Commit eede0323 authored by Stan Hu's avatar Stan Hu

Backport GitHub Enterprise import support from EE

These changes were pulled from GitLab EE to support configuring
an alternative API URL than the default https://api.github.com.
In addition, the `verify_ssl` flag allows users to disable SSL cert
checking.

One modification: add a default `args` option if it does not exist
to avoid breaking existing configurations.
parent c01ff1f5
......@@ -8,6 +8,7 @@ v 8.8.0 (unreleased)
- Replace Devise Async with Devise ActiveJob integration. !3902 (Connor Shea)
- Allow "NEWS" and "CHANGES" as alternative names for CHANGELOG. !3768 (Connor Shea)
- Added button to toggle whitespaces changes on diff view
- Backport GitLab Enterprise support from EE
v 8.7.1 (unreleased)
- Throttle the update of `project.last_activity_at` to 1 minute. !3848
......
......@@ -350,6 +350,8 @@ production: &base
# - { name: 'github',
# app_id: 'YOUR_APP_ID',
# app_secret: 'YOUR_APP_SECRET',
# url: "https://github.com/",
# verify_ssl: true,
# args: { scope: 'user:email' } }
# - { name: 'bitbucket',
# app_id: 'YOUR_APP_ID',
......
......@@ -140,6 +140,30 @@ Settings.omniauth.cas3['session_duration'] ||= 8.hours
Settings.omniauth['session_tickets'] ||= Settingslogic.new({})
Settings.omniauth.session_tickets['cas3'] = 'ticket'
# Fill out omniauth-gitlab settings. It is needed for easy set up GHE or GH by just specifying url.
github_default_url = "https://github.com"
github_settings = Settings.omniauth['providers'].find { |provider| provider["name"] == "github"}
if github_settings
# For compatibility with old config files (before 7.8)
# where people dont have url in github settings
if github_settings['url'].blank?
github_settings['url'] = github_default_url
end
github_settings["args"] ||= Settingslogic.new({})
if github_settings["url"].include?(github_default_url)
github_settings["args"]["client_options"] = OmniAuth::Strategies::GitHub.default_options[:client_options]
else
github_settings["args"]["client_options"] = {
"site" => File.join(github_settings["url"], "api/v3"),
"authorize_url" => File.join(github_settings["url"], "login/oauth/authorize"),
"token_url" => File.join(github_settings["url"], "login/oauth/access_token")
}
end
end
Settings['shared'] ||= Settingslogic.new({})
Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root)
......
......@@ -60,12 +60,26 @@ GitHub will generate an application ID and secret key for you to use.
For installation from source:
For GitHub.com:
```
- { name: 'github', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { scope: 'user:email' } }
```
For GitHub Enterprise:
```
- { name: 'github', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
url: "https://github.example.com/",
args: { scope: 'user:email' } }
```
__Replace `https://github.example.com/` with your GitHub URL__
1. Change 'YOUR_APP_ID' to the client ID from the GitHub application page from step 7.
1. Change 'YOUR_APP_SECRET' to the client secret from the GitHub application page from step 7.
......
......@@ -7,12 +7,19 @@ module Gitlab
@client = ::OAuth2::Client.new(
config.app_id,
config.app_secret,
github_options
github_options.merge(ssl: { verify: config['verify_ssl'] })
)
if access_token
::Octokit.auto_paginate = true
@api = ::Octokit::Client.new(access_token: access_token)
@api = ::Octokit::Client.new(
access_token: access_token,
api_endpoint: github_options[:site],
connection_options: {
ssl: { verify: config['verify_ssl'] }
}
)
end
end
......@@ -42,11 +49,11 @@ module Gitlab
private
def config
Gitlab.config.omniauth.providers.find{|provider| provider.name == "github"}
Gitlab.config.omniauth.providers.find { |provider| provider.name == "github" }
end
def github_options
OmniAuth::Strategies::GitHub.default_options[:client_options].to_h.symbolize_keys
config["args"]["client_options"].deep_symbolize_keys
end
end
end
......
......@@ -22,6 +22,8 @@ describe Import::GithubController do
token = "asdasd12345"
allow_any_instance_of(Gitlab::GithubImport::Client).
to receive(:get_token).and_return(token)
allow_any_instance_of(Gitlab::GithubImport::Client).
to receive(:github_options).and_return({})
stub_omniauth_provider('github')
get :callback
......
......@@ -2,15 +2,49 @@ require 'spec_helper'
describe Gitlab::GithubImport::Client, lib: true do
let(:token) { '123456' }
let(:client) { Gitlab::GithubImport::Client.new(token) }
let(:github_provider) { Settingslogic.new('app_id' => 'asd123', 'app_secret' => 'asd123', 'name' => 'github', 'args' => { 'client_options' => {} }) }
subject(:client) { described_class.new(token) }
before do
Gitlab.config.omniauth.providers << OpenStruct.new(app_id: "asd123", app_secret: "asd123", name: "github")
allow(Gitlab.config.omniauth).to receive(:providers).and_return([github_provider])
end
it 'all OAuth2 client options are symbols' do
it 'convert OAuth2 client options to symbols' do
client.client.options.keys.each do |key|
expect(key).to be_kind_of(Symbol)
end
end
it 'does not crash (e.g. Settingslogic::MissingSetting) when verify_ssl config is not present' do
expect { client.api }.not_to raise_error
end
context 'allow SSL verification to be configurable on API' do
before do
github_provider['verify_ssl'] = false
end
it 'uses supplied value' do
expect(client.client.options[:connection_opts][:ssl]).to eq({ verify: false })
expect(client.api.connection_options[:ssl]).to eq({ verify: false })
end
end
context 'when provider does not specity an API endpoint' do
it 'uses GitHub root API endpoint' do
expect(client.api.api_endpoint).to eq 'https://api.github.com/'
end
end
context 'when provider specify a custom API endpoint' do
before do
github_provider['args']['client_options']['site'] = 'https://github.company.com/'
end
it 'uses the custom API endpoint' do
expect(OmniAuth::Strategies::GitHub).not_to receive(:default_options)
expect(client.api.api_endpoint).to eq 'https://github.company.com/'
end
end
end
......@@ -112,9 +112,16 @@ describe Projects::ImportService, services: true do
def stub_github_omniauth_provider
provider = OpenStruct.new(
name: 'github',
app_id: 'asd123',
app_secret: 'asd123'
'name' => 'github',
'app_id' => 'asd123',
'app_secret' => 'asd123',
'args' => {
'client_options' => {
'site' => 'https://github.com/api/v3',
'authorize_url' => 'https://github.com/login/oauth/authorize',
'token_url' => 'https://github.com/login/oauth/access_token'
}
}
)
Gitlab.config.omniauth.providers << provider
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment