diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-21 07:08:36 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-21 07:08:36 +0000 |
commit | 48aff82709769b098321c738f3444b9bdaa694c6 (patch) | |
tree | e00c7c43e2d9b603a5a6af576b1685e400410dee /lib/api/internal | |
parent | 879f5329ee916a948223f8f43d77fba4da6cd028 (diff) | |
download | gitlab-ce-48aff82709769b098321c738f3444b9bdaa694c6.tar.gz |
Add latest changes from gitlab-org/gitlab@13-5-stable-eev13.5.0-rc42
Diffstat (limited to 'lib/api/internal')
-rw-r--r-- | lib/api/internal/base.rb | 92 | ||||
-rw-r--r-- | lib/api/internal/kubernetes.rb | 2 | ||||
-rw-r--r-- | lib/api/internal/lfs.rb | 54 | ||||
-rw-r--r-- | lib/api/internal/pages.rb | 2 |
4 files changed, 124 insertions, 26 deletions
diff --git a/lib/api/internal/base.rb b/lib/api/internal/base.rb index ff687a57888..6d8f13c36e6 100644 --- a/lib/api/internal/base.rb +++ b/lib/api/internal/base.rb @@ -3,7 +3,7 @@ module API # Internal access API module Internal - class Base < Grape::API::Instance + class Base < ::API::Base before { authenticate_by_gitlab_shell_token! } before do @@ -99,6 +99,14 @@ module API @project = @container = access_checker.container end end + + def validate_actor_key(actor, key_id) + return 'Could not find a user without a key' unless key_id + + return 'Could not find the given key' unless actor.key + + 'Could not find a user for the given key' unless actor.user + end end namespace 'internal' do @@ -163,28 +171,23 @@ module API redis: redis_ping } end + post '/two_factor_recovery_codes' do status 200 actor.update_last_used_at! user = actor.user - if params[:key_id] - unless actor.key - break { success: false, message: 'Could not find the given key' } - end - - if actor.key.is_a?(DeployKey) - break { success: false, message: 'Deploy keys cannot be used to retrieve recovery codes' } - end + error_message = validate_actor_key(actor, params[:key_id]) - unless user - break { success: false, message: 'Could not find a user for the given key' } - end - elsif params[:user_id] && user.nil? + if params[:user_id] && user.nil? break { success: false, message: 'Could not find the given user' } + elsif error_message + break { success: false, message: error_message } end + break { success: false, message: 'Deploy keys cannot be used to retrieve recovery codes' } if actor.key.is_a?(DeployKey) + unless user.two_factor_enabled? break { success: false, message: 'Two-factor authentication is not enabled for this user' } end @@ -204,20 +207,14 @@ module API actor.update_last_used_at! user = actor.user - if params[:key_id] - unless actor.key - break { success: false, message: 'Could not find the given key' } - end + error_message = validate_actor_key(actor, params[:key_id]) - if actor.key.is_a?(DeployKey) - break { success: false, message: 'Deploy keys cannot be used to create personal access tokens' } - end + break { success: false, message: 'Deploy keys cannot be used to create personal access tokens' } if actor.key.is_a?(DeployKey) - unless user - break { success: false, message: 'Could not find a user for the given key' } - end - elsif params[:user_id] && user.nil? + if params[:user_id] && user.nil? break { success: false, message: 'Could not find the given user' } + elsif error_message + break { success: false, message: error_message } end if params[:name].blank? @@ -269,6 +266,53 @@ module API present response, with: Entities::InternalPostReceive::Response end + + post '/two_factor_config' do + status 200 + + break { success: false } unless Feature.enabled?(:two_factor_for_cli) + + actor.update_last_used_at! + user = actor.user + + error_message = validate_actor_key(actor, params[:key_id]) + + if error_message + { success: false, message: error_message } + elsif actor.key.is_a?(DeployKey) + { success: true, two_factor_required: false } + else + { + success: true, + two_factor_required: user.two_factor_enabled? + } + end + end + + post '/two_factor_otp_check' do + status 200 + + break { success: false } unless Feature.enabled?(:two_factor_for_cli) + + actor.update_last_used_at! + user = actor.user + + error_message = validate_actor_key(actor, params[:key_id]) + + break { success: false, message: error_message } if error_message + + break { success: false, message: 'Deploy keys cannot be used for Two Factor' } if actor.key.is_a?(DeployKey) + + break { success: false, message: 'Two-factor authentication is not enabled for this user' } unless user.two_factor_enabled? + + otp_validation_result = ::Users::ValidateOtpService.new(user).execute(params.fetch(:otp_attempt)) + + if otp_validation_result[:status] == :success + { success: true } + else + { success: false, message: 'Invalid OTP' } + end + end end end end diff --git a/lib/api/internal/kubernetes.rb b/lib/api/internal/kubernetes.rb index 6d5dfd086e7..8175b81f900 100644 --- a/lib/api/internal/kubernetes.rb +++ b/lib/api/internal/kubernetes.rb @@ -3,7 +3,7 @@ module API # Kubernetes Internal API module Internal - class Kubernetes < Grape::API::Instance + class Kubernetes < ::API::Base before do check_feature_enabled authenticate_gitlab_kas_request! diff --git a/lib/api/internal/lfs.rb b/lib/api/internal/lfs.rb new file mode 100644 index 00000000000..630f0ec77a8 --- /dev/null +++ b/lib/api/internal/lfs.rb @@ -0,0 +1,54 @@ +# frozen_string_literal: true + +module API + module Internal + class Lfs < ::API::Base + use Rack::Sendfile + + before { authenticate_by_gitlab_shell_token! } + + helpers do + def find_lfs_object(lfs_oid) + LfsObject.find_by_oid(lfs_oid) + end + end + + namespace 'internal' do + namespace 'lfs' do + desc 'Get LFS URL for object ID' do + detail 'This feature was introduced in GitLab 13.5.' + end + params do + requires :oid, type: String, desc: 'The object ID to query' + requires :gl_repository, type: String, desc: "Project identifier (e.g. project-1)" + end + get "/" do + lfs_object = find_lfs_object(params[:oid]) + + not_found! unless lfs_object + + _, project, repo_type = Gitlab::GlRepository.parse(params[:gl_repository]) + + not_found! unless repo_type.project? && project + not_found! unless lfs_object.project_allowed_access?(project) + + file = lfs_object.file + + not_found! unless file&.exists? + + content_type 'application/octet-stream' + + if file.file_storage? + sendfile file.path + else + workhorse_headers = Gitlab::Workhorse.send_url(file.url) + header workhorse_headers[0], workhorse_headers[1] + env['api.format'] = :binary + body "" + end + end + end + end + end + end +end diff --git a/lib/api/internal/pages.rb b/lib/api/internal/pages.rb index 5f8d23f15fa..51136144c19 100644 --- a/lib/api/internal/pages.rb +++ b/lib/api/internal/pages.rb @@ -3,7 +3,7 @@ module API # Pages Internal API module Internal - class Pages < Grape::API::Instance + class Pages < ::API::Base before do authenticate_gitlab_pages_request! end |