Introduce changes from code review

f00c577d · Małgorzata Ksionek · eff3b3c0 · f00c577d · f00c577d · f00c577d
Commit f00c577d authored Oct 03, 2019 by Małgorzata Ksionek
10 changed files
--- a/go/internal/command/lfsauthenticate/lfsauthenticate_test.go
+++ b/go/internal/command/lfsauthenticate/lfsauthenticate_test.go
@@ -90,7 +90,7 @@ func TestLfsAuthenticateRequests(t *testing.T) {
 			},
 		},
 		{
-			Path: "/api/v4/internal/allowed/secure",
+			Path: "/api/v4/internal/allowed",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				b, err := ioutil.ReadAll(r.Body)
 				defer r.Body.Close()

--- a/go/internal/command/receivepack/customaction_test.go
+++ b/go/internal/command/receivepack/customaction_test.go
@@ -22,7 +22,7 @@ func TestCustomReceivePack(t *testing.T) {

 	requests := []testserver.TestRequestHandler{
 		{
-			Path: "/api/v4/internal/allowed/secure",
+			Path: "/api/v4/internal/allowed",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				b, err := ioutil.ReadAll(r.Body)
 				require.NoError(t, err)

--- a/go/internal/command/shared/accessverifier/accessverifier_test.go
+++ b/go/internal/command/shared/accessverifier/accessverifier_test.go
@@ -24,7 +24,7 @@ var (
 func setup(t *testing.T) (*Command, *bytes.Buffer, *bytes.Buffer, func()) {
 	requests := []testserver.TestRequestHandler{
 		{
-			Path: "/api/v4/internal/allowed/secure",
+			Path: "/api/v4/internal/allowed",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				b, err := ioutil.ReadAll(r.Body)
 				require.NoError(t, err)

--- a/go/internal/gitlabnet/accessverifier/client.go
+++ b/go/internal/gitlabnet/accessverifier/client.go
@@ -8,6 +8,7 @@ import (
 	"gitlab.com/gitlab-org/gitlab-shell/go/internal/command/commandargs"
 	"gitlab.com/gitlab-org/gitlab-shell/go/internal/config"
 	"gitlab.com/gitlab-org/gitlab-shell/go/internal/gitlabnet"
+	"gitlab.com/gitlab-org/gitlab-shell/go/internal/sshenv"
 )

 const (
@@ -26,6 +27,7 @@ type Request struct {
 	Protocol string                  `json:"protocol"`
 	KeyId    string                  `json:"key_id,omitempty"`
 	Username string                  `json:"username,omitempty"`
+	CheckIp  string                  `json:"check_ip,omitempty"`
 }

 type Gitaly struct {
@@ -80,7 +82,9 @@ func (c *Client) Verify(args *commandargs.Shell, action commandargs.CommandType,
 		request.KeyId = args.GitlabKeyId
 	}

-	response, err := c.client.Post("/allowed/secure", request)
+	request.CheckIp = sshenv.LocalAddr()
+
+	response, err := c.client.Post("/allowed", request)
 	if err != nil {
 		return nil, err
 	}

--- a/go/internal/gitlabnet/accessverifier/client_test.go
+++ b/go/internal/gitlabnet/accessverifier/client_test.go
@@ -157,7 +157,7 @@ func setup(t *testing.T) (*Client, func()) {

 	requests := []testserver.TestRequestHandler{
 		{
-			Path: "/api/v4/internal/allowed/secure",
+			Path: "/api/v4/internal/allowed",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				b, err := ioutil.ReadAll(r.Body)
 				require.NoError(t, err)

--- a/go/internal/gitlabnet/client.go
+++ b/go/internal/gitlabnet/client.go
@@ -10,7 +10,6 @@ import (
 	"strings"

 	"gitlab.com/gitlab-org/gitlab-shell/go/internal/config"
-	"gitlab.com/gitlab-org/gitlab-shell/go/internal/sshenv"
 )

 const (
@@ -110,10 +109,6 @@ func (c *GitlabClient) DoRequest(method, path string, data interface{}) (*http.R
 	request.Header.Set(secretHeaderName, encodedSecret)

 	request.Header.Add("Content-Type", "application/json")
-	ipAddr := sshenv.LocalAddr()
-	if ipAddr != "" {
-		request.Header.Add("X-Forwarded-For", ipAddr)
-	}

 	request.Close = true


--- a/go/internal/gitlabnet/client_test.go
+++ b/go/internal/gitlabnet/client_test.go
@@ -50,20 +50,6 @@ func TestClients(t *testing.T) {
 				fmt.Fprint(w, r.Header.Get(secretHeaderName))
 			},
 		},
-		{
-			Path: "/api/v4/internal/with_ip",
-			Handler: func(w http.ResponseWriter, r *http.Request) {
-				header := r.Header.Get("X-Forwarded-For")
-				require.Equal(t, "127.0.0.1", header)
-			},
-		},
-		{
-			Path: "/api/v4/internal/with_empty_ip",
-			Handler: func(w http.ResponseWriter, r *http.Request) {
-				header := r.Header.Get("X-Forwarded-For")
-				require.Equal(t, "", header)
-			},
-		},
 		{
 			Path: "/api/v4/internal/error",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
@@ -233,49 +219,3 @@ func testAuthenticationHeader(t *testing.T, client *GitlabClient) {
 		assert.Equal(t, "sssh, it's a secret", string(header))
 	})
 }
-
-func testXForwardedForHeader(t *testing.T, client *GitlabClient) {
-	t.Run("X-Forwarded-For for GET", func(t *testing.T) {
-		cleanup, err := testhelper.Setenv("SSH_CONNECTION", "127.0.0.1 0")
-		require.NoError(t, err)
-		defer cleanup()
-
-		response, err := client.Get("/with_ip")
-
-		require.NoError(t, err)
-		require.NotNil(t, response)
-		response.Body.Close()
-	})
-
-	t.Run("X-Forwarded-For for POST", func(t *testing.T) {
-		data := map[string]string{"key": "value"}
-		cleanup, err := testhelper.Setenv("SSH_CONNECTION", "127.0.0.1 0")
-		require.NoError(t, err)
-		defer cleanup()
-
-		response, err := client.Post("/with_ip", data)
-
-		require.NoError(t, err)
-		require.NotNil(t, response)
-		response.Body.Close()
-	})
-}
-
-func testEmptyForwardedForHeader(t *testing.T, client *GitlabClient) {
-	t.Run("X-Forwarded-For empty for GET", func(t *testing.T) {
-		response, err := client.Get("/with_empty_ip")
-
-		require.NoError(t, err)
-		require.NotNil(t, response)
-		response.Body.Close()
-	})
-
-	t.Run("X-Forwarded-For empty for POST", func(t *testing.T) {
-		data := map[string]string{"key": "value"}
-		response, err := client.Post("/with_empty_ip", data)
-
-		require.NoError(t, err)
-		require.NotNil(t, response)
-		response.Body.Close()
-	})
-}
--- a/go/internal/sshenv/sshenv.go
+++ b/go/internal/sshenv/sshenv.go
@@ -11,5 +11,5 @@ func LocalAddr() string {
 	if address != "" {
 		return strings.Fields(address)[0]
 	}
-	return address
+	return ""
 }
--- a/go/internal/testhelper/requesthandlers/requesthandlers.go
+++ b/go/internal/testhelper/requesthandlers/requesthandlers.go
@@ -13,7 +13,7 @@ import (
 func BuildDisallowedByApiHandlers(t *testing.T) []testserver.TestRequestHandler {
 	requests := []testserver.TestRequestHandler{
 		{
-			Path: "/api/v4/internal/allowed/secure",
+		  Path: "/api/v4/internal/allowed",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				body := map[string]interface{}{
 					"status":  false,
@@ -31,7 +31,7 @@ func BuildDisallowedByApiHandlers(t *testing.T) []testserver.TestRequestHandler
 func BuildAllowedWithGitalyHandlers(t *testing.T, gitalyAddress string) []testserver.TestRequestHandler {
 	requests := []testserver.TestRequestHandler{
 		{
-			Path: "/api/v4/internal/allowed/secure",
+			Path: "/api/v4/internal/allowed",
 			Handler: func(w http.ResponseWriter, r *http.Request) {
 				body := map[string]interface{}{
 					"status": true,

--- a/lib/gitlab_shell.rb
+++ b/lib/gitlab_shell.rb
@@ -77,7 +77,7 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
    end

    if @command == GIT_RECEIVE_PACK_COMMAND && access_status.custom_action?
-      # If the response from /api/v4/allowed/secure is a HTTP 300, we need to perform
+      # If the response from /api/v4/allowed is a HTTP 300, we need to perform
      # a Custom Action and therefore should return and not call process_cmd()
      #
      return process_custom_action(access_status)