Commit fd467491 authored by kushalpandya's avatar kushalpandya Committed by Nick Thomas

Frontend for configuring pull mirroring with SSH authentication

parent f885f8cb
export default {
PASSWORD: 'password',
SSH: 'ssh_public_key',
import MirrorPull from './mirror_pull';
document.addEventListener('DOMContentLoaded', () => {
const mirrorPull = new MirrorPull('.js-project-mirror-push-form');
/* global Flash */
import AUTH_METHOD from './constants';
export default class MirrorPull {
constructor(formSelector) {
this.backOffRequestCounter = 0;
this.$form = $(formSelector);
this.$repositoryUrl = this.$form.find('.js-repo-url');
this.$sectionSSHHostKeys = this.$form.find('.js-ssh-host-keys-section');
this.$hostKeysInformation = this.$form.find('.js-fingerprint-ssh-info');
this.$btnDetectHostKeys = this.$form.find('.js-detect-host-keys');
this.$btnSSHHostsShowAdvanced = this.$form.find('.btn-show-advanced');
this.$dropdownAuthType = this.$form.find('.js-pull-mirror-auth-type');
this.$wellAuthTypeChanging = this.$form.find('.js-well-changing-auth');
this.$wellPasswordAuth = this.$form.find('.js-well-password-auth');
this.$wellSSHAuth = this.$form.find('.js-well-ssh-auth');
this.$sshPublicKeyWrap = this.$form.find('.js-ssh-public-key-wrap');
init() {
this.$repositoryUrl.on('keyup', e => this.handleRepositoryUrlInput(e));
this.$form.find('.js-known-hosts').on('keyup', e => this.handleSSHKnownHostsInput(e));
this.$dropdownAuthType.on('change', e => this.handleAuthTypeChange(e));
this.$btnDetectHostKeys.on('click', e => this.handleDetectHostKeys(e));
this.$btnSSHHostsShowAdvanced.on('click', e => this.handleSSHHostsAdvanced(e));
* Method to monitor Git Repository URL input
handleRepositoryUrlInput() {
const protocol = this.$repositoryUrl.val().split('://')[0];
const protRegEx = /http|git/;
// Validate URL and verify if it consists only supported protocols
if (this.$form.get(0).checkValidity()) {
// Hide/Show SSH Host keys section only for SSH URLs
this.$sectionSSHHostKeys.toggleClass('hidden', protocol !== 'ssh');
// Verify if URL is http, https or git and hide/show Auth type dropdown
// as we don't support auth type SSH for non-SSH URLs
this.$dropdownAuthType.toggleClass('hidden', protRegEx.test(protocol));
* Click event handler to detect SSH Host key and fingerprints from
* provided Git Repository URL.
handleDetectHostKeys() {
const projectMirrorSSHEndpoint = this.$'project-mirror-endpoint');
const repositoryUrl = this.$repositoryUrl.val();
const $btnLoadSpinner = this.$btnDetectHostKeys.find('.detect-host-keys-load-spinner');
// Disable button while we make request
// Make backOff polling to get data
gl.utils.backOff((next, stop) => {
.done((res, statusText, header) => {
if (header.status === 204) {
this.backOffRequestCounter = this.backOffRequestCounter += 1;
if (this.backOffRequestCounter < 3) {
} else {
} else {
.then((res) => {
// Once data is received, we show verification info along with Host keys and fingerprints
this.$hostKeysInformation.find('.js-fingerprint-verification').toggleClass('hidden', res.changes_project_import_data);
if (res.known_hosts && res.fingerprints) {
.catch((res) => {
// Show failure message when there's an error and re-enable Detect host keys button
const failureMessage = res.responseJSON ? res.responseJSON.message : 'Something went wrong on our end.';
Flash(failureMessage); // eslint-disable-line
* Method to monitor known hosts textarea input
handleSSHKnownHostsInput() {
// Strike-out fingerprints and remove verification info if `known hosts` value is altered
* Click event handler for `Show advanced` button under SSH Host keys section
handleSSHHostsAdvanced() {
const $knownHost = this.$sectionSSHHostKeys.find('.js-ssh-known-hosts');
this.$btnSSHHostsShowAdvanced.toggleClass('show-advanced', $knownHost.hasClass('hidden'));
* Authentication method dropdown change event listener
handleAuthTypeChange() {
const projectMirrorAuthTypeEndpoint = `${this.$form.attr('action')}.json`;
const $sshPublicKey = this.$sshPublicKeyWrap.find('.ssh-public-key');
const selectedAuthType = this.$dropdownAuthType.val();
// Construct request body
const authTypeData = {
project: {
import_data_attributes: {
regenerate_ssh_private_key: true,
// Show load spinner and hide other containers
// This request should happen only if selected Auth type was SSH
// and SSH Public key was not present on page load
if (selectedAuthType === AUTH_METHOD.SSH &&
!$sshPublicKey.text().trim()) {
type: 'PUT',
url: projectMirrorAuthTypeEndpoint,
contentType: 'application/json; charset=utf-8',
data: JSON.stringify(authTypeData),
.done((res) => {
// Show SSH public key container and fill in public key
.fail(() => {
Flash('Something went wrong on our end.');
.always(() => {
} else {
* Method to parse SSH Host keys data and render it
* under SSH host keys section
showSSHInformation(sshHostKeys) {
const $fingerprintsList = this.$hostKeysInformation.find('.js-fingerprints-list');
let fingerprints = '';
sshHostKeys.fingerprints.forEach((fingerprint) => {
const escFingerprints = _.escape(fingerprint.fingerprint);
fingerprints += `<code>${escFingerprints}</code>`;
* Toggle Auth type information container based on provided `authType`
toggleAuthWell(authType) {
this.$wellPasswordAuth.toggleClass('hidden', authType !== AUTH_METHOD.PASSWORD);
this.$wellSSHAuth.toggleClass('hidden', authType !== AUTH_METHOD.SSH);
* Toggle SSH auth information message
toggleSSHAuthWellMessage(sshKeyPresent) {
this.$sshPublicKeyWrap.toggleClass('hidden', !sshKeyPresent);
this.$wellSSHAuth.find('.js-ssh-public-key-present').toggleClass('hidden', !sshKeyPresent);
this.$wellSSHAuth.find('.js-btn-regenerate-ssh-key').toggleClass('hidden', !sshKeyPresent);
this.$wellSSHAuth.find('.js-ssh-public-key-pending').toggleClass('hidden', sshKeyPresent);
...@@ -990,3 +990,76 @@ a.allowed-to-push { ...@@ -990,3 +990,76 @@ a.allowed-to-push {
border-color: $border-color; border-color: $border-color;
} }
} }
/* EE-specific styles */
.project-mirror-settings {
.fingerprint-verified {
color: $green-500;
.btn-copy-ssh-public-key {
float: left;
.ssh-public-key {
width: 95%;
word-wrap: break-word;
word-break: break-all;
.btn-copy-ssh-public-key {
margin-left: 5px;
.known-hosts {
font-family: $monospace_font;
.btn-show-advanced {
min-width: 135px;
.label-show {
display: none;
.label-hide {
display: inline;
.fa.fa-chevron::before {
content: "\f077";
&.show-advanced {
.label-show {
display: inline;
.label-hide {
display: none;
.fa.fa-chevron::before {
content: "\f078";
.fingerprints-list {
code {
display: block;
padding: 8px;
margin-bottom: 5px;
&.invalidate {
text-decoration: line-through;
.changing-auth-method {
display: flex;
justify-content: center;
.account-well.prepend-top-default.append-bottom-default .account-well.prepend-top-default.append-bottom-default
%ul %ul
%li %li
The repository must be accessible over <code>http://</code>, <code>https://</code> or <code>git://</code>. The repository must be accessible over <code>http://</code>, <code>https://</code>, <code>ssh://</code> or <code>git://</code>.
%li %li
If your HTTP repository is not publicly accessible, add authentication information to the URL: <code></code>. Include the username in the URL if required: <code></code>.
%li %li
The update action will time out after 10 minutes. For big repositories, use a clone/push combination. The update action will time out after 10 minutes. For big repositories, use a clone/push combination.
%li %li
- expanded = Rails.env.test? - expanded = Rails.env.test?
- import_data = @project.import_data || @project.build_import_data
- protocols = AddressableUrlValidator::DEFAULT_OPTIONS[:protocols].join('|')
%section.settings.project-mirror-settings %section.settings.project-mirror-settings
.settings-header .settings-header
%h4 %h4
...@@ -10,30 +13,26 @@ ...@@ -10,30 +13,26 @@
updated from an upstream repository. updated from an upstream repository.
= link_to 'Read more', help_page_path('workflow/repository_mirroring', anchor: 'pulling-from-a-remote-repository'), target: '_blank' = link_to 'Read more', help_page_path('workflow/repository_mirroring', anchor: 'pulling-from-a-remote-repository'), target: '_blank'{ class: ('expanded' if expanded) }{ class: ('expanded' if expanded) }
= form_for @project, url: project_mirror_path(@project) do |f| = form_for @project, url: project_mirror_path(@project), html: { class: 'gl-show-field-errors project-mirror-push-form js-project-mirror-push-form', autocomplete: 'false', data: { project_mirror_endpoint: ssh_host_keys_project_mirror_path(@project, :json) } } do |f|
%div %div
= form_errors(@project) = form_errors(@project)
Set up mirror repository
= render "shared/mirror_update_button" = render "shared/mirror_update_button"
- if @project.mirror_last_update_failed? = render "projects/mirrors/pull/mirror_update_fail"
The repository failed to update #{time_ago_with_tooltip(@project.mirror_last_update_at)}.
- if @project.mirror_ever_updated_successfully?
Last successful update #{time_ago_with_tooltip(@project.mirror_last_successful_update_at)}.
.form-group .form-group
= f.check_box :mirror, class: "pull-left" = f.check_box :mirror, class: "pull-left"
.prepend-left-20 .prepend-left-20
= f.label :mirror, "Mirror repository", class: "label-light append-bottom-0" = f.label :mirror, "Mirror repository", class: "label-light append-bottom-0"
.form-group .form-group
= f.label :import_url, "Git repository URL", class: "label-light" = f.label :username_only_import_url, "Git repository URL", class: "label-light"
= f.text_field :import_url, class: 'form-control', placeholder: '' = f.text_field :username_only_import_url, class: 'form-control js-repo-url', placeholder: '', required: 'required', pattern: "(#{protocols}):\/\/.+", title: 'URL must have protocol present (eg; ssh://...)'
= render "projects/mirrors/instructions" = render "projects/mirrors/instructions"
= f.fields_for :import_data, import_data do |import_form|
= render partial: "projects/mirrors/pull/ssh_host_keys", locals: { f: import_form }
= render partial: "projects/mirrors/pull/authentication_method", locals: { f: import_form }
.form-group .form-group
= f.label :mirror_user_id, "Mirror user", class: "label-light" = f.label :mirror_user_id, "Mirror user", class: "label-light"
= select_tag('project[mirror_user_id]', options_for_mirror_user, class: "select2 lg", required: true) = select_tag('project[mirror_user_id]', options_for_mirror_user, class: "select2 lg", required: true)
- content_for :page_specific_javascripts do
= webpack_bundle_tag 'mirrors'
- if @project.feature_available?(:repository_mirrors) - if @project.feature_available?(:repository_mirrors)
= render 'projects/mirrors/pull' = render 'projects/mirrors/pull'
= render 'projects/mirrors/push' = render 'projects/mirrors/push'
- import_data = f.object
- regen_data = { auth_method: 'ssh_public_key', regenerate_ssh_private_key: true }
- ssh_key_auth = import_data.ssh_key_auth?
- ssh_public_key_present = import_data.ssh_public_key.present?
= f.label :auth_method, 'Authentication method', class: 'label-light'
= :auth_method,
options_for_select([['Password authentication', 'password'], ['SSH public key authentication', 'ssh_public_key']], import_data.auth_method),
{}, { class: "form-control js-pull-mirror-auth-type #{'hidden' unless import_data.ssh_import?}" }
= icon('spinner spin lg')
= f.label :password, "Password", class: "label-light"
= f.password_field :password, value: import_data.password, class: 'form-control'
%p.js-ssh-public-key-present{ class: ('hidden' unless ssh_public_key_present) }
Here is the public SSH key that needs to be added to the remote
server. For more information, please refer to the documentation.
%p.js-ssh-public-key-pending{ class: ('hidden' if ssh_public_key_present) }
An SSH key will be automatically generated when the form is
submitted. For more information, please refer to the documentation.
.clearfix.js-ssh-public-key-wrap{ class: ('hidden' unless ssh_public_key_present) }
= import_data.ssh_public_key
= clipboard_button(text: import_data.ssh_public_key, title: _("Copy SSH public key to clipboard"), class: 'prepend-top-10 btn-copy-ssh-public-key')
= link_to 'Regenerate key', project_mirror_path(@project, project: { import_data_attributes: regen_data }),
method: :patch,
data: { confirm: 'Are you sure you want to regenerate public key? You will have to update the public key on the remote server before mirroring will work again.' },
class: "btn btn-inverted btn-warning prepend-top-10 js-btn-regenerate-ssh-key #{ 'hidden' unless ssh_public_key_present }"
- if @project.mirror_last_update_failed?
The repository failed to update #{time_ago_with_tooltip(@project.mirror_last_update_at)}.
- if @project.mirror_ever_updated_successfully?
Last successful update #{time_ago_with_tooltip(@project.mirror_last_successful_update_at)}.
- import_data = f.object
- verified_by = import_data.ssh_known_hosts_verified_by
- verified_at = import_data.ssh_known_hosts_verified_at
.form-group.js-ssh-host-keys-section{ class: ('hidden' unless import_data.ssh_import?) }
%button.btn.btn-inverted.btn-success.append-bottom-15.js-detect-host-keys{ type: 'button' }
= icon('spinner spin', class: 'detect-host-keys-load-spinner hidden')
Detect host keys
.fingerprint-ssh-info.js-fingerprint-ssh-info{ class: ('hidden' unless import_data.ssh_import?) }
- import_data.ssh_known_hosts_fingerprints.each do |fp|
%code= fp.fingerprint
- if verified_by || verified_at
Verified by
- if verified_by
= link_to, user_path(verified_by)
- else
a deleted user
#{time_ago_in_words(verified_at)} ago
.js-ssh-hosts-advanced{ type: 'button' }
Show advanced
Hide advanced
= icon('chevron')
= f.label :ssh_known_hosts, 'SSH host keys', class: 'label-light'
= f.text_area :ssh_known_hosts, class: 'form-control known-hosts js-known-hosts', rows: '10'
...@@ -54,6 +54,7 @@ var config = { ...@@ -54,6 +54,7 @@ var config = {
locale: './locale/index.js', locale: './locale/index.js',
main: './main.js', main: './main.js',
merge_conflicts: './merge_conflicts/merge_conflicts_bundle.js', merge_conflicts: './merge_conflicts/merge_conflicts_bundle.js',
mirrors: './mirrors',
monitoring: './monitoring/monitoring_bundle.js', monitoring: './monitoring/monitoring_bundle.js',
network: './network/network_bundle.js', network: './network/network_bundle.js',
notebook_viewer: './blob/notebook_viewer.js', notebook_viewer: './blob/notebook_viewer.js',
...@@ -184,6 +184,18 @@ describe Projects::MirrorsController do ...@@ -184,6 +184,18 @@ describe Projects::MirrorsController do
expect(import_data.ssh_known_hosts_verified_at).to be_nil expect(import_data.ssh_known_hosts_verified_at).to be_nil
expect(import_data.ssh_known_hosts_verified_by).to be_nil expect(import_data.ssh_known_hosts_verified_by).to be_nil
end end
it 'only allows the current user to be the mirror user' do
mirror_user = project.mirror_user
other_user = create(:user)
do_put(project, { mirror_user_id: }, format: :json)
expect(response).to have_http_status(200)
expect(project.mirror_user(true)).to eq(mirror_user)
end end
context 'HTML' do context 'HTML' do
...@@ -44,15 +44,5 @@ describe 'Project settings > [EE] repository' do ...@@ -44,15 +44,5 @@ describe 'Project settings > [EE] repository' do
expect(page).to have_selector('#project_remote_mirrors_attributes_0_enabled') expect(page).to have_selector('#project_remote_mirrors_attributes_0_enabled')
expect(page).to have_selector('#project_remote_mirrors_attributes_0_url') expect(page).to have_selector('#project_remote_mirrors_attributes_0_url')
end end
it 'sets mirror user' do
page.within('.project-mirror-settings') do
select2(, from: '#project_mirror_user_id')
click_button('Save changes')
expect(find('.select2-chosen')).to have_content(
end end
end end
require 'spec_helper' require 'spec_helper'
feature 'Project mirror' do feature 'Project mirror', js: true do
include ReactiveCachingHelpers
let(:project) { create(:project, :mirror, :import_finished, :repository, creator: user, name: 'Victorialand') } let(:project) { create(:project, :mirror, :import_finished, :repository, creator: user, name: 'Victorialand') }
let(:user) { create(:user) } let(:user) { create(:user) }
describe 'On a project', js: true do describe 'On a project' do
before do before do << [user, :master] project.add_master(user)
