Commit 6b120d08 authored by Fabio Pitino's avatar Fabio Pitino

Merge branch 'constant-gitlab-ci-token-username' into 'master'

Extract literal string into constant (gitlab-ci-token)

See merge request gitlab-org/gitlab!37899
parents e10b129e 842f683f
......@@ -524,8 +524,6 @@ module Ci
end
end
CI_REGISTRY_USER = 'gitlab-ci-token'
def persisted_variables
Gitlab::Ci::Variables::Collection.new.tap do |variables|
break variables unless persisted?
......@@ -537,7 +535,7 @@ module Ci
.append(key: 'CI_JOB_TOKEN', value: token.to_s, public: false, masked: true)
.append(key: 'CI_BUILD_ID', value: id.to_s)
.append(key: 'CI_BUILD_TOKEN', value: token.to_s, public: false, masked: true)
.append(key: 'CI_REGISTRY_USER', value: CI_REGISTRY_USER)
.append(key: 'CI_REGISTRY_USER', value: ::Gitlab::Auth::CI_REGISTRY_USER)
.append(key: 'CI_REGISTRY_PASSWORD', value: token.to_s, public: false, masked: true)
.append(key: 'CI_REPOSITORY_URL', value: repo_url.to_s, public: false)
.concat(deploy_token_variables)
......@@ -596,7 +594,7 @@ module Ci
def repo_url
return unless token
auth = "gitlab-ci-token:#{token}@"
auth = "#{::Gitlab::Auth::CI_JOB_USER}:#{token}@"
project.http_url_to_repo.sub(%r{^https?://}) do |prefix|
prefix + auth
end
......
......@@ -26,6 +26,9 @@ module Gitlab
# Default scopes for OAuth applications that don't define their own
DEFAULT_SCOPES = [:api].freeze
CI_JOB_USER = 'gitlab-ci-token'
CI_REGISTRY_USER = 'gitlab-ci-token'
class << self
prepend_if_ee('EE::Gitlab::Auth') # rubocop: disable Cop/InjectEnterpriseEditionModule
......@@ -126,7 +129,7 @@ module Gitlab
# rubocop:enable Gitlab/RailsLogger
def skip_rate_limit?(login:)
::Ci::Build::CI_REGISTRY_USER == login
CI_REGISTRY_USER == login
end
def look_to_limit_user(actor)
......@@ -254,7 +257,7 @@ module Gitlab
end
def build_access_token_check(login, password)
return unless login == 'gitlab-ci-token'
return unless login == CI_JOB_USER
return unless password
build = find_build_by_token(password)
......
......@@ -82,7 +82,7 @@ module Gitlab
login, password = user_name_and_password(current_request)
return unless login.present? && password.present?
return unless ::Ci::Build::CI_REGISTRY_USER == login
return unless ::Gitlab::Auth::CI_REGISTRY_USER == login
job = ::Ci::Build.find_by_token(password)
raise UnauthorizedError unless job
......
......@@ -554,7 +554,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do
end
context 'with CI username' do
let(:username) { ::Ci::Build::CI_REGISTRY_USER }
let(:username) { ::Gitlab::Auth::CI_REGISTRY_USER }
let(:user) { create(:user) }
let(:build) { create(:ci_build, user: user) }
......@@ -727,7 +727,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do
context 'when the job token is provided via basic auth' do
let(:route_authentication_setting) { { job_token_allowed: :basic_auth } }
let(:username) { Ci::Build::CI_REGISTRY_USER }
let(:username) { ::Gitlab::Auth::CI_REGISTRY_USER }
let(:token) { job.token }
before do
......
......@@ -149,7 +149,9 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
end
context 'build token' do
subject { gl_auth.find_for_git_client('gitlab-ci-token', build.token, project: project, ip: 'ip') }
subject { gl_auth.find_for_git_client(username, build.token, project: project, ip: 'ip') }
let(:username) { 'gitlab-ci-token' }
context 'for running build' do
let!(:build) { create(:ci_build, :running) }
......@@ -170,6 +172,14 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
expect(subject).to eq(Gitlab::Auth::Result.new(nil, nil, nil, nil))
end
context 'username is not gitlab-ci-token' do
let(:username) { 'another_username' }
it 'fails to authenticate' do
expect(subject).to eq(Gitlab::Auth::Result.new(nil, nil, nil, nil))
end
end
end
(Ci::HasStatus::AVAILABLE_STATUSES - ['running']).each do |build_status|
......
......@@ -8,7 +8,7 @@ module HttpBasicAuthHelpers
end
def job_basic_auth_header(job)
basic_auth_header(Ci::Build::CI_REGISTRY_USER, job.token)
basic_auth_header(::Gitlab::Auth::CI_REGISTRY_USER, job.token)
end
def client_basic_auth_header(client)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment