Commit 2742f9fb authored by Kamil Trzcinski's avatar Kamil Trzcinski

Improve authentication_result usage

parent b0195d5c
...@@ -19,6 +19,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController ...@@ -19,6 +19,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController
private private
def authenticate_user def authenticate_user
@authentication_result = Gitlab::Auth::Result.new
if project && project.public? && download_request? if project && project.public? && download_request?
return # Allow access return # Allow access
end end
...@@ -124,6 +126,18 @@ class Projects::GitHttpClientController < Projects::ApplicationController ...@@ -124,6 +126,18 @@ class Projects::GitHttpClientController < Projects::ApplicationController
end end
end end
def ci?
authentication_result.ci? &&
authentication_project &&
authentication_project == project
end
def lfs_deploy_key?
authentication_result.lfs_deploy_token? &&
actor &&
actor.projects.include?(project)
end
def authentication_has_download_access? def authentication_has_download_access?
has_authentication_ability?(:download_code) || has_authentication_ability?(:build_download_code) has_authentication_ability?(:download_code) || has_authentication_ability?(:build_download_code)
end end
...@@ -132,19 +146,12 @@ class Projects::GitHttpClientController < Projects::ApplicationController ...@@ -132,19 +146,12 @@ class Projects::GitHttpClientController < Projects::ApplicationController
has_authentication_ability?(:push_code) has_authentication_ability?(:push_code)
end end
def ci? def has_authentication_ability?(capability)
authentication_result && authentication_result.ci? && (authentication_abilities || []).include?(capability)
authentication_result.project && authentication_result.project == project
end
def lfs_deploy_key?
authentication_result && authentication_result.lfs_deploy_token? &&
actor && actor.projects.include?(project)
end end
def has_authentication_ability?(capability) def authentication_project
authentication_abilities && authentication_result.project
authentication_abilities.include?(capability)
end end
def verify_workhorse_api! def verify_workhorse_api!
......
...@@ -322,10 +322,10 @@ describe 'Git HTTP requests', lib: true do ...@@ -322,10 +322,10 @@ describe 'Git HTTP requests', lib: true do
expect(response).to have_http_status(401) expect(response).to have_http_status(401)
end end
it "downloads from other project get status 401" do it "downloads from other project get status 404" do
clone_get "#{other_project.path_with_namespace}.git", user: 'gitlab-ci-token', password: build.token clone_get "#{other_project.path_with_namespace}.git", user: 'gitlab-ci-token', password: build.token
expect(response).to have_http_status(401) expect(response).to have_http_status(404)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment