Merge branch '235045-removed-pkg-find_personal_access_token_from_http_basic_auth' into 'master'

Remove duplicated auth method in package code

Closes #235045

See merge request gitlab-org/gitlab!39573

lib/api/composer_packages.rb

@@ -59,7 +59,7 @@ module API
 
       desc 'Composer packages endpoint at group level'
 
-      route_setting :authentication, job_token_allowed: true
+      route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
 
       get ':id/-/packages/composer/packages' do
         presenter.root
@@ -71,7 +71,7 @@ module API
         requires :sha, type: String, desc: 'Shasum of current json'
       end
 
-      route_setting :authentication, job_token_allowed: true
+      route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
 
       get ':id/-/packages/composer/p/:sha' do
         presenter.provider
@@ -83,7 +83,7 @@ module API
         requires :package_name, type: String, file_path: true, desc: 'The Composer package name'
       end
 
-      route_setting :authentication, job_token_allowed: true
+      route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
 
       get ':id/-/packages/composer/*package_name', requirements: COMPOSER_ENDPOINT_REQUIREMENTS, file_path: true do
         not_found! if packages.empty?
@@ -104,7 +104,7 @@ module API
       desc 'Composer packages endpoint for registering packages'
 
       namespace ':id/packages/composer' do
-        route_setting :authentication, job_token_allowed: true
+        route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
 
         params do
           optional :branch, type: String, desc: 'The name of the branch'

lib/api/conan_packages.rb

@@ -38,7 +38,9 @@ module API
       desc 'Ping the Conan API' do
         detail 'This feature was introduced in GitLab 12.2'
       end
-      route_setting :authentication, job_token_allowed: true
+
+      route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
       get 'ping' do
         header 'X-Conan-Server-Capabilities', [].join(',')
       end
@@ -46,10 +48,13 @@ module API
       desc 'Search for packages' do
         detail 'This feature was introduced in GitLab 12.4'
       end
+
       params do
         requires :q, type: String, desc: 'Search query'
       end
-      route_setting :authentication, job_token_allowed: true
+
+      route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
       get 'conans/search' do
         service = ::Packages::Conan::SearchService.new(current_user, query: params[:q]).execute
         service.payload
@@ -61,7 +66,9 @@ module API
         desc 'Authenticate user against conan CLI' do
           detail 'This feature was introduced in GitLab 12.2'
         end
-        route_setting :authentication, job_token_allowed: true
+
+        route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
         get 'authenticate' do
           unauthorized! unless token
 
@@ -71,7 +78,9 @@ module API
         desc 'Check for valid user credentials per conan CLI' do
           detail 'This feature was introduced in GitLab 12.4'
         end
-        route_setting :authentication, job_token_allowed: true
+
+        route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
         get 'check_credentials' do
           authenticate!
           :ok
@@ -93,10 +102,13 @@ module API
         desc 'Package Snapshot' do
           detail 'This feature was introduced in GitLab 12.5'
         end
+
         params do
           requires :conan_package_reference, type: String, desc: 'Conan package ID'
         end
-        route_setting :authentication, job_token_allowed: true
+
+        route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
         get 'packages/:conan_package_reference' do
           authorize!(:read_package, project)
 
@@ -113,7 +125,9 @@ module API
         desc 'Recipe Snapshot' do
           detail 'This feature was introduced in GitLab 12.5'
         end
-        route_setting :authentication, job_token_allowed: true
+
+        route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
         get do
           authorize!(:read_package, project)
 
@@ -133,7 +147,9 @@ module API
         params do
           requires :conan_package_reference, type: String, desc: 'Conan package ID'
         end
-        route_setting :authentication, job_token_allowed: true
+
+        route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
         get 'packages/:conan_package_reference/digest' do
           present_package_download_urls
         end
@@ -141,7 +157,9 @@ module API
         desc 'Recipe Digest' do
           detail 'This feature was introduced in GitLab 12.5'
         end
-        route_setting :authentication, job_token_allowed: true
+
+        route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
         get 'digest' do
           present_recipe_download_urls
         end
@@ -155,10 +173,13 @@ module API
         desc 'Package Download Urls' do
           detail 'This feature was introduced in GitLab 12.5'
         end
+
         params do
           requires :conan_package_reference, type: String, desc: 'Conan package ID'
         end
-        route_setting :authentication, job_token_allowed: true
+
+        route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
         get 'packages/:conan_package_reference/download_urls' do
           present_package_download_urls
         end
@@ -166,7 +187,9 @@ module API
         desc 'Recipe Download Urls' do
           detail 'This feature was introduced in GitLab 12.5'
         end
-        route_setting :authentication, job_token_allowed: true
+
+        route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
         get 'download_urls' do
           present_recipe_download_urls
         end
@@ -181,10 +204,13 @@ module API
         desc 'Package Upload Urls' do
           detail 'This feature was introduced in GitLab 12.4'
         end
+
         params do
           requires :conan_package_reference, type: String, desc: 'Conan package ID'
         end
-        route_setting :authentication, job_token_allowed: true
+
+        route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
         post 'packages/:conan_package_reference/upload_urls' do
           authorize!(:read_package, project)
 
@@ -195,7 +221,9 @@ module API
         desc 'Recipe Upload Urls' do
           detail 'This feature was introduced in GitLab 12.4'
         end
-        route_setting :authentication, job_token_allowed: true
+
+        route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
         post 'upload_urls' do
           authorize!(:read_package, project)
 
@@ -206,7 +234,9 @@ module API
         desc 'Delete Package' do
           detail 'This feature was introduced in GitLab 12.5'
         end
-        route_setting :authentication, job_token_allowed: true
+
+        route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
         delete do
           authorize!(:destroy_package, project)
 
@@ -235,7 +265,9 @@ module API
           desc 'Download recipe files' do
             detail 'This feature was introduced in GitLab 12.6'
           end
-          route_setting :authentication, job_token_allowed: true
+
+          route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
           get do
             download_package_file(:recipe_file)
           end
@@ -243,10 +275,13 @@ module API
           desc 'Upload recipe package files' do
             detail 'This feature was introduced in GitLab 12.6'
           end
+
           params do
             use :workhorse_upload_params
           end
-          route_setting :authentication, job_token_allowed: true
+
+          route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
           put do
             upload_package_file(:recipe_file)
           end
@@ -254,7 +289,9 @@ module API
           desc 'Workhorse authorize the conan recipe file' do
             detail 'This feature was introduced in GitLab 12.6'
           end
-          route_setting :authentication, job_token_allowed: true
+
+          route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
           put 'authorize' do
             authorize_workhorse!(subject: project)
           end
@@ -269,7 +306,9 @@ module API
           desc 'Download package files' do
             detail 'This feature was introduced in GitLab 12.5'
           end
-          route_setting :authentication, job_token_allowed: true
+
+          route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
           get do
             download_package_file(:package_file)
           end
@@ -277,7 +316,9 @@ module API
           desc 'Workhorse authorize the conan package file' do
             detail 'This feature was introduced in GitLab 12.6'
           end
-          route_setting :authentication, job_token_allowed: true
+
+          route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
           put 'authorize' do
             authorize_workhorse!(subject: project)
           end
@@ -285,10 +326,13 @@ module API
           desc 'Upload package files' do
             detail 'This feature was introduced in GitLab 12.6'
           end
+
           params do
             use :workhorse_upload_params
           end
-          route_setting :authentication, job_token_allowed: true
+
+          route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true
+
           put do
             upload_package_file(:package_file)
           end

lib/api/helpers/packages_manager_clients_helpers.rb

@@ -16,16 +16,6 @@ module API
         optional 'file.sha256', type: String, desc: 'SHA256 checksum of the file (generated by Workhorse)'
       end
 
-      def find_personal_access_token_from_http_basic_auth
-        return unless headers
-
-        token = decode_token
-
-        return unless token
-
-        PersonalAccessToken.find_by_token(token)
-      end
-
       def find_job_from_http_basic_auth
         return unless headers
 

lib/api/nuget_packages.rb

@@ -55,7 +55,7 @@ module API
       requires :id, type: String, desc: 'The ID of a project', regexp: POSITIVE_INTEGER_REGEX
     end
 
-    route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth
+    route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
 
     resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
       before do
@@ -68,7 +68,7 @@ module API
           detail 'This feature was introduced in GitLab 12.6'
         end
 
-        route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth
+        route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
 
         get 'index', format: :json do
           authorize_read_package!(authorized_user_project)
@@ -88,7 +88,7 @@ module API
           requires :package, type: ::API::Validations::Types::WorkhorseFile, desc: 'The package file to be published (generated by Multipart middleware)'
         end
 
-        route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth
+        route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
 
         put do
           authorize_upload!(authorized_user_project)
@@ -115,7 +115,7 @@ module API
           forbidden!
         end
 
-        route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth
+        route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
 
         put 'authorize' do
           authorize_workhorse!(subject: authorized_user_project, has_length: false)
@@ -134,7 +134,7 @@ module API
             detail 'This feature was introduced in GitLab 12.8'
           end
 
-          route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth
+          route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
 
           get 'index', format: :json do
             present ::Packages::Nuget::PackagesMetadataPresenter.new(find_packages),
@@ -148,7 +148,7 @@ module API
             requires :package_version, type: String, desc: 'The NuGet package version', regexp: API::NO_SLASH_URL_PART_REGEX
           end
 
-          route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth
+          route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
 
           get '*package_version', format: :json do
             present ::Packages::Nuget::PackageMetadataPresenter.new(find_package),
@@ -169,7 +169,7 @@ module API
             detail 'This feature was introduced in GitLab 12.8'
           end
 
-          route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth
+          route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
 
           get 'index', format: :json do
             present ::Packages::Nuget::PackagesVersionsPresenter.new(find_packages),
@@ -184,7 +184,7 @@ module API
             requires :package_filename, type: String, desc: 'The NuGet package filename', regexp: API::NO_SLASH_URL_PART_REGEX
           end
 
-          route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth
+          route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
 
           get '*package_version/*package_filename', format: :nupkg do
             filename = "#{params[:package_filename]}.#{params[:format]}"
@@ -216,7 +216,7 @@ module API
             detail 'This feature was introduced in GitLab 12.8'
           end
 
-          route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth
+          route_setting :authentication, deploy_token_allowed: true, job_token_allowed: :basic_auth, basic_auth_personal_access_token: true
 
           get format: :json do
             search_options = {

lib/api/pypi_packages.rb

@@ -64,7 +64,7 @@ module API
           requires :sha256, type: String, desc: 'The PyPi package sha256 check sum'
         end
 
-        route_setting :authentication, deploy_token_allowed: true
+        route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true
         get 'files/:sha256/*file_identifier' do
           project = unauthorized_user_project!
 
@@ -87,7 +87,7 @@ module API
 
         # An Api entry point but returns an HTML file instead of JSON.
         # PyPi simple API returns the package descriptor as a simple HTML file.
-        route_setting :authentication, deploy_token_allowed: true
+        route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true
         get 'simple/*package_name', format: :txt do
           authorize_read_package!(authorized_user_project)
 
@@ -117,7 +117,7 @@ module API
           optional :sha256_digest, type: String
         end
 
-        route_setting :authentication, deploy_token_allowed: true
+        route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true
         post do
           authorize_upload!(authorized_user_project)
 
@@ -134,7 +134,7 @@ module API
           forbidden!
         end
 
-        route_setting :authentication, deploy_token_allowed: true
+        route_setting :authentication, deploy_token_allowed: true, basic_auth_personal_access_token: true
         post 'authorize' do
           authorize_workhorse!(subject: authorized_user_project, has_length: false)
         end

spec/lib/api/helpers/packages_manager_clients_helpers_spec.rb

@@ -8,40 +8,6 @@ RSpec.describe API::Helpers::PackagesManagerClientsHelpers do
   let_it_be(:helper) { Class.new.include(described_class).new }
   let(:password) { personal_access_token.token }
 
-  describe '#find_personal_access_token_from_http_basic_auth' do
-    let(:headers) { { Authorization: basic_http_auth(username, password) } }
-
-    subject { helper.find_personal_access_token_from_http_basic_auth }
-
-    before do
-      allow(helper).to receive(:headers).and_return(headers&.with_indifferent_access)
-    end
-
-    context 'with a valid Authorization header' do
-      it { is_expected.to eq personal_access_token }
-    end
-
-    context 'with an invalid Authorization header' do
-      where(:headers) do
-        [
-          [{ Authorization: 'Invalid' }],
-          [{}],
-          [nil]
-        ]
-      end
-
-      with_them do
-        it { is_expected.to be nil }
-      end
-    end
-
-    context 'with an unknown Authorization header' do
-      let(:password) { 'Unknown' }
-
-      it { is_expected.to be nil }
-    end
-  end
-
   describe '#find_job_from_http_basic_auth' do
     let_it_be(:user) { personal_access_token.user }