gitlab-org--gitlab-foss/app/models/project_services/assembla_service.rb
Douwe Maan 95ced3bb5f Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6'
Server Side Request Forgery in Services and Web Hooks

See merge request gitlab/gitlabhq!2337
2018-03-21 14:39:21 +00:00

34 lines
789 B
Ruby

class AssemblaService < Service
prop_accessor :token, :subdomain
validates :token, presence: true, if: :activated?
def title
'Assembla'
end
def description
'Project Management Software (Source Commits Endpoint)'
end
def self.to_param
'assembla'
end
def fields
[
{ type: 'text', name: 'token', placeholder: '', required: true },
{ type: 'text', name: 'subdomain', placeholder: '' }
]
end
def self.supported_events
%w(push)
end
def execute(data)
return unless supported_events.include?(data[:object_kind])
url = "https://atlas.assembla.com/spaces/#{subdomain}/github_tool?secret_key=#{token}"
Gitlab::HTTP.post(url, body: { payload: data }.to_json, headers: { 'Content-Type' => 'application/json' })
end
end