Commit 8cdd54cc authored by Kamil Trzcinski's avatar Kamil Trzcinski

Add runners token

parent e80e3f53
......@@ -6,12 +6,6 @@ module Ci
private
def authenticate_token!
unless project.valid_token?(params[:token])
return head(403)
end
end
def authorize_access_project!
unless can?(current_user, :read_project, project)
return page_404
......
......@@ -22,8 +22,7 @@ module Ci
protected
def project
# TODO: what to do here?
@project ||= Project.find_by_ci_id(params[:id])
@project ||= Project.find_by(ci_id: params[:id].to_i)
end
def no_cache
......
......@@ -225,7 +225,7 @@ module Ci
end
def valid_token? token
project.valid_token? token
project.valid_runners_token? token
end
def target_url
......
......@@ -169,9 +169,9 @@ class Project < ActiveRecord::Base
if: ->(project) { project.avatar.present? && project.avatar_changed? }
validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
before_validation :set_random_token
def set_random_token
self.token = SecureRandom.hex(15) if self.token.blank?
before_validation :set_runners_token_token
def set_runners_token_token
self.runners_token = SecureRandom.hex(15) if self.runners_token.blank?
end
mount_uploader :avatar, AvatarUploader
......@@ -270,9 +270,7 @@ class Project < ActiveRecord::Base
end
def find_by_ci_id(id)
ci_projects = Arel::Table.new(:ci_projects)
gitlab_id = ci_projects.where(ci_projects[:id].eq(id)).project(ci_projects[:gitlab_id])
find_by("id=(#{gitlab_id.to_sql})")
find_by(ci_id: id.to_i)
end
def visibility_levels
......@@ -831,7 +829,11 @@ class Project < ActiveRecord::Base
shared_runners_enabled? && Ci::Runner.shared.active.any?(&block)
end
def valid_token? token
def valid_runners_token? token
self.token && self.token == token
end
def valid_build_token? token
self.token && self.token == token
end
......
class AddCiToProject < ActiveRecord::Migration
def up
add_column :projects, :ci_id, :integer
add_column :projects, :builds_enabled, :boolean, default: true, null: false
add_column :projects, :shared_runners_enabled, :boolean, default: true, null: false
add_column :projects, :token, :string
add_column :projects, :runners_token, :string
add_column :projects, :build_coverage_regex, :string
add_column :projects, :build_allow_git_fetch, :boolean, default: true, null: false
add_column :projects, :build_timeout, :integer, default: 3600, null: false
......
......@@ -5,8 +5,9 @@ class MigrateCiToProject < ActiveRecord::Migration
migrate_project_id_for_table('ci_variables')
migrate_project_id_for_builds
migrate_project_column('shared_runners_enabled')
migrate_project_column('token')
migrate_project_column('id', 'ci_id')
migrate_project_column('shared_runners_enabled', 'shared_runners_enabled')
migrate_project_column('token', 'runners_token')
migrate_project_column('coverage_regex', 'build_coverage_regex')
migrate_project_column('allow_git_fetch', 'build_allow_git_fetch')
migrate_project_column('timeout', 'build_timeout')
......@@ -25,7 +26,7 @@ class MigrateCiToProject < ActiveRecord::Migration
def migrate_project_column(column, new_column = nil)
new_column ||= column
subquery = "SELECT #{column} FROM ci_projects WHERE projects.id = ci_projects.gitlab_id"
subquery = "SELECT ci_projects.#{column} FROM ci_projects WHERE projects.id = ci_projects.gitlab_id"
execute("UPDATE projects SET #{new_column}=(#{subquery}) WHERE #{new_column} IS NULL AND (#{subquery}) IS NOT NULL")
end
......
......@@ -4,8 +4,9 @@ class AddIndexToCiTables < ActiveRecord::Migration
add_index :ci_runner_projects, :gl_project_id
add_index :ci_triggers, :gl_project_id
add_index :ci_variables, :gl_project_id
add_index :projects, :token
add_index :projects, :runners_token
add_index :projects, :builds_enabled
add_index :projects, [:builds_enabled, :shared_runners_enabled]
add_index :projects, [:ci_id]
end
end
......@@ -13,10 +13,6 @@ module Ci
forbidden! unless current_runner
end
def authenticate_project_token!(project)
forbidden! unless project.valid_token?(params[:project_token])
end
def authenticate_build_token!(build)
token = (params[BUILD_TOKEN_PARAM] || env[BUILD_TOKEN_HEADER]).to_s
forbidden! unless token && build.valid_token?(token)
......
......@@ -36,7 +36,7 @@ module Ci
tag_list: params[:tag_list],
is_shared: true
)
elsif project = Project.find_by(token: params[:token])
elsif project = Project.find_by(runners_token: params[:token])
# Create a specific runner for project.
project.ci_runners.create(
description: params[:description],
......
......@@ -14,7 +14,7 @@ module Ci
post ":id/refs/:ref/trigger" do
required_attributes! [:token]
project = Project.find_by_ci_id(params[:id])
project = Project.find_by(ci_id: params[:id].to_i)
trigger = Ci::Trigger.find_by_token(params[:token].to_s)
not_found! unless project && trigger
unauthorized! unless trigger.project == project
......
......@@ -78,7 +78,7 @@ module Grack
underscored_service = matched_login['s'].underscore
if underscored_service == 'gitlab_ci'
return project && project.builds_enabled? && project.valid_token?(password)
return project && project.builds_enabled? && project.valid_build_token?(password)
elsif Service.available_services_names.include?(underscored_service)
service_method = "#{underscored_service}_service"
service = project.send(service_method)
......
......@@ -55,7 +55,7 @@ describe Project, models: true do
it { is_expected.to have_one(:pushover_service).dependent(:destroy) }
it { is_expected.to have_one(:asana_service).dependent(:destroy) }
it { is_expected.to have_many(:ci_commits) }
it { is_expected.to have_many(:ci_statuses) }
it { is_expected.to have_many(:commit_statuses) }
it { is_expected.to have_many(:ci_builds) }
it { is_expected.to have_many(:ci_runner_projects) }
it { is_expected.to have_many(:ci_runners) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment