diff options
| author | Ash McKenzie <amckenzie@gitlab.com> | 2018-08-01 12:16:42 +1000 |
|---|---|---|
| committer | Ash McKenzie <amckenzie@gitlab.com> | 2018-08-01 12:47:30 +1000 |
| commit | 2bdf08e732ad5d959bfebd222e58a7cd4a4971eb (patch) | |
| tree | 1676c34376205ace5088b34c4a124c86ca7f8d9e /lib/gitlab_shell.rb | |
| parent | a686b9a0ee4c180b272b26e45c9a2c6cb84c742c (diff) | |
| parent | e3fead94b6f71d3501d586cbb2295ea0d1da2b31 (diff) | |
| download | gitlab-shell-2bdf08e732ad5d959bfebd222e58a7cd4a4971eb.tar.gz | |
Merge remote-tracking branch 'origin/master' into ash.mckenzie/srp-refactor
Diffstat (limited to 'lib/gitlab_shell.rb')
| -rw-r--r-- | lib/gitlab_shell.rb | 26 |
1 files changed, 11 insertions, 15 deletions
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb index 68d39bc..7b2b2b1 100644 --- a/lib/gitlab_shell.rb +++ b/lib/gitlab_shell.rb @@ -3,7 +3,7 @@ require 'pathname' require_relative 'gitlab_net' require_relative 'gitlab_metrics' -require_relative 'actor/key' +require_relative 'actor' class GitlabShell API_2FA_RECOVERY_CODES_COMMAND = '2fa_recovery_codes'.freeze @@ -18,9 +18,9 @@ class GitlabShell Struct.new('ParsedCommand', :command, :git_access_command, :repo_name, :args) - def initialize(key_str) - @key_str = key_str + def initialize(who) @config = GitlabConfig.new + @actor = Actor.new_from(who, audit_usernames: @config.audit_usernames) end # The origin_cmd variable contains UNTRUSTED input. If the user ran @@ -28,22 +28,22 @@ class GitlabShell # 'evil command'. def exec(origin_cmd) if !origin_cmd || origin_cmd.empty? - puts "Welcome to GitLab, #{key.username}!" + puts "Welcome to GitLab, #{actor.username}!" return true end parsed_command = parse_cmd(origin_cmd) - action = determine_action(parsed_command) + action = determine_action(parsed_command) # FIXME: watch out action.execute(parsed_command.command, parsed_command.args) rescue GitlabNet::ApiUnreachableError $stderr.puts "GitLab: Failed to authorize your Git request: internal API unreachable" false rescue AccessDeniedError, UnknownError => ex - $logger.warn('Access denied', command: origin_cmd, user: key.log_username) + $logger.warn('Access denied', command: origin_cmd, user: actor.log_username) $stderr.puts "GitLab: #{ex.message}" false rescue DisallowedCommandError - $logger.warn('Denied disallowed command', command: origin_cmd, user: key.log_username) + $logger.warn('Denied disallowed command', command: origin_cmd, user: actor.log_username) $stderr.puts 'GitLab: Disallowed command' false rescue InvalidRepositoryPathError @@ -53,11 +53,7 @@ class GitlabShell private - attr_reader :config, :key_str - - def key - @key ||= Actor::Key.from(key_str, audit_usernames: config.audit_usernames) - end + attr_reader :config, :actor def parse_cmd(cmd) args = Shellwords.shellwords(cmd) @@ -99,7 +95,7 @@ class GitlabShell end def determine_action(parsed_command) - return Action::API2FARecovery.new(key) if parsed_command.command == API_2FA_RECOVERY_CODES_COMMAND + return Action::API2FARecovery.new(actor) if parsed_command.command == API_2FA_RECOVERY_CODES_COMMAND GitlabMetrics.measure('verify-access') do # GitlatNet#check_access will raise exception in the event of a problem @@ -107,13 +103,13 @@ class GitlabShell parsed_command.git_access_command, nil, parsed_command.repo_name, - key, + actor, '_any' ) case parsed_command.command when GIT_LFS_AUTHENTICATE_COMMAND - Action::GitLFSAuthenticate.new(key, parsed_command.repo_name) + Action::GitLFSAuthenticate.new(actor, parsed_command.repo_name) else initial_action end |