lfs: do not require auth for public repositories
LFS has the `authenticated` field in the response for downloads of objects to indicate that the object does not need authentication to access it. Spec: https://github.com/git-lfs/git-lfs/blob/master/docs/api/batch.md#successful-responses Fixes #23360.
This commit is contained in:
parent
d391f74384
commit
5c20e50f46
3 changed files with 9 additions and 0 deletions
|
@ -48,6 +48,10 @@ class Projects::LfsApiController < Projects::GitHttpClientController
|
||||||
objects.each do |object|
|
objects.each do |object|
|
||||||
if existing_oids.include?(object[:oid])
|
if existing_oids.include?(object[:oid])
|
||||||
object[:actions] = download_actions(object)
|
object[:actions] = download_actions(object)
|
||||||
|
|
||||||
|
if Guest.can?(:download_code, project)
|
||||||
|
object[:authenticated] = true
|
||||||
|
end
|
||||||
else
|
else
|
||||||
object[:error] = {
|
object[:error] = {
|
||||||
code: 404,
|
code: 404,
|
||||||
|
|
4
changelogs/unreleased/lfs-noauth-public-repo.yml
Normal file
4
changelogs/unreleased/lfs-noauth-public-repo.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
title: Support unauthenticated LFS object downloads for public projects
|
||||||
|
merge_request: 8824
|
||||||
|
author: Ben Boeckel
|
|
@ -600,6 +600,7 @@ describe 'Git LFS API and storage' do
|
||||||
expect(json_response).to eq('objects' => [
|
expect(json_response).to eq('objects' => [
|
||||||
{ 'oid' => sample_oid,
|
{ 'oid' => sample_oid,
|
||||||
'size' => sample_size,
|
'size' => sample_size,
|
||||||
|
'authenticated' => true,
|
||||||
'actions' => {
|
'actions' => {
|
||||||
'download' => {
|
'download' => {
|
||||||
'href' => "#{project.http_url_to_repo}/gitlab-lfs/objects/#{sample_oid}",
|
'href' => "#{project.http_url_to_repo}/gitlab-lfs/objects/#{sample_oid}",
|
||||||
|
|
Loading…
Reference in a new issue