Merge branch 'remove-references-to-v3-internal-api' into 'master'

Remove references to V3 internal API Closes gitlab-ce#31952 See merge request !135

Merge branch 'remove-references-to-v3-internal-api' into 'master'
Remove references to V3 internal API Closes gitlab-ce#31952 See merge request !135
a374a557 · Dmitriy Zaporozhets · fa634351 · 8c33c47d · a374a557 · a374a557
Commit a374a557 authored Jun 21, 2017 by Dmitriy Zaporozhets
23 changed files
--- a/README.md
+++ b/README.md
@@ -155,3 +155,15 @@ Rails application:
 3. Update `GITLAB_SHELL_VERSION` in the Rails application to the **raw
   version**. (Note: this can be done as a separate MR to that, or in and MR
   that will make use of the latest GitLab Shell changes.)
+## Updating VCR fixtures
+In order to generate new VCR fixtures you need to have a local GitLab instance 
+running and have next data: 
+1. gitlab-org/gitlab-test project.
+2. SSH key with access to the project and ID 1 that belongs to Administrator.
+3. SSH key without access to the project and ID 2.
+You also need to modify `secret` variable at `spec/gitlab_net_spec.rb` so tests 
+can connect to your local instance.
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -33,7 +33,7 @@ class GitlabNet
      params.merge!(user_id: actor.gsub("user-", ""))
    end
-    url = "#{host_v3}/allowed"
+    url = "#{host}/allowed"
    resp = post(url, params)
    if resp.code == '200'
@@ -45,7 +45,7 @@ class GitlabNet
  def discover(key)
    key_id = key.gsub("key-", "")
-    resp = get("#{host_v3}/discover?key_id=#{key_id}")
+    resp = get("#{host}/discover?key_id=#{key_id}")
    JSON.parse(resp.body) rescue nil
  end
@@ -55,7 +55,7 @@ class GitlabNet
      key_id: key.gsub('key-', '')
    }
-    resp = post("#{host_v3}/lfs_authenticate", params)
+    resp = post("#{host}/lfs_authenticate", params)
    if resp.code == '200'
      GitlabLfsAuthentication.build_from_json(resp.body)
@@ -63,14 +63,14 @@ class GitlabNet
  end
  def broadcast_message
-    resp = get("#{host_v3}/broadcast_message")
+    resp = get("#{host}/broadcast_message")
    JSON.parse(resp.body) rescue {}
  end
  def merge_request_urls(gl_repository, changes)
    changes = changes.join("\n") unless changes.kind_of?(String)
    changes = changes.encode('UTF-8', 'ASCII', invalid: :replace, replace: '')
-    url = "#{host_v3}/merge_request_urls?" \
+    url = "#{host}/merge_request_urls?" \
      "gl_repository=#{URI.escape(gl_repository)}&" \
      "changes=#{URI.escape(changes)}"
@@ -79,11 +79,11 @@ class GitlabNet
  end
  def check
-    get("#{host_v3}/check", read_timeout: CHECK_TIMEOUT)
+    get("#{host}/check", read_timeout: CHECK_TIMEOUT)
  end
  def authorized_key(key)
-    resp = get("#{host_v3}/authorized_keys?key=#{URI.escape(key, '+/=')}")
+    resp = get("#{host}/authorized_keys?key=#{URI.escape(key, '+/=')}")
    JSON.parse(resp.body) if resp.code == "200"
  rescue
    nil
@@ -91,7 +91,7 @@ class GitlabNet
  def two_factor_recovery_codes(key)
    key_id = key.gsub('key-', '')
-    resp = post("#{host_v3}/two_factor_recovery_codes", key_id: key_id)
+    resp = post("#{host}/two_factor_recovery_codes", key_id: key_id)
    JSON.parse(resp.body) if resp.code == '200'
  rescue
@@ -140,10 +140,6 @@ class GitlabNet
    @config ||= GitlabConfig.new
  end
-  def host_v3
-    "#{config.gitlab_url}/api/v3/internal"
-  end
  def host
    "#{config.gitlab_url}/api/v4/internal"
  end

--- a/spec/gitlab_net_spec.rb
+++ b/spec/gitlab_net_spec.rb
@@ -6,13 +6,15 @@ require_relative '../lib/gitlab_access_status'
 describe GitlabNet, vcr: true do
  let(:gitlab_net) { GitlabNet.new }
  let(:changes) { ['0000000000000000000000000000000000000000 92d0970eefd7acb6d548878925ce2208cfe2d2ec refs/heads/branch4'] }
-  let(:host_v3) { 'https://dev.gitlab.org/api/v3/internal' }
+  let(:host) { 'http://localhost:3000/api/v4/internal' }
-  let(:host) { 'https://dev.gitlab.org/api/v4/internal' }
+  let(:project) { 'gitlab-org/gitlab-test.git' }
+  let(:key) { 'key-1' }
+  let(:key2) { 'key-2' }
+  let(:secret) { "0a3938d9d95d807e94d937af3a4fbbea\n" }
  before do
-    gitlab_net.stub(:host_v3).and_return(host_v3)
    gitlab_net.stub(:host).and_return(host)
-    gitlab_net.stub(:secret_token).and_return('a123')
+    gitlab_net.stub(:secret_token).and_return(secret)
  end
  describe :check do
@@ -25,7 +27,7 @@ describe GitlabNet, vcr: true do
    it 'adds the secret_token to request' do
      VCR.use_cassette("check-ok") do
-        Net::HTTP::Get.any_instance.should_receive(:set_form_data).with(hash_including(secret_token: 'a123'))
+        Net::HTTP::Get.any_instance.should_receive(:set_form_data).with(hash_including(secret_token: secret))
        gitlab_net.check
      end
    end
@@ -39,23 +41,23 @@ describe GitlabNet, vcr: true do
  describe :discover do
    it 'should return user has based on key id' do
      VCR.use_cassette("discover-ok") do
-        user = gitlab_net.discover('key-126')
+        user = gitlab_net.discover(key)
-        user['name'].should == 'Dmitriy Zaporozhets'
+        user['name'].should == 'Administrator'
-        user['username'].should == 'dzaporozhets'
+        user['username'].should == 'root'
      end
    end
    it 'adds the secret_token to request' do
      VCR.use_cassette("discover-ok") do
-        Net::HTTP::Get.any_instance.should_receive(:set_form_data).with(hash_including(secret_token: 'a123'))
+        Net::HTTP::Get.any_instance.should_receive(:set_form_data).with(hash_including(secret_token: secret))
-        gitlab_net.discover('key-126')
+        gitlab_net.discover(key)
      end
    end
    it "raises an exception if the connection fails" do
      VCR.use_cassette("discover-ok") do
        Net::HTTP.any_instance.stub(:request).and_raise(StandardError)
-        expect { gitlab_net.discover('key-126') }.to raise_error(GitlabNet::ApiUnreachableError)
+        expect { gitlab_net.discover(key) }.to raise_error(GitlabNet::ApiUnreachableError)
      end
    end
  end
@@ -64,10 +66,10 @@ describe GitlabNet, vcr: true do
    context 'lfs authentication succeeded' do
      it 'should return the correct data' do
        VCR.use_cassette('lfs-authenticate-ok') do
-          lfs_access = gitlab_net.lfs_authenticate('key-126', 'gitlab/gitlabhq.git')
+          lfs_access = gitlab_net.lfs_authenticate(key, project)
-          lfs_access.username.should == 'dzaporozhets'
+          lfs_access.username.should == 'root'
-          lfs_access.lfs_token.should == 'wsnys8Zm8Jn7zyhHTAAK'
+          lfs_access.lfs_token.should == 'Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ'
-          lfs_access.repository_http_path.should == 'http://gitlab.dev/gitlab/gitlabhq.git'
+          lfs_access.repository_http_path.should == URI.join(host.sub('api/v4', ''), project).to_s
        end
      end
    end
@@ -99,14 +101,14 @@ describe GitlabNet, vcr: true do
    let(:encoded_changes) { "123456%20789012%20refs/heads/test%0A654321%20210987%20refs/tags/tag" }
    it "sends the given arguments as encoded URL parameters" do
-      gitlab_net.should_receive(:get).with("#{host_v3}/merge_request_urls?gl_repository=#{gl_repository}&changes=#{encoded_changes}")
+      gitlab_net.should_receive(:get).with("#{host}/merge_request_urls?gl_repository=#{gl_repository}&changes=#{encoded_changes}")
      gitlab_net.merge_request_urls(gl_repository, changes)
    end
  end
  describe :authorized_key do
-    let (:ssh_key) { "AAAAB3NzaC1yc2EAAAADAQABAAACAQDPKPqqnqQ9PDFw65cO7iHXrKw6ucSZg8Bd2CZ150Yy1YRDPJOWeRNCnddS+M/Lk" }
+    let (:ssh_key) { "rsa-key" }
    it "should return nil when the resource is not implemented" do
      VCR.use_cassette("ssh-key-not-implemented") do
@@ -126,10 +128,11 @@ describe GitlabNet, vcr: true do
      VCR.use_cassette("ssh-key-ok") do
        result = gitlab_net.authorized_key(ssh_key)
        result.should eq({
-          "created_at" => "2016-03-04T18:27:36.959Z",
+          "can_push" => false,
-          "id" => 2,
+          "created_at" => "2017-06-21T09:50:07.150Z",
-          "key" => "ssh-rsa a-made=up-rsa-key dummy@gitlab.com",
+          "id" => 99,
-          "title" => "some key title"
+          "key" => "ssh-rsa rsa-key dummy@gitlab.com",
+          "title" => "untitled"
        })
      end
    end
@@ -138,7 +141,7 @@ describe GitlabNet, vcr: true do
  describe '#two_factor_recovery_codes' do
    it 'returns two factor recovery codes' do
      VCR.use_cassette('two-factor-recovery-codes') do
-        result = gitlab_net.two_factor_recovery_codes('key-1')
+        result = gitlab_net.two_factor_recovery_codes(key)
        expect(result['success']).to be_true
        expect(result['recovery_codes']).to eq(['f67c514de60c4953','41278385fc00c1e0'])
      end
@@ -146,7 +149,7 @@ describe GitlabNet, vcr: true do
    it 'returns false when recovery codes cannot be generated' do
      VCR.use_cassette('two-factor-recovery-codes-fail') do
-        result = gitlab_net.two_factor_recovery_codes('key-1')
+        result = gitlab_net.two_factor_recovery_codes('key-777')
        expect(result['success']).to be_false
        expect(result['message']).to eq('Could not find the given key')
      end
@@ -175,40 +178,40 @@ describe GitlabNet, vcr: true do
  describe :check_access do
    context 'ssh key with access nil, to project' do
-      it 'should allow pull access for dev.gitlab.org' do
+      it 'should allow pull access for host' do
        VCR.use_cassette("allowed-pull") do
-          access = gitlab_net.check_access('git-receive-pack', nil, 'gitlab/gitlabhq.git', 'key-126', changes, 'ssh')
+          access = gitlab_net.check_access('git-receive-pack', nil, project, key, changes, 'ssh')
          access.allowed?.should be_true
        end
      end
      it 'adds the secret_token to the request' do
        VCR.use_cassette("allowed-pull") do
-          Net::HTTP::Post.any_instance.should_receive(:set_form_data).with(hash_including(secret_token: 'a123'))
+          Net::HTTP::Post.any_instance.should_receive(:set_form_data).with(hash_including(secret_token: secret))
-          gitlab_net.check_access('git-receive-pack', nil, 'gitlab/gitlabhq.git', 'key-126', changes, 'ssh')
+          gitlab_net.check_access('git-receive-pack', nil, project, key, changes, 'ssh')
        end
      end
-      it 'should allow push access for dev.gitlab.org' do
+      it 'should allow push access for host' do
        VCR.use_cassette("allowed-push") do
-          access = gitlab_net.check_access('git-upload-pack', nil, 'gitlab/gitlabhq.git', 'key-126', changes, 'ssh')
+          access = gitlab_net.check_access('git-upload-pack', nil, project, key, changes, 'ssh')
          access.allowed?.should be_true
        end
      end
    end
    context 'ssh access has been disabled' do
-      it 'should deny pull access for dev.gitlab.org' do
+      it 'should deny pull access for host' do
-        VCR.use_cassette('ssh-access-disabled') do
+        VCR.use_cassette('ssh-pull-disabled') do
-          access = gitlab_net.check_access('git-receive-pack', nil, 'gitlab/gitlabhq.git', 'key-2', changes, 'ssh')
+          access = gitlab_net.check_access('git-upload-pack', nil, project, key, changes, 'ssh')
          access.allowed?.should be_false
          access.message.should eq 'Git access over SSH is not allowed'
        end
      end
-      it 'should deny pull access for dev.gitlab.org' do
+      it 'should deny push access for host' do
-        VCR.use_cassette('ssh-access-disabled') do
+        VCR.use_cassette('ssh-push-disabled') do
-          access = gitlab_net.check_access('git-receive-pack', nil, 'gitlab/gitlabhq.git', 'key-2', changes, 'ssh')
+          access = gitlab_net.check_access('git-receive-pack', nil, project, key, changes, 'ssh')
          access.allowed?.should be_false
          access.message.should eq 'Git access over SSH is not allowed'
        end
@@ -216,41 +219,41 @@ describe GitlabNet, vcr: true do
    end
    context 'http access has been disabled' do
-      it 'should deny pull access for dev.gitlab.org' do
+      it 'should deny pull access for host' do
-        VCR.use_cassette('http-access-disabled') do
+        VCR.use_cassette('http-pull-disabled') do
-          access = gitlab_net.check_access('git-receive-pack', nil, 'gitlab/gitlabhq.git', 'key-2', changes, 'http')
+          access = gitlab_net.check_access('git-upload-pack', nil, project, key, changes, 'http')
          access.allowed?.should be_false
-          access.message.should eq 'Git access over HTTP is not allowed'
+          access.message.should eq 'Pulling over HTTP is not allowed.'
        end
      end
-      it 'should deny pull access for dev.gitlab.org' do
+      it 'should deny push access for host' do
-        VCR.use_cassette('http-access-disabled') do
+        VCR.use_cassette("http-push-disabled") do
-          access = gitlab_net.check_access('git-receive-pack', nil, 'gitlab/gitlabhq.git', 'key-2', changes, 'http')
+          access = gitlab_net.check_access('git-receive-pack', nil, project, key, changes, 'http')
          access.allowed?.should be_false
-          access.message.should eq 'Git access over HTTP is not allowed'
+          access.message.should eq 'Pushing over HTTP is not allowed.'
        end
      end
    end
    context 'ssh key without access to project' do
-      it 'should deny pull access for dev.gitlab.org' do
+      it 'should deny pull access for host' do
-        VCR.use_cassette("denied-pull") do
+        VCR.use_cassette("ssh-pull-project-denied") do
-          access = gitlab_net.check_access('git-receive-pack', nil, 'gitlab/gitlabhq.git', 'key-2', changes, 'ssh')
+          access = gitlab_net.check_access('git-receive-pack', nil, project, key2, changes, 'ssh')
          access.allowed?.should be_false
        end
      end
-      it 'should deny push access for dev.gitlab.org' do
+      it 'should deny push access for host' do
-        VCR.use_cassette("denied-push") do
+        VCR.use_cassette("ssh-push-project-denied") do
-          access = gitlab_net.check_access('git-upload-pack', nil, 'gitlab/gitlabhq.git', 'key-2', changes, 'ssh')
+          access = gitlab_net.check_access('git-upload-pack', nil, project, key2, changes, 'ssh')
          access.allowed?.should be_false
        end
      end
-      it 'should deny push access for dev.gitlab.org (with user)' do
+      it 'should deny push access for host (with user)' do
-        VCR.use_cassette("denied-push-with-user") do
+        VCR.use_cassette("ssh-push-project-denied-with-user") do
-          access = gitlab_net.check_access('git-upload-pack', nil, 'gitlab/gitlabhq.git', 'user-1', changes, 'ssh')
+          access = gitlab_net.check_access('git-upload-pack', nil, project, 'user-2', changes, 'ssh')
          access.allowed?.should be_false
        end
      end
@@ -259,7 +262,7 @@ describe GitlabNet, vcr: true do
    it "raises an exception if the connection fails" do
      Net::HTTP.any_instance.stub(:request).and_raise(StandardError)
      expect {
-        gitlab_net.check_access('git-upload-pack', nil, 'gitlab/gitlabhq.git', 'user-1', changes, 'ssh')
+        gitlab_net.check_access('git-upload-pack', nil, project, 'user-1', changes, 'ssh')
      }.to raise_error(GitlabNet::ApiUnreachableError)
    end
  end
@@ -272,14 +275,6 @@ describe GitlabNet, vcr: true do
    it("uses API version 4") { should include("api/v4") }
  end
-  describe :host_v3 do
-    let(:net) { GitlabNet.new }
-    subject { net.send :host_v3 }
-    it { should include(net.send(:config).gitlab_url) }
-    it("uses API version 3") { should include("api/v3") }
-  end
  describe :http_client_for do
    subject { gitlab_net.send :http_client_for, URI('https://localhost/') }
    before do
@@ -306,7 +301,7 @@ describe GitlabNet, vcr: true do
        gitlab_net.send(:config).http_settings.stub(:[]).with('user') { user }
        gitlab_net.send(:config).http_settings.stub(:[]).with('password') { password }
        get.should_receive(:basic_auth).with(user, password).once
-        get.should_receive(:set_form_data).with(hash_including(secret_token: 'a123')).once
+        get.should_receive(:set_form_data).with(hash_including(secret_token: secret)).once
      end
      it { should_not be_nil }
@@ -315,7 +310,7 @@ describe GitlabNet, vcr: true do
    context 'Unix socket' do
      it 'sets the Host header to "localhost"' do
        gitlab_net = described_class.new
-        gitlab_net.should_receive(:secret_token).and_return('a123')
+        gitlab_net.should_receive(:secret_token).and_return(secret)
        request = gitlab_net.send(:http_request_for, :get, URI('http+unix://%2Ffoo'))

--- a/spec/vcr_cassettes/allowed-pull.yml
+++ b/spec/vcr_cassettes/allowed-pull.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: post
-    uri: https://dev.gitlab.org/api/v3/internal/allowed
+    uri: http://localhost:3000/api/v4/internal/allowed
    body:
      encoding: US-ASCII
-      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=126&secret_token=a123
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -20,29 +20,27 @@ http_interactions:
      code: 200
      message: OK
    headers:
-      Server:
+      Cache-Control:
-      - nginx/1.1.19
+      - max-age=0, private, must-revalidate
-      Date:
+      Content-Length:
-      - Wed, 03 Sep 2014 11:27:36 GMT
+      - '155'
      Content-Type:
      - application/json
-      Content-Length:
+      Date:
-      - '4'
+      - Wed, 21 Jun 2017 10:44:52 GMT
-      Connection:
-      - keep-alive
-      Status:
-      - 200 OK
      Etag:
-      - '"b326b5062b2f0e69046810717534cb09"'
+      - W/"45654cae433b5a9c5fbba1d45d382e52"
-      Cache-Control:
+      Vary:
-      - max-age=0, private, must-revalidate
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
      X-Request-Id:
-      - 85bfa9b3-fddc-4810-a033-f1eabc04c66c
+      - 8d4b8b06-fb6e-4f94-832f-72f8e0afad5f
      X-Runtime:
-      - '0.089741'
+      - '0.289759'
    body:
      encoding: UTF-8
-      string: '{"status": "true"}'
+      string: '{"status":true,"gl_repository":"project-3","repository_path":"/Users/dzaporozhets/Projects/gitlab-development-kit/repositories/gitlab-org/gitlab-test.git"}'
    http_version: 
-  recorded_at: Wed, 03 Sep 2014 11:27:36 GMT
+  recorded_at: Wed, 21 Jun 2017 10:44:52 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/allowed-push.yml
+++ b/spec/vcr_cassettes/allowed-push.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: post
-    uri: https://dev.gitlab.org/api/v3/internal/allowed
+    uri: http://localhost:3000/api/v4/internal/allowed
    body:
      encoding: US-ASCII
-      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=126&secret_token=a123
+      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -20,29 +20,27 @@ http_interactions:
      code: 200
      message: OK
    headers:
-      Server:
+      Cache-Control:
-      - nginx/1.1.19
+      - max-age=0, private, must-revalidate
-      Date:
+      Content-Length:
-      - Wed, 03 Sep 2014 11:27:37 GMT
+      - '155'
      Content-Type:
      - application/json
-      Content-Length:
+      Date:
-      - '4'
+      - Wed, 21 Jun 2017 10:44:52 GMT
-      Connection:
-      - keep-alive
-      Status:
-      - 200 OK
      Etag:
-      - '"b326b5062b2f0e69046810717534cb09"'
+      - W/"45654cae433b5a9c5fbba1d45d382e52"
-      Cache-Control:
+      Vary:
-      - max-age=0, private, must-revalidate
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
      X-Request-Id:
-      - 115e7a72-b3a6-49e1-b531-980c71088c9d
+      - 67ab4954-19e6-42ce-aae6-55c8ae5a365e
      X-Runtime:
-      - '0.833195'
+      - '0.230871'
    body:
      encoding: UTF-8
-      string: '{"status": "true"}'
+      string: '{"status":true,"gl_repository":"project-3","repository_path":"/Users/dzaporozhets/Projects/gitlab-development-kit/repositories/gitlab-org/gitlab-test.git"}'
    http_version: 
-  recorded_at: Wed, 03 Sep 2014 11:27:37 GMT
+  recorded_at: Wed, 21 Jun 2017 10:44:52 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/broadcast_message-none.yml
+++ b/spec/vcr_cassettes/broadcast_message-none.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: get
-    uri: https://dev.gitlab.org/api/v3/internal/broadcast_message
+    uri: http://localhost:3000/api/v4/internal/broadcast_message
    body:
      encoding: US-ASCII
-      string: secret_token=a123
+      string: secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -13,26 +13,34 @@ http_interactions:
      - "*/*"
      User-Agent:
      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
  response:
    status:
      code: 200
-      message: Not Found
+      message: OK
    headers:
-      Server:
+      Cache-Control:
-      - nginx/1.1.19
+      - max-age=0, private, must-revalidate
-      Date:
+      Content-Length:
-      - Sat, 07 Feb 2015 16:45:35 GMT
+      - '2'
      Content-Type:
      - application/json
-      Content-Length:
+      Date:
-      - '27'
+      - Wed, 21 Jun 2017 10:44:50 GMT
-      Connection:
+      Etag:
-      - keep-alive
+      - W/"99914b932bd37a50b983c5e7c90ae93b"
-      Status:
+      Vary:
-      - 200 OK
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - d31271ab-e21f-4349-a4c3-54f238c075c3
+      X-Runtime:
+      - '0.254031'
    body:
      encoding: UTF-8
-      string: '{}'
+      string: "{}"
    http_version: 
-  recorded_at: Sat, 07 Feb 2015 16:45:35 GMT
+  recorded_at: Wed, 21 Jun 2017 10:44:50 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/broadcast_message-ok.yml
+++ b/spec/vcr_cassettes/broadcast_message-ok.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: get
-    uri: https://dev.gitlab.org/api/v3/internal/broadcast_message
+    uri: http://localhost:3000/api/v4/internal/broadcast_message
    body:
      encoding: US-ASCII
-      string: secret_token=a123
+      string: secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -13,26 +13,34 @@ http_interactions:
      - "*/*"
      User-Agent:
      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
  response:
    status:
      code: 200
      message: OK
    headers:
-      Server:
+      Cache-Control:
-      - nginx/1.1.19
+      - max-age=0, private, must-revalidate
-      Date:
+      Content-Length:
-      - Sat, 07 Feb 2015 16:44:35 GMT
+      - '153'
      Content-Type:
      - application/json
-      Content-Length:
+      Date:
-      - '118'
+      - Wed, 21 Jun 2017 12:29:13 GMT
-      Connection:
+      Etag:
-      - keep-alive
+      - W/"ce6de457fcc884f50125e81a10f165ce"
-      Status:
+      Vary:
-      - 200 OK
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - ebaaf2c2-112e-4b3c-9182-e8714cd2a29c
+      X-Runtime:
+      - '0.276085'
    body:
      encoding: UTF-8
-      string: '{"message":"Message","starts_at":"2015-02-07T15:35:00.000Z","ends_at":"2015-02-07T16:35:00.000Z","color":"","font":""}'
+      string: '{"message":"Message","starts_at":"2017-06-21T12:28:00.000Z","ends_at":"2017-06-21T12:35:00.000Z","color":"#e75e40","font":"#ffffff","id":1,"active":true}'
    http_version: 
-  recorded_at: Sat, 07 Feb 2015 16:44:35 GMT
+  recorded_at: Wed, 21 Jun 2017 12:29:13 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/check-ok.yml
+++ b/spec/vcr_cassettes/check-ok.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: get
-    uri: https://dev.gitlab.org/api/v3/internal/check
+    uri: http://localhost:3000/api/v4/internal/check
    body:
      encoding: US-ASCII
-      string: secret_token=a123
+      string: secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -13,34 +13,34 @@ http_interactions:
      - "*/*"
      User-Agent:
      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
  response:
    status:
      code: 200
      message: OK
    headers:
-      Server:
+      Cache-Control:
-      - nginx/1.1.19
+      - max-age=0, private, must-revalidate
-      Date:
-      - Wed, 03 Sep 2014 11:27:35 GMT
-      Content-Type:
-      - application/json
      Content-Length:
      - '72'
-      Connection:
+      Content-Type:
-      - keep-alive
+      - application/json
-      Status:
+      Date:
-      - 200 OK
+      - Wed, 21 Jun 2017 10:44:49 GMT
      Etag:
-      - '"23ee74bf6981b57b9d0e0d8a91f3ec1b"'
+      - W/"e1b00c927355c31ffb83b0800821cdbd"
-      Cache-Control:
+      Vary:
-      - max-age=0, private, must-revalidate
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
      X-Request-Id:
-      - c389e282-4d7b-4041-9aed-336e5b007424
+      - 19d8b75c-45d1-4b8b-9e47-2fda86f98187
      X-Runtime:
-      - '0.958718'
+      - '0.245482'
    body:
      encoding: UTF-8
-      string: '{"api_version":"v3","gitlab_version":"7.3.0.pre","gitlab_rev":"e8f1331"}'
+      string: '{"api_version":"v4","gitlab_version":"9.3.0-pre","gitlab_rev":"8f537e5"}'
    http_version: 
-  recorded_at: Wed, 03 Sep 2014 11:27:35 GMT
+  recorded_at: Wed, 21 Jun 2017 10:44:49 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/discover-ok.yml
+++ b/spec/vcr_cassettes/discover-ok.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: get
-    uri: https://dev.gitlab.org/api/v3/internal/discover?key_id=126
+    uri: http://localhost:3000/api/v4/internal/discover?key_id=1
    body:
      encoding: US-ASCII
-      string: secret_token=a123
+      string: secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -13,34 +13,34 @@ http_interactions:
      - "*/*"
      User-Agent:
      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
  response:
    status:
      code: 200
      message: OK
    headers:
-      Server:
+      Cache-Control:
-      - nginx/1.1.19
+      - max-age=0, private, must-revalidate
-      Date:
+      Content-Length:
-      - Wed, 03 Sep 2014 11:27:35 GMT
+      - '42'
      Content-Type:
      - application/json
-      Content-Length:
+      Date:
-      - '56'
+      - Wed, 21 Jun 2017 10:44:49 GMT
-      Connection:
-      - keep-alive
-      Status:
-      - 200 OK
      Etag:
-      - '"1d75c1cf3d4bfa4d2b7bb6a0bcfd7f55"'
+      - W/"63b4ab301951bea83c4fc398eba8e307"
-      Cache-Control:
+      Vary:
-      - max-age=0, private, must-revalidate
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
      X-Request-Id:
-      - ef4513ae-0424-4941-8be0-b5a3a7b4bf12
+      - dc11b8d4-1972-417b-8305-2c35c849405c
      X-Runtime:
-      - '0.016934'
+      - '0.230170'
    body:
      encoding: UTF-8
-      string: '{"name":"Dmitriy Zaporozhets","username":"dzaporozhets"}'
+      string: '{"name":"Administrator","username":"root"}'
    http_version: 
-  recorded_at: Wed, 03 Sep 2014 11:27:35 GMT
+  recorded_at: Wed, 21 Jun 2017 10:44:49 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/denied-push-with-user.yml
+++ b/spec/vcr_cassettes/denied-push-with-user.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: post
-    uri: https://dev.gitlab.org/api/v3/internal/allowed
+    uri: http://localhost:3000/api/v4/internal/allowed
    body:
      encoding: US-ASCII
-      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&user_id=1&secret_token=a123
+      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=http&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -20,29 +20,27 @@ http_interactions:
      code: 200
      message: OK
    headers:
-      Server:
+      Cache-Control:
-      - nginx/1.1.19
+      - max-age=0, private, must-revalidate
-      Date:
+      Content-Length:
-      - Wed, 03 Sep 2014 11:27:39 GMT
+      - '62'
      Content-Type:
      - application/json
-      Content-Length:
+      Date:
-      - '4'
+      - Wed, 21 Jun 2017 10:32:01 GMT
-      Connection:
-      - keep-alive
-      Status:
-      - 200 OK
      Etag:
-      - '"b326b5062b2f0e69046810717534cb09"'
+      - W/"71e09fcf8a60a03cd1acc22806386ead"
-      Cache-Control:
+      Vary:
-      - max-age=0, private, must-revalidate
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
      X-Request-Id:
-      - 8bd01f76-6029-4921-ba97-12323a7d5750
+      - 70bdecc9-0078-4a4b-aa6b-cac1b2578886
      X-Runtime:
-      - '0.019640'
+      - '0.324202'
    body:
      encoding: UTF-8
-      string: '{"status": false}'
+      string: '{"status":false,"message":"Pulling over HTTP is not allowed."}'
    http_version: 
-  recorded_at: Wed, 03 Sep 2014 11:27:39 GMT
+  recorded_at: Wed, 21 Jun 2017 10:32:01 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/ssh-access-disabled.yml
+++ b/spec/vcr_cassettes/ssh-access-disabled.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: post
-    uri: https://dev.gitlab.org/api/v3/internal/allowed
+    uri: http://localhost:3000/api/v4/internal/allowed
    body:
      encoding: US-ASCII
-      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&protocol=ssh&key_id=2&secret_token=a123
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=http&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -21,24 +21,26 @@ http_interactions:
      message: OK
    headers:
      Cache-Control:
-      - no-cache
+      - max-age=0, private, must-revalidate
      Content-Length:
-      - '30'
+      - '62'
      Content-Type:
      - application/json
      Date:
-      - Wed, 22 Jun 2016 01:01:41 GMT
+      - Wed, 21 Jun 2017 10:32:01 GMT
-      Status:
+      Etag:
-      - 200 OK
+      - W/"7f14e23ac07cc8b0a53c567fcf9432fd"
      Vary:
      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
      X-Request-Id:
-      - 55b7af2c-3559-41d2-b301-9b86ad1d8fac
+      - 573f3584-87c6-41cb-a5bf-5e7ee76d4250
      X-Runtime:
-      - '2.280895'
+      - '0.266135'
    body:
      encoding: UTF-8
-      string: '{"status": false, "message":"Git access over SSH is not allowed"}'
+      string: '{"status":false,"message":"Pushing over HTTP is not allowed."}'
-    http_version:
+    http_version: 
-  recorded_at: Wed, 22 Jun 2016 01:01:41 GMT
+  recorded_at: Wed, 21 Jun 2017 10:32:01 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/lfs-authenticate-ok.yml
+++ b/spec/vcr_cassettes/lfs-authenticate-ok.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: post
-    uri: https://dev.gitlab.org/api/v3/internal/lfs_authenticate
+    uri: http://localhost:3000/api/v4/internal/lfs_authenticate
    body:
