diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-03-19 21:02:39 +0200 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-03-20 10:16:17 +0200 |
| commit | 729b358ff2981d8931e27fdc33d29b9528232c32 (patch) | |
| tree | 9a1f52f91e1251f998b87c37b6872378fc3fb5e1 /lib/gitlab/backend | |
| parent | f18a714f357405a87031250f4350343ae54d528f (diff) | |
| download | gitlab-ce-729b358ff2981d8931e27fdc33d29b9528232c32.tar.gz | |
push via http now served via /allowed API
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Diffstat (limited to 'lib/gitlab/backend')
| -rw-r--r-- | lib/gitlab/backend/grack_auth.rb | 47 |
1 files changed, 5 insertions, 42 deletions
diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb index 60c03ce1c04..ee99bd5f7de 100644 --- a/lib/gitlab/backend/grack_auth.rb +++ b/lib/gitlab/backend/grack_auth.rb @@ -5,7 +5,7 @@ module Grack class Auth < Rack::Auth::Basic include Helpers - attr_accessor :user, :project, :ref, :env + attr_accessor :user, :project, :env def call(env) @env = env @@ -80,24 +80,11 @@ module Grack def authorize_request(service) case service when 'git-upload-pack' - can?(user, :download_code, project) - when'git-receive-pack' - refs.each do |ref| - action = if project.protected_branch?(ref) - :push_code_to_protected_branches - else - :push_code - end - - return false unless can?(user, action, project) - end - - # Never let git-receive-pack trough unauthenticated; it's - # harmless but git < 1.8 doesn't like it - return false if user.nil? - true + # Serve only upload request. + # Authorization on push will be serverd by update hook in repository + Gitlab::GitAccess.new.download_allowed?(user, project) else - false + true end end @@ -114,29 +101,5 @@ module Grack def project @project ||= project_by_path(@request.path_info) end - - def refs - @refs ||= parse_refs - end - - def parse_refs - input = if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/ - Zlib::GzipReader.new(@request.body).read - else - @request.body.read - end - - # Need to reset seek point - @request.body.rewind - - # Parse refs - refs = input.force_encoding('ascii-8bit').scan(/refs\/heads\/([\/\w\.-]+)/n).flatten.compact - - # Cleanup grabare from refs - # if push to multiple branches - refs.map do |ref| - ref.gsub(/00.*/, "") - end - end end end |