Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
1c42cc35
Commit
1c42cc35
authored
Mar 21, 2014
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'fix-grack-auth' into 'master'
Fix http clone for public project
parents
8ae59330
7dd18a3e
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
38 additions
and
26 deletions
+38
-26
lib/gitlab/backend/grack_auth.rb
lib/gitlab/backend/grack_auth.rb
+36
-24
lib/gitlab/git_access.rb
lib/gitlab/git_access.rb
+2
-2
No files found.
lib/gitlab/backend/grack_auth.rb
View file @
1c42cc35
...
@@ -22,14 +22,16 @@ module Grack
...
@@ -22,14 +22,16 @@ module Grack
@env
[
'SCRIPT_NAME'
]
=
""
@env
[
'SCRIPT_NAME'
]
=
""
if
project
auth!
auth!
else
render_not_found
end
end
end
private
private
def
auth!
def
auth!
return
render_not_found
unless
project
if
@auth
.
provided?
if
@auth
.
provided?
return
bad_request
unless
@auth
.
basic?
return
bad_request
unless
@auth
.
basic?
...
@@ -38,36 +40,35 @@ module Grack
...
@@ -38,36 +40,35 @@ module Grack
# Allow authentication for GitLab CI service
# Allow authentication for GitLab CI service
# if valid token passed
# if valid token passed
if
login
==
"gitlab-ci-token"
&&
project
.
gitlab_ci?
if
gitlab_ci_request?
(
login
,
password
)
token
=
project
.
gitlab_ci_service
.
token
if
token
.
present?
&&
token
==
password
&&
service_name
==
'git-upload-pack'
return
@app
.
call
(
env
)
return
@app
.
call
(
env
)
end
end
end
@user
=
authenticate_user
(
login
,
password
)
@user
=
authenticate_user
(
login
,
password
)
if
@user
if
@user
Gitlab
::
ShellEnv
.
set_env
(
@user
)
Gitlab
::
ShellEnv
.
set_env
(
@user
)
@env
[
'REMOTE_USER'
]
=
@auth
.
username
@env
[
'REMOTE_USER'
]
=
@auth
.
username
else
return
unauthorized
end
end
else
return
unauthorized
unless
project
.
public?
end
end
if
authorized_
git_
request?
if
authorized_request?
@app
.
call
(
env
)
@app
.
call
(
env
)
else
else
unauthorized
unauthorized
end
end
end
end
def
authorized_git_request?
def
gitlab_ci_request?
(
login
,
password
)
authorize_request
(
service_name
)
if
login
==
"gitlab-ci-token"
&&
project
.
gitlab_ci?
token
=
project
.
gitlab_ci_service
.
token
if
token
.
present?
&&
token
==
password
&&
git_cmd
==
'git-upload-pack'
true
end
end
false
end
end
def
authenticate_user
(
login
,
password
)
def
authenticate_user
(
login
,
password
)
...
@@ -75,20 +76,31 @@ module Grack
...
@@ -75,20 +76,31 @@ module Grack
auth
.
find
(
login
,
password
)
auth
.
find
(
login
,
password
)
end
end
def
authorize
_request
(
service
)
def
authorize
d_request?
case
service
case
git_cmd
when
*
Gitlab
::
GitAccess
::
DOWNLOAD_COMMANDS
when
*
Gitlab
::
GitAccess
::
DOWNLOAD_COMMANDS
# Serve only upload request.
if
user
# Authorization on push will be serverd by update hook in repository
Gitlab
::
GitAccess
.
new
.
download_allowed?
(
user
,
project
)
Gitlab
::
GitAccess
.
new
.
download_allowed?
(
user
,
project
)
elsif
project
.
public?
# Allow clone/fetch for public projects
true
else
false
end
when
*
Gitlab
::
GitAccess
::
PUSH_COMMANDS
when
*
Gitlab
::
GitAccess
::
PUSH_COMMANDS
if
user
# Skip user authorization on upload request.
# It will be serverd by update hook in repository
true
true
else
else
false
false
end
end
else
false
end
end
end
def
service_name
def
git_cmd
if
@request
.
get?
if
@request
.
get?
@request
.
params
[
'service'
]
@request
.
params
[
'service'
]
elsif
@request
.
post?
elsif
@request
.
post?
...
...
lib/gitlab/git_access.rb
View file @
1c42cc35
...
@@ -34,7 +34,7 @@ module Gitlab
...
@@ -34,7 +34,7 @@ module Gitlab
end
end
def
download_allowed?
(
user
,
project
)
def
download_allowed?
(
user
,
project
)
if
user_allowed?
(
user
)
if
user
&&
user
_allowed?
(
user
)
user
.
can?
(
:download_code
,
project
)
user
.
can?
(
:download_code
,
project
)
else
else
false
false
...
@@ -42,7 +42,7 @@ module Gitlab
...
@@ -42,7 +42,7 @@ module Gitlab
end
end
def
push_allowed?
(
user
,
project
,
ref
,
oldrev
,
newrev
)
def
push_allowed?
(
user
,
project
,
ref
,
oldrev
,
newrev
)
if
user_allowed?
(
user
)
if
user
&&
user
_allowed?
(
user
)
action
=
if
project
.
protected_branch?
(
ref
)
action
=
if
project
.
protected_branch?
(
ref
)
:push_code_to_protected_branches
:push_code_to_protected_branches
else
else
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment