Commit 710cd82c authored by Rémy Coutable's avatar Rémy Coutable

Set Git-specific env in /api/internal/allowed

Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent 05aa038c
......@@ -53,12 +53,12 @@ module API
]
end
def parse_allowed_environment_variables
return if params[:env].blank?
def parse_env
return {} if params[:env].blank?
JSON.parse(params[:env])
rescue JSON::ParserError
{}
end
end
end
......
......@@ -11,14 +11,16 @@ module API
# Params:
# key_id - ssh key id for Git over SSH
# user_id - user id for Git over HTTP
# protocol - Git access protocol being used, e.g. HTTP or SSH
# project - project path with namespace
# action - git action (git-upload-pack or git-receive-pack)
# ref - branch name
# forced_push - forced_push
# protocol - Git access protocol being used, e.g. HTTP or SSH
# changes - changes as "oldrev newrev ref", see Gitlab::ChangesList
post "/allowed" do
status 200
# Stores some Git-specific env thread-safely
Gitlab::Git::Env.set(parse_env)
actor =
if params[:key_id]
Key.find_by(id: params[:key_id])
......@@ -30,18 +32,10 @@ module API
actor.update_last_used_at if actor.is_a?(Key)
access =
if wiki?
Gitlab::GitAccessWiki.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities)
else
Gitlab::GitAccess.new(actor,
project,
protocol,
authentication_abilities: ssh_authentication_abilities,
env: parse_allowed_environment_variables)
end
access_status = access.check(params[:action], params[:changes])
access_checker = wiki? ? Gitlab::GitAccessWiki : Gitlab::GitAccess
access_status = access_checker
.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities)
.check(params[:action], params[:changes])
response = { status: access_status.status, message: access_status.message }
......
......@@ -153,6 +153,22 @@ describe API::Internal, api: true do
project.team << [user, :developer]
end
context 'with env passed as a JSON' do
it 'sets env in RequestStore' do
expect(Gitlab::Git::Env).to receive(:set).with({
'GIT_OBJECT_DIRECTORY' => 'foo',
'GIT_ALTERNATE_OBJECT_DIRECTORIES' => 'bar'
})
push(key, project.wiki, env: {
GIT_OBJECT_DIRECTORY: 'foo',
GIT_ALTERNATE_OBJECT_DIRECTORIES: 'bar'
}.to_json)
expect(response).to have_http_status(200)
end
end
context "git push with project.wiki" do
it 'responds with success' do
push(key, project.wiki)
......@@ -463,7 +479,7 @@ describe API::Internal, api: true do
)
end
def push(key, project, protocol = 'ssh')
def push(key, project, protocol = 'ssh', env: nil)
post(
api("/internal/allowed"),
changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master',
......@@ -471,7 +487,8 @@ describe API::Internal, api: true do
project: project.repository.path_to_repo,
action: 'git-receive-pack',
secret_token: secret_token,
protocol: protocol
protocol: protocol,
env: env
)
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment