diff options
author | Robert Speicher <rspeicher@gmail.com> | 2018-11-09 16:34:17 +0000 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2018-11-09 16:38:59 +0000 |
commit | 11dd9d6e1f18b75926a4ae2284dce2343d2b5230 (patch) | |
tree | 37761d4f3da2f4a5859acfdcc4a006bd6626bf93 /lib | |
parent | 57cee17673a711ff023fd1a9766defefd0103a9f (diff) | |
download | gitlab-ce-11dd9d6e1f18b75926a4ae2284dce2343d2b5230.tar.gz |
Resolve possible cherry pick API race conditionrs-cherry-pick-api
Previously, we just fetched the latest commit for the given branch when
presenting the resulting commit, but because something could have been
committed to that branch between the time we cherry-picked and the time
we render the result, the wrong commit could have been presented.
Now, we fetch the commit object with the commit SHA returned by the
commit change service, which should always be the correct commit.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/53773
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/commits.rb | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/api/commits.rb b/lib/api/commits.rb index e59abd3e3d0..ee20c6efe78 100644 --- a/lib/api/commits.rb +++ b/lib/api/commits.rb @@ -194,11 +194,13 @@ module API branch_name: params[:branch] } - result = ::Commits::CherryPickService.new(user_project, current_user, commit_params).execute + result = ::Commits::CherryPickService + .new(user_project, current_user, commit_params) + .execute if result[:status] == :success - branch = find_branch!(params[:branch]) - present user_project.repository.commit(branch.dereferenced_target), with: Entities::Commit + present user_project.repository.commit(result[:result]), + with: Entities::Commit else render_api_error!(result[:message], 400) end |