Commit fda9332f authored by Sean McGivern's avatar Sean McGivern

Merge branch '299685-fix-packages-build-info-when-pushed-with-job-token' into 'master'

Fix `#current_authenticated_job` when used with `.authenticate_with`

See merge request gitlab-org/gitlab!56564
parents 2933bd9d 5bd0917d
---
title: Fix `#current_authenticated_job` when used with `.authenticate_with` in Grape APIs
merge_request: 56564
author:
type: fixed
......@@ -49,7 +49,11 @@ module API
# Returns the job associated with the token provided for
# authentication, if any
def current_authenticated_job
@current_authenticated_job
if try(:namespace_inheritable, :authentication)
ci_build_from_namespace_inheritable
else
@current_authenticated_job # rubocop:disable Gitlab/ModuleWithInstanceVariables
end
end
# rubocop:disable Gitlab/ModuleWithInstanceVariables
......
......@@ -52,6 +52,11 @@ module API
token&.user
end
def ci_build_from_namespace_inheritable
token = token_from_namespace_inheritable
token if token.is_a?(::Ci::Build)
end
private
def find_token_from_raw_credentials(token_types, raw)
......
......@@ -7,6 +7,7 @@ RSpec.describe API::Helpers::Authentication do
let_it_be(:project, reload: true) { create(:project, :public) }
let_it_be(:personal_access_token) { create(:personal_access_token, user: user) }
let_it_be(:deploy_token) { create(:deploy_token, read_package_registry: true, write_package_registry: true) }
let_it_be(:ci_build) { create(:ci_build, :running, user: user) }
describe 'class methods' do
subject { Class.new.include(described_class::ClassMethods).new }
......@@ -176,6 +177,20 @@ RSpec.describe API::Helpers::Authentication do
end
end
describe '#ci_build_from_namespace_inheritable' do
subject { object.ci_build_from_namespace_inheritable }
it 'returns #token_from_namespace_inheritable if it is a ci build' do
expect(object).to receive(:token_from_namespace_inheritable).and_return(ci_build)
expect(subject).to be(ci_build)
end
it 'returns nil if #token_from_namespace_inheritable is not a ci build' do
expect(object).to receive(:token_from_namespace_inheritable).and_return(personal_access_token)
expect(subject).to eq(nil)
end
end
describe '#user_from_namespace_inheritable' do
subject { object.user_from_namespace_inheritable }
......
......@@ -188,6 +188,10 @@ RSpec.describe API::NugetProjectPackages do
it_behaves_like 'deploy token for package uploads'
it_behaves_like 'job token for package uploads', authorize_endpoint: true do
let_it_be(:job) { create(:ci_build, :running, user: user) }
end
it_behaves_like 'rejects nuget access with unknown target id'
it_behaves_like 'rejects nuget access with invalid target id'
......@@ -251,6 +255,10 @@ RSpec.describe API::NugetProjectPackages do
it_behaves_like 'deploy token for package uploads'
it_behaves_like 'job token for package uploads' do
let_it_be(:job) { create(:ci_build, :running, user: user) }
end
it_behaves_like 'rejects nuget access with unknown target id'
it_behaves_like 'rejects nuget access with invalid target id'
......
......@@ -118,7 +118,7 @@ RSpec.describe API::PypiPackages do
it_behaves_like 'deploy token for package uploads'
it_behaves_like 'job token for package uploads'
it_behaves_like 'job token for package uploads', authorize_endpoint: true
it_behaves_like 'rejects PyPI access with unknown project id'
end
......
......@@ -100,7 +100,7 @@ RSpec.shared_examples 'job token for package GET requests' do
end
end
RSpec.shared_examples 'job token for package uploads' do
RSpec.shared_examples 'job token for package uploads' do |authorize_endpoint: false|
context 'with job token headers' do
let(:headers) { basic_auth_header(::Gitlab::Auth::CI_JOB_USER, job.token).merge(workhorse_headers) }
......@@ -111,6 +111,17 @@ RSpec.shared_examples 'job token for package uploads' do
context 'valid token' do
it_behaves_like 'returning response status', :success
unless authorize_endpoint
it 'creates a package with build info' do
expect { subject }.to change { Packages::Package.count }.by(1)
pkg = ::Packages::Package.order_created
.last
expect(pkg.build_infos).to be
end
end
end
context 'invalid token' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment