Commit 2e6e20a9 authored by James Fargher's avatar James Fargher

Merge branch '235045-removed-pkg-find_personal_access_token_from_http_basic_auth' into 'master'

Remove duplicated auth method in package code

Closes #235045

See merge request gitlab-org/gitlab!39573
parents 0fd3111d 424a2e9f
...@@ -59,7 +59,7 @@ module API ...@@ -59,7 +59,7 @@ module API
desc 'Composer packages endpoint at group level' desc 'Composer packages endpoint at group level'
route_setting :authentication, job_token_allowed: true route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get ':id/-/packages/composer/packages' do get ':id/-/packages/composer/packages' do
presenter.root presenter.root
...@@ -71,7 +71,7 @@ module API ...@@ -71,7 +71,7 @@ module API
requires :sha, type: String, desc: 'Shasum of current json' requires :sha, type: String, desc: 'Shasum of current json'
end end
route_setting :authentication, job_token_allowed: true route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get ':id/-/packages/composer/p/:sha' do get ':id/-/packages/composer/p/:sha' do
presenter.provider presenter.provider
...@@ -83,7 +83,7 @@ module API ...@@ -83,7 +83,7 @@ module API
requires :package_name, type: String, file_path: true, desc: 'The Composer package name' requires :package_name, type: String, file_path: true, desc: 'The Composer package name'
end end
route_setting :authentication, job_token_allowed: true route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get ':id/-/packages/composer/*package_name', requirements: COMPOSER_ENDPOINT_REQUIREMENTS, file_path: true do get ':id/-/packages/composer/*package_name', requirements: COMPOSER_ENDPOINT_REQUIREMENTS, file_path: true do
not_found! if packages.empty? not_found! if packages.empty?
...@@ -104,7 +104,7 @@ module API ...@@ -104,7 +104,7 @@ module API
desc 'Composer packages endpoint for registering packages' desc 'Composer packages endpoint for registering packages'
namespace ':id/packages/composer' do namespace ':id/packages/composer' do
route_setting :authentication, job_token_allowed: true route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
params do params do
optional :branch, type: String, desc: 'The name of the branch' optional :branch, type: String, desc: 'The name of the branch'
......
...@@ -38,7 +38,9 @@ module API ...@@ -38,7 +38,9 @@ module API
desc 'Ping the Conan API' do desc 'Ping the Conan API' do
detail 'This feature was introduced in GitLab 12.2' detail 'This feature was introduced in GitLab 12.2'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get 'ping' do get 'ping' do
header 'X-Conan-Server-Capabilities', [].join(',') header 'X-Conan-Server-Capabilities', [].join(',')
end end
...@@ -46,10 +48,13 @@ module API ...@@ -46,10 +48,13 @@ module API
desc 'Search for packages' do desc 'Search for packages' do
detail 'This feature was introduced in GitLab 12.4' detail 'This feature was introduced in GitLab 12.4'
end end
params do params do
requires :q, type: String, desc: 'Search query' requires :q, type: String, desc: 'Search query'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get 'conans/search' do get 'conans/search' do
service = ::Packages::Conan::SearchService.new(current_user, query: params[:q]).execute service = ::Packages::Conan::SearchService.new(current_user, query: params[:q]).execute
service.payload service.payload
...@@ -61,7 +66,9 @@ module API ...@@ -61,7 +66,9 @@ module API
desc 'Authenticate user against conan CLI' do desc 'Authenticate user against conan CLI' do
detail 'This feature was introduced in GitLab 12.2' detail 'This feature was introduced in GitLab 12.2'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get 'authenticate' do get 'authenticate' do
unauthorized! unless token unauthorized! unless token
...@@ -71,7 +78,9 @@ module API ...@@ -71,7 +78,9 @@ module API
desc 'Check for valid user credentials per conan CLI' do desc 'Check for valid user credentials per conan CLI' do
detail 'This feature was introduced in GitLab 12.4' detail 'This feature was introduced in GitLab 12.4'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get 'check_credentials' do get 'check_credentials' do
authenticate! authenticate!
:ok :ok
...@@ -93,10 +102,13 @@ module API ...@@ -93,10 +102,13 @@ module API
desc 'Package Snapshot' do desc 'Package Snapshot' do
detail 'This feature was introduced in GitLab 12.5' detail 'This feature was introduced in GitLab 12.5'
end end
params do params do
requires :conan_package_reference, type: String, desc: 'Conan package ID' requires :conan_package_reference, type: String, desc: 'Conan package ID'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get 'packages/:conan_package_reference' do get 'packages/:conan_package_reference' do
authorize!(:read_package, project) authorize!(:read_package, project)
...@@ -113,7 +125,9 @@ module API ...@@ -113,7 +125,9 @@ module API
desc 'Recipe Snapshot' do desc 'Recipe Snapshot' do
detail 'This feature was introduced in GitLab 12.5' detail 'This feature was introduced in GitLab 12.5'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get do get do
authorize!(:read_package, project) authorize!(:read_package, project)
...@@ -133,7 +147,9 @@ module API ...@@ -133,7 +147,9 @@ module API
params do params do
requires :conan_package_reference, type: String, desc: 'Conan package ID' requires :conan_package_reference, type: String, desc: 'Conan package ID'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get 'packages/:conan_package_reference/digest' do get 'packages/:conan_package_reference/digest' do
present_package_download_urls present_package_download_urls
end end
...@@ -141,7 +157,9 @@ module API ...@@ -141,7 +157,9 @@ module API
desc 'Recipe Digest' do desc 'Recipe Digest' do
detail 'This feature was introduced in GitLab 12.5' detail 'This feature was introduced in GitLab 12.5'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get 'digest' do get 'digest' do
present_recipe_download_urls present_recipe_download_urls
end end
...@@ -155,10 +173,13 @@ module API ...@@ -155,10 +173,13 @@ module API
desc 'Package Download Urls' do desc 'Package Download Urls' do
detail 'This feature was introduced in GitLab 12.5' detail 'This feature was introduced in GitLab 12.5'
end end
params do params do
requires :conan_package_reference, type: String, desc: 'Conan package ID' requires :conan_package_reference, type: String, desc: 'Conan package ID'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get 'packages/:conan_package_reference/download_urls' do get 'packages/:conan_package_reference/download_urls' do
present_package_download_urls present_package_download_urls
end end
...@@ -166,7 +187,9 @@ module API ...@@ -166,7 +187,9 @@ module API
desc 'Recipe Download Urls' do desc 'Recipe Download Urls' do
detail 'This feature was introduced in GitLab 12.5' detail 'This feature was introduced in GitLab 12.5'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get 'download_urls' do get 'download_urls' do
present_recipe_download_urls present_recipe_download_urls
end end
...@@ -181,10 +204,13 @@ module API ...@@ -181,10 +204,13 @@ module API
desc 'Package Upload Urls' do desc 'Package Upload Urls' do
detail 'This feature was introduced in GitLab 12.4' detail 'This feature was introduced in GitLab 12.4'
end end
params do params do
requires :conan_package_reference, type: String, desc: 'Conan package ID' requires :conan_package_reference, type: String, desc: 'Conan package ID'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
post 'packages/:conan_package_reference/upload_urls' do post 'packages/:conan_package_reference/upload_urls' do
authorize!(:read_package, project) authorize!(:read_package, project)
...@@ -195,7 +221,9 @@ module API ...@@ -195,7 +221,9 @@ module API
desc 'Recipe Upload Urls' do desc 'Recipe Upload Urls' do
detail 'This feature was introduced in GitLab 12.4' detail 'This feature was introduced in GitLab 12.4'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
post 'upload_urls' do post 'upload_urls' do
authorize!(:read_package, project) authorize!(:read_package, project)
...@@ -206,7 +234,9 @@ module API ...@@ -206,7 +234,9 @@ module API
desc 'Delete Package' do desc 'Delete Package' do
detail 'This feature was introduced in GitLab 12.5' detail 'This feature was introduced in GitLab 12.5'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
delete do delete do
authorize!(:destroy_package, project) authorize!(:destroy_package, project)
...@@ -235,7 +265,9 @@ module API ...@@ -235,7 +265,9 @@ module API
desc 'Download recipe files' do desc 'Download recipe files' do
detail 'This feature was introduced in GitLab 12.6' detail 'This feature was introduced in GitLab 12.6'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get do get do
download_package_file(:recipe_file) download_package_file(:recipe_file)
end end
...@@ -243,10 +275,13 @@ module API ...@@ -243,10 +275,13 @@ module API
desc 'Upload recipe package files' do desc 'Upload recipe package files' do
detail 'This feature was introduced in GitLab 12.6' detail 'This feature was introduced in GitLab 12.6'
end end
params do params do
use :workhorse_upload_params use :workhorse_upload_params
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
put do put do
upload_package_file(:recipe_file) upload_package_file(:recipe_file)
end end
...@@ -254,7 +289,9 @@ module API ...@@ -254,7 +289,9 @@ module API
desc 'Workhorse authorize the conan recipe file' do desc 'Workhorse authorize the conan recipe file' do
detail 'This feature was introduced in GitLab 12.6' detail 'This feature was introduced in GitLab 12.6'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
put 'authorize' do put 'authorize' do
authorize_workhorse!(subject: project) authorize_workhorse!(subject: project)
end end
...@@ -269,7 +306,9 @@ module API ...@@ -269,7 +306,9 @@ module API
desc 'Download package files' do desc 'Download package files' do
detail 'This feature was introduced in GitLab 12.5' detail 'This feature was introduced in GitLab 12.5'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
get do get do
download_package_file(:package_file) download_package_file(:package_file)
end end
...@@ -277,7 +316,9 @@ module API ...@@ -277,7 +316,9 @@ module API
desc 'Workhorse authorize the conan package file' do desc 'Workhorse authorize the conan package file' do
detail 'This feature was introduced in GitLab 12.6' detail 'This feature was introduced in GitLab 12.6'
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
put 'authorize' do put 'authorize' do
authorize_workhorse!(subject: project) authorize_workhorse!(subject: project)
end end
...@@ -285,10 +326,13 @@ module API ...@@ -285,10 +326,13 @@ module API
desc 'Upload package files' do desc 'Upload package files' do
detail 'This feature was introduced in GitLab 12.6' detail 'This feature was introduced in GitLab 12.6'
end end
params do params do
use :workhorse_upload_params use :workhorse_upload_params
end end
route_setting :authentication, job_token_allowed: true
route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
put do put do
upload_package_file(:package_file) upload_package_file(:package_file)
end end
......
...@@ -16,16 +16,6 @@ module API ...@@ -16,16 +16,6 @@ module API
optional 'file.sha256', type: String, desc: 'SHA256 checksum of the file (generated by Workhorse)' optional 'file.sha256', type: String, desc: 'SHA256 checksum of the file (generated by Workhorse)'
end end
def find_personal_access_token_from_http_basic_auth
return unless headers
token = decode_token
return unless token
PersonalAccessToken.find_by_token(token)
end
def find_job_from_http_basic_auth def find_job_from_http_basic_auth
return unless headers return unless headers
......
...@@ -55,7 +55,7 @@ module API ...@@ -55,7 +55,7 @@ module API
requires :id, type: String, desc: 'The ID of a project', regexp: POSITIVE_INTEGER_REGEX requires :id, type: String, desc: 'The ID of a project', regexp: POSITIVE_INTEGER_REGEX
end end
route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
before do before do
...@@ -68,7 +68,7 @@ module API ...@@ -68,7 +68,7 @@ module API
detail 'This feature was introduced in GitLab 12.6' detail 'This feature was introduced in GitLab 12.6'
end end
route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
get 'index', format: :json do get 'index', format: :json do
authorize_read_package!(authorized_user_project) authorize_read_package!(authorized_user_project)
...@@ -88,7 +88,7 @@ module API ...@@ -88,7 +88,7 @@ module API
requires :package, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)' requires :package, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)'
end end
route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
put do put do
authorize_upload!(authorized_user_project) authorize_upload!(authorized_user_project)
...@@ -115,7 +115,7 @@ module API ...@@ -115,7 +115,7 @@ module API
forbidden! forbidden!
end end
route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
put 'authorize' do put 'authorize' do
authorize_workhorse!(subject: authorized_user_project, has_length: false) authorize_workhorse!(subject: authorized_user_project, has_length: false)
...@@ -134,7 +134,7 @@ module API ...@@ -134,7 +134,7 @@ module API
detail 'This feature was introduced in GitLab 12.8' detail 'This feature was introduced in GitLab 12.8'
end end
route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
get 'index', format: :json do get 'index', format: :json do
present ::Packages::Nuget::PackagesMetadataPresenter.new(find_packages), present ::Packages::Nuget::PackagesMetadataPresenter.new(find_packages),
...@@ -148,7 +148,7 @@ module API ...@@ -148,7 +148,7 @@ module API
requires :package_version, type: String, desc: 'The NuGet package version', regexp: API::NO_SLASH_URL_PART_REGEX requires :package_version, type: String, desc: 'The NuGet package version', regexp: API::NO_SLASH_URL_PART_REGEX
end end
route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
get '*package_version', format: :json do get '*package_version', format: :json do
present ::Packages::Nuget::PackageMetadataPresenter.new(find_package), present ::Packages::Nuget::PackageMetadataPresenter.new(find_package),
...@@ -169,7 +169,7 @@ module API ...@@ -169,7 +169,7 @@ module API
detail 'This feature was introduced in GitLab 12.8' detail 'This feature was introduced in GitLab 12.8'
end end
route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
get 'index', format: :json do get 'index', format: :json do
present ::Packages::Nuget::PackagesVersionsPresenter.new(find_packages), present ::Packages::Nuget::PackagesVersionsPresenter.new(find_packages),
...@@ -184,7 +184,7 @@ module API ...@@ -184,7 +184,7 @@ module API
requires :package_filename, type: String, desc: 'The NuGet package filename', regexp: API::NO_SLASH_URL_PART_REGEX requires :package_filename, type: String, desc: 'The NuGet package filename', regexp: API::NO_SLASH_URL_PART_REGEX
end end
route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
get '*package_version/*package_filename', format: :nupkg do get '*package_version/*package_filename', format: :nupkg do
filename = "#{params[:package_filename]}.#{params[:format]}" filename = "#{params[:package_filename]}.#{params[:format]}"
...@@ -216,7 +216,7 @@ module API ...@@ -216,7 +216,7 @@ module API
detail 'This feature was introduced in GitLab 12.8' detail 'This feature was introduced in GitLab 12.8'
end end
route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
get format: :json do get format: :json do
search_options = { search_options = {
......
...@@ -64,7 +64,7 @@ module API ...@@ -64,7 +64,7 @@ module API
requires :sha256, type: String, desc: 'The PyPi package sha256 check sum' requires :sha256, type: String, desc: 'The PyPi package sha256 check sum'
end end
route_setting :authentication, deploy_token_allowed: true route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true
get 'files/:sha256/*file_identifier' do get 'files/:sha256/*file_identifier' do
project = unauthorized_user_project! project = unauthorized_user_project!
...@@ -87,7 +87,7 @@ module API ...@@ -87,7 +87,7 @@ module API
# An Api entry point but returns an HTML file instead of JSON. # An Api entry point but returns an HTML file instead of JSON.
# PyPi simple API returns the package descriptor as a simple HTML file. # PyPi simple API returns the package descriptor as a simple HTML file.
route_setting :authentication, deploy_token_allowed: true route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true
get 'simple/*package_name', format: :txt do get 'simple/*package_name', format: :txt do
authorize_read_package!(authorized_user_project) authorize_read_package!(authorized_user_project)
...@@ -117,7 +117,7 @@ module API ...@@ -117,7 +117,7 @@ module API
optional :sha256_digest, type: String optional :sha256_digest, type: String
end end
route_setting :authentication, deploy_token_allowed: true route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true
post do post do
authorize_upload!(authorized_user_project) authorize_upload!(authorized_user_project)
...@@ -134,7 +134,7 @@ module API ...@@ -134,7 +134,7 @@ module API
forbidden! forbidden!
end end
route_setting :authentication, deploy_token_allowed: true route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true
post 'authorize' do post 'authorize' do
authorize_workhorse!(subject: authorized_user_project, has_length: false) authorize_workhorse!(subject: authorized_user_project, has_length: false)
end end
......
...@@ -8,40 +8,6 @@ RSpec.describe API::Helpers::PackagesManagerClientsHelpers do ...@@ -8,40 +8,6 @@ RSpec.describe API::Helpers::PackagesManagerClientsHelpers do
let_it_be(:helper) { Class.new.include(described_class).new } let_it_be(:helper) { Class.new.include(described_class).new }
let(:password) { personal_access_token.token } let(:password) { personal_access_token.token }
describe '#find_personal_access_token_from_http_basic_auth' do
let(:headers) { { Authorization: basic_http_auth(username, password) } }
subject { helper.find_personal_access_token_from_http_basic_auth }
before do
allow(helper).to receive(:headers).and_return(headers&.with_indifferent_access)
end
context 'with a valid Authorization header' do
it { is_expected.to eq personal_access_token }
end
context 'with an invalid Authorization header' do
where(:headers) do
[
[{ Authorization: 'Invalid' }],
[{}],
[nil]
]
end
with_them do
it { is_expected.to be nil }
end
end
context 'with an unknown Authorization header' do
let(:password) { 'Unknown' }
it { is_expected.to be nil }
end
end
describe '#find_job_from_http_basic_auth' do describe '#find_job_from_http_basic_auth' do
let_it_be(:user) { personal_access_token.user } let_it_be(:user) { personal_access_token.user }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment