summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorKamil Trzcinski <ayufan@ayufan.eu>2016-09-15 21:16:38 +0200
committerKamil Trzcinski <ayufan@ayufan.eu>2016-09-15 21:16:38 +0200
commit83b643a0145cf3f5b919cc61342ba0a824dfdcc9 (patch)
tree41bf105a1b8d28b8385bfbccc033df544b7ebdfe /lib
parenteed5c58d8542cef8cc4012a303c9bb963b7f5f20 (diff)
parentbe09bcf074e6048aa9ba5f8dfb99754e6afbe156 (diff)
downloadgitlab-ce-83b643a0145cf3f5b919cc61342ba0a824dfdcc9.tar.gz
Merge remote-tracking branch 'origin/lfs-support-for-ssh' into per-build-token
# Conflicts: # app/controllers/projects/git_http_client_controller.rb # app/helpers/lfs_helper.rb # lib/gitlab/auth.rb # spec/requests/lfs_http_spec.rb
Diffstat (limited to 'lib')
-rw-r--r--lib/api/internal.rb13
-rw-r--r--lib/gitlab/auth.rb45
-rw-r--r--lib/gitlab/import_export/repo_restorer.rb4
-rw-r--r--lib/gitlab/lfs_token.rb50
4 files changed, 93 insertions, 19 deletions
diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index 2610fd329d6..865379c51c4 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -82,6 +82,19 @@ module API
response
end
+ post "/lfs_authenticate" do
+ status 200
+
+ key = Key.find(params[:key_id])
+ token_handler = Gitlab::LfsToken.new(key)
+
+ {
+ username: token_handler.actor_name,
+ lfs_token: token_handler.generate,
+ repository_http_path: project.http_url_to_repo
+ }
+ end
+
get "/merge_request_urls" do
::MergeRequests::GetUrlsService.new(project).execute(params[:changes])
end
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index b1427f412b0..b14c4e565d5 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -1,23 +1,28 @@
module Gitlab
module Auth
- Result = Struct.new(:user, :project, :type, :capabilities) do
- def succeeded?
- user.present? || [:ci].include?(type)
+ Result = Struct.new(:actor, :project, :type, :capabilities) do
+ def success?
+ actor.present? || type == :ci
end
end
+ class MissingPersonalTokenError < StandardError; end
+
class << self
def find_for_git_client(login, password, project:, ip:)
raise "Must provide an IP for rate limiting" if ip.nil?
- result = service_access_token_check(login, password, project) ||
+ result =
+ service_request_check(login, password, project) ||
build_access_token_check(login, password) ||
user_with_password_for_git(login, password) ||
oauth_access_token_check(login, password) ||
+ lfs_token_check(login, password) ||
personal_access_token_check(login, password) ||
Result.new
- rate_limit!(ip, success: result.succeeded?, login: login)
+ rate_limit!(ip, success: result.success?, login: login)
+
result
end
@@ -59,7 +64,7 @@ module Gitlab
private
- def service_access_token_check(login, password, project)
+ def service_request_check(login, password, project)
matched_login = /(?<service>^[a-zA-Z]*-ci)-token$/.match(login)
return unless project && matched_login.present?
@@ -81,14 +86,9 @@ module Gitlab
user = find_with_user_password(login, password)
return unless user
- type =
- if user.two_factor_enabled?
- :missing_personal_token
- else
- :gitlab_or_ldap
- end
+ raise Gitlab::Auth::MissingPersonalTokenError if user.two_factor_enabled?
- Result.new(user, nil, type, full_capabilities)
+ Result.new(user, nil, :gitlab_or_ldap, full_capabilities)
end
def oauth_access_token_check(login, password)
@@ -105,9 +105,24 @@ module Gitlab
if login && password
user = User.find_by_personal_access_token(password)
validation = User.by_login(login)
- if user && user == validation
- Result.new(user, nil, :personal_token, full_capabilities)
+ Result.new(user, nil, :personal_token, full_capabilities) if user.present? && user == validation
+ end
+ end
+
+ def lfs_token_check(login, password)
+ deploy_key_matches = login.match(/\Alfs\+deploy-key-(\d+)\z/)
+
+ actor =
+ if deploy_key_matches
+ DeployKey.find(deploy_key_matches[1])
+ else
+ User.by_login(login)
end
+
+ if actor
+ token_handler = Gitlab::LfsToken.new(actor)
+
+ Result.new(actor, nil, token_handler.type, read_capabilities) if Devise.secure_compare(token_handler.value, password)
end
end
diff --git a/lib/gitlab/import_export/repo_restorer.rb b/lib/gitlab/import_export/repo_restorer.rb
index 6d9379acf25..d1e33ea8678 100644
--- a/lib/gitlab/import_export/repo_restorer.rb
+++ b/lib/gitlab/import_export/repo_restorer.rb
@@ -22,10 +22,6 @@ module Gitlab
private
- def repos_path
- Gitlab.config.gitlab_shell.repos_path
- end
-
def path_to_repo
@project.repository.path_to_repo
end
diff --git a/lib/gitlab/lfs_token.rb b/lib/gitlab/lfs_token.rb
new file mode 100644
index 00000000000..f492754b1c8
--- /dev/null
+++ b/lib/gitlab/lfs_token.rb
@@ -0,0 +1,50 @@
+module Gitlab
+ class LfsToken
+ attr_accessor :actor
+
+ TOKEN_LENGTH = 50
+ EXPIRY_TIME = 1800
+
+ def initialize(actor)
+ @actor =
+ case actor
+ when DeployKey, User
+ actor
+ when Key
+ actor.user
+ else
+ raise 'Bad Actor'
+ end
+ end
+
+ def generate
+ token = Devise.friendly_token(TOKEN_LENGTH)
+
+ Gitlab::Redis.with do |redis|
+ redis.set(redis_key, token, ex: EXPIRY_TIME)
+ end
+
+ token
+ end
+
+ def value
+ Gitlab::Redis.with do |redis|
+ redis.get(redis_key)
+ end
+ end
+
+ def type
+ actor.is_a?(User) ? :lfs_token : :lfs_deploy_token
+ end
+
+ def actor_name
+ actor.is_a?(User) ? actor.username : "lfs+deploy-key-#{actor.id}"
+ end
+
+ private
+
+ def redis_key
+ "gitlab:lfs_token:#{actor.class.name.underscore}_#{actor.id}" if actor
+ end
+ end
+end