kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec
History
Douwe Maan 029c0d79af Merge branch 'lfs-ssh-authorization-fix' into 'master' 
Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called

## What does this MR do?

 Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called, instead return the saved token if one is present.

This was causing a lot of 401s, leading to 403s, as state in #22527

As it turns out, when pushing a lot of LFS objects, the LFS client was calling `git-lfs-authenticate` in the middle of the request again. This caused the `lfs_token` to be regenerated. The problem lies in that the LFS client was not aware of this change, and was still using the old token. This caused all subsequent requests to fail with a 401 error.

Since HTTP Auth is protected by Rack Attack, this 401s where immediately flagged and resulted in the IP of the user being banned. 

With this change, GitLab returns the value stored in Redis, if one is present, thus if the LFS client calls `git-lfs-authenticate` again during the request, the auth header will remain unchanged, allowing all subsequent requests to continue without issues.

## What are the relevant issue numbers?

Fixes #22527

cc @SeanPackham @jacobvosmaer-gitlab

See merge request !6551
 		2016-09-28 18:13:34 +00:00
..
config Small refactor and a few documentation fixes 2016-08-04 19:02:39 +02:00
controllers Merge branch 'rc-new-members-approve-request-access-service' into 'master' 2016-09-27 12:10:12 +00:00
factories Improve project_with_board factory to create the default lists 2016-09-26 14:42:38 -03:00
features Merge branch '22592-can-set-due-date-through-slash-commands-even-though-i-m-not-authorized-to' into 'master' 2016-09-28 17:10:57 +00:00
finders fix issues mr counter 2016-09-20 14:39:15 +01:00
fixtures Returns the total number of issues in the JSON response 2016-08-31 09:30:37 +01:00
helpers Merge branch 'gitlab-ce-milestone-tab-badges' into 'master' 2016-09-24 10:49:45 +00:00
initializers
javascripts Send ajax request for label update only if they are changed (#19472 !5071) 2016-09-27 10:23:15 -05:00
lib Merge branch 'lfs-ssh-authorization-fix' into 'master' 2016-09-28 18:13:34 +00:00
mailers Wrap List-Unsubscribe link in angle brackets 2016-09-26 16:01:17 +01:00
models Improve how MergeCommit#merge_commit_message builds the message 2016-09-27 14:04:41 +02:00
policies Test if issue authors can access private projects 2016-09-20 14:57:23 -03:00
requests Merge branch 'lfs-ssh-authorization-fix' into 'master' 2016-09-28 18:13:34 +00:00
routing Fix markdown help references 2016-08-26 09:38:21 -05:00
services Fix permission for setting an issue's due date 2016-09-28 17:41:32 +02:00
support Fix permission for setting an issue's due date 2016-09-28 17:41:32 +02:00
tasks/gitlab Use `File::exist?` instead of `File::exists?` 2016-08-11 13:54:45 +03:00
uploaders
views Scope environments to project 2016-09-21 13:19:34 +02:00
workers Added cron to prune events older than 12 months. 2016-09-07 19:41:25 +02:00
factories_spec.rb adds second batch of tests changed to active tense 2016-08-09 15:11:39 +01:00
rails_helper.rb
simplecov_env.rb Bump SimpleCov merge timeout to 365 days 2016-08-22 13:44:14 +02:00
spec_helper.rb Merge remote-tracking branch 'upstream/master' into artifacts-from-ref-and-build-name 2016-08-24 20:56:30 +08:00
teaspoon_env.rb Add test coverage analysis for CoffeeScript (!5052) 2016-08-07 21:52:37 +02:00