Commit 22cde15d authored by Alain Takoudjou's avatar Alain Takoudjou

NXD lib:gitlab:auth Accept Basic auth from project runner_token

From gitlab 8.12 there is new CI job permissions model which only accept login
from ci token for running job. Then the access is revoked after the job is finished.
In Nexedi, when have a lot of URLs which rely on gitlab-ci-token and project-runners-token, so
we need to re-allow access else access to all those URL will be refused.

More info are here: https://docs.gitlab.com/ee/user/project/new_ci_build_permissions_model.html#before-gitlab-8-12
parent f2e8c497
......@@ -242,7 +242,12 @@ module Gitlab
return unless login == 'gitlab-ci-token'
return unless password
build = find_build_by_token(password)
# XXX-nxd: we also accept runners_token if enabled on projects
project = Project.with_builds_enabled.find_by(runners_token: password)
if project
Gitlab::Auth::Result.new(nil, project, :ci, build_authentication_abilities)
else
build = ::Ci::Build.running.find_by_token(password)
return unless build
return unless build.project.builds_enabled?
......@@ -254,6 +259,7 @@ module Gitlab
Gitlab::Auth::Result.new(nil, build.project, :ci, build_authentication_abilities)
end
end
end
public
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment