diff options
| author | Valery Sizov <vsv2711@gmail.com> | 2015-08-11 09:59:40 +0300 |
|---|---|---|
| committer | Valery Sizov <vsv2711@gmail.com> | 2015-08-26 15:48:31 +0300 |
| commit | bafffb2d14e1924154d5b7c74c7b3cbcf8c898fd (patch) | |
| tree | 9e404f30a04e41e2e70456f2959a1780717981ae | |
| parent | add099b024cc4155a5be494fdb9ae339fd073a14 (diff) | |
| download | gitlab-ce-enable_ssl_verification_web_hook.tar.gz | |
Enable SSL verification for Webhooksenable_ssl_verification_web_hook
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/controllers/admin/hooks_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/projects/hooks_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/projects/services_controller.rb | 2 | ||||
| -rw-r--r-- | app/models/hooks/web_hook.rb | 5 | ||||
| -rw-r--r-- | app/models/project_services/buildkite_service.rb | 9 | ||||
| -rw-r--r-- | app/models/project_services/gitlab_ci_service.rb | 6 | ||||
| -rw-r--r-- | app/views/admin/hooks/index.html.haml | 8 | ||||
| -rw-r--r-- | app/views/projects/hooks/index.html.haml | 8 | ||||
| -rw-r--r-- | db/migrate/20150824002011_add_enable_ssl_verification.rb | 5 | ||||
| -rw-r--r-- | db/schema.rb | 15 | ||||
| -rw-r--r-- | features/admin/hooks.feature | 9 | ||||
| -rw-r--r-- | features/project/hooks.feature | 5 | ||||
| -rw-r--r-- | features/steps/admin/hooks.rb | 15 | ||||
| -rw-r--r-- | features/steps/project/hooks.rb | 13 |
15 files changed, 90 insertions, 16 deletions
diff --git a/CHANGELOG b/CHANGELOG index 7ec1dabcf95..2c1b1a53fe9 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -12,6 +12,7 @@ v 8.0.0 (unreleased) - Search for comments should be case insensetive - Create cross-reference for closing references on commits pushed to non-default branches (Maƫl Valais) - Ability to search milestones + - Ability to enable SSL verification for Webhooks v 7.14.0 - Fix bug where non-project members of the target project could set labels on new merge requests. diff --git a/app/controllers/admin/hooks_controller.rb b/app/controllers/admin/hooks_controller.rb index 690096bdbcf..d670386f8c6 100644 --- a/app/controllers/admin/hooks_controller.rb +++ b/app/controllers/admin/hooks_controller.rb @@ -39,6 +39,6 @@ class Admin::HooksController < Admin::ApplicationController end def hook_params - params.require(:hook).permit(:url) + params.require(:hook).permit(:url, :enable_ssl_verification) end end diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb index 76062446c92..4e5b4125f5a 100644 --- a/app/controllers/projects/hooks_controller.rb +++ b/app/controllers/projects/hooks_controller.rb @@ -53,6 +53,7 @@ class Projects::HooksController < Projects::ApplicationController end def hook_params - params.require(:hook).permit(:url, :push_events, :issues_events, :merge_requests_events, :tag_push_events, :note_events) + params.require(:hook).permit(:url, :push_events, :issues_events, + :merge_requests_events, :tag_push_events, :note_events, :enable_ssl_verification) end end diff --git a/app/controllers/projects/services_controller.rb b/app/controllers/projects/services_controller.rb index 01105532479..b0cf5866d41 100644 --- a/app/controllers/projects/services_controller.rb +++ b/app/controllers/projects/services_controller.rb @@ -8,7 +8,7 @@ class Projects::ServicesController < Projects::ApplicationController :push_events, :issues_events, :merge_requests_events, :tag_push_events, :note_events, :send_from_committer_email, :disable_diffs, :external_wiki_url, :notify, :color, - :server_host, :server_port, :default_irc_uri] + :server_host, :server_port, :default_irc_uri, :enable_ssl_verification] # Authorize before_action :authorize_admin_project! before_action :service, only: [:edit, :update, :test] diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb index 46fb85336e5..9a8251bdad5 100644 --- a/app/models/hooks/web_hook.rb +++ b/app/models/hooks/web_hook.rb @@ -25,6 +25,7 @@ class WebHook < ActiveRecord::Base default_value_for :note_events, false default_value_for :merge_requests_events, false default_value_for :tag_push_events, false + default_value_for :enable_ssl_verification, false # HTTParty timeout default_timeout Gitlab.config.gitlab.webhook_timeout @@ -41,7 +42,7 @@ class WebHook < ActiveRecord::Base "Content-Type" => "application/json", "X-Gitlab-Event" => hook_name.singularize.titleize }, - verify: false) + verify: enable_ssl_verification) else post_url = url.gsub("#{parsed_url.userinfo}@", "") auth = { @@ -54,7 +55,7 @@ class WebHook < ActiveRecord::Base "Content-Type" => "application/json", "X-Gitlab-Event" => hook_name.singularize.titleize }, - verify: false, + verify: enable_ssl_verification, basic_auth: auth) end rescue SocketError, Errno::ECONNRESET, Errno::ECONNREFUSED, Net::OpenTimeout => e diff --git a/app/models/project_services/buildkite_service.rb b/app/models/project_services/buildkite_service.rb index a714bc82246..9e5da6f45d2 100644 --- a/app/models/project_services/buildkite_service.rb +++ b/app/models/project_services/buildkite_service.rb @@ -23,7 +23,7 @@ require "addressable/uri" class BuildkiteService < CiService ENDPOINT = "https://buildkite.com" - prop_accessor :project_url, :token + prop_accessor :project_url, :token, :enable_ssl_verification validates :project_url, presence: true, if: :activated? validates :token, presence: true, if: :activated? @@ -37,6 +37,7 @@ class BuildkiteService < CiService def compose_service_hook hook = service_hook || build_service_hook hook.url = webhook_url + hook.enable_ssl_verification = enable_ssl_verification hook.save end @@ -96,7 +97,11 @@ class BuildkiteService < CiService { type: 'text', name: 'project_url', - placeholder: "#{ENDPOINT}/example/project" } + placeholder: "#{ENDPOINT}/example/project" }, + + { type: 'checkbox', + name: 'enable_ssl_verification', + title: "Enable SSL verification" } ] end diff --git a/app/models/project_services/gitlab_ci_service.rb b/app/models/project_services/gitlab_ci_service.rb index ecdcd48ae60..acbbc9935b6 100644 --- a/app/models/project_services/gitlab_ci_service.rb +++ b/app/models/project_services/gitlab_ci_service.rb @@ -21,7 +21,7 @@ class GitlabCiService < CiService API_PREFIX = "api/v1" - prop_accessor :project_url, :token + prop_accessor :project_url, :token, :enable_ssl_verification validates :project_url, presence: true, format: { with: /\A#{URI.regexp(%w(http https))}\z/, message: "should be a valid url" }, if: :activated? @@ -34,6 +34,7 @@ class GitlabCiService < CiService def compose_service_hook hook = service_hook || build_service_hook hook.url = [project_url, "/build", "?token=#{token}"].join("") + hook.enable_ssl_verification = enable_ssl_verification hook.save end @@ -136,7 +137,8 @@ class GitlabCiService < CiService def fields [ { type: 'text', name: 'token', placeholder: 'GitLab CI project specific token' }, - { type: 'text', name: 'project_url', placeholder: 'http://ci.gitlabhq.com/projects/3' } + { type: 'text', name: 'project_url', placeholder: 'http://ci.gitlabhq.com/projects/3' }, + { type: 'checkbox', name: 'enable_ssl_verification', title: "Enable SSL verification" } ] end diff --git a/app/views/admin/hooks/index.html.haml b/app/views/admin/hooks/index.html.haml index e74e1e85f41..b120f4dea67 100644 --- a/app/views/admin/hooks/index.html.haml +++ b/app/views/admin/hooks/index.html.haml @@ -18,6 +18,13 @@ = f.label :url, "URL:", class: 'control-label' .col-sm-10 = f.text_field :url, class: "form-control" + .form-group + = f.label :enable_ssl_verification, "SSL verification", class: 'control-label checkbox' + .col-sm-10 + .checkbox + = f.label :enable_ssl_verification do + = f.check_box :enable_ssl_verification + %strong Enable SSL verification .form-actions = f.submit "Add System Hook", class: "btn btn-create" %hr @@ -32,6 +39,7 @@ .list-item-name = link_to admin_hook_path(hook) do %strong= hook.url + %p SSL Verification: #{hook.enable_ssl_verification ? "enabled" : "disabled"} .pull-right = link_to 'Test Hook', admin_hook_test_path(hook), class: "btn btn-sm" diff --git a/app/views/projects/hooks/index.html.haml b/app/views/projects/hooks/index.html.haml index eadbf61fdd4..85dbfd67862 100644 --- a/app/views/projects/hooks/index.html.haml +++ b/app/views/projects/hooks/index.html.haml @@ -55,6 +55,13 @@ %strong Merge Request events %p.light This url will be triggered when a merge request is created + .form-group + = f.label :enable_ssl_verification, "SSL verification", class: 'control-label checkbox' + .col-sm-10 + .checkbox + = f.label :enable_ssl_verification do + = f.check_box :enable_ssl_verification + %strong Enable SSL verification .form-actions = f.submit "Add Web Hook", class: "btn btn-create" @@ -74,3 +81,4 @@ - %w(push_events tag_push_events issues_events note_events merge_requests_events).each do |trigger| - if hook.send(trigger) %span.label.label-gray= trigger.titleize + SSL Verification: #{hook.enable_ssl_verification ? "enabled" : "disabled"} diff --git a/db/migrate/20150824002011_add_enable_ssl_verification.rb b/db/migrate/20150824002011_add_enable_ssl_verification.rb new file mode 100644 index 00000000000..093c068fbde --- /dev/null +++ b/db/migrate/20150824002011_add_enable_ssl_verification.rb @@ -0,0 +1,5 @@ +class AddEnableSslVerification < ActiveRecord::Migration + def change + add_column :web_hooks, :enable_ssl_verification, :boolean, default: false + end +end diff --git a/db/schema.rb b/db/schema.rb index 108c48bf321..7ee1c6e2146 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20150818213832) do +ActiveRecord::Schema.define(version: 20150824002011) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -566,13 +566,14 @@ ActiveRecord::Schema.define(version: 20150818213832) do t.integer "project_id" t.datetime "created_at" t.datetime "updated_at" - t.string "type", default: "ProjectHook" + t.string "type", default: "ProjectHook" t.integer "service_id" - t.boolean "push_events", default: true, null: false - t.boolean "issues_events", default: false, null: false - t.boolean "merge_requests_events", default: false, null: false - t.boolean "tag_push_events", default: false - t.boolean "note_events", default: false, null: false + t.boolean "push_events", default: true, null: false + t.boolean "issues_events", default: false, null: false + t.boolean "merge_requests_events", default: false, null: false + t.boolean "tag_push_events", default: false + t.boolean "note_events", default: false, null: false + t.boolean "enable_ssl_verification", default: false end add_index "web_hooks", ["created_at", "id"], name: "index_web_hooks_on_created_at_and_id", using: :btree diff --git a/features/admin/hooks.feature b/features/admin/hooks.feature new file mode 100644 index 00000000000..5ca332d9f1c --- /dev/null +++ b/features/admin/hooks.feature @@ -0,0 +1,9 @@ +@admin +Feature: Admin Hooks + Background: + Given I sign in as an admin + + Scenario: On Admin Hooks + Given I visit admin hooks page + Then I submit the form with enabled SSL verification + And I see new hook with enabled SSL verification
\ No newline at end of file diff --git a/features/project/hooks.feature b/features/project/hooks.feature index 1a60846a23e..627738004c4 100644 --- a/features/project/hooks.feature +++ b/features/project/hooks.feature @@ -13,6 +13,11 @@ Feature: Project Hooks When I submit new hook Then I should see newly created hook + Scenario: I add new hook with SSL verification enabled + Given I visit project hooks page + When I submit new hook with SSL verification enabled + Then I should see newly created hook with SSL verification enabled + Scenario: I test hook Given project has hook And I visit project hooks page diff --git a/features/steps/admin/hooks.rb b/features/steps/admin/hooks.rb new file mode 100644 index 00000000000..541e25fcb70 --- /dev/null +++ b/features/steps/admin/hooks.rb @@ -0,0 +1,15 @@ +class Spinach::Features::AdminHooks < Spinach::FeatureSteps + include SharedAuthentication + include SharedPaths + include SharedAdmin + + step "I submit the form with enabled SSL verification" do + fill_in 'hook_url', with: 'http://google.com' + check "Enable SSL verification" + click_on "Add System Hook" + end + + step "I see new hook with enabled SSL verification" do + expect(page).to have_content "SSL Verification: enabled" + end +end diff --git a/features/steps/project/hooks.rb b/features/steps/project/hooks.rb index 04e3bf78ede..df4a23a3716 100644 --- a/features/steps/project/hooks.rb +++ b/features/steps/project/hooks.rb @@ -28,11 +28,24 @@ class Spinach::Features::ProjectHooks < Spinach::FeatureSteps expect { click_button "Add Web Hook" }.to change(ProjectHook, :count).by(1) end + step 'I submit new hook with SSL verification enabled' do + @url = FFaker::Internet.uri("http") + fill_in "hook_url", with: @url + check "hook_enable_ssl_verification" + expect { click_button "Add Web Hook" }.to change(ProjectHook, :count).by(1) + end + step 'I should see newly created hook' do expect(current_path).to eq namespace_project_hooks_path(current_project.namespace, current_project) expect(page).to have_content(@url) end + step 'I should see newly created hook with SSL verification enabled' do + expect(current_path).to eq namespace_project_hooks_path(current_project.namespace, current_project) + expect(page).to have_content(@url) + expect(page).to have_content("SSL Verification: enabled") + end + step 'I click test hook button' do stub_request(:post, @hook.url).to_return(status: 200) click_link 'Test Hook' |