Commit e6cc4e90 authored by Drew Blessing's avatar Drew Blessing

Refactor git http controllers to rely on auth results differently

Auth results can return an ambiguous actor, either user or
deploy token. Refactor to explicitly get user or deploy token
rather than accessing the actor directly.
parent c3033257
...@@ -8,12 +8,9 @@ module Repositories ...@@ -8,12 +8,9 @@ module Repositories
attr_reader :authentication_result, :redirected_path attr_reader :authentication_result, :redirected_path
delegate :actor, :authentication_abilities, to: :authentication_result, allow_nil: true delegate :authentication_abilities, to: :authentication_result, allow_nil: true
delegate :type, to: :authentication_result, allow_nil: true, prefix: :auth_result delegate :type, to: :authentication_result, allow_nil: true, prefix: :auth_result
alias_method :user, :actor
alias_method :authenticated_user, :actor
# Git clients will not know what authenticity token to send along # Git clients will not know what authenticity token to send along
skip_around_action :set_session_storage skip_around_action :set_session_storage
skip_before_action :verify_authenticity_token skip_before_action :verify_authenticity_token
...@@ -22,8 +19,16 @@ module Repositories ...@@ -22,8 +19,16 @@ module Repositories
feature_category :source_code_management feature_category :source_code_management
def authenticated_user
authentication_result&.user || authentication_result&.deploy_token
end
private private
def user
authenticated_user
end
def download_request? def download_request?
raise NotImplementedError raise NotImplementedError
end end
......
...@@ -30,6 +30,7 @@ module EE ...@@ -30,6 +30,7 @@ module EE
private private
override :user
def user def user
super || geo_push_user&.user super || geo_push_user&.user
end end
......
...@@ -90,6 +90,14 @@ RSpec.describe Repositories::GitHttpController do ...@@ -90,6 +90,14 @@ RSpec.describe Repositories::GitHttpController do
end end
end end
end end
context 'when the user is a deploy token' do
it_behaves_like Repositories::GitHttpController do
let(:container) { project }
let(:user) { create(:deploy_token, :project, projects: [project]) }
let(:access_checker_class) { Gitlab::GitAccess }
end
end
end end
context 'when repository container is a project wiki' do context 'when repository container is a project wiki' do
......
...@@ -50,7 +50,8 @@ RSpec.shared_examples Repositories::GitHttpController do ...@@ -50,7 +50,8 @@ RSpec.shared_examples Repositories::GitHttpController do
context 'with authorized user' do context 'with authorized user' do
before do before do
request.headers.merge! auth_env(user.username, user.password, nil) password = user.try(:password) || user.try(:token)
request.headers.merge! auth_env(user.username, password, nil)
end end
it 'returns 200' do it 'returns 200' do
...@@ -71,9 +72,10 @@ RSpec.shared_examples Repositories::GitHttpController do ...@@ -71,9 +72,10 @@ RSpec.shared_examples Repositories::GitHttpController do
it 'adds user info to the logs' do it 'adds user info to the logs' do
get :info_refs, params: params get :info_refs, params: params
expect(log_data).to include('username' => user.username, user_log_data = { 'username' => user.username, 'user_id' => user.id }
'user_id' => user.id, user_log_data['meta.user'] = user.username if user.is_a?(User)
'meta.user' => user.username)
expect(log_data).to include(user_log_data)
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment