subject).to eq(Gitlab::Auth::Result.new(nil, nil, nil, nil)) expect(subject).to eq(Gitlab::Auth::Result.new(nil, nil, nil, nil))
end end
context 'username is not gitlab-ci-token' do
let(:username) { 'another_username' }
it 'fails to authenticate' do
expect(subject).to eq(Gitlab::Auth::Result.new(nil, nil, nil, nil))
end
end
end end
(Ci::HasStatus::AVAILABLE_STATUSES - ['running']).each do |build_status| (Ci::HasStatus::AVAILABLE_STATUSES - ['running']).each do |build_status|
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment