Resolve possible cherry pick API race condition

Previously, we just fetched the latest commit for the given branch when presenting the resulting commit, but because something could have been committed to that branch between the time we cherry-picked and the time we render the result, the wrong commit could have been presented. Now, we fetch the commit object with the commit SHA returned by the commit change service, which should always be the correct commit. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/53773
2018-11-09 16:34:17 +00:00 · 2018-11-09 16:34:17 +00:00 · 11dd9d6e1f
commit 11dd9d6e1f
parent 57cee17673
2 changed files with 10 additions and 3 deletions
--- a/changelogs/unreleased/rs-cherry-pick-api.yml
+++ b/changelogs/unreleased/rs-cherry-pick-api.yml
@ -0,0 +1,5 @@
+---
+title: Resolve possible cherry pick API race condition
+merge_request:
+author:
+type: fixed
--- a/lib/api/commits.rb
+++ b/lib/api/commits.rb
@ -194,11 +194,13 @@ module API
          branch_name: params[:branch]
        }

-        result = ::Commits::CherryPickService.new(user_project, current_user, commit_params).execute
+        result = ::Commits::CherryPickService
+          .new(user_project, current_user, commit_params)
+          .execute

        if result[:status] == :success
-          branch = find_branch!(params[:branch])
-          present user_project.repository.commit(branch.dereferenced_target), with: Entities::Commit
+          present user_project.repository.commit(result[:result]),
+            with: Entities::Commit
        else
          render_api_error!(result[:message], 400)
        end