From a4944fb7155fc8aa4d1541d9f1e4e80c00f49292 Mon Sep 17 00:00:00 2001
From: Patricio Cano <suprnova32@gmail.com>
Date: Tue, 27 Sep 2016 13:23:51 -0500
Subject: [PATCH] Do not regenerate the `lfs_token` every time
 `git-lfs-authenticate` is called, instead return the saved token if one is
 present.

---
 lib/gitlab/lfs_token.rb        |  2 ++
 spec/requests/lfs_http_spec.rb | 27 +++++++++++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/lib/gitlab/lfs_token.rb b/lib/gitlab/lfs_token.rb
index d089a2f9b0b..f31444b2b07 100644
--- a/lib/gitlab/lfs_token.rb
+++ b/lib/gitlab/lfs_token.rb
@@ -18,6 +18,8 @@ module Gitlab
     end
 
     def generate
+      return value if value
+
       token = Devise.friendly_token(TOKEN_LENGTH)
 
       Gitlab::Redis.with do |redis|
diff --git a/spec/requests/lfs_http_spec.rb b/spec/requests/lfs_http_spec.rb
index 09e4e265dd1..a84be1b7c9e 100644
--- a/spec/requests/lfs_http_spec.rb
+++ b/spec/requests/lfs_http_spec.rb
@@ -257,6 +257,29 @@ describe 'Git LFS API and storage' do
           it_behaves_like 'responds with a file'
         end
 
+        describe 'when using a user key' do
+          let(:authorization) { authorize_user_key }
+
+          context 'when user allowed' do
+            let(:update_permissions) do
+              project.team << [user, :master]
+              project.lfs_objects << lfs_object
+            end
+
+            it_behaves_like 'responds with a file'
+          end
+
+          context 'when user not allowed' do
+            let(:update_permissions) do
+              project.lfs_objects << lfs_object
+            end
+
+            it 'responds with status 404' do
+              expect(response).to have_http_status(404)
+            end
+          end
+        end
+
         context 'when build is authorized as' do
           let(:authorization) { authorize_ci_project }
 
@@ -1113,6 +1136,10 @@ describe 'Git LFS API and storage' do
     ActionController::HttpAuthentication::Basic.encode_credentials("lfs+deploy-key-#{key.id}", Gitlab::LfsToken.new(key).generate)
   end
 
+  def authorize_user_key
+    ActionController::HttpAuthentication::Basic.encode_credentials(user.username, Gitlab::LfsToken.new(user).generate)
+  end
+
   def fork_project(project, user, object = nil)
     allow(RepositoryForkWorker).to receive(:perform_async).and_return(true)
     Projects::ForkService.new(project, user, {}).execute