Commit 124f3a2c authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot

Merge branch 'security-disable-github-import-api-by-seetings' into 'master'

Disable github import api by seetings

Closes #143

See merge request gitlab-org/security/gitlab!556
parents 319ad4a9 dafdeb00
---
title: Disable Github Importer API by settings
merge_request:
author:
type: security
...@@ -4,6 +4,10 @@ module API ...@@ -4,6 +4,10 @@ module API
class ImportGithub < Grape::API class ImportGithub < Grape::API
rescue_from Octokit::Unauthorized, with: :provider_unauthorized rescue_from Octokit::Unauthorized, with: :provider_unauthorized
before do
forbidden! unless Gitlab::CurrentSettings.import_sources&.include?('github')
end
helpers do helpers do
def client def client
@client ||= Gitlab::LegacyGithubImport::Client.new(params[:personal_access_token], client_options) @client ||= Gitlab::LegacyGithubImport::Client.new(params[:personal_access_token], client_options)
......
...@@ -26,6 +26,18 @@ RSpec.describe API::ImportGithub do ...@@ -26,6 +26,18 @@ RSpec.describe API::ImportGithub do
end end
end end
it 'rejects requests when Github Importer is disabled' do
stub_application_setting(import_sources: nil)
post api("/import/github", user), params: {
target_namespace: user.namespace_path,
personal_access_token: token,
repo_id: non_existing_record_id
}
expect(response).to have_gitlab_http_status(:forbidden)
end
it 'returns 201 response when the project is imported successfully' do it 'returns 201 response when the project is imported successfully' do
allow(Gitlab::LegacyGithubImport::ProjectCreator) allow(Gitlab::LegacyGithubImport::ProjectCreator)
.to receive(:new).with(provider_repo, provider_repo.name, user.namespace, user, access_params, type: provider) .to receive(:new).with(provider_repo, provider_repo.name, user.namespace, user, access_params, type: provider)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment