Commit 4c7449e4 authored by Sean McGivern's avatar Sean McGivern Committed by Simon Knox

Merge branch 'race-condition-in-project-uploads-fix-9-4' into 'security-9-4'

Fixes race condition in project uploads

See merge request !2141
parent f4a4aa0d
...@@ -12,7 +12,19 @@ class Import::GitlabProjectsController < Import::BaseController ...@@ -12,7 +12,19 @@ class Import::GitlabProjectsController < Import::BaseController
return redirect_back_or_default(options: { alert: "You need to upload a GitLab project export archive." }) return redirect_back_or_default(options: { alert: "You need to upload a GitLab project export archive." })
end end
<<<<<<< HEAD
@project = ::Projects::GitlabProjectsImportService.new(current_user, project_params).execute @project = ::Projects::GitlabProjectsImportService.new(current_user, project_params).execute
=======
import_upload_path = Gitlab::ImportExport.import_upload_path(filename: tmp_filename)
FileUtils.mkdir_p(File.dirname(import_upload_path))
FileUtils.copy_entry(project_params[:file].path, import_upload_path)
@project = Gitlab::ImportExport::ProjectCreator.new(project_params[:namespace_id],
current_user,
import_upload_path,
project_params[:path]).execute
>>>>>>> 04a0f226c4... Merge branch 'race-condition-in-project-uploads-fix-9-4' into 'security-9-4'
if @project.saved? if @project.saved?
redirect_to( redirect_to(
...@@ -26,6 +38,10 @@ class Import::GitlabProjectsController < Import::BaseController ...@@ -26,6 +38,10 @@ class Import::GitlabProjectsController < Import::BaseController
private private
def tmp_filename
"#{SecureRandom.hex}_#{project_params[:file].original_filename}"
end
def file_is_valid? def file_is_valid?
project_params[:file] && project_params[:file].respond_to?(:read) project_params[:file] && project_params[:file].respond_to?(:read)
end end
......
---
title: Fixes race condition in project uploads
merge_request:
author:
...@@ -32,7 +32,15 @@ feature 'Import/Export - project import integration test', js: true do ...@@ -32,7 +32,15 @@ feature 'Import/Export - project import integration test', js: true do
expect(URI.parse(current_url).query).to eq("namespace_id=#{namespace.id}&path=test-project-path") expect(URI.parse(current_url).query).to eq("namespace_id=#{namespace.id}&path=test-project-path")
expect(Gitlab::ImportExport).to receive(:import_upload_path).with(filename: /\A\h{32}_test-project-path\z/).and_call_original expect(Gitlab::ImportExport).to receive(:import_upload_path).with(filename: /\A\h{32}_test-project-path\z/).and_call_original
<<<<<<< HEAD
attach_file('file', file) attach_file('file', file)
=======
expect(page).to have_content('GitLab project export')
expect(URI.parse(current_url).query).to eq("namespace_id=#{namespace.id}&path=test-project-path")
expect(Gitlab::ImportExport).to receive(:import_upload_path).with(filename: /\A[0-9a-f]{32}_test_project_export\.tar\.gz\z/).and_call_original
attach_file('file', file)
>>>>>>> 04a0f226c4... Merge branch 'race-condition-in-project-uploads-fix-9-4' into 'security-9-4'
expect { click_on 'Import project' }.to change { Project.count }.by(1) expect { click_on 'Import project' }.to change { Project.count }.by(1)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment