Commit 030b1394 authored by James Lopez's avatar James Lopez

more refactoring

parent 8d7d9c8d
No related merge requests found
...@@ -405,14 +405,17 @@ class Project < ActiveRecord::Base ...@@ -405,14 +405,17 @@ class Project < ActiveRecord::Base
end end
def import_url=(value) def import_url=(value)
sanitizer = Gitlab::ImportUrlSanitizer.new(value) import_url = Gitlab::ImportUrl.new(value)
self[:import_url] = sanitizer.sanitized_url create_import_data(credentials: import_url.credentials)
create_import_data(credentials: sanitizer.credentials) super(import_url.sanitized_url)
end end
def import_url def import_url
if import_data if import_data
Gitlab::ImportUrlExposer.expose(import_url: self[:import_url], credentials: import_data.credentials) import_url = Gitlab::ImportUrl.new(super, credentials: import_data.credentials)
import_url.full_url
else
super
end end
end end
...@@ -447,6 +450,7 @@ class Project < ActiveRecord::Base ...@@ -447,6 +450,7 @@ class Project < ActiveRecord::Base
def safe_import_url def safe_import_url
result = URI.parse(self.import_url) result = URI.parse(self.import_url)
result.password = '*****' unless result.password.nil? result.password = '*****' unless result.password.nil?
result.user = '*****' unless result.user.nil? #tokens or other data may be saved as user
result.to_s result.to_s
rescue rescue
self.import_url self.import_url
......
# Loops through old importer projects that kept a token/password in the import URL
# and encrypts the credentials into a separate field in project#import_data
# #down method not supported
class RemoveWrongImportUrlFromProjects < ActiveRecord::Migration class RemoveWrongImportUrlFromProjects < ActiveRecord::Migration
class FakeProjectImportData class FakeProjectImportData
...@@ -7,24 +10,18 @@ class RemoveWrongImportUrlFromProjects < ActiveRecord::Migration ...@@ -7,24 +10,18 @@ class RemoveWrongImportUrlFromProjects < ActiveRecord::Migration
end end
def up def up
projects_with_wrong_import_url.find_in_batches do |project_batch| projects_with_wrong_import_url do |project|
project_batch.each do |project| import_url = Gitlab::ImportUrl.new(project["import_url"])
sanitizer = Gitlab::ImportUrlSanitizer.new(project["import_url"])
ActiveRecord::Base.transaction do ActiveRecord::Base.transaction do
execute("UPDATE projects SET import_url = '#{quote(sanitizer.sanitized_url)}' WHERE id = #{project['id']}") execute("UPDATE projects SET import_url = '#{quote(import_url.sanitized_url)}' WHERE id = #{project['id']}")
fake_import_data = FakeProjectImportData.new fake_import_data = FakeProjectImportData.new
fake_import_data.credentials = sanitizer.credentials fake_import_data.credentials = import_url.credentials
execute("UPDATE project_import_data SET encrypted_credentials = '#{quote(fake_import_data.encrypted_credentials)}' WHERE project_id = #{project['id']}") execute("UPDATE project_import_data SET encrypted_credentials = '#{quote(fake_import_data.encrypted_credentials)}' WHERE project_id = #{project['id']}")
end
end end
end end
end end
def down
end
def projects_with_wrong_import_url def projects_with_wrong_import_url
# TODO Check live with #operations for possible false positives. Also, consider regex? But may have issues MySQL/PSQL # TODO Check live with #operations for possible false positives. Also, consider regex? But may have issues MySQL/PSQL
select_all("SELECT p.id, p.import_url FROM projects p WHERE p.import_url IS NOT NULL AND (p.import_url LIKE '%//%:%@%' OR p.import_url LIKE '#{"_"*40}@github.com%')") select_all("SELECT p.id, p.import_url FROM projects p WHERE p.import_url IS NOT NULL AND (p.import_url LIKE '%//%:%@%' OR p.import_url LIKE '#{"_"*40}@github.com%')")
......
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20160316204731) do ActiveRecord::Schema.define(version: 20160302151724) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
...@@ -260,7 +260,6 @@ ActiveRecord::Schema.define(version: 20160316204731) do ...@@ -260,7 +260,6 @@ ActiveRecord::Schema.define(version: 20160316204731) do
end end
add_index "ci_runners", ["description"], name: "index_ci_runners_on_description_trigram", using: :gin, opclasses: {"description"=>"gin_trgm_ops"} add_index "ci_runners", ["description"], name: "index_ci_runners_on_description_trigram", using: :gin, opclasses: {"description"=>"gin_trgm_ops"}
add_index "ci_runners", ["token"], name: "index_ci_runners_on_token", using: :btree
add_index "ci_runners", ["token"], name: "index_ci_runners_on_token_trigram", using: :gin, opclasses: {"token"=>"gin_trgm_ops"} add_index "ci_runners", ["token"], name: "index_ci_runners_on_token_trigram", using: :gin, opclasses: {"token"=>"gin_trgm_ops"}
create_table "ci_services", force: :cascade do |t| create_table "ci_services", force: :cascade do |t|
...@@ -686,6 +685,7 @@ ActiveRecord::Schema.define(version: 20160316204731) do ...@@ -686,6 +685,7 @@ ActiveRecord::Schema.define(version: 20160316204731) do
t.text "data" t.text "data"
t.text "encrypted_credentials" t.text "encrypted_credentials"
t.text "encrypted_credentials_iv" t.text "encrypted_credentials_iv"
t.text "encrypted_credentials_salt"
end end
create_table "projects", force: :cascade do |t| create_table "projects", force: :cascade do |t|
...@@ -725,7 +725,6 @@ ActiveRecord::Schema.define(version: 20160316204731) do ...@@ -725,7 +725,6 @@ ActiveRecord::Schema.define(version: 20160316204731) do
t.boolean "pending_delete", default: false t.boolean "pending_delete", default: false
t.boolean "public_builds", default: true, null: false t.boolean "public_builds", default: true, null: false
t.string "main_language" t.string "main_language"
t.integer "pushes_since_gc", default: 0
end end
add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree
...@@ -811,6 +810,7 @@ ActiveRecord::Schema.define(version: 20160316204731) do ...@@ -811,6 +810,7 @@ ActiveRecord::Schema.define(version: 20160316204731) do
t.string "file_name" t.string "file_name"
t.string "type" t.string "type"
t.integer "visibility_level", default: 0, null: false t.integer "visibility_level", default: 0, null: false
t.datetime "expires_at"
end end
add_index "snippets", ["author_id"], name: "index_snippets_on_author_id", using: :btree add_index "snippets", ["author_id"], name: "index_snippets_on_author_id", using: :btree
...@@ -869,7 +869,7 @@ ActiveRecord::Schema.define(version: 20160316204731) do ...@@ -869,7 +869,7 @@ ActiveRecord::Schema.define(version: 20160316204731) do
create_table "todos", force: :cascade do |t| create_table "todos", force: :cascade do |t|
t.integer "user_id", null: false t.integer "user_id", null: false
t.integer "project_id", null: false t.integer "project_id", null: false
t.integer "target_id" t.integer "target_id", null: false
t.string "target_type", null: false t.string "target_type", null: false
t.integer "author_id" t.integer "author_id"
t.integer "action", null: false t.integer "action", null: false
...@@ -877,11 +877,9 @@ ActiveRecord::Schema.define(version: 20160316204731) do ...@@ -877,11 +877,9 @@ ActiveRecord::Schema.define(version: 20160316204731) do
t.datetime "created_at" t.datetime "created_at"
t.datetime "updated_at" t.datetime "updated_at"
t.integer "note_id" t.integer "note_id"
t.string "commit_id"
end end
add_index "todos", ["author_id"], name: "index_todos_on_author_id", using: :btree add_index "todos", ["author_id"], name: "index_todos_on_author_id", using: :btree
add_index "todos", ["commit_id"], name: "index_todos_on_commit_id", using: :btree
add_index "todos", ["note_id"], name: "index_todos_on_note_id", using: :btree add_index "todos", ["note_id"], name: "index_todos_on_note_id", using: :btree
add_index "todos", ["project_id"], name: "index_todos_on_project_id", using: :btree add_index "todos", ["project_id"], name: "index_todos_on_project_id", using: :btree
add_index "todos", ["state"], name: "index_todos_on_state", using: :btree add_index "todos", ["state"], name: "index_todos_on_state", using: :btree
...@@ -946,7 +944,6 @@ ActiveRecord::Schema.define(version: 20160316204731) do ...@@ -946,7 +944,6 @@ ActiveRecord::Schema.define(version: 20160316204731) do
t.string "unlock_token" t.string "unlock_token"
t.datetime "otp_grace_period_started_at" t.datetime "otp_grace_period_started_at"
t.boolean "ldap_email", default: false, null: false t.boolean "ldap_email", default: false, null: false
t.boolean "external", default: false
end end
add_index "users", ["admin"], name: "index_users_on_admin", using: :btree add_index "users", ["admin"], name: "index_users_on_admin", using: :btree
......
...@@ -7,9 +7,12 @@ module Gitlab ...@@ -7,9 +7,12 @@ module Gitlab
def initialize(project) def initialize(project)
@project = project @project = project
credentials = project.import_data.credentials if import_data if import_data_credentials
@client = Client.new(credentials[:user]) @client = Client.new(import_data_credentials[:user])
@formatter = Gitlab::ImportFormatter.new @formatter = Gitlab::ImportFormatter.new
else
raise Projects::ImportService::Error, "Unable to find project import data credentials for project ID: #{@project.id}"
end
end end
def execute def execute
...@@ -18,6 +21,10 @@ module Gitlab ...@@ -18,6 +21,10 @@ module Gitlab
private private
def import_data_credentials
@import_data_credentials ||= project.import_data.credentials if project.import_data
end
def import_issues def import_issues
client.list_issues(project.import_source, state: :all, client.list_issues(project.import_source, state: :all,
sort: :created, sort: :created,
......