sign_in user sign_in user
end end
...@@ -59,4 +61,157 @@ feature 'Project mirror' do ...@@ -59,4 +61,157 @@ feature 'Project mirror' do
end end
end end
end end
describe 'configuration' do
# Start from a project with no mirroring set up
let(:project) { create(:project, :repository, creator: user) }
let(:import_data) { project.import_data(true) }
before do
visit project_settings_repository_path(project)
describe 'password authentication' do
it 'can be set up' do
page.within('.project-mirror-settings') do
check 'Mirror repository'
fill_in 'Git repository URL', with: ''
fill_in 'Password', with: 'foo'
click_without_sidekiq 'Save changes'
expect(page).to have_content('Mirroring settings were successfully updated')
expect(project.mirror?).to be_truthy
expect(import_data.auth_method).to eq('password')
expect(project.import_url).to eq('')
describe 'SSH public key authentication' do
it 'can be set up' do
page.within('.project-mirror-settings') do
check 'Mirror repository'
fill_in 'Git repository URL', with: 'ssh://'
select 'SSH public key authentication', from: 'Authentication method'
# Generates an SSH public key with an asynchronous PUT and displays it
expect(import_data.ssh_public_key).not_to be_nil
expect(page).to have_content(import_data.ssh_public_key)
click_without_sidekiq 'Save changes'
# We didn't set any host keys
expect(page).to have_content('Mirroring settings were successfully updated')
expect(page).not_to have_content('Verified by')
expect(project.mirror?).to be_truthy
expect(project.username_only_import_url).to eq('ssh://')
expect(import_data.auth_method).to eq('ssh_public_key')
expect(import_data.password).to be_blank
first_key = import_data.ssh_public_key
expect(page).to have_content(first_key)
# Check regenerating the public key works
click_without_sidekiq 'Regenerate key'
expect(page).not_to have_content(first_key)
expect(page).to have_content(import_data.reload.ssh_public_key)
describe 'host key management', use_clean_rails_memory_store_caching: true do
let(:key) { }
let(:cache) { project, url: "ssh://") }
it 'fills fingerprints and host keys when detecting' do
stub_reactive_cache(cache, known_hosts: key.key)
page.within('.project-mirror-settings') do
fill_in 'Git repository URL', with: 'ssh://'
click_on 'Detect host keys'
expect(page).to have_content(key.fingerprint)
click_on 'Show advanced'
expect(page).to have_field('SSH host keys', with: key.key)
it 'displays error if detection fails' do
stub_reactive_cache(cache, error: 'Some error text here')
page.within('.project-mirror-settings') do
fill_in 'Git repository URL', with: 'ssh://'
click_on 'Detect host keys'
# Appears in the flash
expect(page).to have_content('Some error text here')
it 'allows manual host keys entry' do
page.within('.project-mirror-settings') do
fill_in 'Git repository URL', with: 'ssh://'
click_on 'Show advanced'
fill_in 'SSH host keys', with: " #{key.key}"
click_without_sidekiq 'Save changes'
expect(page).to have_content(key.fingerprint)
expect(page).to have_content("Verified by #{h(} less than a minute ago")
describe 'authentication methods' do
it 'shows SSH related fields for an SSH URL' do
page.within('.project-mirror-settings') do
fill_in 'Git repository URL', with: 'ssh://'
expect(page).to have_select('Authentication method')
# SSH can use password authentication but needs host keys
select 'Password authentication', from: 'Authentication method'
expect(page).to have_field('Password')
expect(page).to have_button('Detect host keys')
expect(page).to have_button('Show advanced')
# SSH public key authentication also needs host keys but no password
select 'SSH public key authentication', from: 'Authentication method'
expect(page).not_to have_field('Password')
expect(page).to have_button('Detect host keys')
expect(page).to have_button('Show advanced')
it 'hides SSH-related fields for a HTTP URL' do
page.within('.project-mirror-settings') do
fill_in 'Git repository URL', with: ''
# HTTPS can't use public key authentication and doesn't need host keys
expect(page).to have_field('Password')
expect(page).not_to have_select('Authentication method')
expect(page).not_to have_button('Detect host keys')
expect(page).not_to have_button('Show advanced')
def click_without_sidekiq(*args)
Sidekiq::Testing.fake! { click_on(*args) }
end end
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment