Add runners token

author: Kamil Trzcinski <ayufan@ayufan.eu> 2015-12-10 17:29:44 +0100
committer: Kamil Trzcinski <ayufan@ayufan.eu> 2015-12-11 18:02:09 +0100
commit: 8cdd54cc0696b76daa2baf463d02d944b50bac6a (patch)
tree: eb3e5c1aeef92181b49217c965685e5b9ba67c74
parent: e80e3f5372d6bcad1fbe04a85b3086bb66794828 (diff)
download: gitlab-ce-8cdd54cc0696b76daa2baf463d02d944b50bac6a.tar.gz
12 files changed, 23 insertions, 29 deletions
diff --git a/app/controllers/ci/application_controller.rb b/app/controllers/ci/application_controller.rb
index bc7f48b3c87..c420b59c3a2 100644
--- a/app/controllers/ci/application_controller.rb
+++ b/app/controllers/ci/application_controller.rb
@@ -6,12 +6,6 @@ module Ci
 
     private
 
-    def authenticate_token!
-      unless project.valid_token?(params[:token])
-        return head(403)
-      end
-    end
-
     def authorize_access_project!
       unless can?(current_user, :read_project, project)
         return page_404
diff --git a/app/controllers/ci/projects_controller.rb b/app/controllers/ci/projects_controller.rb
index 7e62320bf21..3004c2d27f0 100644
--- a/app/controllers/ci/projects_controller.rb
+++ b/app/controllers/ci/projects_controller.rb
@@ -22,8 +22,7 @@ module Ci
     protected
 
     def project
-      # TODO: what to do here?
-      @project ||= Project.find_by_ci_id(params[:id])
+      @project ||= Project.find_by(ci_id: params[:id].to_i)
     end
 
     def no_cache
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index 43ed8eb518b..fac1d1c4c2c 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -225,7 +225,7 @@ module Ci
     end
 
     def valid_token? token
-      project.valid_token? token
+      project.valid_runners_token? token
     end
 
     def target_url
diff --git a/app/models/project.rb b/app/models/project.rb
index e3eee36c253..a11bc9c4bd5 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -169,9 +169,9 @@ class Project < ActiveRecord::Base
     if: ->(project) { project.avatar.present? && project.avatar_changed? }
   validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
 
-  before_validation :set_random_token
-  def set_random_token
-    self.token = SecureRandom.hex(15) if self.token.blank?
+  before_validation :set_runners_token_token
+  def set_runners_token_token
+    self.runners_token = SecureRandom.hex(15) if self.runners_token.blank?
   end
 
   mount_uploader :avatar, AvatarUploader
@@ -270,9 +270,7 @@ class Project < ActiveRecord::Base
     end
 
     def find_by_ci_id(id)
-      ci_projects = Arel::Table.new(:ci_projects)
-      gitlab_id = ci_projects.where(ci_projects[:id].eq(id)).project(ci_projects[:gitlab_id])
-      find_by("id=(#{gitlab_id.to_sql})")
+      find_by(ci_id: id.to_i)
     end
 
     def visibility_levels
@@ -831,7 +829,11 @@ class Project < ActiveRecord::Base
     shared_runners_enabled? && Ci::Runner.shared.active.any?(&block)
   end
 
-  def valid_token? token
+  def valid_runners_token? token
+    self.token && self.token == token
+  end
+
+  def valid_build_token? token
     self.token && self.token == token
   end
 
diff --git a/db/migrate/20151203162135_add_ci_to_project.rb b/db/migrate/20151203162135_add_ci_to_project.rb
index e95942666c3..8a65abab636 100644
--- a/db/migrate/20151203162135_add_ci_to_project.rb
+++ b/db/migrate/20151203162135_add_ci_to_project.rb
@@ -1,8 +1,9 @@
 class AddCiToProject < ActiveRecord::Migration
   def up
+    add_column :projects, :ci_id, :integer
     add_column :projects, :builds_enabled, :boolean, default: true, null: false
     add_column :projects, :shared_runners_enabled, :boolean, default: true, null: false
-    add_column :projects, :token, :string
+    add_column :projects, :runners_token, :string
     add_column :projects, :build_coverage_regex, :string
     add_column :projects, :build_allow_git_fetch, :boolean, default: true, null: false
     add_column :projects, :build_timeout, :integer, default: 3600, null: false
diff --git a/db/migrate/20151204110613_migrate_ci_to_project.rb b/db/migrate/20151204110613_migrate_ci_to_project.rb
index 1777b6170b4..d17b2a425f8 100644
--- a/db/migrate/20151204110613_migrate_ci_to_project.rb
+++ b/db/migrate/20151204110613_migrate_ci_to_project.rb
@@ -5,8 +5,9 @@ class MigrateCiToProject < ActiveRecord::Migration
     migrate_project_id_for_table('ci_variables')
     migrate_project_id_for_builds
 
-    migrate_project_column('shared_runners_enabled')
-    migrate_project_column('token')
+    migrate_project_column('id', 'ci_id')
+    migrate_project_column('shared_runners_enabled', 'shared_runners_enabled')
+    migrate_project_column('token', 'runners_token')
     migrate_project_column('coverage_regex', 'build_coverage_regex')
     migrate_project_column('allow_git_fetch', 'build_allow_git_fetch')
     migrate_project_column('timeout', 'build_timeout')
@@ -25,7 +26,7 @@ class MigrateCiToProject < ActiveRecord::Migration
 
   def migrate_project_column(column, new_column = nil)
     new_column ||= column
-    subquery = "SELECT #{column} FROM ci_projects WHERE projects.id = ci_projects.gitlab_id"
+    subquery = "SELECT ci_projects.#{column} FROM ci_projects WHERE projects.id = ci_projects.gitlab_id"
     execute("UPDATE projects SET #{new_column}=(#{subquery}) WHERE #{new_column} IS NULL AND (#{subquery}) IS NOT NULL")
   end
 
diff --git a/db/migrate/20151204110832_add_index_to_ci_tables.rb b/db/migrate/20151204110832_add_index_to_ci_tables.rb
index b95931334c6..9fedb5d612c 100644
--- a/db/migrate/20151204110832_add_index_to_ci_tables.rb
+++ b/db/migrate/20151204110832_add_index_to_ci_tables.rb
@@ -4,8 +4,9 @@ class AddIndexToCiTables < ActiveRecord::Migration
     add_index :ci_runner_projects, :gl_project_id
     add_index :ci_triggers, :gl_project_id
     add_index :ci_variables, :gl_project_id
-    add_index :projects, :token
+    add_index :projects, :runners_token
     add_index :projects, :builds_enabled
     add_index :projects, [:builds_enabled, :shared_runners_enabled]
+    add_index :projects, [:ci_id]
   end
 end
diff --git a/lib/ci/api/helpers.rb b/lib/ci/api/helpers.rb
index 02502333756..9891b5e38ea 100644
--- a/lib/ci/api/helpers.rb
+++ b/lib/ci/api/helpers.rb
@@ -13,10 +13,6 @@ module Ci
         forbidden! unless current_runner
       end
 
-      def authenticate_project_token!(project)
-        forbidden! unless project.valid_token?(params[:project_token])
-      end
-
       def authenticate_build_token!(build)
         token = (params[BUILD_TOKEN_PARAM] || env[BUILD_TOKEN_HEADER]).to_s
         forbidden! unless token && build.valid_token?(token)
diff --git a/lib/ci/api/runners.rb b/lib/ci/api/runners.rb
index dd77bd65863..1e738a73157 100644
--- a/lib/ci/api/runners.rb
+++ b/lib/ci/api/runners.rb
@@ -36,7 +36,7 @@ module Ci
                 tag_list: params[:tag_list],
                 is_shared: true
               )
-            elsif project = Project.find_by(token: params[:token])
+            elsif project = Project.find_by(runners_token: params[:token])
               # Create a specific runner for project.
               project.ci_runners.create(
                 description: params[:description],
diff --git a/lib/ci/api/triggers.rb b/lib/ci/api/triggers.rb
index 6d2cdd8c682..63b42113513 100644
--- a/lib/ci/api/triggers.rb
+++ b/lib/ci/api/triggers.rb
@@ -14,7 +14,7 @@ module Ci
         post ":id/refs/:ref/trigger" do
           required_attributes! [:token]
 
-          project = Project.find_by_ci_id(params[:id])
+          project = Project.find_by(ci_id: params[:id].to_i)
           trigger = Ci::Trigger.find_by_token(params[:token].to_s)
           not_found! unless project && trigger
           unauthorized! unless trigger.project == project
diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb
index 5a032b572ae..d854c1c8683 100644
--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@@ -78,7 +78,7 @@ module Grack
         underscored_service = matched_login['s'].underscore
 
         if underscored_service == 'gitlab_ci'
-          return project && project.builds_enabled? && project.valid_token?(password)
+          return project && project.builds_enabled? && project.valid_build_token?(password)
         elsif Service.available_services_names.include?(underscored_service)
           service_method = "#{underscored_service}_service"
           service = project.send(service_method)
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index ee106b11fbb..9c9266455cf 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -55,7 +55,7 @@ describe Project, models: true do
     it { is_expected.to have_one(:pushover_service).dependent(:destroy) }
     it { is_expected.to have_one(:asana_service).dependent(:destroy) }
     it { is_expected.to have_many(:ci_commits) }
-    it { is_expected.to have_many(:ci_statuses) }
+    it { is_expected.to have_many(:commit_statuses) }
     it { is_expected.to have_many(:ci_builds) }
     it { is_expected.to have_many(:ci_runner_projects) }
     it { is_expected.to have_many(:ci_runners) }
author	Kamil Trzcinski <ayufan@ayufan.eu>	2015-12-10 17:29:44 +0100
committer	Kamil Trzcinski <ayufan@ayufan.eu>	2015-12-11 18:02:09 +0100
commit	8cdd54cc0696b76daa2baf463d02d944b50bac6a (patch)
tree	eb3e5c1aeef92181b49217c965685e5b9ba67c74
parent	e80e3f5372d6bcad1fbe04a85b3086bb66794828 (diff)
download	gitlab-ce-8cdd54cc0696b76daa2baf463d02d944b50bac6a.tar.gz