diff options
| author | Patricio Cano <suprnova32@gmail.com> | 2016-06-20 21:13:53 -0500 |
|---|---|---|
| committer | Patricio Cano <suprnova32@gmail.com> | 2016-07-05 18:01:12 -0500 |
| commit | 44e7804ddb408d85f091c7a5cd36e0fdbec63d13 (patch) | |
| tree | 16956fba9120d6e0fb91fd8b38c55f3c2290c6de | |
| parent | 5afdd3f1cc3f12d4e919edb554c755b227675d06 (diff) | |
| download | gitlab-shell-44e7804ddb408d85f091c7a5cd36e0fdbec63d13.tar.gz | |
Allow GitLab Shell to check for allowed access based on the used Git protocol.
| -rwxr-xr-x | hooks/pre-receive | 5 | ||||
| -rw-r--r-- | lib/gitlab_access.rb | 7 | ||||
| -rw-r--r-- | lib/gitlab_net.rb | 3 | ||||
| -rw-r--r-- | lib/gitlab_shell.rb | 2 |
4 files changed, 11 insertions, 6 deletions
diff --git a/hooks/pre-receive b/hooks/pre-receive index 1f8a9d5..6ed9a2c 100755 --- a/hooks/pre-receive +++ b/hooks/pre-receive @@ -5,12 +5,15 @@ refs = $stdin.read key_id = ENV['GL_ID'] +protocol = ENV['PROTOCOL'] repo_path = Dir.pwd require_relative '../lib/gitlab_custom_hook' require_relative '../lib/gitlab_access' -if GitlabAccess.new(repo_path, key_id, refs).exec && +protocol ||= 'http' + +if GitlabAccess.new(repo_path, key_id, refs, protocol).exec && GitlabCustomHook.new.pre_receive(refs, repo_path) exit 0 else diff --git a/lib/gitlab_access.rb b/lib/gitlab_access.rb index 10afeef..bab2c4c 100644 --- a/lib/gitlab_access.rb +++ b/lib/gitlab_access.rb @@ -9,18 +9,19 @@ class GitlabAccess include NamesHelper - attr_reader :config, :repo_path, :repo_name, :changes + attr_reader :config, :repo_path, :repo_name, :changes, :protocol - def initialize(repo_path, actor, changes) + def initialize(repo_path, actor, changes, protocol = nil) @config = GitlabConfig.new @repo_path = repo_path.strip @actor = actor @repo_name = extract_repo_name(@repo_path.dup) @changes = changes.lines + @protocol = protocol end def exec - status = api.check_access('git-receive-pack', @repo_name, @actor, @changes) + status = api.check_access('git-receive-pack', @repo_name, @actor, @changes, @protocol) raise AccessDeniedError, status.message unless status.allowed? diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb index dd9a4b0..24e97be 100644 --- a/lib/gitlab_net.rb +++ b/lib/gitlab_net.rb @@ -14,7 +14,7 @@ class GitlabNet CHECK_TIMEOUT = 5 READ_TIMEOUT = 300 - def check_access(cmd, repo, actor, changes) + def check_access(cmd, repo, actor, changes, protocol = nil) project_name = repo.gsub("'", "") project_name = project_name.gsub(/\.git\Z/, "") project_name = project_name.gsub(/\A\//, "") @@ -24,6 +24,7 @@ class GitlabNet action: cmd, changes: changes, project: project_name, + protocol: protocol } if actor =~ /\Akey\-\d+\Z/ diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb index c5d5c02..2bb8a4d 100644 --- a/lib/gitlab_shell.rb +++ b/lib/gitlab_shell.rb @@ -85,7 +85,7 @@ class GitlabShell end def verify_access - status = api.check_access(@git_access, @repo_name, @key_id, '_any') + status = api.check_access(@git_access, @repo_name, @key_id, '_any', 'ssh') raise AccessDeniedError, status.message unless status.allowed? |