From c144db2935f0f71c7f282a3015d126526bc16b57 Mon Sep 17 00:00:00 2001
From: Patricio Cano <suprnova32@gmail.com>
Date: Tue, 6 Sep 2016 16:32:39 -0500
Subject: Better authentication handling, syntax fixes and better actor
 handling for LFS Tokens

---
 .../projects/git_http_client_controller.rb         | 27 +++++++++++-----------
 app/helpers/lfs_helper.rb                          |  2 +-
 2 files changed, 14 insertions(+), 15 deletions(-)

(limited to 'app')

diff --git a/app/controllers/projects/git_http_client_controller.rb b/app/controllers/projects/git_http_client_controller.rb
index 4dff1ce6568..b4ec5b3fae1 100644
--- a/app/controllers/projects/git_http_client_controller.rb
+++ b/app/controllers/projects/git_http_client_controller.rb
@@ -4,8 +4,6 @@ class Projects::GitHttpClientController < Projects::ApplicationController
   include ActionController::HttpAuthentication::Basic
   include KerberosSpnegoHelper
 
-  class MissingPersonalTokenError < StandardError; end
-
   attr_reader :user
 
   # Git clients will not know what authenticity token to send along
@@ -40,10 +38,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController
 
     send_challenges
     render plain: "HTTP Basic: Access denied\n", status: 401
-
-  rescue MissingPersonalTokenError
+  rescue Gitlab::Auth::MissingPersonalTokenError
     render_missing_personal_token
-    return
   end
 
   def basic_auth_provided?
@@ -117,17 +113,20 @@ class Projects::GitHttpClientController < Projects::ApplicationController
   def handle_authentication(login, password)
     auth_result = Gitlab::Auth.find_for_git_client(login, password, project: project, ip: request.ip)
 
-    if auth_result.type == :ci && download_request?
-      @ci = true
-    elsif auth_result.type == :oauth && !download_request?
-      # Not allowed
-    elsif auth_result.type == :missing_personal_token
-      raise MissingPersonalTokenError
-    elsif auth_result.type == :lfs_deploy_token && download_request?
-      @lfs_deploy_key = true
+    case auth_result.type
+    when :ci
+      @ci = true if download_request?
+    when :oauth
+      @user = auth_result.user if download_request?
+    when :lfs_deploy_token
+      if download_request?
+        @lfs_deploy_key = true
+        @user = auth_result.user
+      end
+    when :lfs_token, :personal_token, :gitlab_or_ldap
       @user = auth_result.user
     else
-      @user = auth_result.user
+      # Not allowed
     end
   end
 
diff --git a/app/helpers/lfs_helper.rb b/app/helpers/lfs_helper.rb
index 031e7e72909..de7c9f253b2 100644
--- a/app/helpers/lfs_helper.rb
+++ b/app/helpers/lfs_helper.rb
@@ -27,7 +27,7 @@ module LfsHelper
 
     return true if project.public? || ci? || lfs_deploy_key?
 
-    (user && user.can?(:download_code, project))
+    user && user.can?(:download_code, project)
   end
 
   def lfs_upload_access?
-- 
cgit v1.2.1