• Kirill Smelkov's avatar
    NXD blob/auth: Teach it to handle HTTP Basic Auth too · bff38c87
    Kirill Smelkov authored
    [ Not sent upstream.
    
      The patch was not sent upstream, because previous 2 raw blob patches
      were not accepted (see details there).
    
      OTOH it is very handy in SlapOS environment to use CI token auth for
      raw downloading, so just carry with us as NXD. ]
    
    There are cases when using user:password for /raw/... access is handy:
    
    - when using query for auth (private_token) is not convenient for some
      reason (e.g. client processing software does not handle queries well
      when generating URLs)
    
    - when we do not want to organize many artificial users and use their
      tokens, but instead just use per-project automatically setup
    
        gitlab-ci-token : <ci-token>
    
      artificial user & "password" which are already handled by auth backend
      for `git fetch` requests.
    
    Handling is easy: if main auth backend rejects access, and there is
    user:password in original request, we retry asking auth backend the way
    as `git fetch` would do.
    
    Access is granted if any of two ways to ask auth backend succeeds. This
    way both private tokens / cookies and HTTP auth are supported.
    bff38c87
auth.go 9.97 KB