Commit a44b30f7 authored by Nick Thomas's avatar Nick Thomas

Merge branch 'ashmckenzie/8114-geo-push-ssh-lfs-http-auth-bug' into 'master'

Include LFS operation when requesting auth

See merge request gitlab-org/gitlab-shell!254
parents 9cf3334c 1c6a8d1d
...@@ -53,28 +53,22 @@ class GitlabNet # rubocop:disable Metrics/ClassLength ...@@ -53,28 +53,22 @@ class GitlabNet # rubocop:disable Metrics/ClassLength
JSON.parse(resp.body) rescue nil JSON.parse(resp.body) rescue nil
end end
def lfs_authenticate(gl_id, repo) def lfs_authenticate(gl_id, repo, operation)
id_sym, _, id = self.class.parse_who(gl_id) id_sym, _, id = self.class.parse_who(gl_id)
params = { project: sanitize_path(repo), operation: operation }
if id_sym == :key_id case id_sym
params = { when :key_id
project: sanitize_path(repo), params[:key_id] = id
key_id: id when :user_id
} params[:user_id] = id
elsif id_sym == :user_id
params = {
project: sanitize_path(repo),
user_id: id
}
else else
raise ArgumentError, "lfs_authenticate() got unsupported GL_ID='#{gl_id}'!" raise ArgumentError, "lfs_authenticate() got unsupported GL_ID='#{gl_id}'!"
end end
resp = post("#{internal_api_endpoint}/lfs_authenticate", params) resp = post("#{internal_api_endpoint}/lfs_authenticate", params)
if resp.code == '200' GitlabLfsAuthentication.build_from_json(resp.body) if resp.code == '200'
GitlabLfsAuthentication.build_from_json(resp.body)
end
end end
def broadcast_message def broadcast_message
......
...@@ -155,8 +155,9 @@ class GitlabShell # rubocop:disable Metrics/ClassLength ...@@ -155,8 +155,9 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
if @command == 'git-lfs-authenticate' if @command == 'git-lfs-authenticate'
GitlabMetrics.measure('lfs-authenticate') do GitlabMetrics.measure('lfs-authenticate') do
$logger.info('Processing LFS authentication', user: log_username) operation = args[2]
lfs_authenticate $logger.info('Processing LFS authentication', operation: operation, user: log_username)
lfs_authenticate(operation)
end end
return return
end end
...@@ -224,8 +225,8 @@ class GitlabShell # rubocop:disable Metrics/ClassLength ...@@ -224,8 +225,8 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
@config.audit_usernames ? username : "user with id #{@gl_id}" @config.audit_usernames ? username : "user with id #{@gl_id}"
end end
def lfs_authenticate def lfs_authenticate(operation)
lfs_access = api.lfs_authenticate(@gl_id, @repo_name) lfs_access = api.lfs_authenticate(@gl_id, @repo_name, operation)
return unless lfs_access return unless lfs_access
......
...@@ -67,12 +67,27 @@ describe GitlabNet, vcr: true do ...@@ -67,12 +67,27 @@ describe GitlabNet, vcr: true do
describe '#lfs_authenticate' do describe '#lfs_authenticate' do
context 'lfs authentication succeeded' do context 'lfs authentication succeeded' do
let(:repository_http_path) { URI.join(internal_api_endpoint.sub('api/v4', ''), project).to_s }
context 'for download operation' do
it 'should return the correct data' do it 'should return the correct data' do
VCR.use_cassette('lfs-authenticate-ok') do VCR.use_cassette('lfs-authenticate-ok-download') do
lfs_access = gitlab_net.lfs_authenticate(key, project) lfs_access = gitlab_net.lfs_authenticate(key, project, 'download')
expect(lfs_access.username).to eq('root') expect(lfs_access.username).to eq('root')
expect(lfs_access.lfs_token).to eq('Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ') expect(lfs_access.lfs_token).to eq('Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ')
expect(lfs_access.repository_http_path).to eq(URI.join(internal_api_endpoint.sub('api/v4', ''), project).to_s) expect(lfs_access.repository_http_path).to eq(repository_http_path)
end
end
end
context 'for upload operation' do
it 'should return the correct data' do
VCR.use_cassette('lfs-authenticate-ok-upload') do
lfs_access = gitlab_net.lfs_authenticate(key, project, 'upload')
expect(lfs_access.username).to eq('root')
expect(lfs_access.lfs_token).to eq('Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ')
expect(lfs_access.repository_http_path).to eq(repository_http_path)
end
end end
end end
end end
......
---
http_interactions:
- request:
method: post
uri: http://localhost:3000/api/v4/internal/lfs_authenticate
body:
encoding: US-ASCII
string: project=gitlab-org%2Fgitlab-test.git&key_id=1&operation=download&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
headers:
Accept-Encoding:
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
Accept:
- "*/*"
User-Agent:
- Ruby
Content-Type:
- application/x-www-form-urlencoded
response:
status:
code: 200
message: OK
headers:
Cache-Control:
- max-age=0, private, must-revalidate
Content-Length:
- '158'
Content-Type:
- application/json
Date:
- Wed, 21 Jun 2017 10:44:50 GMT
Etag:
- W/"0a8ccf1603566e521c169d5e43c86cd2"
Vary:
- Origin
X-Frame-Options:
- SAMEORIGIN
X-Request-Id:
- d82d6071-1868-4a37-b026-65ab37f96f2f
X-Runtime:
- '0.331056'
body:
encoding: UTF-8
string: '{"username":"root","lfs_token":"Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ","repository_http_path":"http://localhost:3000/gitlab-org/gitlab-test.git"}'
http_version:
recorded_at: Wed, 21 Jun 2017 10:44:50 GMT
recorded_with: VCR 2.4.0
...@@ -5,7 +5,7 @@ http_interactions: ...@@ -5,7 +5,7 @@ http_interactions:
uri: http://localhost:3000/api/v4/internal/lfs_authenticate uri: http://localhost:3000/api/v4/internal/lfs_authenticate
body: body:
encoding: US-ASCII encoding: US-ASCII
string: project=gitlab-org%2Fgitlab-test.git&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A string: project=gitlab-org%2Fgitlab-test.git&key_id=1&operation=upload&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
headers: headers:
Accept-Encoding: Accept-Encoding:
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3 - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment