diff options
author | Rémy Coutable <remy@rymai.me> | 2016-09-27 16:24:49 +0000 |
---|---|---|
committer | Ruben Davila <rdavila84@gmail.com> | 2016-09-28 10:26:30 -0500 |
commit | 05d85a81d31a816751e3bfd4f79dc2876e32c4b9 (patch) | |
tree | 948eb1607ab0ac2c9cfde8c4af68ea3b6349965f | |
parent | ca3c6a46674b29686b75fc7a70d29a407d801d51 (diff) | |
download | gitlab-ce-05d85a81d31a816751e3bfd4f79dc2876e32c4b9.tar.gz |
Merge branch 'be-nice-to-docker-client' into 'master'
Be nice to Docker Clients talking to JWT/auth
## What does this MR do?
Makes all errors returned by JWT endpoint to be docker-compatible.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22465
See merge request !6536
-rw-r--r-- | CHANGELOG | 6 | ||||
-rw-r--r-- | app/controllers/jwt_controller.rb | 21 | ||||
-rw-r--r-- | app/services/auth/container_registry_authentication_service.rb | 11 | ||||
-rw-r--r-- | spec/requests/jwt_controller_spec.rb | 4 |
4 files changed, 33 insertions, 9 deletions
diff --git a/CHANGELOG b/CHANGELOG index fcaaa284ceb..5b37e4f0d71 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,12 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.12.2 (unreleased) + - Fix Import/Export not recognising correctly the imported services. + - Fix snippets pagination + - Fix List-Unsubscribe header in emails + - Fix an issue with the "Commits" section of the cycle analytics summary. !6513 + - Fix errors importing project feature and milestone models using GitLab project import + - Make JWT messages Docker-compatible v 8.12.1 - Fix a memory leak in HTML::Pipeline::SanitizationFilter::WHITELIST diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index 34d5d99558e..7e4da73bc11 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -25,7 +25,7 @@ class JwtController < ApplicationController authenticate_with_http_basic do |login, password| @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip) - render_403 unless @authentication_result.success? && + render_unauthorized unless @authentication_result.success? && (@authentication_result.actor.nil? || @authentication_result.actor.is_a?(User)) end rescue Gitlab::Auth::MissingPersonalTokenError @@ -33,10 +33,21 @@ class JwtController < ApplicationController end def render_missing_personal_token - render plain: "HTTP Basic: Access denied\n" \ - "You have 2FA enabled, please use a personal access token for Git over HTTP.\n" \ - "You can generate one at #{profile_personal_access_tokens_url}", - status: 401 + render json: { + errors: [ + { code: 'UNAUTHORIZED', + message: "HTTP Basic: Access denied\n" \ + "You have 2FA enabled, please use a personal access token for Git over HTTP.\n" \ + "You can generate one at #{profile_personal_access_tokens_url}" } + ] }, status: 401 + end + + def render_unauthorized + render json: { + errors: [ + { code: 'UNAUTHORIZED', + message: 'HTTP Basic: Access denied' } + ] }, status: 401 end def auth_params diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb index 38ac6631228..8ea88da8a53 100644 --- a/app/services/auth/container_registry_authentication_service.rb +++ b/app/services/auth/container_registry_authentication_service.rb @@ -7,10 +7,10 @@ module Auth def execute(authentication_abilities:) @authentication_abilities = authentication_abilities - return error('not found', 404) unless registry.enabled + return error('UNAVAILABLE', status: 404, message: 'registry not enabled') unless registry.enabled unless current_user || project - return error('forbidden', 403) unless scope + return error('DENIED', status: 403, message: 'access forbidden') unless scope end { token: authorized_token(scope).encoded } @@ -111,5 +111,12 @@ module Auth @authentication_abilities.include?(:create_container_image) && can?(current_user, :create_container_image, requested_project) end + + def error(code, status:, message: '') + { + errors: [{ code: code, message: message }], + http_status: status + } + end end end diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb index 6b956e63004..f0ef155bd7b 100644 --- a/spec/requests/jwt_controller_spec.rb +++ b/spec/requests/jwt_controller_spec.rb @@ -39,7 +39,7 @@ describe JwtController do subject! { get '/jwt/auth', parameters, headers } - it { expect(response).to have_http_status(403) } + it { expect(response).to have_http_status(401) } end end @@ -77,7 +77,7 @@ describe JwtController do subject! { get '/jwt/auth', parameters, headers } - it { expect(response).to have_http_status(403) } + it { expect(response).to have_http_status(401) } end end |