diff options
author | Stan Hu <stanhu@gmail.com> | 2016-01-11 03:42:00 +0000 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2016-01-11 03:42:00 +0000 |
commit | af9bbadc4c14db580167ab2c2165ec666d16b48e (patch) | |
tree | cdf0772c59d4cebdf19433b62dcb92aac9d8e78f | |
parent | 70cba8e9a833b6a5ae4d916ce50c394868de8116 (diff) | |
parent | b7aa13a0cfdcd2ebd5f0dab2bc5cad222f9f379b (diff) | |
download | gitlab-ce-af9bbadc4c14db580167ab2c2165ec666d16b48e.tar.gz |
Merge branch 'check-for-present-runner-token' into 'master'
Fix Error 500 when visiting build page of project with nil runners_token
Properly ensure that the token exists and add defensively check for a
non-nil value.
Closes #4294
See merge request !2294
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | app/models/ci/build.rb | 2 | ||||
-rw-r--r-- | app/models/project.rb | 11 | ||||
-rw-r--r-- | spec/models/ci/build_spec.rb | 22 |
4 files changed, 31 insertions, 5 deletions
diff --git a/CHANGELOG b/CHANGELOG index f7c278823ee..04bcbf9dad2 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -39,6 +39,7 @@ v 8.3.3 (unreleased) - Fix project transfer e-mail sending incorrect paths in e-mail notification (Stan Hu) - Enable "Add key" button when user fills in a proper key (Stan Hu) - Fix error in processing reply-by-email messages (Jason Lee) + - Fix Error 500 when visiting build page of project with nil runners_token (Stan Hu) v 8.3.2 - Change single user API endpoint to return more detailed data (Michael Potthoff) diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb index 30f79fd3bfa..a4779d06de8 100644 --- a/app/models/ci/build.rb +++ b/app/models/ci/build.rb @@ -206,7 +206,7 @@ module Ci def trace trace = raw_trace - if project && trace.present? + if project && trace.present? && project.runners_token.present? trace.gsub(project.runners_token, 'xxxxxx') else trace diff --git a/app/models/project.rb b/app/models/project.rb index 7626c698816..31990485f7d 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -50,6 +50,7 @@ class Project < ActiveRecord::Base include Sortable include AfterCommitQueue include CaseSensitivity + include TokenAuthenticatable extend Gitlab::ConfigHelper @@ -193,10 +194,8 @@ class Project < ActiveRecord::Base if: ->(project) { project.avatar.present? && project.avatar_changed? } validates :avatar, file_size: { maximum: 200.kilobytes.to_i } - before_validation :set_runners_token_token - def set_runners_token_token - self.runners_token = SecureRandom.hex(15) if self.runners_token.blank? - end + add_authentication_token_field :runners_token + before_save :ensure_runners_token mount_uploader :avatar, AvatarUploader @@ -900,4 +899,8 @@ class Project < ActiveRecord::Base return true unless forked? Gitlab::VisibilityLevel.allowed_fork_levels(forked_from_project.visibility_level).include?(level.to_i) end + + def runners_token + ensure_runners_token! + end end diff --git a/spec/models/ci/build_spec.rb b/spec/models/ci/build_spec.rb new file mode 100644 index 00000000000..36d10636ae9 --- /dev/null +++ b/spec/models/ci/build_spec.rb @@ -0,0 +1,22 @@ +require 'spec_helper' + +describe Ci::Build, models: true do + let(:build) { create(:ci_build) } + let(:test_trace) { 'This is a test' } + + describe '#trace' do + it 'obfuscates project runners token' do + allow(build).to receive(:raw_trace).and_return("Test: #{build.project.runners_token}") + + expect(build.trace).to eq("Test: xxxxxx") + end + + it 'empty project runners token' do + allow(build).to receive(:raw_trace).and_return(test_trace) + # runners_token can't normally be set to nil + allow(build.project).to receive(:runners_token).and_return(nil) + + expect(build.trace).to eq(test_trace) + end + end +end |