Fix POST /internal/allowed to cope with gitlab-shell v4.0.0 project paths

gitlab-shell v3.6.6 would give project paths like so:

* namespace/project

gitlab-shell v4.0.0 can give project paths like so:

* /namespace1/namespace2/project
* /namespace/project
* /path/to/repository/storage/namespace1/namespace2/project
* /path/to/repository/storage/namespace/project

2 files changed, 59 insertions, 36 deletions

diff --git a/lib/api/helpers/internal_helpers.rb b/lib/api/helpers/internal_helpers.rb
new file mode 100644
index 00000000000..eb223c1101d
--- /dev/null
+++ b/lib/api/helpers/internal_helpers.rb
@@ -0,0 +1,57 @@
+module API
+  module Helpers
+    module InternalHelpers
+      # Project paths may be any of the following:
+      #   * /repository/storage/path/namespace/project
+      #   * /namespace/project
+      #   * namespace/project
+      #
+      # In addition, they may have a '.git' extension and multiple namespaces
+      #
+      # Transform all these cases to 'namespace/project'
+      def clean_project_path(project_path, storage_paths = Repository.storages.values)
+        project_path = project_path.sub(/\.git\z/, '')
+
+        storage_paths.each do |storage_path|
+          storage_path = File.expand_path(storage_path)
+
+          if project_path.start_with?(storage_path)
+            project_path = project_path.sub(storage_path, '')
+            break
+          end
+        end
+
+        project_path.sub(/\A\//, '')
+      end
+
+      def project_path
+        @project_path ||= clean_project_path(params[:project])
+      end
+
+      def wiki?
+        @wiki ||= project_path.end_with?('.wiki') &&
+          !Project.find_with_namespace(project_path)
+      end
+
+      def project
+        @project ||= begin
+          # Check for *.wiki repositories.
+          # Strip out the .wiki from the pathname before finding the
+          # project. This applies the correct project permissions to
+          # the wiki repository as well.
+          project_path.chomp!('.wiki') if wiki?
+
+          Project.find_with_namespace(project_path)
+        end
+      end
+
+      def ssh_authentication_abilities
+        [
+          :read_project,
+          :download_code,
+          :push_code
+        ]
+      end
+    end
+  end
+end
diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index ccf181402f9..7087ce11401 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -3,6 +3,8 @@ module API
   class Internal < Grape::API
     before { authenticate_by_gitlab_shell_token! }
 
+    helpers ::API::Helpers::InternalHelpers
+
     namespace 'internal' do
       # Check if git command is allowed to project
       #
@@ -14,42 +16,6 @@ module API
       #   ref - branch name
       #   forced_push - forced_push
       #   protocol - Git access protocol being used, e.g. HTTP or SSH
-      #
-
-      helpers do
-        def project_path
-          @project_path ||= begin
-            project_path = params[:project].sub(/\.git\z/, '')
-            Repository.remove_storage_from_path(project_path)
-          end
-        end
-
-        def wiki?
-          @wiki ||= project_path.end_with?('.wiki') &&
-            !Project.find_with_namespace(project_path)
-        end
-
-        def project
-          @project ||= begin
-            # Check for *.wiki repositories.
-            # Strip out the .wiki from the pathname before finding the
-            # project. This applies the correct project permissions to
-            # the wiki repository as well.
-            project_path.chomp!('.wiki') if wiki?
-
-            Project.find_with_namespace(project_path)
-          end
-        end
-
-        def ssh_authentication_abilities
-          [
-            :read_project,
-            :download_code,
-            :push_code
-          ]
-        end
-      end
-
       post "/allowed" do
         status 200