gitlab-org--gitlab-foss/lib
Douwe Maan 029c0d79af Merge branch 'lfs-ssh-authorization-fix' into 'master'
Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called

## What does this MR do?

 Do not regenerate the `lfs_token` every time `git-lfs-authenticate` is called, instead return the saved token if one is present.

This was causing a lot of 401s, leading to 403s, as state in #22527

As it turns out, when pushing a lot of LFS objects, the LFS client was calling `git-lfs-authenticate` in the middle of the request again. This caused the `lfs_token` to be regenerated. The problem lies in that the LFS client was not aware of this change, and was still using the old token. This caused all subsequent requests to fail with a 401 error.

Since HTTP Auth is protected by Rack Attack, this 401s where immediately flagged and resulted in the IP of the user being banned. 

With this change, GitLab returns the value stored in Redis, if one is present, thus if the LFS client calls `git-lfs-authenticate` again during the request, the auth header will remain unchanged, allowing all subsequent requests to continue without issues.

## What are the relevant issue numbers?

Fixes #22527

cc @SeanPackham @jacobvosmaer-gitlab

See merge request !6551
2016-09-28 18:13:34 +00:00
..
api Handle LFS token creation and retrieval in the same method, and in the same Redis connection. 2016-09-28 12:13:48 -05:00
assets
backup lib/backup: fix broken permissions when creating repo dir 2016-08-30 13:35:50 +02:00
banzai AbstractReferenceFilter caches current project_ref on RequestStore when active 2016-09-28 14:37:24 +02:00
ci Improve JwtController implementation 2016-09-20 19:15:13 +02:00
container_registry
gitlab Merge branch 'lfs-ssh-authorization-fix' into 'master' 2016-09-28 18:13:34 +00:00
json_web_token
omni_auth
rouge/formatters
support Revert "Defend against 'Host' header injection" 2016-08-08 13:02:44 +02:00
tasks Improve .haml-lint.yml, simplify the haml_lint task and remove CHANGELOG entry 2016-09-13 18:56:00 +02:00
banzai.rb
disable_email_interceptor.rb
event_filter.rb
expand_variables.rb Update support for dynamic environments 2016-09-19 10:07:13 +02:00
extracts_path.rb Restore get_id in ExtractsPath 2016-08-24 12:54:16 +02:00
file_size_validator.rb
file_streamer.rb
gitlab.rb
gt_one_coercion.rb
repository_cache.rb
static_model.rb
unfold_form.rb
uploaded_file.rb
version_check.rb