Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-shell
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-shell
Commits
285f6164
Commit
285f6164
authored
Oct 15, 2014
by
Valery Sizov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add secret token
parent
d01eac99
Changes
11
Hide whitespace changes
Inline
Side-by-side
Showing
11 changed files
with
38 additions
and
9 deletions
+38
-9
.gitignore
.gitignore
+2
-0
VERSION
VERSION
+1
-1
lib/gitlab_net.rb
lib/gitlab_net.rb
+6
-1
spec/gitlab_net_spec.rb
spec/gitlab_net_spec.rb
+22
-0
spec/vcr_cassettes/allowed-pull.yml
spec/vcr_cassettes/allowed-pull.yml
+1
-1
spec/vcr_cassettes/allowed-push.yml
spec/vcr_cassettes/allowed-push.yml
+1
-1
spec/vcr_cassettes/check-ok.yml
spec/vcr_cassettes/check-ok.yml
+1
-1
spec/vcr_cassettes/denied-pull.yml
spec/vcr_cassettes/denied-pull.yml
+1
-1
spec/vcr_cassettes/denied-push-with-user.yml
spec/vcr_cassettes/denied-push-with-user.yml
+1
-1
spec/vcr_cassettes/denied-push.yml
spec/vcr_cassettes/denied-push.yml
+1
-1
spec/vcr_cassettes/discover-ok.yml
spec/vcr_cassettes/discover-ok.yml
+1
-1
No files found.
.gitignore
View file @
285f6164
...
...
@@ -4,3 +4,5 @@ tmp/*
/*.log*
authorized_keys.lock
coverage/
.gitlab_shell_secret
.bundle
VERSION
View file @
285f6164
2.0.
1
2.0.
2
lib/gitlab_net.rb
View file @
285f6164
...
...
@@ -76,6 +76,7 @@ class GitlabNet
url
=
URI
.
parse
(
url
)
http
=
http_client_for
url
request
=
http_request_for
url
request
.
set_form_data
(
secret_token:
secret_token
)
http
.
start
{
|
http
|
http
.
request
(
request
)
}.
tap
do
|
resp
|
if
resp
.
code
==
"200"
...
...
@@ -92,7 +93,7 @@ class GitlabNet
url
=
URI
.
parse
(
url
)
http
=
http_client_for
(
url
)
request
=
http_request_for
(
url
,
:post
)
request
.
set_form_data
(
params
)
request
.
set_form_data
(
params
.
merge
(
secret_token:
secret_token
)
)
http
.
start
{
|
http
|
http
.
request
(
request
)
}.
tap
do
|
resp
|
if
resp
.
code
==
"200"
...
...
@@ -116,4 +117,8 @@ class GitlabNet
end
end
end
def
secret_token
@secret_token
||=
File
.
read
File
.
join
(
ROOT_PATH
,
'.gitlab_shell_secret'
)
end
end
spec/gitlab_net_spec.rb
View file @
285f6164
...
...
@@ -8,6 +8,7 @@ describe GitlabNet, vcr: true do
before
do
gitlab_net
.
stub!
(
:host
).
and_return
(
'https://dev.gitlab.org/api/v3/internal'
)
gitlab_net
.
stub!
(
:secret_token
).
and_return
(
'a123'
)
end
describe
:check
do
...
...
@@ -17,6 +18,13 @@ describe GitlabNet, vcr: true do
result
.
code
.
should
==
'200'
end
end
it
'adds the secret_token to request'
do
VCR
.
use_cassette
(
"check-ok"
)
do
Net
::
HTTP
::
Get
.
any_instance
.
should_receive
(
:set_form_data
).
with
(
hash_including
(
secret_token:
'a123'
))
gitlab_net
.
check
end
end
end
describe
:discover
do
...
...
@@ -26,6 +34,13 @@ describe GitlabNet, vcr: true do
user
[
'name'
].
should
==
'Dmitriy Zaporozhets'
end
end
it
'adds the secret_token to request'
do
VCR
.
use_cassette
(
"discover-ok"
)
do
Net
::
HTTP
::
Get
.
any_instance
.
should_receive
(
:set_form_data
).
with
(
hash_including
(
secret_token:
'a123'
))
gitlab_net
.
discover
(
'key-126'
)
end
end
end
describe
:allowed?
do
...
...
@@ -37,6 +52,13 @@ describe GitlabNet, vcr: true do
end
end
it
'adds the secret_token theo request'
do
VCR
.
use_cassette
(
"allowed-pull"
)
do
Net
::
HTTP
::
Post
.
any_instance
.
should_receive
(
:set_form_data
).
with
(
hash_including
(
secret_token:
'a123'
))
gitlab_net
.
allowed?
(
'git-receive-pack'
,
'gitlab/gitlabhq.git'
,
'key-126'
,
changes
)
end
end
it
'should allow push access for dev.gitlab.org'
do
VCR
.
use_cassette
(
"allowed-push"
)
do
access
=
gitlab_net
.
allowed?
(
'git-upload-pack'
,
'gitlab/gitlabhq.git'
,
'key-126'
,
changes
)
...
...
spec/vcr_cassettes/allowed-pull.yml
View file @
285f6164
...
...
@@ -5,7 +5,7 @@ http_interactions:
uri
:
https://dev.gitlab.org/api/v3/internal/allowed
body
:
encoding
:
US-ASCII
string
:
action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=126
string
:
action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=126
&secret_token=a123
headers
:
Accept-Encoding
:
-
gzip;q=1.0,deflate;q=0.6,identity;q=0.3
...
...
spec/vcr_cassettes/allowed-push.yml
View file @
285f6164
...
...
@@ -5,7 +5,7 @@ http_interactions:
uri
:
https://dev.gitlab.org/api/v3/internal/allowed
body
:
encoding
:
US-ASCII
string
:
action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=126
string
:
action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=126
&secret_token=a123
headers
:
Accept-Encoding
:
-
gzip;q=1.0,deflate;q=0.6,identity;q=0.3
...
...
spec/vcr_cassettes/check-ok.yml
View file @
285f6164
...
...
@@ -5,7 +5,7 @@ http_interactions:
uri
:
https://dev.gitlab.org/api/v3/internal/check
body
:
encoding
:
US-ASCII
string
:
'
'
string
:
secret_token=a123
headers
:
Accept-Encoding
:
-
gzip;q=1.0,deflate;q=0.6,identity;q=0.3
...
...
spec/vcr_cassettes/denied-pull.yml
View file @
285f6164
...
...
@@ -5,7 +5,7 @@ http_interactions:
uri
:
https://dev.gitlab.org/api/v3/internal/allowed
body
:
encoding
:
US-ASCII
string
:
action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=2
string
:
action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=2
&secret_token=a123
headers
:
Accept-Encoding
:
-
gzip;q=1.0,deflate;q=0.6,identity;q=0.3
...
...
spec/vcr_cassettes/denied-push-with-user.yml
View file @
285f6164
...
...
@@ -5,7 +5,7 @@ http_interactions:
uri
:
https://dev.gitlab.org/api/v3/internal/allowed
body
:
encoding
:
US-ASCII
string
:
action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&user_id=1
string
:
action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&user_id=1
&secret_token=a123
headers
:
Accept-Encoding
:
-
gzip;q=1.0,deflate;q=0.6,identity;q=0.3
...
...
spec/vcr_cassettes/denied-push.yml
View file @
285f6164
...
...
@@ -5,7 +5,7 @@ http_interactions:
uri
:
https://dev.gitlab.org/api/v3/internal/allowed
body
:
encoding
:
US-ASCII
string
:
action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=2
string
:
action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=2
&secret_token=a123
headers
:
Accept-Encoding
:
-
gzip;q=1.0,deflate;q=0.6,identity;q=0.3
...
...
spec/vcr_cassettes/discover-ok.yml
View file @
285f6164
...
...
@@ -5,7 +5,7 @@ http_interactions:
uri
:
https://dev.gitlab.org/api/v3/internal/discover?key_id=126
body
:
encoding
:
US-ASCII
string
:
'
'
string
:
secret_token=a123
headers
:
Accept-Encoding
:
-
gzip;q=1.0,deflate;q=0.6,identity;q=0.3
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment