Refactored LFS auth logic when using SSH to use its own API endpoint `/lfs_authenticate` and added tests.
This commit is contained in:
Patricio Cano
parent
cb85cf1f0a
commit
48f1a61fd5
|
|
@ -69,15 +69,29 @@ module API
|
|||
else
|
||||
project.repository.path_to_repo
|
||||
end
|
||||
|
||||
# Return HTTP full path, so that gitlab-shell has this information
|
||||
# ready for git-lfs-authenticate
|
||||
response[:repository_http_path] = project.http_url_to_repo
|
||||
end
|
||||
|
||||
response
|
||||
end
|
||||
|
||||
post "/lfs_authenticate" do
|
||||
status 200
|
||||
|
||||
key = Key.find(params[:key_id])
|
||||
user = key.user
|
||||
|
||||
if user
|
||||
token = Gitlab::LfsToken.new(user).generate
|
||||
response = { username: user.username, lfs_token: token }
|
||||
else
|
||||
token = Gitlab::LfsToken.new(key).generate
|
||||
response = { username: "lfs-deploy-key-#{key.id}", lfs_token: token }
|
||||
end
|
||||
|
||||
response[:repository_http_path] = project.http_url_to_repo
|
||||
response
|
||||
end
|
||||
|
||||
get "/merge_request_urls" do
|
||||
::MergeRequests::GetUrlsService.new(project).execute(params[:changes])
|
||||
end
|
||||
|
|
@ -87,15 +101,7 @@ module API
|
|||
#
|
||||
get "/discover" do
|
||||
key = Key.find(params[:key_id])
|
||||
user = key.user
|
||||
|
||||
if user
|
||||
token = Gitlab::LfsToken.new(user).set_token
|
||||
{ name: user.name, username: user.username, lfs_token: token }
|
||||
else
|
||||
token = Gitlab::LfsToken.new(key).set_token
|
||||
{ username: "lfs-deploy-key-#{key.id}", lfs_token: token }
|
||||
end
|
||||
present key.user, with: Entities::UserSafe
|
||||
end
|
||||
|
||||
get "/check" do
|
||||
|
|
|
|||
|
|
@ -119,11 +119,11 @@ module Gitlab
|
|||
def lfs_token_check(login, password)
|
||||
if login.include?('lfs-deploy-key')
|
||||
key = DeployKey.find(login.gsub('lfs-deploy-key-', ''))
|
||||
token = Gitlab::LfsToken.new(key).get_value
|
||||
token = Gitlab::LfsToken.new(key).value
|
||||
Result.new(key, :lfs_deploy_token) if key && token == password
|
||||
else
|
||||
user = User.by_login(login)
|
||||
token = Gitlab::LfsToken.new(user).get_value
|
||||
token = Gitlab::LfsToken.new(user).value
|
||||
Result.new(user, :lfs_token) if user && token == password
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -6,15 +6,17 @@ module Gitlab
|
|||
@actor = actor
|
||||
end
|
||||
|
||||
def set_token
|
||||
def generate
|
||||
token = Devise.friendly_token(50)
|
||||
|
||||
Gitlab::Redis.with do |redis|
|
||||
redis.set(redis_key, token, ex: 3600)
|
||||
redis.set(redis_key, token, ex: 600)
|
||||
end
|
||||
|
||||
token
|
||||
end
|
||||
|
||||
def get_value
|
||||
def value
|
||||
Gitlab::Redis.with do |redis|
|
||||
redis.get(redis_key)
|
||||
end
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ describe Gitlab::Auth, lib: true do
|
|||
it 'recognizes user lfs tokens' do
|
||||
user = create(:user)
|
||||
ip = 'ip'
|
||||
token = Gitlab::LfsToken.new(user).set_token
|
||||
token = Gitlab::LfsToken.new(user).generate
|
||||
|
||||
expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: user.username)
|
||||
expect(gl_auth.find_for_git_client(user.username, token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(user, :lfs_token))
|
||||
|
|
@ -35,7 +35,7 @@ describe Gitlab::Auth, lib: true do
|
|||
it 'recognizes deploy key lfs tokens' do
|
||||
key = create(:deploy_key)
|
||||
ip = 'ip'
|
||||
token = Gitlab::LfsToken.new(key).set_token
|
||||
token = Gitlab::LfsToken.new(key).generate
|
||||
|
||||
expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: "lfs-deploy-key-#{key.id}")
|
||||
expect(gl_auth.find_for_git_client("lfs-deploy-key-#{key.id}", token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(key, :lfs_deploy_token))
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ describe Gitlab::LfsToken, lib: true do
|
|||
describe '#set_token and #get_value' do
|
||||
shared_examples 'an LFS token generator' do
|
||||
it 'returns a randomly generated token' do
|
||||
token = handler.set_token
|
||||
token = handler.generate
|
||||
|
||||
expect(token).not_to be_nil
|
||||
expect(token).to be_a String
|
||||
|
|
@ -12,9 +12,9 @@ describe Gitlab::LfsToken, lib: true do
|
|||
end
|
||||
|
||||
it 'returns the correct token based on the key' do
|
||||
token = handler.set_token
|
||||
token = handler.generate
|
||||
|
||||
expect(handler.get_value).to eq(token)
|
||||
expect(handler.value).to eq(token)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -100,15 +100,20 @@ describe API::API, api: true do
|
|||
end
|
||||
end
|
||||
|
||||
describe "GET /internal/discover" do
|
||||
describe "POST /internal/lfs_authenticate" do
|
||||
before do
|
||||
project.team << [user, :developer]
|
||||
end
|
||||
|
||||
context 'user key' do
|
||||
it 'returns the correct information about the key' do
|
||||
get(api("/internal/discover"), key_id: key.id, secret_token: secret_token)
|
||||
lfs_auth(key, project)
|
||||
|
||||
expect(response).to have_http_status(200)
|
||||
expect(json_response['username']).to eq(user.username)
|
||||
expect(json_response['lfs_token']).to eq(Gitlab::LfsToken.new(user).value)
|
||||
|
||||
expect(json_response['name']).to eq(user.name)
|
||||
expect(json_response['lfs_token']).to eq(Gitlab::LfsToken.new(user).get_value)
|
||||
expect(json_response['repository_http_path']).to eq(project.http_url_to_repo)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -116,16 +121,26 @@ describe API::API, api: true do
|
|||
let(:key) { create(:deploy_key) }
|
||||
|
||||
it 'returns the correct information about the key' do
|
||||
get(api("/internal/discover"), key_id: key.id, secret_token: secret_token)
|
||||
lfs_auth(key, project)
|
||||
|
||||
expect(response).to have_http_status(200)
|
||||
|
||||
expect(json_response['username']).to eq("lfs-deploy-key-#{key.id}")
|
||||
expect(json_response['lfs_token']).to eq(Gitlab::LfsToken.new(key).get_value)
|
||||
expect(json_response['lfs_token']).to eq(Gitlab::LfsToken.new(key).value)
|
||||
expect(json_response['repository_http_path']).to eq(project.http_url_to_repo)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /internal/discover" do
|
||||
it do
|
||||
get(api("/internal/discover"), key_id: key.id, secret_token: secret_token)
|
||||
|
||||
expect(response).to have_http_status(200)
|
||||
|
||||
expect(json_response['name']).to eq(user.name)
|
||||
end
|
||||
end
|
||||
|
||||
describe "POST /internal/allowed" do
|
||||
context "access granted" do
|
||||
before do
|
||||
|
|
@ -159,7 +174,6 @@ describe API::API, api: true do
|
|||
expect(response).to have_http_status(200)
|
||||
expect(json_response["status"]).to be_truthy
|
||||
expect(json_response["repository_path"]).to eq(project.repository.path_to_repo)
|
||||
expect(json_response["repository_http_path"]).to eq(project.http_url_to_repo)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -170,7 +184,6 @@ describe API::API, api: true do
|
|||
expect(response).to have_http_status(200)
|
||||
expect(json_response["status"]).to be_truthy
|
||||
expect(json_response["repository_path"]).to eq(project.repository.path_to_repo)
|
||||
expect(json_response["repository_http_path"]).to eq(project.http_url_to_repo)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -407,4 +420,13 @@ describe API::API, api: true do
|
|||
protocol: 'ssh'
|
||||
)
|
||||
end
|
||||
|
||||
def lfs_auth(key, project)
|
||||
post(
|
||||
api("/internal/lfs_authenticate"),
|
||||
key_id: key.id,
|
||||
secret_token: secret_token,
|
||||
project: project.path_with_namespace
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -917,7 +917,7 @@ describe 'Git LFS API and storage' do
|
|||
end
|
||||
|
||||
def authorize_deploy_key
|
||||
ActionController::HttpAuthentication::Basic.encode_credentials("lfs-deploy-key-#{key.id}", Gitlab::LfsToken.new(key).set_token)
|
||||
ActionController::HttpAuthentication::Basic.encode_credentials("lfs-deploy-key-#{key.id}", Gitlab::LfsToken.new(key).generate)
|
||||
end
|
||||
|
||||
def fork_project(project, user, object = nil)
|
||||
|
|
|
|||
Loading…
Reference in New Issue