...@@ -12,7 +12,7 @@ module Gitlab ...@@ -12,7 +12,7 @@ module Gitlab
end end
def import_url def import_url
project.import_url.import_url.sub(/\.git\z/, ".wiki.git") project.import_url.sub(/\.git\z/, ".wiki.git")
end end
end end
end end
......
module Gitlab module Gitlab
class ImportUrlSanitizer class ImportUrl
def initialize(url) def initialize(url, credentials: nil)
@url = URI.parse(url) @url = URI.parse(url)
@credentials = credentials
end end
def sanitized_url def sanitized_url
...@@ -12,8 +13,19 @@ module Gitlab ...@@ -12,8 +13,19 @@ module Gitlab
@credentials ||= { user: @url.user, password: @url.password } @credentials ||= { user: @url.user, password: @url.password }
end end
def full_url
@full_url ||= generate_full_url.to_s
end
private private
def generate_full_url
@full_url = @url.dup
@full_url.user = @credentials[:user]
@full_url.password = @credentials[:password]
@full_url
end
def safe_url def safe_url
safe_url = @url.dup safe_url = @url.dup
safe_url.password = nil safe_url.password = nil
......
module Gitlab
# Exposes an import URL that includes the credentials unencrypted.
# Extracted to its own class to prevent unintended use.
module ImportUrlExposer
def self.expose(import_url:, credentials: )
uri = URI.parse(import_url)
uri.user = credentials[:user]
uri.password = credentials[:password]
uri
end
end
end
...@@ -26,8 +26,9 @@ describe Gitlab::GithubImport::ProjectCreator, lib: true do ...@@ -26,8 +26,9 @@ describe Gitlab::GithubImport::ProjectCreator, lib: true do
project_creator = Gitlab::GithubImport::ProjectCreator.new(repo, namespace, user, access_params) project_creator = Gitlab::GithubImport::ProjectCreator.new(repo, namespace, user, access_params)
project = project_creator.execute project = project_creator.execute
expect(project.import_url).to eq("https://gitlab.com/asd/vim.git") expect(project.import_url).to eq("https://asdffg@gitlab.com/asd/vim.git")
expect(project.import_data.credentials).to eq(:github_access_token => "asdffg") expect(project.safe_import_url).to eq("https://*****@gitlab.com/asd/vim.git")
expect(project.import_data.credentials).to eq(:user => "asdffg", :password => nil)
expect(project.visibility_level).to eq(Gitlab::VisibilityLevel::PRIVATE) expect(project.visibility_level).to eq(Gitlab::VisibilityLevel::PRIVATE)
end end
end end
...@@ -3,12 +3,7 @@ require 'spec_helper' ...@@ -3,12 +3,7 @@ require 'spec_helper'
describe Gitlab::GithubImport::WikiFormatter, lib: true do describe Gitlab::GithubImport::WikiFormatter, lib: true do
let(:project) do let(:project) do
create(:project, namespace: create(:namespace, path: 'gitlabhq'), create(:project, namespace: create(:namespace, path: 'gitlabhq'),
import_url: 'https://github.com/gitlabhq/sample.gitlabhq.git') import_url: 'https://xxx@github.com/gitlabhq/sample.gitlabhq.git')
end
let!(:project_import_data) do
create(:project_import_data, credentials: { github_access_token: 'xxx' },
project: project)
end end
subject(:wiki) { described_class.new(project) } subject(:wiki) { described_class.new(project) }
......
require 'spec_helper'
describe 'Gitlab::ImportUrlExposer' do
describe :expose do
let(:credentials) do
Gitlab::ImportUrlExposer.expose(import_url: "https://github.com/me/project.git", credentials: {user: 'blah', password: 'password'})
end
it { expect(credentials).to be_a(URI) }
it { expect(credentials.to_s).to eq("https://blah:password@github.com/me/project.git") }
end
end
require 'spec_helper'
describe Gitlab::ImportUrl do
let(:credentials) { { user: 'blah', password: 'password' } }
let(:import_url) do
Gitlab::ImportUrl.new("https://github.com/me/project.git", credentials: credentials)
end
describe :full_url do
it { expect(import_url.full_url).to eq("https://blah:password@github.com/me/project.git") }
end
describe :sanitized_url do
it { expect(import_url.sanitized_url).to eq("https://github.com/me/project.git") }
end
describe :credentials do
it { expect(import_url.credentials).to eq(credentials) }
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment