diff options
| author | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2019-08-15 16:53:10 +0000 |
|---|---|---|
| committer | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2019-08-15 16:53:10 +0000 |
| commit | 903281454277805813eefd200d4279c6c4426a70 (patch) | |
| tree | f7502242dd4baf4b258a509bec44e13e786c04c7 | |
| parent | 8c8824d44290b920c57ba02c7aaa1a0aa3a8268f (diff) | |
| parent | 7f00bcb92ef72f520b4ffcb443791be0be5a685b (diff) | |
| download | gitlab-ce-903281454277805813eefd200d4279c6c4426a70.tar.gz | |
Merge branch 'dblessing-fix-public-project-ssh-only-ci-failure' into 'master'
Allow CI to clone public projects when HTTP protocol is disabled
Closes #65805
See merge request gitlab-org/gitlab-ce!31632
3 files changed, 22 insertions, 1 deletions
diff --git a/app/controllers/projects/git_http_client_controller.rb b/app/controllers/projects/git_http_client_controller.rb index 956093b972b..abf8407a51c 100644 --- a/app/controllers/projects/git_http_client_controller.rb +++ b/app/controllers/projects/git_http_client_controller.rb @@ -49,7 +49,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController send_final_spnego_response return # Allow access end - elsif project && download_request? && Guest.can?(:download_code, project) + elsif project && download_request? && http_allowed? && Guest.can?(:download_code, project) + @authentication_result = Gitlab::Auth::Result.new(nil, project, :none, [:download_code]) return # Allow access @@ -113,4 +114,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController def ci? authentication_result.ci?(project) end + + def http_allowed? + Gitlab::ProtocolAccess.allowed?('http') + end end diff --git a/changelogs/unreleased/dblessing-fix-public-project-ssh-only-ci-failure.yml b/changelogs/unreleased/dblessing-fix-public-project-ssh-only-ci-failure.yml new file mode 100644 index 00000000000..615a1571e95 --- /dev/null +++ b/changelogs/unreleased/dblessing-fix-public-project-ssh-only-ci-failure.yml @@ -0,0 +1,5 @@ +--- +title: Allow CI to clone public projects when HTTP protocol is disabled +merge_request: 31632 +author: +type: fixed diff --git a/spec/controllers/projects/git_http_controller_spec.rb b/spec/controllers/projects/git_http_controller_spec.rb index bf099e8deeb..88fa2236e33 100644 --- a/spec/controllers/projects/git_http_controller_spec.rb +++ b/spec/controllers/projects/git_http_controller_spec.rb @@ -12,4 +12,15 @@ describe Projects::GitHttpController do expect(response.status).to eq(403) end end + + describe 'GET #info_refs' do + it 'returns 401 for unauthenticated requests to public repositories when http protocol is disabled' do + stub_application_setting(enabled_git_access_protocol: 'ssh') + project = create(:project, :public, :repository) + + get :info_refs, params: { service: 'git-upload-pack', namespace_id: project.namespace.to_param, project_id: project.path + '.git' } + + expect(response.status).to eq(401) + end + end end |