diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-05-22 14:14:12 -0500 |
|---|---|---|
| committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2016-05-23 00:34:51 +0200 |
| commit | 646018a40e7d29682f31e774f453a6b3427b4216 (patch) | |
| tree | fca689ab7bf8336099799556a57ddc4095d54d2c | |
| parent | b4c47368bfece10150293566b6bf5faeb324d5c4 (diff) | |
| download | gitlab-ce-646018a40e7d29682f31e774f453a6b3427b4216.tar.gz | |
Fix the CI login to Container Registry (the gitlab-ci-token user)
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | app/controllers/jwt_controller.rb | 2 | ||||
| -rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 2 | ||||
| -rw-r--r-- | spec/requests/jwt_controller_spec.rb | 2 | ||||
| -rw-r--r-- | spec/services/auth/container_registry_authentication_service_spec.rb | 4 |
5 files changed, 6 insertions, 5 deletions
diff --git a/CHANGELOG b/CHANGELOG index 13b937b8c46..434c7b554f8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -32,6 +32,7 @@ v 8.8.0 (unreleased) - Bump mail_room to 0.7.0 to fix stuck IDLE connections - Remove future dates from contribution calendar graph. - Support e-mail notifications for comments on project snippets + - Fix the CI login to Container Registry (the gitlab-ci-token user) - Fix API leak of notes of unauthorized issues, snippets and merge requests - Use ActionDispatch Remote IP for Akismet checking - Fix error when visiting commit builds page before build was updated diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index f5aa5397ff1..156ab2811d6 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -36,7 +36,7 @@ class JwtController < ApplicationController end def authenticate_project(login, password) - if login == 'gitlab_ci_token' + if login == 'gitlab-ci-token' Project.find_by(builds_enabled: true, runners_token: password) end end diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index f807b8ec09a..2bbab643e69 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -6,7 +6,7 @@ module Auth return error('not found', 404) unless registry.enabled if params[:offline_token] - return error('unauthorized', 401) unless current_user + return error('unauthorized', 401) unless current_user || project else return error('forbidden', 403) unless scope end diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb index 7bb71365a48..d006ff195cf 100644 --- a/spec/requests/jwt_controller_spec.rb +++ b/spec/requests/jwt_controller_spec.rb @@ -23,7 +23,7 @@ describe JwtController do context 'when using authorized request' do context 'using CI token' do let(:project) { create(:empty_project, runners_token: 'token', builds_enabled: builds_enabled) } - let(:headers) { { authorization: credentials('gitlab_ci_token', project.runners_token) } } + let(:headers) { { authorization: credentials('gitlab-ci-token', project.runners_token) } } subject! { get '/jwt/auth', parameters, headers } diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb index 73b8c3f048f..3f4a1ced2b6 100644 --- a/spec/services/auth/container_registry_authentication_service_spec.rb +++ b/spec/services/auth/container_registry_authentication_service_spec.rb @@ -127,12 +127,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do context 'project authorization' do let(:current_project) { create(:empty_project) } - context 'disallow to use offline_token' do + context 'allow to use offline_token' do let(:current_params) do { offline_token: true } end - it_behaves_like 'an unauthorized' + it_behaves_like 'an authenticated' end context 'allow to pull and push images' do |