Commit 74112de9 authored by Valery Sizov's avatar Valery Sizov

Fix: Geo should be able to replicate Personal snippets

Personal snippets are not tiesd to any project
so we don't have to check project presence
parent f87e72cd
...@@ -47,7 +47,7 @@ module EE ...@@ -47,7 +47,7 @@ module EE
end end
def geo? def geo?
authentication_result.geo?(project) authentication_result.geo?
end end
override :access_actor override :access_actor
......
...@@ -8,13 +8,11 @@ module EE ...@@ -8,13 +8,11 @@ module EE
override :success? override :success?
def success? def success?
type == :geo || super geo? || super
end end
def geo?(for_project) def geo?
type == :geo && type == :geo
project &&
project == for_project
end end
end end
end end
......
...@@ -15,6 +15,33 @@ RSpec.describe Repositories::GitHttpController, type: :request do ...@@ -15,6 +15,33 @@ RSpec.describe Repositories::GitHttpController, type: :request do
project.add_developer(user) project.add_developer(user)
end end
describe 'POST #git_upload_pack' do
context 'geo pulls a personal snippet' do
let_it_be(:snippet) { create(:personal_snippet, :repository, author: user) }
let_it_be(:path) { "snippets/#{snippet.id}.git" }
before do
allow(::Gitlab::Geo::JwtRequestDecoder).to receive(:geo_auth_attempt?).and_return(true)
end
it 'allows access' do
allow_any_instance_of(::Gitlab::Geo::JwtRequestDecoder).to receive(:decode).and_return({ scope: "snippets/#{snippet.id}" })
clone_get(path, **env)
expect(response).to have_gitlab_http_status(:ok)
end
it 'does not allow access if scope is wrong' do
allow_any_instance_of(::Gitlab::Geo::JwtRequestDecoder).to receive(:decode).and_return({ scope: "wron-scope" })
clone_get(path, **env)
expect(response).to have_gitlab_http_status(:unauthorized)
end
end
end
describe 'GET #info_refs' do describe 'GET #info_refs' do
context 'smartcard session required' do context 'smartcard session required' do
subject { clone_get(path, **env) } subject { clone_get(path, **env) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment