added import url exposer to construct URL withunencrypted credentials

2016-03-04 16:23:19 +01:00 · 2016-03-04 16:23:19 +01:00 · c2b33d3b71
parent 06b36c00d5
commit c2b33d3b71
5 changed files with 24 additions and 5 deletions
--- a/app/models/project_import_data.rb
+++ b/app/models/project_import_data.rb
@ -13,6 +13,7 @@ require 'file_size_validator'
 class ProjectImportData < ActiveRecord::Base
  belongs_to :project
  attr_encrypted :credentials, key: Gitlab::Application.secrets.db_key_base
+  serialize :credentials, JSON

  serialize :data, JSON

--- a/lib/gitlab/github_import/importer.rb
+++ b/lib/gitlab/github_import/importer.rb
@ -7,8 +7,7 @@ module Gitlab

      def initialize(project)
        @project = project
-        import_data = project.import_data.try(:data)
-        github_session = import_data["github_session"] if import_data
+        github_session = project.import_data.credentials if import_data
        @client = Client.new(github_session["github_access_token"])
        @formatter = Gitlab::ImportFormatter.new
      end
--- a/lib/gitlab/github_import/project_creator.rb
+++ b/lib/gitlab/github_import/project_creator.rb
@ -32,8 +32,8 @@ module Gitlab

      def create_import_data(project)
        project.create_import_data(
-          credentials: session_data.delete(:github_access_token),
-          data: { "github_session" => session_data })
+          credentials: { github_access_token: session_data.delete(:github_access_token) },
+          data: { github_session: session_data })
      end
    end
  end
--- a/lib/gitlab/github_import/wiki_formatter.rb
+++ b/lib/gitlab/github_import/wiki_formatter.rb
@ -12,7 +12,9 @@ module Gitlab
      end

      def import_url
-        project.import_url.sub(/\.git\z/, ".wiki.git")
+        import_url = Gitlab::ImportUrlExposer.expose(import_url: project.import_url,
+                                                     credentials: project.import_data.credentials)
+        import_url.sub(/\.git\z/, ".wiki.git")
      end
    end
  end
--- a/lib/gitlab/import_url_exposer.rb
+++ b/lib/gitlab/import_url_exposer.rb
@ -0,0 +1,17 @@
+module Gitlab
+  # Exposes an import URL that includes the credentials unencrypted.
+  # Extracted to its own class to prevent unintended use.
+  module ImportUrlExposer
+    extend self
+
+    def expose(import_url:, credentials: )
+      import_url.sub("//", "//#{parsed_credentials(credentials)}@")
+    end
+
+    private
+
+    def parsed_credentials(credentials)
+      credentials.values.join(":")
+    end
+  end
+end