Merge branch 'dblessing_find_for_git_http_client' into 'master'

Refactor git http controllers to rely on auth results differently See merge request gitlab-org/gitlab!75052

Merge branch 'dblessing_find_for_git_http_client' into 'master'
Refactor git http controllers to rely on auth results differently See merge request gitlab-org/gitlab!75052
ed07da5c · James Fargher · 890626fc · e6cc4e90 · ed07da5c · ed07da5c
Commit ed07da5c authored Dec 02, 2021 by James Fargher
4 changed files
--- a/app/controllers/repositories/git_http_client_controller.rb
+++ b/app/controllers/repositories/git_http_client_controller.rb
@@ -8,12 +8,9 @@ module Repositories
    attr_reader :authentication_result, :redirected_path
-    delegate :actor, :authentication_abilities, to: :authentication_result, allow_nil: true
+    delegate :authentication_abilities, to: :authentication_result, allow_nil: true
    delegate :type, to: :authentication_result, allow_nil: true, prefix: :auth_result
-    alias_method :user, :actor
-    alias_method :authenticated_user, :actor
    # Git clients will not know what authenticity token to send along
    skip_around_action :set_session_storage
    skip_before_action :verify_authenticity_token
@@ -22,8 +19,16 @@ module Repositories
    feature_category :source_code_management
+    def authenticated_user
+      authentication_result&.user || authentication_result&.deploy_token
+    end
    private
+    def user
+      authenticated_user
+    end
    def download_request?
      raise NotImplementedError
    end

--- a/ee/app/controllers/ee/repositories/git_http_controller.rb
+++ b/ee/app/controllers/ee/repositories/git_http_controller.rb
@@ -30,6 +30,7 @@ module EE
      private
+      override :user
      def user
        super || geo_push_user&.user
      end

--- a/spec/controllers/repositories/git_http_controller_spec.rb
+++ b/spec/controllers/repositories/git_http_controller_spec.rb
@@ -90,6 +90,14 @@ RSpec.describe Repositories::GitHttpController do
        end
      end
    end
+    context 'when the user is a deploy token' do
+      it_behaves_like Repositories::GitHttpController do
+        let(:container) { project }
+        let(:user) { create(:deploy_token, :project, projects: [project]) }
+        let(:access_checker_class) { Gitlab::GitAccess }
+      end
+    end
  end
  context 'when repository container is a project wiki' do

--- a/spec/support/shared_examples/controllers/repositories/git_http_controller_shared_examples.rb
+++ b/spec/support/shared_examples/controllers/repositories/git_http_controller_shared_examples.rb
@@ -50,7 +50,8 @@ RSpec.shared_examples Repositories::GitHttpController do
    context 'with authorized user' do
      before do
-        request.headers.merge! auth_env(user.username, user.password, nil)
+        password = user.try(:password) || user.try(:token)
+        request.headers.merge! auth_env(user.username, password, nil)
      end
      it 'returns 200' do
@@ -71,9 +72,10 @@ RSpec.shared_examples Repositories::GitHttpController do
        it 'adds user info to the logs' do
          get :info_refs, params: params
-          expect(log_data).to include('username' => user.username,
+          user_log_data = { 'username' => user.username, 'user_id' => user.id }
-                                      'user_id' => user.id,
+          user_log_data['meta.user'] = user.username if user.is_a?(User)
-                                      'meta.user' => user.username)
+          expect(log_data).to include(user_log_data)
        end
      end
    end