diff options
author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-19 16:34:32 +0200 |
---|---|---|
committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-19 16:34:32 +0200 |
commit | 3c1bb3432b0b8448262ec9a9a3468641c82db5c1 (patch) | |
tree | 0ee07fcff0db3ef3beb744d124efe80aa15373c8 /lib | |
parent | 135be3cabb01ca3c825829f18ede4e8720383d7b (diff) | |
download | gitlab-ce-3c1bb3432b0b8448262ec9a9a3468641c82db5c1.tar.gz |
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043"lfs-support
This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/internal.rb | 13 | ||||
-rw-r--r-- | lib/gitlab/auth.rb | 25 | ||||
-rw-r--r-- | lib/gitlab/auth/result.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/lfs_token.rb | 54 |
4 files changed, 96 insertions, 0 deletions
diff --git a/lib/api/internal.rb b/lib/api/internal.rb index 1114fd21784..090d04544da 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -82,6 +82,19 @@ module API response end + post "/lfs_authenticate" do + status 200 + + key = Key.find(params[:key_id]) + token_handler = Gitlab::LfsToken.new(key) + + { + username: token_handler.actor_name, + lfs_token: token_handler.generate, + repository_http_path: project.http_url_to_repo + } + end + get "/merge_request_urls" do ::MergeRequests::GetUrlsService.new(project).execute(params[:changes]) end diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 0a0f1c3b17b..4458112ed44 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -11,6 +11,7 @@ module Gitlab build_access_token_check(login, password) || user_with_password_for_git(login, password) || oauth_access_token_check(login, password) || + lfs_token_check(login, password) || personal_access_token_check(login, password) || Gitlab::Auth::Result.new @@ -102,6 +103,30 @@ module Gitlab end end + def lfs_token_check(login, password) + deploy_key_matches = login.match(/\Alfs\+deploy-key-(\d+)\z/) + + actor = + if deploy_key_matches + DeployKey.find(deploy_key_matches[1]) + else + User.by_login(login) + end + + if actor + token_handler = Gitlab::LfsToken.new(actor) + + authentication_abilities = + if token_handler.user? + full_authentication_abilities + else + read_authentication_abilities + end + + Result.new(actor, nil, token_handler.type, authentication_abilities) if Devise.secure_compare(token_handler.value, password) + end + end + def build_access_token_check(login, password) return unless login == 'gitlab-ci-token' return unless password diff --git a/lib/gitlab/auth/result.rb b/lib/gitlab/auth/result.rb index bf625649cbf..e4786b12676 100644 --- a/lib/gitlab/auth/result.rb +++ b/lib/gitlab/auth/result.rb @@ -5,6 +5,10 @@ module Gitlab type == :ci end + def lfs_deploy_token? + type == :lfs_deploy_token + end + def success? actor.present? || type == :ci end diff --git a/lib/gitlab/lfs_token.rb b/lib/gitlab/lfs_token.rb new file mode 100644 index 00000000000..d089a2f9b0b --- /dev/null +++ b/lib/gitlab/lfs_token.rb @@ -0,0 +1,54 @@ +module Gitlab + class LfsToken + attr_accessor :actor + + TOKEN_LENGTH = 50 + EXPIRY_TIME = 1800 + + def initialize(actor) + @actor = + case actor + when DeployKey, User + actor + when Key + actor.user + else + raise 'Bad Actor' + end + end + + def generate + token = Devise.friendly_token(TOKEN_LENGTH) + + Gitlab::Redis.with do |redis| + redis.set(redis_key, token, ex: EXPIRY_TIME) + end + + token + end + + def value + Gitlab::Redis.with do |redis| + redis.get(redis_key) + end + end + + def user? + actor.is_a?(User) + end + + def type + actor.is_a?(User) ? :lfs_token : :lfs_deploy_token + end + + def actor_name + actor.is_a?(User) ? actor.username : "lfs+deploy-key-#{actor.id}" + end + + private + + def redis_key + "gitlab:lfs_token:#{actor.class.name.underscore}_#{actor.id}" if actor + end + end +end |