diff options
author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-26 12:18:21 +0200 |
---|---|---|
committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-27 14:39:10 +0200 |
commit | 57504321a15eaeb7674463de86ebfcc6d654a0e3 (patch) | |
tree | 8a818bb3f685449df528aa324c31fbae4a6d5783 | |
parent | ab496d82ecd1cc675d10fc30a3af279ad4ab1edf (diff) | |
download | gitlab-ce-be-nice-to-docker-client.tar.gz |
Be nice to Docker Clients talking to JWT/authbe-nice-to-docker-client
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/controllers/jwt_controller.rb | 21 | ||||
-rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 11 | ||||
-rw-r--r-- | spec/requests/jwt_controller_spec.rb | 4 |
4 files changed, 28 insertions, 9 deletions
diff --git a/CHANGELOG b/CHANGELOG index 5b08e8cd754..034104ef4ba 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -8,6 +8,7 @@ v 8.13.0 (unreleased) v 8.12.2 (unreleased) - Fix Import/Export not recognising correctly the imported services. - Fix snippets pagination + - Make JWT messages Docker-compatible v 8.12.1 - Fix a memory leak in HTML::Pipeline::SanitizationFilter::WHITELIST diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index 34d5d99558e..7e4da73bc11 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -25,7 +25,7 @@ class JwtController < ApplicationController authenticate_with_http_basic do |login, password| @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip) - render_403 unless @authentication_result.success? && + render_unauthorized unless @authentication_result.success? && (@authentication_result.actor.nil? || @authentication_result.actor.is_a?(User)) end rescue Gitlab::Auth::MissingPersonalTokenError @@ -33,10 +33,21 @@ class JwtController < ApplicationController end def render_missing_personal_token - render plain: "HTTP Basic: Access denied\n" \ - "You have 2FA enabled, please use a personal access token for Git over HTTP.\n" \ - "You can generate one at #{profile_personal_access_tokens_url}", - status: 401 + render json: { + errors: [ + { code: 'UNAUTHORIZED', + message: "HTTP Basic: Access denied\n" \ + "You have 2FA enabled, please use a personal access token for Git over HTTP.\n" \ + "You can generate one at #{profile_personal_access_tokens_url}" } + ] }, status: 401 + end + + def render_unauthorized + render json: { + errors: [ + { code: 'UNAUTHORIZED', + message: 'HTTP Basic: Access denied' } + ] }, status: 401 end def auth_params diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 38ac6631228..8ea88da8a53 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -7,10 +7,10 @@ module Auth def execute(authentication_abilities:) @authentication_abilities = authentication_abilities - return error('not found', 404) unless registry.enabled + return error('UNAVAILABLE', status: 404, message: 'registry not enabled') unless registry.enabled unless current_user || project - return error('forbidden', 403) unless scope + return error('DENIED', status: 403, message: 'access forbidden') unless scope end { token: authorized_token(scope).encoded } @@ -111,5 +111,12 @@ module Auth @authentication_abilities.include?(:create_container_image) && can?(current_user, :create_container_image, requested_project) end + + def error(code, status:, message: '') + { + errors: [{ code: code, message: message }], + http_status: status + } + end end end diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb index 6b956e63004..f0ef155bd7b 100644 --- a/spec/requests/jwt_controller_spec.rb +++ b/spec/requests/jwt_controller_spec.rb @@ -39,7 +39,7 @@ describe JwtController do subject! { get '/jwt/auth', parameters, headers } - it { expect(response).to have_http_status(403) } + it { expect(response).to have_http_status(401) } end end @@ -77,7 +77,7 @@ describe JwtController do subject! { get '/jwt/auth', parameters, headers } - it { expect(response).to have_http_status(403) } + it { expect(response).to have_http_status(401) } end end |