Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
f9d490db
Commit
f9d490db
authored
Oct 06, 2017
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Improve redirect uri state and fix all remaining tests
parent
3e26b0dc
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
48 additions
and
41 deletions
+48
-41
app/controllers/google_api/authorizations_controller.rb
app/controllers/google_api/authorizations_controller.rb
+11
-6
app/controllers/projects/clusters_controller.rb
app/controllers/projects/clusters_controller.rb
+10
-6
lib/google_api/cloud_platform/client.rb
lib/google_api/cloud_platform/client.rb
+8
-3
spec/controllers/google_api/authorizations_controller_spec.rb
.../controllers/google_api/authorizations_controller_spec.rb
+6
-7
spec/controllers/projects/clusters_controller_spec.rb
spec/controllers/projects/clusters_controller_spec.rb
+1
-1
spec/features/projects/clusters_spec.rb
spec/features/projects/clusters_spec.rb
+2
-2
spec/lib/google_api/cloud_platform/client_spec.rb
spec/lib/google_api/cloud_platform/client_spec.rb
+10
-16
No files found.
app/controllers/google_api/authorizations_controller.rb
View file @
f9d490db
...
@@ -9,16 +9,21 @@ module GoogleApi
...
@@ -9,16 +9,21 @@ module GoogleApi
session
[
GoogleApi
::
CloudPlatform
::
Client
.
session_key_for_expires_at
]
=
session
[
GoogleApi
::
CloudPlatform
::
Client
.
session_key_for_expires_at
]
=
expires_at
.
to_s
expires_at
.
to_s
key
,
_
=
GoogleApi
::
CloudPlatform
::
Client
state_redirect_uri
=
redirect_uri_from_session_key
(
params
[
:state
])
.
session_key_for_second_redirect_uri
(
secure:
params
[
:state
])
second_redirect_uri
=
session
[
key
]
if
state_redirect_uri
redirect_to
state_redirect_uri
if
second_redirect_uri
.
present?
redirect_to
second_redirect_uri
else
else
redirect_to
root_path
redirect_to
root_path
end
end
end
end
private
def
redirect_uri_from_session_key
(
state
)
key
=
GoogleApi
::
CloudPlatform
::
Client
.
session_key_for_redirect_uri
(
params
[
:state
])
session
[
key
]
if
key
end
end
end
end
end
app/controllers/projects/clusters_controller.rb
View file @
f9d490db
...
@@ -16,13 +16,11 @@ class Projects::ClustersController < Projects::ApplicationController
...
@@ -16,13 +16,11 @@ class Projects::ClustersController < Projects::ApplicationController
def
login
def
login
begin
begin
GoogleApi
::
CloudPlatform
::
Client
.
session_key_for_second_redirect_uri
.
tap
do
|
key
,
secure
|
state
=
generate_session_key_redirect
(
namespace_project_clusters_url
.
to_s
)
session
[
key
]
=
namespace_project_clusters_url
.
to_s
@authorize_url
=
GoogleApi
::
CloudPlatform
::
Client
.
new
(
@authorize_url
=
GoogleApi
::
CloudPlatform
::
Client
.
new
(
nil
,
callback_google_api_auth_url
,
nil
,
callback_google_api_auth_url
,
state:
secure
).
authorize_url
state:
state
).
authorize_url
end
rescue
GoogleApi
::
Auth
::
ConfigMissingError
rescue
GoogleApi
::
Auth
::
ConfigMissingError
# no-op
# no-op
end
end
...
@@ -122,6 +120,12 @@ class Projects::ClustersController < Projects::ApplicationController
...
@@ -122,6 +120,12 @@ class Projects::ClustersController < Projects::ApplicationController
session
[
GoogleApi
::
CloudPlatform
::
Client
.
session_key_for_expires_at
]
session
[
GoogleApi
::
CloudPlatform
::
Client
.
session_key_for_expires_at
]
end
end
def
generate_session_key_redirect
(
uri
)
GoogleApi
::
CloudPlatform
::
Client
.
new_session_key_for_redirect_uri
do
|
key
|
session
[
key
]
=
uri
end
end
def
authorize_update_cluster!
def
authorize_update_cluster!
access_denied!
unless
can?
(
current_user
,
:update_cluster
,
cluster
)
access_denied!
unless
can?
(
current_user
,
:update_cluster
,
cluster
)
end
end
...
...
lib/google_api/cloud_platform/client.rb
View file @
f9d490db
...
@@ -16,9 +16,14 @@ module GoogleApi
...
@@ -16,9 +16,14 @@ module GoogleApi
:cloud_platform_expires_at
:cloud_platform_expires_at
end
end
def
session_key_for_second_redirect_uri
(
secure:
nil
)
def
new_session_key_for_redirect_uri
secure
=
SecureRandom
.
hex
unless
secure
SecureRandom
.
hex
.
tap
do
|
state
|
return
"cloud_platform_second_redirect_uri_
#{
secure
}
"
,
secure
yield
session_key_for_redirect_uri
(
state
)
end
end
def
session_key_for_redirect_uri
(
state
)
"cloud_platform_second_redirect_uri_
#{
state
}
"
end
end
end
end
...
...
spec/controllers/google_api/authorizations_controller_spec.rb
View file @
f9d490db
...
@@ -24,20 +24,19 @@ describe GoogleApi::AuthorizationsController do
...
@@ -24,20 +24,19 @@ describe GoogleApi::AuthorizationsController do
.
to
eq
(
expires_at
)
.
to
eq
(
expires_at
)
end
end
context
'when
second redirection url
key is stored in state'
do
context
'when
redirect uri
key is stored in state'
do
set
(
:project
)
{
create
(
:project
)
}
set
(
:project
)
{
create
(
:project
)
}
let
(
:
second_
redirect_uri
)
{
project_clusters_url
(
project
).
to_s
}
let
(
:redirect_uri
)
{
project_clusters_url
(
project
).
to_s
}
before
do
before
do
GoogleApi
::
CloudPlatform
::
Client
@state
=
GoogleApi
::
CloudPlatform
::
Client
.
session_key_for_second_redirect_uri
.
tap
do
|
key
,
secure
|
.
new_session_key_for_redirect_uri
do
|
key
|
@state
=
secure
session
[
key
]
=
redirect_uri
session
[
key
]
=
second_redirect_uri
end
end
end
end
it
'redirects to the URL stored in state param'
do
it
'redirects to the URL stored in state param'
do
expect
(
subject
).
to
redirect_to
(
second_
redirect_uri
)
expect
(
subject
).
to
redirect_to
(
redirect_uri
)
end
end
end
end
...
...
spec/controllers/projects/clusters_controller_spec.rb
View file @
f9d490db
...
@@ -190,7 +190,7 @@ describe Projects::ClustersController do
...
@@ -190,7 +190,7 @@ describe Projects::ClustersController do
subject
subject
expect
(
response
).
to
have_http_status
(
:ok
)
expect
(
response
).
to
have_http_status
(
:ok
)
expect
(
response
.
body
).
to
include
(
"Save
changes
"
)
expect
(
response
.
body
).
to
include
(
"Save"
)
end
end
it
"allows remove integration"
do
it
"allows remove integration"
do
...
...
spec/features/projects/clusters_spec.rb
View file @
f9d490db
...
@@ -69,14 +69,14 @@ feature 'Clusters', :js do
...
@@ -69,14 +69,14 @@ feature 'Clusters', :js do
end
end
it
'user sees an cluster details page'
do
it
'user sees an cluster details page'
do
expect
(
page
).
to
have_button
(
'Save
changes
'
)
expect
(
page
).
to
have_button
(
'Save'
)
expect
(
page
.
find
(
:css
,
'.cluster-name'
).
value
).
to
eq
(
cluster
.
gcp_cluster_name
)
expect
(
page
.
find
(
:css
,
'.cluster-name'
).
value
).
to
eq
(
cluster
.
gcp_cluster_name
)
end
end
context
'when user disables the cluster'
do
context
'when user disables the cluster'
do
before
do
before
do
page
.
find
(
:css
,
'.js-toggle-cluster'
).
click
page
.
find
(
:css
,
'.js-toggle-cluster'
).
click
click_button
'Save
changes
'
click_button
'Save'
end
end
it
'user sees the succeccful message'
do
it
'user sees the succeccful message'
do
...
...
spec/lib/google_api/cloud_platform/client_spec.rb
View file @
f9d490db
...
@@ -4,26 +4,20 @@ describe GoogleApi::CloudPlatform::Client do
...
@@ -4,26 +4,20 @@ describe GoogleApi::CloudPlatform::Client do
let
(
:token
)
{
'token'
}
let
(
:token
)
{
'token'
}
let
(
:client
)
{
described_class
.
new
(
token
,
nil
)
}
let
(
:client
)
{
described_class
.
new
(
token
,
nil
)
}
describe
'.session_key_for_
second_
redirect_uri'
do
describe
'.session_key_for_redirect_uri'
do
subject
{
described_class
.
session_key_for_second_redirect_uri
(
secure:
secure
)
}
let
(
:state
)
{
'random_string'
}
context
'when pass a postfix'
do
subject
{
described_class
.
session_key_for_redirect_uri
(
state
)
}
let
(
:secure
)
{
SecureRandom
.
hex
}
it
'creates a required session key'
do
it
'creates a new session key'
do
key
,
_
=
described_class
.
session_key_for_second_redirect_uri
(
secure:
secure
)
is_expected
.
to
eq
(
'cloud_platform_second_redirect_uri_random_string'
)
expect
(
key
).
to
eq
(
"cloud_platform_second_redirect_uri_
#{
secure
}
"
)
end
end
end
end
context
'when pass a postfix'
do
describe
'.new_session_key_for_redirect_uri'
do
let
(
:secure
)
{
nil
}
it
'generates a new session key'
do
expect
{
|
b
|
described_class
.
new_session_key_for_redirect_uri
(
&
b
)
}
it
'creates a new session key'
do
.
to
yield_with_args
(
String
)
key
,
secure
=
described_class
.
session_key_for_second_redirect_uri
expect
(
key
).
to
include
(
'cloud_platform_second_redirect_uri_'
)
expect
(
secure
).
not_to
be_nil
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment