kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/lib/gitlab
History
Douwe Maan 029c0d79af Merge branch 'lfs-ssh-authorization-fix' into 'master' 
Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called

## What does this MR do?

 Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called, instead return the saved token if one is present.

This was causing a lot of 401s, leading to 403s, as state in #22527

As it turns out, when pushing a lot of LFS objects, the LFS client was calling `git-lfs-authenticate` in the middle of the request again. This caused the `lfs_token` to be regenerated. The problem lies in that the LFS client was not aware of this change, and was still using the old token. This caused all subsequent requests to fail with a 401 error.

Since HTTP Auth is protected by Rack Attack, this 401s where immediately flagged and resulted in the IP of the user being banned. 

With this change, GitLab returns the value stored in Redis, if one is present, thus if the LFS client calls `git-lfs-authenticate` again during the request, the auth header will remain unchanged, allowing all subsequent requests to continue without issues.

## What are the relevant issue numbers?

Fixes #22527

cc @SeanPackham @jacobvosmaer-gitlab

See merge request !6551
2016-09-28 18:13:34 +00:00
..
auth Move logic to check ci? or lfs_deploy_token? to Gitlab::Auth::Result 2016-09-20 11:03:10 +02:00
backend Strip comments before sending keys to gitlab-shell 2016-09-16 11:49:11 +02:00
badge Fix tests 2016-08-26 15:40:12 +08:00
bitbucket_import Rename gl_user_id to gitlab_user_id in importer classes 2016-09-08 11:57:22 +10:00
checks Avoid protected branches checks when verifying access without branch name 2016-09-13 11:50:13 +02:00
ci Fix scope of the CI config key nodes in jobs entry 2016-09-19 10:07:15 +02:00
conflict Fix merge conflict size limit 2016-09-07 16:00:26 +01:00
data_builder Simplify the name for data builder, feedback: 2016-08-12 16:09:29 +08:00
database Implement fourth round of comments from @DouweM. 2016-09-21 09:57:14 +05:30
diff Merge branch 'master' into dz-merge-request-version 2016-08-22 11:34:41 +03:00
downtime_check Better formatting for downtime check messages 2016-08-17 12:15:20 +02:00
email Disable “issue by email” feature until it uses a different token 2016-08-19 19:49:12 -05:00
fogbugz_import
gfm
git Clean environment variables when running git hooks 2016-09-15 08:51:55 +03:00
github_import Call after_remove_branch only once after importing all GitHub PRs 2016-09-27 20:45:07 +02:00
gitlab_import Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq 2016-09-08 17:43:19 +03:00
google_code_import
graphs
import_export fix model order in import/export config and 1to1 relation issue. Added relevant specs. 2016-09-27 14:56:33 +02:00
ldap Log LDAP lookup errors and don't swallow unrelated exceptions 2016-09-28 07:44:58 +02:00
markdown
metrics Adds response mime type to transaction metric action when it's not HTML 2016-08-25 16:33:41 +02:00
middleware Fix typo in gitlab-workhorse header 2016-08-19 12:25:52 +02:00
o_auth Merge branch 'master' into dev-master 2016-07-02 22:58:21 +02:00
request_profiler Rails prefers require_dependency so that it won't require twice: 2016-08-09 06:48:23 +00:00
saml Enable Style/EmptyLines cop, remove redundant ones 2016-07-01 21:56:17 +02:00
sanitizers
sherlock
sidekiq_middleware Add support for using RequestStore within Sidekiq tasks via SIDEKIQ_REQUEST_STORE env variable 2016-07-25 17:59:09 -07:00
slash_commands Fix behavior around commands with optional arguments 2016-08-18 14:29:49 -05:00
sql
template Load issues and merge requests templates from repository 2016-08-16 15:50:17 -03:00
access.rb Optimize maximum user access level lookup in loading of notes 2016-07-26 15:33:05 -07:00
app_logger.rb
asciidoc.rb Enable Style/EmptyLines cop, remove redundant ones 2016-07-01 21:56:17 +02:00
auth.rb Handle LFS token creation and retrieval in the same method, and in the same Redis connection. 2016-09-28 12:13:48 -05:00
award_emoji.rb Upgrade Gemojione from 2.6.1 to 3.0.1. 2016-07-18 10:40:16 -06:00
bitbucket_import.rb
blame.rb add custom highlighting via .gitattributes 2016-06-27 14:17:49 -07:00
changes_list.rb api for generating new merge request 2016-08-11 23:37:00 +07:00
closing_issue_extractor.rb Don’t close issues on original project from a fork 2016-08-04 12:38:08 +02:00
color_schemes.rb
config_helper.rb
contributions_calendar.rb Replace contributions calendar timezone payload with dates 2016-09-16 14:38:59 -05:00
contributor.rb
current_settings.rb Remove use of USE_DB environment variable in code 2016-09-23 10:50:46 +02:00
database.rb Fix methods visibility in gitlab database module 2016-07-19 15:12:14 +02:00
devise_failure.rb
downtime_check.rb Added checks for migration downtime 2016-07-20 12:41:56 +02:00
emoji.rb Add emoji.rb in lib/gitlab instead of using the gitlab_emoji gem. 2016-06-29 14:53:09 -06:00
exclusive_lease.rb
git.rb Add spec covering 'committer_hash' 2016-09-20 10:15:43 -07:00
git_access.rb Rename capabilities to authentication_abilities 2016-09-16 11:12:21 +02:00
git_access_status.rb Ensure to_json methods take optional argument 2016-07-20 11:14:06 +01:00
git_access_wiki.rb Revert "Revert "Merge branch '18193-developers-can-merge' into 'master' "" 2016-07-18 10:16:56 +02:00
git_logger.rb
git_post_receive.rb Log base64-decoded PostReceive arguments 2016-08-05 15:00:12 +02:00
git_ref_validator.rb
gl_id.rb Revert "squashed merge and fixed conflicts" 2016-06-16 12:59:07 +02:00
gon_helper.rb Stop putting private tokens in Gon 2016-09-19 12:27:37 +01:00
highlight.rb use the proper variable names o_O 2016-07-14 12:21:22 -07:00
identifier.rb
import_export.rb Fixed label color issue and added Import/Export versioning table 2016-09-19 09:18:37 +02:00
import_formatter.rb
import_sources.rb Remove gitorious 2016-08-25 10:10:10 +01:00
incoming_email.rb
issues_labels.rb
key_fingerprint.rb Enable Style/UnneededCapitalW Rubocop cop 2016-06-30 13:31:52 +02:00
lazy.rb
lfs_token.rb Handle LFS token creation and retrieval in the same method, and in the same Redis connection. 2016-09-28 12:13:48 -05:00
logger.rb
mail_room.rb Small refactor and a few documentation fixes 2016-08-04 19:02:39 +02:00
markup_helper.rb
metrics.rb Tracking of custom events 2016-08-17 10:04:04 +02:00
other_markup.rb Enable Style/EmptyLines cop, remove redundant ones 2016-07-01 21:56:17 +02:00
popen.rb Fix Gitlab::Popen.popen thread-safety issue 2016-09-13 21:39:46 +02:00
production_logger.rb
project_search_results.rb Clean up search result classes 2016-09-06 10:12:55 +03:00
protocol_access.rb Default Git access protocol to web 2016-07-05 16:54:22 -05:00
recaptcha.rb
redis.rb Make Gitlab::Redis.params safe for mutation 2016-09-22 15:58:40 +02:00
reference_extractor.rb
regex.rb Remove trailing spaces from messages in Gitlab::Regex 2016-09-20 07:20:48 +03:00
repository_check_logger.rb
request_profiler.rb Profile requests when a header is passed 2016-07-26 20:06:09 +02:00
routing.rb
search_results.rb Clean up search result classes 2016-09-06 10:12:55 +03:00
seeder.rb
sentry.rb Fix Sentry not reporting right program for Sidekiq workers 2016-08-25 19:42:52 -07:00
sherlock.rb
sidekiq_logger.rb
snippet_search_results.rb Clean up search result classes 2016-09-06 10:12:55 +03:00
themes.rb Refactor gitlab themes module to make it singleton 2016-07-19 15:12:14 +02:00
timeless.rb Add Timeless helper module to prevent updated_at from being updated 2016-07-06 18:50:58 -04:00
upgrader.rb
uploads_transfer.rb
url_builder.rb url_builder: handle project snippets 2016-08-24 10:32:12 -04:00
url_sanitizer.rb spec and fix for sanitize method 2016-07-11 09:01:09 +02:00
user_access.rb Improve EE compatibility with protected branch access levels. 2016-08-16 12:08:10 +05:30
utils.rb Use travel_to instead of dependency injection, feedback: 2016-08-19 16:57:25 +08:00
version_info.rb
visibility_level.rb
workhorse.rb Use base SHA for patches and diffs 2016-09-22 18:49:31 +01:00