Refactored LFS auth logic to use its own API endpoint.

4 files changed, 40 insertions, 18 deletions

diff --git a/lib/gitlab_access_status.rb b/lib/gitlab_access_status.rb
index 1ae0528..7fb88be 100644
--- a/lib/gitlab_access_status.rb
+++ b/lib/gitlab_access_status.rb
@@ -1,18 +1,17 @@
 require 'json'
 
 class GitAccessStatus
-  attr_reader :message, :repository_path, :repository_http_path
+  attr_reader :message, :repository_path
 
-  def initialize(status, message, repository_path, repository_http_path)
+  def initialize(status, message, repository_path)
     @status = status
     @message = message
     @repository_path = repository_path
-    @repository_http_path = repository_http_path
   end
 
   def self.create_from_json(json)
     values = JSON.parse(json)
-    self.new(values["status"], values["message"], values["repository_path"], values["repository_http_path"])
+    self.new(values["status"], values["message"], values["repository_path"])
   end
 
   def allowed?
diff --git a/lib/gitlab_lfs_authentication.rb b/lib/gitlab_lfs_authentication.rb
index b05da21..4b36229 100644
--- a/lib/gitlab_lfs_authentication.rb
+++ b/lib/gitlab_lfs_authentication.rb
@@ -2,17 +2,23 @@ require 'base64'
 require 'json'
 
 class GitlabLfsAuthentication
-  attr_accessor :user, :repository_http_path
+  attr_accessor :username, :lfs_token, :repository_http_path
 
-  def initialize(user, repository_http_path)
-    @user = user
+  def initialize(username, lfs_token, repository_http_path)
+    @username = username
+    @lfs_token = lfs_token
     @repository_http_path = repository_http_path
   end
 
+  def self.build_from_json(json)
+    values = JSON.parse(json)
+    self.new(values['username'], values['lfs_token'], values['repository_http_path'])
+  end
+
   def authenticate!
     authorization = {
       header: {
-        Authorization: "Basic #{Base64.strict_encode64("#{user['username']}:#{user['lfs_token']}")}"
+        Authorization: "Basic #{Base64.strict_encode64("#{username}:#{lfs_token}")}"
       },
       href: "#{repository_http_path}/info/lfs/"
     }
diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb
index 42ff94c..994f8d5 100644
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -6,6 +6,7 @@ require_relative 'gitlab_config'
 require_relative 'gitlab_logger'
 require_relative 'gitlab_access'
 require_relative 'gitlab_redis'
+require_relative 'gitlab_lfs_authentication'
 require_relative 'httpunix'
 
 class GitlabNet
@@ -15,15 +16,12 @@ class GitlabNet
   READ_TIMEOUT = 300
 
   def check_access(cmd, repo, actor, changes, protocol)
-    project_name = repo.gsub("'", "")
-    project_name = project_name.gsub(/\.git\Z/, "")
-    project_name = project_name.gsub(/\A\//, "")
     changes = changes.join("\n") unless changes.kind_of?(String)
 
     params = {
       action: cmd,
       changes: changes,
-      project: project_name,
+      project: project_name(repo),
       protocol: protocol
     }
 
@@ -39,7 +37,7 @@ class GitlabNet
     if resp.code == '200'
       GitAccessStatus.create_from_json(resp.body)
     else
-      GitAccessStatus.new(false, 'API is not accessible', nil, nil)
+      GitAccessStatus.new(false, 'API is not accessible', nil)
     end
   end
 
@@ -49,6 +47,19 @@ class GitlabNet
     JSON.parse(resp.body) rescue nil
   end
 
+  def lfs_authenticate(key, repo)
+    params = {
+      project: project_name(repo),
+      key_id: key.gsub('key-', '')
+    }
+
+    resp = post("#{host}/lfs_authenticate", params)
+
+    if resp.code == '200'
+      GitlabLfsAuthentication.build_from_json(resp.body)
+    end
+  end
+
   def broadcast_message
     resp = get("#{host}/broadcast_message")
     JSON.parse(resp.body) rescue {}
@@ -107,6 +118,12 @@ class GitlabNet
 
   protected
 
+  def project_name(repo)
+    project_name = repo.gsub("'", "")
+    project_name = project_name.gsub(/\.git\Z/, "")
+    project_name.gsub(/\A\//, "")
+  end
+
   def config
     @config ||= GitlabConfig.new
   end
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb
index 87fa347..d3f9bbe 100644
--- a/lib/gitlab_shell.rb
+++ b/lib/gitlab_shell.rb
@@ -1,7 +1,6 @@
 require 'shellwords'
 
 require_relative 'gitlab_net'
-require_relative 'gitlab_lfs_authentication'
 
 class GitlabShell
   class AccessDeniedError < StandardError; end
@@ -12,7 +11,7 @@ class GitlabShell
   API_COMMANDS = %w(2fa_recovery_codes)
   GL_PROTOCOL = 'ssh'.freeze
 
-  attr_accessor :key_id, :repo_name, :command, :git_access, :repository_http_path
+  attr_accessor :key_id, :repo_name, :command, :git_access
   attr_reader :repo_path
 
   def initialize(key_id)
@@ -95,7 +94,6 @@ class GitlabShell
     raise AccessDeniedError, status.message unless status.allowed?
 
     self.repo_path = status.repository_path
-    @repository_http_path = status.repository_http_path
   end
 
   def process_cmd(args)
@@ -192,9 +190,11 @@ class GitlabShell
   end
 
   def lfs_authenticate
-    return unless user
+    lfs_access = api.lfs_authenticate(@key_id, @repo_name)
 
-    puts GitlabLfsAuthentication.new(user, repository_http_path).authenticate!
+    return unless lfs_access
+
+    puts lfs_access.authenticate!
   end
 
   private