gitlab-org--gitlab-foss/lib/api/internal.rb

module API
  # Internal access API
  class Internal < Grape::API
    before { authenticate_by_gitlab_shell_token! }

    helpers ::API::Helpers::InternalHelpers

    namespace 'internal' do
      # Check if git command is allowed to project
      #
      # Params:
      #   key_id - ssh key id for Git over SSH
      #   user_id - user id for Git over HTTP
      #   project - project path with namespace
      #   action - git action (git-upload-pack or git-receive-pack)
      #   ref - branch name
      #   forced_push - forced_push
      #   protocol - Git access protocol being used, e.g. HTTP or SSH
      post "/allowed" do
        status 200

        actor =
          if params[:key_id]
            Key.find_by(id: params[:key_id])
          elsif params[:user_id]
            User.find_by(id: params[:user_id])
          end

        protocol = params[:protocol]

        access =
          if wiki?
            Gitlab::GitAccessWiki.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities)
          else
            Gitlab::GitAccess.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities)
          end

        access_status = access.check(params[:action], params[:changes])

        response = { status: access_status.status, message: access_status.message }

        if access_status.status
          # Return the repository full path so that gitlab-shell has it when
          # handling ssh commands
          response[:repository_path] =
            if wiki?
              project.wiki.repository.path_to_repo
            else
              project.repository.path_to_repo
            end
        end

        response
      end

      post "/lfs_authenticate" do
        status 200

        key = Key.find(params[:key_id])
        token_handler = Gitlab::LfsToken.new(key)

        {
          username: token_handler.actor_name,
          lfs_token: token_handler.token,
          repository_http_path: project.http_url_to_repo
        }
      end

      get "/merge_request_urls" do
        ::MergeRequests::GetUrlsService.new(project).execute(params[:changes])
      end

      #
      # Discover user by ssh key
      #
      get "/discover" do
        key = Key.find(params[:key_id])
        present key.user, with: Entities::UserSafe
      end

      get "/check" do
        {
          api_version: API.version,
          gitlab_version: Gitlab::VERSION,
          gitlab_rev: Gitlab::REVISION,
        }
      end

      get "/broadcast_message" do
        if message = BroadcastMessage.current
          present message, with: Entities::BroadcastMessage
        else
          {}
        end
      end

      post '/two_factor_recovery_codes' do
        status 200

        key = Key.find_by(id: params[:key_id])

        unless key
          return { 'success' => false, 'message' => 'Could not find the given key' }
        end

        if key.is_a?(DeployKey)
          return { success: false, message: 'Deploy keys cannot be used to retrieve recovery codes' }
        end

        user = key.user

        unless user
          return { success: false, message: 'Could not find a user for the given key' }
        end

        unless user.two_factor_enabled?
          return { success: false, message: 'Two-factor authentication is not enabled for this user' }
        end

        codes = user.generate_otp_backup_codes!
        user.save!

        { success: true, recovery_codes: codes }
      end
    end
  end
end
Refactor API classes. So api classes like Gitlab::Issues become API::Issues 2013-05-14 08:33:31 -04:00			`module API`
Fixed: post-receive, project remove, tests 2013-02-05 05:47:50 -05:00			`# Internal access API`
Internal API 2013-02-04 10:53:43 -05:00			`class Internal < Grape::API`
Avoid using {...} for multi-line blocks 2015-02-03 00:22:57 -05:00			`before { authenticate_by_gitlab_shell_token! }`
add gitlab-shell identification 2014-10-15 11:26:15 -04:00
Fix POST /internal/allowed to cope with gitlab-shell v4.0.0 project paths gitlab-shell v3.6.6 would give project paths like so: * namespace/project gitlab-shell v4.0.0 can give project paths like so: * /namespace1/namespace2/project * /namespace/project * /path/to/repository/storage/namespace1/namespace2/project * /path/to/repository/storage/namespace/project 2016-11-15 10:02:44 -05:00			`helpers ::API::Helpers::InternalHelpers`

Fixed: post-receive, project remove, tests 2013-02-05 05:47:50 -05:00			`namespace 'internal' do`
Use GitAccess in internal api Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-19 15:02:12 -04:00			`# Check if git command is allowed to project`
Fixed: post-receive, project remove, tests 2013-02-05 05:47:50 -05:00			`#`
specs for api/internal 2013-02-26 15:53:59 -05:00			`# Params:`
Use GitAccess in internal api Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-03-19 15:02:12 -04:00			`# key_id - ssh key id for Git over SSH`
			`# user_id - user id for Git over HTTP`
specs for api/internal 2013-02-26 15:53:59 -05:00			`# project - project path with namespace`
			`# action - git action (git-upload-pack or git-receive-pack)`
			`# ref - branch name`
first setup to protect protected branched to force updates 2014-01-28 16:36:50 -05:00			`# forced_push - forced_push`
Only allow Git Access on the allowed protocol 2016-06-20 21:40:56 -04:00			`# protocol - Git access protocol being used, e.g. HTTP or SSH`
/api/allowed use POST now Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-03 02:06:16 -04:00			`post "/allowed" do`
Make sure /api/allowed return 200 status code Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-09-03 06:33:44 -04:00			`status 200`
Don't leak information about private project existence via Git-over-SSH/HTTP. 2015-02-23 17:14:57 -05:00
Add "action" tag to /internal/allowed API This allows us to re-use any other analytics that rely on the "action" tag having a value set. 2016-04-18 11:42:48 -04:00			`actor =`
Refactor GitAccess to use instance variables. 2015-03-24 09:10:55 -04:00			`if params[:key_id]`
			`Key.find_by(id: params[:key_id])`
			`elsif params[:user_id]`
			`User.find_by(id: params[:user_id])`
			`end`
Don't leak information about private project existence via Git-over-SSH/HTTP. 2015-02-23 17:14:57 -05:00
Only allow Git Access on the allowed protocol 2016-06-20 21:40:56 -04:00			`protocol = params[:protocol]`

Improve Git access error messages. 2015-05-10 17:07:35 -04:00			`access =`
updated internal.rb and spec based on MR feedback 2016-02-26 04:40:30 -05:00			`if wiki?`
Rename capabilities to authentication_abilities 2016-09-16 03:59:10 -04:00			`Gitlab::GitAccessWiki.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities)`
Improve Git access error messages. 2015-05-10 17:07:35 -04:00			`else`
Rename capabilities to authentication_abilities 2016-09-16 03:59:10 -04:00			`Gitlab::GitAccess.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities)`
Improve Git access error messages. 2015-05-10 17:07:35 -04:00			`end`
deploy keys support for gitlab-shell api 2013-02-07 02:56:13 -05:00
Refactor repository paths handling to allow multiple git mount points 2016-06-22 17:04:51 -04:00			`access_status = access.check(params[:action], params[:changes])`

			`response = { status: access_status.status, message: access_status.message }`

			`if access_status.status`
			`# Return the repository full path so that gitlab-shell has it when`
			`# handling ssh commands`
Fix a bug where the project's repository path was returned instead of the wiki path 2016-07-15 21:31:26 -04:00			`response[:repository_path] =`
			`if wiki?`
			`project.wiki.repository.path_to_repo`
			`else`
			`project.repository.path_to_repo`
			`end`
Refactor repository paths handling to allow multiple git mount points 2016-06-22 17:04:51 -04:00			`end`

			`response`
Fixed: post-receive, project remove, tests 2013-02-05 05:47:50 -05:00			`end`

Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00			`post "/lfs_authenticate" do`
			`status 200`

			`key = Key.find(params[:key_id])`
			`token_handler = Gitlab::LfsToken.new(key)`

			`{`
			`username: token_handler.actor_name,`
Handle LFS token creation and retrieval in the same method, and in the same Redis connection. Reset expiry time of token, if token is retrieved again before it expires. 2016-09-28 12:02:31 -04:00			`lfs_token: token_handler.token,`
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. 2016-09-19 10:34:32 -04:00			`repository_http_path: project.http_url_to_repo`
			`}`
			`end`

api for generating new merge request DRY code + fix rubocop Add more test cases Append to changelog DRY changes list find_url service for merge_requests use GET for getting merge request links remove files rename to get_url_service reduce loop add test case for cross project refactor tiny thing update changelog 2016-07-28 00:04:57 -04:00			`get "/merge_request_urls" do`
			`::MergeRequests::GetUrlsService.new(project).execute(params[:changes])`
			`end`

Fixed: post-receive, project remove, tests 2013-02-05 05:47:50 -05:00			`#`
			`# Discover user by ssh key`
			`#`
			`get "/discover" do`
			`key = Key.find(params[:key_id])`
Reduce amount of user info provided with internal api 2013-03-11 08:35:00 -04:00			`present key.user, with: Entities::UserSafe`
Fixed: post-receive, project remove, tests 2013-02-05 05:47:50 -05:00			`end`
api check call 2013-02-05 08:55:49 -05:00
			`get "/check" do`
			`{`
Refactor API classes. So api classes like Gitlab::Issues become API::Issues 2013-05-14 08:33:31 -04:00			`api_version: API.version,`
uppercase Gitlab version and revision constants. check api return gitlab version now 2013-02-16 07:42:22 -05:00			`gitlab_version: Gitlab::VERSION,`
			`gitlab_rev: Gitlab::REVISION,`
api check call 2013-02-05 08:55:49 -05:00			`}`
			`end`
Add internal broadcast message API. 2015-02-07 10:41:30 -05:00
			`get "/broadcast_message" do`
			`if message = BroadcastMessage.current`
			`present message, with: Entities::BroadcastMessage`
Improve broadcast message API 2015-02-18 17:58:20 -05:00			`else`
			`{}`
Add internal broadcast message API. 2015-02-07 10:41:30 -05:00			`end`
			`end`
Add two factor recovery endpoint to internal API 2016-07-26 17:48:51 -04:00
			`post '/two_factor_recovery_codes' do`
			`status 200`

Minor edits to two_factor_recovery_codes API error catching 2016-08-24 20:58:05 -04:00			`key = Key.find_by(id: params[:key_id])`

			`unless key`
			`return { 'success' => false, 'message' => 'Could not find the given key' }`
			`end`
Add two factor recovery endpoint to internal API 2016-07-26 17:48:51 -04:00
Minor edits to two_factor_recovery_codes API error catching 2016-08-24 20:58:05 -04:00			`if key.is_a?(DeployKey)`
Add two factor recovery endpoint to internal API 2016-07-26 17:48:51 -04:00			`return { success: false, message: 'Deploy keys cannot be used to retrieve recovery codes' }`
			`end`

Minor edits to two_factor_recovery_codes API error catching 2016-08-24 20:58:05 -04:00			`user = key.user`

			`unless user`
Add two factor recovery endpoint to internal API 2016-07-26 17:48:51 -04:00			`return { success: false, message: 'Could not find a user for the given key' }`
			`end`

			`unless user.two_factor_enabled?`
			`return { success: false, message: 'Two-factor authentication is not enabled for this user' }`
			`end`

			`codes = user.generate_otp_backup_codes!`
			`user.save!`

			`{ success: true, recovery_codes: codes }`
			`end`
Internal API 2013-02-04 10:53:43 -05:00			`end`
			`end`
			`end`