Include LFS operation when making auth requestashmckenzie/8114-geo-push-ssh-lfs-http-auth-bug

Operation is either upload or download
author: Ash McKenzie <amckenzie@gitlab.com> 2018-11-07 10:07:52 +1100
committer: Ash McKenzie <amckenzie@gitlab.com> 2018-11-08 09:52:10 +1100
commit: 1c6a8d1d70c1603c73fb9bcb8f440dbf97988e89 (patch)
tree: a83d262d697d3d5265716ddd8bf7650870063eca
parent: 9cf3334cb5cdf871266a2b9538589e36efd788e1 (diff)
download: gitlab-shell-ashmckenzie/8114-geo-push-ssh-lfs-http-auth-bug.tar.gz
5 files changed, 82 insertions, 26 deletions
diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb
index ac98e9f..bba68f3 100644
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -53,28 +53,22 @@ class GitlabNet # rubocop:disable Metrics/ClassLength
     JSON.parse(resp.body) rescue nil
   end
 
-  def lfs_authenticate(gl_id, repo)
+  def lfs_authenticate(gl_id, repo, operation)
     id_sym, _, id = self.class.parse_who(gl_id)
+    params = { project: sanitize_path(repo), operation: operation }
 
-    if id_sym == :key_id
-      params = {
-        project: sanitize_path(repo),
-        key_id: id
-      }
-    elsif id_sym == :user_id
-      params = {
-        project: sanitize_path(repo),
-        user_id: id
-      }
+    case id_sym
+    when :key_id
+      params[:key_id] = id
+    when :user_id
+      params[:user_id] = id
     else
       raise ArgumentError, "lfs_authenticate() got unsupported GL_ID='#{gl_id}'!"
     end
 
     resp = post("#{internal_api_endpoint}/lfs_authenticate", params)
 
-    if resp.code == '200'
-      GitlabLfsAuthentication.build_from_json(resp.body)
-    end
+    GitlabLfsAuthentication.build_from_json(resp.body) if resp.code == '200'
   end
 
   def broadcast_message
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb
index 57c70f5..6ad67c1 100644
--- a/lib/gitlab_shell.rb
+++ b/lib/gitlab_shell.rb
@@ -155,8 +155,9 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
 
     if @command == 'git-lfs-authenticate'
       GitlabMetrics.measure('lfs-authenticate') do
-        $logger.info('Processing LFS authentication', user: log_username)
-        lfs_authenticate
+        operation = args[2]
+        $logger.info('Processing LFS authentication', operation: operation, user: log_username)
+        lfs_authenticate(operation)
       end
       return
     end
@@ -224,8 +225,8 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
     @config.audit_usernames ? username : "user with id #{@gl_id}"
   end
 
-  def lfs_authenticate
-    lfs_access = api.lfs_authenticate(@gl_id, @repo_name)
+  def lfs_authenticate(operation)
+    lfs_access = api.lfs_authenticate(@gl_id, @repo_name, operation)
 
     return unless lfs_access
 
diff --git a/spec/gitlab_net_spec.rb b/spec/gitlab_net_spec.rb
index 0656084..07b772b 100644
--- a/spec/gitlab_net_spec.rb
+++ b/spec/gitlab_net_spec.rb
@@ -67,12 +67,27 @@ describe GitlabNet, vcr: true do
 
   describe '#lfs_authenticate' do
     context 'lfs authentication succeeded' do
-      it 'should return the correct data' do
-        VCR.use_cassette('lfs-authenticate-ok') do
-          lfs_access = gitlab_net.lfs_authenticate(key, project)
-          expect(lfs_access.username).to eq('root')
-          expect(lfs_access.lfs_token).to eq('Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ')
-          expect(lfs_access.repository_http_path).to eq(URI.join(internal_api_endpoint.sub('api/v4', ''), project).to_s)
+      let(:repository_http_path) { URI.join(internal_api_endpoint.sub('api/v4', ''), project).to_s }
+
+      context 'for download operation' do
+        it 'should return the correct data' do
+          VCR.use_cassette('lfs-authenticate-ok-download') do
+            lfs_access = gitlab_net.lfs_authenticate(key, project, 'download')
+            expect(lfs_access.username).to eq('root')
+            expect(lfs_access.lfs_token).to eq('Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ')
+            expect(lfs_access.repository_http_path).to eq(repository_http_path)
+          end
+        end
+      end
+
+      context 'for upload operation' do
+        it 'should return the correct data' do
+          VCR.use_cassette('lfs-authenticate-ok-upload') do
+            lfs_access = gitlab_net.lfs_authenticate(key, project, 'upload')
+            expect(lfs_access.username).to eq('root')
+            expect(lfs_access.lfs_token).to eq('Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ')
+            expect(lfs_access.repository_http_path).to eq(repository_http_path)
+          end
         end
       end
     end
diff --git a/spec/vcr_cassettes/lfs-authenticate-ok-download.yml b/spec/vcr_cassettes/lfs-authenticate-ok-download.yml
new file mode 100644
index 0000000..e832c90
--- /dev/null
+++ b/spec/vcr_cassettes/lfs-authenticate-ok-download.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/lfs_authenticate
+    body:
+      encoding: US-ASCII
+      string: project=gitlab-org%2Fgitlab-test.git&key_id=1&operation=download&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '158'
+      Content-Type:
+      - application/json
+      Date:
+      - Wed, 21 Jun 2017 10:44:50 GMT
+      Etag:
+      - W/"0a8ccf1603566e521c169d5e43c86cd2"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - d82d6071-1868-4a37-b026-65ab37f96f2f
+      X-Runtime:
+      - '0.331056'
+    body:
+      encoding: UTF-8
+      string: '{"username":"root","lfs_token":"Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ","repository_http_path":"http://localhost:3000/gitlab-org/gitlab-test.git"}'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 10:44:50 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/lfs-authenticate-ok.yml b/spec/vcr_cassettes/lfs-authenticate-ok-upload.yml
index 929e1d5..e4fa335 100644
--- a/spec/vcr_cassettes/lfs-authenticate-ok.yml
+++ b/spec/vcr_cassettes/lfs-authenticate-ok-upload.yml
@@ -5,7 +5,7 @@ http_interactions:
     uri: http://localhost:3000/api/v4/internal/lfs_authenticate
     body:
       encoding: US-ASCII
-      string: project=gitlab-org%2Fgitlab-test.git&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+      string: project=gitlab-org%2Fgitlab-test.git&key_id=1&operation=upload&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
     headers:
       Accept-Encoding:
       - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
@@ -41,6 +41,6 @@ http_interactions:
     body:
       encoding: UTF-8
       string: '{"username":"root","lfs_token":"Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ","repository_http_path":"http://localhost:3000/gitlab-org/gitlab-test.git"}'
-    http_version: 
+    http_version:
   recorded_at: Wed, 21 Jun 2017 10:44:50 GMT
 recorded_with: VCR 2.4.0
author	Ash McKenzie <amckenzie@gitlab.com>	2018-11-07 10:07:52 +1100
committer	Ash McKenzie <amckenzie@gitlab.com>	2018-11-08 09:52:10 +1100
commit	1c6a8d1d70c1603c73fb9bcb8f440dbf97988e89 (patch)
tree	a83d262d697d3d5265716ddd8bf7650870063eca
parent	9cf3334cb5cdf871266a2b9538589e36efd788e1 (diff)
download	gitlab-shell-ashmckenzie/8114-geo-push-ssh-lfs-http-auth-bug.tar.gz