diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-16 16:07:21 +0200 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-16 16:07:21 +0200 |
| commit | 2742f9fb98babc0009e446d291757ae43c54c101 (patch) | |
| tree | 5f86ef0dc027963e5f3d2e0a50cc65f82d4105a1 | |
| parent | b0195d5c55d913dd62cb01b553b045f2681e7eb7 (diff) | |
| download | gitlab-ce-2742f9fb98babc0009e446d291757ae43c54c101.tar.gz | |
Improve authentication_result usage
| -rw-r--r-- | app/controllers/projects/git_http_client_controller.rb | 29 | ||||
| -rw-r--r-- | spec/requests/git_http_spec.rb | 4 |
2 files changed, 20 insertions, 13 deletions
diff --git a/app/controllers/projects/git_http_client_controller.rb b/app/controllers/projects/git_http_client_controller.rb index 632dac6aac9..ee9ea4bc8b2 100644 --- a/app/controllers/projects/git_http_client_controller.rb +++ b/app/controllers/projects/git_http_client_controller.rb @@ -19,6 +19,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController private def authenticate_user + @authentication_result = Gitlab::Auth::Result.new + if project && project.public? && download_request? return # Allow access end @@ -124,6 +126,18 @@ class Projects::GitHttpClientController < Projects::ApplicationController end end + def ci? + authentication_result.ci? && + authentication_project && + authentication_project == project + end + + def lfs_deploy_key? + authentication_result.lfs_deploy_token? && + actor && + actor.projects.include?(project) + end + def authentication_has_download_access? has_authentication_ability?(:download_code) || has_authentication_ability?(:build_download_code) end @@ -132,19 +146,12 @@ class Projects::GitHttpClientController < Projects::ApplicationController has_authentication_ability?(:push_code) end - def ci? - authentication_result && authentication_result.ci? && - authentication_result.project && authentication_result.project == project - end - - def lfs_deploy_key? - authentication_result && authentication_result.lfs_deploy_token? && - actor && actor.projects.include?(project) + def has_authentication_ability?(capability) + (authentication_abilities || []).include?(capability) end - def has_authentication_ability?(capability) - authentication_abilities && - authentication_abilities.include?(capability) + def authentication_project + authentication_result.project end def verify_workhorse_api! diff --git a/spec/requests/git_http_spec.rb b/spec/requests/git_http_spec.rb index f828e898740..e3922bec689 100644 --- a/spec/requests/git_http_spec.rb +++ b/spec/requests/git_http_spec.rb @@ -322,10 +322,10 @@ describe 'Git HTTP requests', lib: true do expect(response).to have_http_status(401) end - it "downloads from other project get status 401" do + it "downloads from other project get status 404" do clone_get "#{other_project.path_with_namespace}.git", user: 'gitlab-ci-token', password: build.token - expect(response).to have_http_status(401) + expect(response).to have_http_status(404) end end |