      encoding: US-ASCII
-      string: project=gitlab%2Fgitlabhq&key_id=126&secret_token=a123
+      string: project=gitlab-org%2Fgitlab-test.git&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -13,34 +13,34 @@ http_interactions:
      - "*/*"
      User-Agent:
      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
  response:
    status:
      code: 200
      message: OK
    headers:
-      Server:
+      Cache-Control:
-      - nginx/1.1.19
+      - max-age=0, private, must-revalidate
-      Date:
+      Content-Length:
-      - Wed, 03 Sep 2014 11:27:35 GMT
+      - '158'
      Content-Type:
      - application/json
-      Content-Length:
+      Date:
-      - '56'
+      - Wed, 21 Jun 2017 10:44:50 GMT
-      Connection:
-      - keep-alive
-      Status:
-      - 200 OK
      Etag:
-      - '"1d75c1cf3d4bfa4d2b7bb6a0bcfd7f55"'
+      - W/"0a8ccf1603566e521c169d5e43c86cd2"
-      Cache-Control:
+      Vary:
-      - max-age=0, private, must-revalidate
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
      X-Request-Id:
-      - ef4513ae-0424-4941-8be0-b5a3a7b4bf12
+      - d82d6071-1868-4a37-b026-65ab37f96f2f
      X-Runtime:
-      - '0.016934'
+      - '0.331056'
    body:
      encoding: UTF-8
-      string: '{"username":"dzaporozhets","lfs_token":"wsnys8Zm8Jn7zyhHTAAK","repository_http_path":"http://gitlab.dev/gitlab/gitlabhq.git"}'
+      string: '{"username":"root","lfs_token":"Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ","repository_http_path":"http://localhost:3000/gitlab-org/gitlab-test.git"}'
-    http_version:
+    http_version: 
-  recorded_at: Wed, 03 Sep 2014 11:27:35 GMT
+  recorded_at: Wed, 21 Jun 2017 10:44:50 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/notify-post-receive.yml
+++ b/spec/vcr_cassettes/notify-post-receive.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: post
-    uri: https://dev.gitlab.org/api/v4/internal/notify_post_receive
+    uri: http://localhost:3000/api/v4/internal/notify_post_receive
    body:
      encoding: US-ASCII
-      string: gl_repository=project-1&secret_token=a123
+      string: gl_repository=project-1&project=%2Fpath%2Fto%2Fmy%2Frepo.git&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -23,22 +23,24 @@ http_interactions:
      Cache-Control:
      - max-age=0, private, must-revalidate
      Content-Length:
-      - '2'
+      - '3'
      Content-Type:
      - application/json
      Date:
-      - Fri, 28 Apr 2017 20:07:14 GMT
+      - Wed, 21 Jun 2017 12:47:48 GMT
      Etag:
-      - W/"99914b932bd37a50b983c5e7c90ae93b"
+      - W/"3644a684f98ea8fe223c713b77189a77"
      Vary:
      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
      X-Request-Id:
-      - 404a3fa8-28ca-40d6-acbb-7923c7fbf342
+      - 407b184d-d6cf-43db-93fa-3f2d97112948
      X-Runtime:
-      - '3.988681'
+      - '6.626186'
    body:
      encoding: UTF-8
-      string: "{}"
+      string: '200'
    http_version: 
-  recorded_at: Fri, 28 Apr 2017 20:07:14 GMT
+  recorded_at: Wed, 21 Jun 2017 12:47:48 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/ssh-key-not-found.yml
+++ b/spec/vcr_cassettes/ssh-key-not-found.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: get
-    uri: https://dev.gitlab.org/api/v3/internal/authorized_keys?key=whatever
+    uri: http://localhost:3000/api/v4/internal/authorized_keys?key=whatever
    body:
      encoding: US-ASCII
-      string: secret_token=a123
+      string: secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -20,31 +20,25 @@ http_interactions:
      code: 404
      message: Not Found
    headers:
-      Server:
-      - nginx
-      Date:
-      - Mon, 07 Mar 2016 12:09:59 GMT
-      Content-Type:
-      - text/html; charset=utf-8
-      Connection:
-      - keep-alive
      Cache-Control:
      - no-cache
-      Set-Cookie:
+      Content-Length:
-      - _gitlab_session=a924e63729e538c9efe10fa8338077d7; path=/; expires=Mon, 14
+      - '31'
-        Mar 2016 12:09:59 -0000; secure; HttpOnly
+      Content-Type:
-      Status:
+      - application/json
-      - 404 Not Found
+      Date:
-      X-Content-Type-Options:
+      - Wed, 21 Jun 2017 12:15:09 GMT
-      - nosniff
+      Vary:
+      - Origin
      X-Frame-Options:
      - SAMEORIGIN
      X-Request-Id:
-      - 275ad011-515f-4239-80be-e537fd7c9086
+      - c829f804-616e-4046-9b70-cc6a2a559166
      X-Runtime:
-      - '2.169401'
+      - '0.281120'
-      X-Xss-Protection:
+    body:
-      - 1; mode=block
+      encoding: UTF-8
+      string: '{"message":"404 Key Not Found"}'
    http_version: 
-  recorded_at: Mon, 07 Mar 2016 12:10:00 GMT
+  recorded_at: Wed, 21 Jun 2017 12:15:09 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/ssh-key-not-implemented.yml
+++ b/spec/vcr_cassettes/ssh-key-not-implemented.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: get
-    uri: https://dev.gitlab.org/api/v3/internal/authorized_keys?key=whatever
+    uri: http://localhost:3000/api/v4/internal/authorized_keys?key=whatever
    body:
      encoding: US-ASCII
-      string: secret_token=a123
+      string: secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -17,34 +17,28 @@ http_interactions:
      - application/x-www-form-urlencoded
  response:
    status:
-      code: 501
+      code: 404
-      message: Not Implemented
+      message: Not Found
    headers:
-      Server:
-      - nginx
-      Date:
-      - Mon, 07 Mar 2016 12:09:59 GMT
-      Content-Type:
-      - text/html; charset=utf-8
-      Connection:
-      - keep-alive
      Cache-Control:
      - no-cache
-      Set-Cookie:
+      Content-Length:
-      - _gitlab_session=a924e63729e538c9efe10fa8338077d7; path=/; expires=Mon, 14
+      - '31'
-        Mar 2016 12:09:59 -0000; secure; HttpOnly
+      Content-Type:
-      Status:
+      - application/json
-      - 501 Not Implemented
+      Date:
-      X-Content-Type-Options:
+      - Wed, 21 Jun 2017 12:15:09 GMT
-      - nosniff
+      Vary:
+      - Origin
      X-Frame-Options:
      - SAMEORIGIN
      X-Request-Id:
-      - 275ad011-515f-4239-80be-e537fd7c9086
+      - 4bcc3073-f32d-4e07-994e-5eb476b23d41
      X-Runtime:
-      - '2.169401'
+      - '0.448808'
-      X-Xss-Protection:
+    body:
-      - 1; mode=block
+      encoding: UTF-8
+      string: '{"message":"404 Key Not Found"}'
    http_version: 
-  recorded_at: Mon, 07 Mar 2016 12:10:00 GMT
+  recorded_at: Wed, 21 Jun 2017 12:15:09 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/ssh-key-ok.yml
+++ b/spec/vcr_cassettes/ssh-key-ok.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: get
-    uri: https://dev.gitlab.org/api/v3/internal/authorized_keys?key=AAAAB3NzaC1yc2EAAAADAQABAAACAQDPKPqqnqQ9PDFw65cO7iHXrKw6ucSZg8Bd2CZ150Yy1YRDPJOWeRNCnddS+M/Lk
+    uri: http://localhost:3000/api/v4/internal/authorized_keys?key=rsa-key
    body:
      encoding: US-ASCII
-      string: secret_token=a123
+      string: secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -20,21 +20,28 @@ http_interactions:
      code: 200
      message: OK
    headers:
-      Server:
-      - nginx/1.1.19
-      Date:
-      - Wed, 03 Sep 2014 11:27:35 GMT
-      Content-Type:
-      - application/json
-      Connection:
-      - keep-alive
-      Status:
-      - 200 OK
      Cache-Control:
      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '686'
+      Content-Type:
+      - application/json
+      Date:
+      - Wed, 21 Jun 2017 12:16:41 GMT
+      Etag:
+      - W/"18dfce1367306a2dda6aaf8b1e7795a8"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - 839ab67c-7b72-44e0-916e-ca4f68c25604
+      X-Runtime:
+      - '9.070282'
    body:
      encoding: UTF-8
-      string: '{"id":2, "title":"some key title", "key":"ssh-rsa a-made=up-rsa-key dummy@gitlab.com", "created_at":"2016-03-04T18:27:36.959Z"}'
+      string: '{"id":99,"title":"untitled","key":"ssh-rsa rsa-key
+        dummy@gitlab.com","created_at":"2017-06-21T09:50:07.150Z","can_push":false}'
    http_version: 
-  recorded_at: Mon, 07 Mar 2016 12:10:00 GMT
+  recorded_at: Wed, 21 Jun 2017 12:16:41 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/denied-push.yml
+++ b/spec/vcr_cassettes/denied-push.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: post
-    uri: https://dev.gitlab.org/api/v3/internal/allowed
+    uri: http://localhost:3000/api/v4/internal/allowed
    body:
      encoding: US-ASCII
-      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=2&secret_token=a123
+      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -17,30 +17,30 @@ http_interactions:
      - application/x-www-form-urlencoded
  response:
    status:
-      code: 404
+      code: 200
-      message: Not Found
+      message: OK
    headers:
-      Server:
+      Cache-Control:
-      - nginx/1.1.19
+      - max-age=0, private, must-revalidate
-      Date:
+      Content-Length:
-      - Wed, 03 Sep 2014 11:27:38 GMT
+      - '63'
      Content-Type:
      - application/json
-      Content-Length:
+      Date:
-      - '27'
+      - Wed, 21 Jun 2017 12:23:57 GMT
-      Connection:
+      Etag:
-      - keep-alive
+      - W/"76a32010244f80700d5e1ba8a55d094c"
-      Status:
+      Vary:
-      - 404 Not Found
+      - Origin
-      Cache-Control:
+      X-Frame-Options:
-      - no-cache
+      - SAMEORIGIN
      X-Request-Id:
-      - 8b0210d2-4db5-4325-8120-740e22eaf7d5
+      - 096ae253-c6fe-4360-b4d4-48f4b5435ca6
      X-Runtime:
-      - '0.015198'
+      - '6.377187'
    body:
      encoding: UTF-8
-      string: '{"status": false, "message":"404 Not found"}'
+      string: '{"status":false,"message":"Git access over SSH is not allowed"}'
    http_version: 
-  recorded_at: Wed, 03 Sep 2014 11:27:38 GMT
+  recorded_at: Wed, 21 Jun 2017 12:23:57 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/http-access-disabled.yml
+++ b/spec/vcr_cassettes/http-access-disabled.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: post
-    uri: https://dev.gitlab.org/api/v3/internal/allowed
+    uri: http://localhost:3000/api/v4/internal/allowed
    body:
      encoding: US-ASCII
-      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&protocol=http&key_id=2&secret_token=a123
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -21,24 +21,26 @@ http_interactions:
      message: OK
    headers:
      Cache-Control:
-      - no-cache
+      - max-age=0, private, must-revalidate
      Content-Length:
-      - '30'
+      - '63'
      Content-Type:
      - application/json
      Date:
-      - Wed, 22 Jun 2016 01:03:41 GMT
+      - Wed, 21 Jun 2017 12:24:04 GMT
-      Status:
+      Etag:
-      - 200 OK
+      - W/"76a32010244f80700d5e1ba8a55d094c"
      Vary:
      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
      X-Request-Id:
-      - 55b7af2c-3559-41d2-b301-9b86ad1d8fac
+      - c843a5a3-fc08-46eb-aa45-caceae515638
      X-Runtime:
-      - '2.280895'
+      - '7.359835'
    body:
      encoding: UTF-8
-      string: '{"status": false, "message":"Git access over HTTP is not allowed"}'
+      string: '{"status":false,"message":"Git access over SSH is not allowed"}'
    http_version: 
-  recorded_at: Wed, 22 Jun 2016 01:03:41 GMT
+  recorded_at: Wed, 21 Jun 2017 12:24:04 GMT
 recorded_with: VCR 2.4.0
\ No newline at end of file
--- a/spec/vcr_cassettes/denied-pull.yml
+++ b/spec/vcr_cassettes/denied-pull.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: post
-    uri: https://dev.gitlab.org/api/v3/internal/allowed
+    uri: http://localhost:3000/api/v4/internal/allowed
    body:
      encoding: US-ASCII
-      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=2&secret_token=a123
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -17,30 +17,30 @@ http_interactions:
      - application/x-www-form-urlencoded
  response:
    status:
-      code: 404
+      code: 200
-      message: Not Found
+      message: OK
    headers:
-      Server:
+      Cache-Control:
-      - nginx/1.1.19
+      - max-age=0, private, must-revalidate
-      Date:
+      Content-Length:
-      - Wed, 03 Sep 2014 11:27:38 GMT
+      - '63'
      Content-Type:
      - application/json
-      Content-Length:
+      Date:
-      - '27'
+      - Wed, 21 Jun 2017 12:23:57 GMT
-      Connection:
+      Etag:
-      - keep-alive
+      - W/"76a32010244f80700d5e1ba8a55d094c"
-      Status:
+      Vary:
-      - 404 Not Found
+      - Origin
-      Cache-Control:
+      X-Frame-Options:
-      - no-cache
+      - SAMEORIGIN
      X-Request-Id:
-      - f9c23a82-be65-41c8-958a-5f3e1b9aa58b
+      - 93620e06-fda9-4be5-855e-300f5d62fa3c
      X-Runtime:
-      - '0.028027'
+      - '0.207159'
    body:
      encoding: UTF-8
-      string: '{"status": false, "message":"404 Not found"}'
+      string: '{"status":false,"message":"Git access over SSH is not allowed"}'
    http_version: 
-  recorded_at: Wed, 03 Sep 2014 11:27:38 GMT
+  recorded_at: Wed, 21 Jun 2017 12:23:57 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/ssh-push-project-denied-with-user.yml
+++ b/spec/vcr_cassettes/ssh-push-project-denied-with-user.yml
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&user_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '63'
+      Content-Type:
+      - application/json
+      Date:
+      - Wed, 21 Jun 2017 12:24:05 GMT
+      Etag:
+      - W/"76a32010244f80700d5e1ba8a55d094c"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - 3b242d73-d860-48ac-8fef-80e2d0d3daca
+      X-Runtime:
+      - '0.342469'
+    body:
+      encoding: UTF-8
+      string: '{"status":false,"message":"Git access over SSH is not allowed"}'
+    http_version: 
+  recorded_at: Wed, 21 Jun 2017 12:24:05 GMT
+recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/ssh-push-project-denied.yml
+++ b/spec/vcr_cassettes/ssh-push-project-denied.yml
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/allowed
+    body:
+      encoding: US-ASCII
+      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '63'
+      Content-Type:
+      - application/json
+      Date:
+      - Wed, 21 Jun 2017 12:24:04 GMT
+      Etag:
+      - W/"76a32010244f80700d5e1ba8a55d094c"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - 8ce54f29-9ed0-46e5-aedb-37edaa3d52da
+      X-Runtime:
+      - '0.228256'
+    body:
+      encoding: UTF-8
+      string: '{"status":false,"message":"Git access over SSH is not allowed"}'
+    http_version: 
+  recorded_at: Wed, 21 Jun 2017 12:24:04 GMT
+recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/two-factor-recovery-codes-fail.yml
+++ b/spec/vcr_cassettes/two-factor-recovery-codes-fail.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: post
-    uri: https://dev.gitlab.org/api/v3/internal/two_factor_recovery_codes
+    uri: http://localhost:3000/api/v4/internal/two_factor_recovery_codes
    body:
      encoding: US-ASCII
-      string: username=user-1&secret_token=a123
+      string: key_id=777&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -20,23 +20,27 @@ http_interactions:
      code: 200
      message: OK
    headers:
-      Server:
+      Cache-Control:
-      - nginx
+      - max-age=0, private, must-revalidate
-      Date:
+      Content-Length:
-      - Tue, 16 Aug 2016 22:10:11 GMT
+      - '58'
      Content-Type:
      - application/json
-      Connection:
+      Date:
-      - keep-alive
+      - Wed, 21 Jun 2017 12:33:42 GMT
-      Status:
+      Etag:
-      - 200 OK
+      - W/"2642e3904bef8fa05ab8e0ca78c19047"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
      X-Request-Id:
-      - 4467029d-51c6-41bc-af5f-6da279dbb238
+      - 7f8f2587-f6a2-445a-97a2-36fb9ea8f2d2
      X-Runtime:
-      - '0.004589'
+      - '0.196409'
    body:
      encoding: UTF-8
-      string: '{ "success": false, "message": "Could not find the given key" }'
+      string: '{"success":false,"message":"Could not find the given key"}'
-    http_version:
+    http_version: 
-  recorded_at: Tue, 16 Aug 2016 22:10:11 GMT
+  recorded_at: Wed, 21 Jun 2017 12:33:42 GMT
 recorded_with: VCR 2.4.0
--- a/spec/vcr_cassettes/two-factor-recovery-codes.yml
+++ b/spec/vcr_cassettes/two-factor-recovery-codes.yml
@@ -2,10 +2,10 @@
 http_interactions:
 - request:
    method: post
-    uri: https://dev.gitlab.org/api/v3/internal/two_factor_recovery_codes
+    uri: http://localhost:3000/api/v4/internal/two_factor_recovery_codes
    body:
      encoding: US-ASCII
-      string: username=user-1&secret_token=a123
+      string: key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -20,23 +20,27 @@ http_interactions:
      code: 200
      message: OK
    headers:
-      Server:
+      Cache-Control:
-      - nginx
+      - max-age=0, private, must-revalidate
-      Date:
+      Content-Length:
-      - Tue, 16 Aug 2016 22:10:11 GMT
+      - '225'
      Content-Type:
      - application/json
-      Connection:
+      Date:
-      - keep-alive
+      - Wed, 21 Jun 2017 12:31:42 GMT
-      Status:
+      Etag:
-      - 200 OK
+      - W/"087adad20960d665d59e7e4ca02efd28"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
      X-Request-Id:
-      - 4467029d-51c6-41bc-af5f-6da279dbb238
+      - a0e1c950-83a7-4fed-afb0-bfb01d104795
      X-Runtime:
-      - '0.004589'
+      - '1.378088'
    body:
      encoding: UTF-8
-      string: '{ "success": true, "recovery_codes": ["f67c514de60c4953","41278385fc00c1e0"] }'
+      string: '{"success":true,"recovery_codes":["f67c514de60c4953","41278385fc00c1e0"]}'
-    http_version:
+    http_version: 
-  recorded_at: Tue, 16 Aug 2016 22:10:11 GMT
+  recorded_at: Wed, 21 Jun 2017 12:31:42 GMT
 recorded_with: VCR 2.4.0