diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-20 17:07:34 +0200 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-20 19:15:13 +0200 |
| commit | cf6a35f09a3f38b124bd0e6013950f21b5bb1851 (patch) | |
| tree | e8b7664ffe5a4e7588cd57c94618a1843ab88327 | |
| parent | 0672c5a92e8be90da0cb79f277bb7aee82fdba8a (diff) | |
| download | gitlab-ce-post-merge-improve-of-ci-permissions.tar.gz | |
Improve JwtController implementationpost-merge-improve-of-ci-permissions
| -rw-r--r-- | app/controllers/jwt_controller.rb | 6 | ||||
| -rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 2 | ||||
| -rw-r--r-- | lib/ci/mask_secret.rb | 3 | ||||
| -rw-r--r-- | spec/lib/ci/mask_secret_spec.rb | 8 |
4 files changed, 11 insertions, 8 deletions
diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index 06d96774754..34d5d99558e 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -11,10 +11,8 @@ class JwtController < ApplicationController service = SERVICES[params[:service]] return head :not_found unless service - @authentication_result ||= Gitlab::Auth::Result.new - result = service.new(@authentication_result.project, @authentication_result.actor, auth_params). - execute(authentication_abilities: @authentication_result.authentication_abilities) + execute(authentication_abilities: @authentication_result.authentication_abilities || []) render json: result, status: result[:http_status] end @@ -22,6 +20,8 @@ class JwtController < ApplicationController private def authenticate_project_or_user + @authentication_result = Gitlab::Auth::Result.new + authenticate_with_http_basic do |login, password| @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip) diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 98da6563947..38ac6631228 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -5,7 +5,7 @@ module Auth AUDIENCE = 'container_registry' def execute(authentication_abilities:) - @authentication_abilities = authentication_abilities || [] + @authentication_abilities = authentication_abilities return error('not found', 404) unless registry.enabled diff --git a/lib/ci/mask_secret.rb b/lib/ci/mask_secret.rb index 3388a642eb4..997377abc55 100644 --- a/lib/ci/mask_secret.rb +++ b/lib/ci/mask_secret.rb @@ -1,9 +1,10 @@ module Ci::MaskSecret class << self def mask!(value, token) - return unless value.present? && token.present? + return value unless value.present? && token.present? value.gsub!(token, 'x' * token.length) + value end end end diff --git a/spec/lib/ci/mask_secret_spec.rb b/spec/lib/ci/mask_secret_spec.rb index a6938533138..3101bed20fb 100644 --- a/spec/lib/ci/mask_secret_spec.rb +++ b/spec/lib/ci/mask_secret_spec.rb @@ -16,10 +16,12 @@ describe Ci::MaskSecret, lib: true do expect(mask('token', 'not')).to eq('token') end + it 'does support null token' do + expect(mask('token', nil)).to eq('token') + end + def mask(value, token) - value = value.dup - subject.mask!(value, token) - value + subject.mask!(value.dup, token) end end end |