diff options
| -rw-r--r-- | lib/api/helpers/internal_helpers.rb | 6 | ||||
| -rw-r--r-- | lib/api/internal.rb | 24 | ||||
| -rw-r--r-- | spec/requests/api/internal_spec.rb | 21 |
3 files changed, 31 insertions, 20 deletions
diff --git a/lib/api/helpers/internal_helpers.rb b/lib/api/helpers/internal_helpers.rb index 2135a787b11..810e5063996 100644 --- a/lib/api/helpers/internal_helpers.rb +++ b/lib/api/helpers/internal_helpers.rb @@ -53,12 +53,12 @@ module API ] end - def parse_allowed_environment_variables - return if params[:env].blank? + def parse_env + return {} if params[:env].blank? JSON.parse(params[:env]) - rescue JSON::ParserError + {} end end end diff --git a/lib/api/internal.rb b/lib/api/internal.rb index 70d0d57204d..215bc03d0e9 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -11,14 +11,16 @@ module API # Params: # key_id - ssh key id for Git over SSH # user_id - user id for Git over HTTP + # protocol - Git access protocol being used, e.g. HTTP or SSH # project - project path with namespace # action - git action (git-upload-pack or git-receive-pack) - # ref - branch name - # forced_push - forced_push - # protocol - Git access protocol being used, e.g. HTTP or SSH + # changes - changes as "oldrev newrev ref", see Gitlab::ChangesList post "/allowed" do status 200 + # Stores some Git-specific env thread-safely + Gitlab::Git::Env.set(parse_env) + actor = if params[:key_id] Key.find_by(id: params[:key_id]) @@ -30,18 +32,10 @@ module API actor.update_last_used_at if actor.is_a?(Key) - access = - if wiki? - Gitlab::GitAccessWiki.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities) - else - Gitlab::GitAccess.new(actor, - project, - protocol, - authentication_abilities: ssh_authentication_abilities, - env: parse_allowed_environment_variables) - end - - access_status = access.check(params[:action], params[:changes]) + access_checker = wiki? ? Gitlab::GitAccessWiki : Gitlab::GitAccess + access_status = access_checker + .new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities) + .check(params[:action], params[:changes]) response = { status: access_status.status, message: access_status.message } diff --git a/spec/requests/api/internal_spec.rb b/spec/requests/api/internal_spec.rb index eed45d37444..4be67df5a00 100644 --- a/spec/requests/api/internal_spec.rb +++ b/spec/requests/api/internal_spec.rb @@ -153,6 +153,22 @@ describe API::Internal, api: true do project.team << [user, :developer] end + context 'with env passed as a JSON' do + it 'sets env in RequestStore' do + expect(Gitlab::Git::Env).to receive(:set).with({ + 'GIT_OBJECT_DIRECTORY' => 'foo', + 'GIT_ALTERNATE_OBJECT_DIRECTORIES' => 'bar' + }) + + push(key, project.wiki, env: { + GIT_OBJECT_DIRECTORY: 'foo', + GIT_ALTERNATE_OBJECT_DIRECTORIES: 'bar' + }.to_json) + + expect(response).to have_http_status(200) + end + end + context "git push with project.wiki" do it 'responds with success' do push(key, project.wiki) @@ -463,7 +479,7 @@ describe API::Internal, api: true do ) end - def push(key, project, protocol = 'ssh') + def push(key, project, protocol = 'ssh', env: nil) post( api("/internal/allowed"), changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master', @@ -471,7 +487,8 @@ describe API::Internal, api: true do project: project.repository.path_to_repo, action: 'git-receive-pack', secret_token: secret_token, - protocol: protocol + protocol: protocol, + env: env ) end |