From 1c6a8d1d70c1603c73fb9bcb8f440dbf97988e89 Mon Sep 17 00:00:00 2001
From: Ash McKenzie <amckenzie@gitlab.com>
Date: Wed, 7 Nov 2018 10:07:52 +1100
Subject: Include LFS operation when making auth request

Operation is either upload or download
---
 lib/gitlab_net.rb                                  | 22 ++++-------
 lib/gitlab_shell.rb                                |  9 +++--
 spec/gitlab_net_spec.rb                            | 27 ++++++++++---
 .../vcr_cassettes/lfs-authenticate-ok-download.yml | 46 ++++++++++++++++++++++
 spec/vcr_cassettes/lfs-authenticate-ok-upload.yml  | 46 ++++++++++++++++++++++
 spec/vcr_cassettes/lfs-authenticate-ok.yml         | 46 ----------------------
 6 files changed, 126 insertions(+), 70 deletions(-)
 create mode 100644 spec/vcr_cassettes/lfs-authenticate-ok-download.yml
 create mode 100644 spec/vcr_cassettes/lfs-authenticate-ok-upload.yml
 delete mode 100644 spec/vcr_cassettes/lfs-authenticate-ok.yml

diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb
index ac98e9f..bba68f3 100644
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -53,28 +53,22 @@ class GitlabNet # rubocop:disable Metrics/ClassLength
     JSON.parse(resp.body) rescue nil
   end
 
-  def lfs_authenticate(gl_id, repo)
+  def lfs_authenticate(gl_id, repo, operation)
     id_sym, _, id = self.class.parse_who(gl_id)
+    params = { project: sanitize_path(repo), operation: operation }
 
-    if id_sym == :key_id
-      params = {
-        project: sanitize_path(repo),
-        key_id: id
-      }
-    elsif id_sym == :user_id
-      params = {
-        project: sanitize_path(repo),
-        user_id: id
-      }
+    case id_sym
+    when :key_id
+      params[:key_id] = id
+    when :user_id
+      params[:user_id] = id
     else
       raise ArgumentError, "lfs_authenticate() got unsupported GL_ID='#{gl_id}'!"
     end
 
     resp = post("#{internal_api_endpoint}/lfs_authenticate", params)
 
-    if resp.code == '200'
-      GitlabLfsAuthentication.build_from_json(resp.body)
-    end
+    GitlabLfsAuthentication.build_from_json(resp.body) if resp.code == '200'
   end
 
   def broadcast_message
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb
index 57c70f5..6ad67c1 100644
--- a/lib/gitlab_shell.rb
+++ b/lib/gitlab_shell.rb
@@ -155,8 +155,9 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
 
     if @command == 'git-lfs-authenticate'
       GitlabMetrics.measure('lfs-authenticate') do
-        $logger.info('Processing LFS authentication', user: log_username)
-        lfs_authenticate
+        operation = args[2]
+        $logger.info('Processing LFS authentication', operation: operation, user: log_username)
+        lfs_authenticate(operation)
       end
       return
     end
@@ -224,8 +225,8 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
     @config.audit_usernames ? username : "user with id #{@gl_id}"
   end
 
-  def lfs_authenticate
-    lfs_access = api.lfs_authenticate(@gl_id, @repo_name)
+  def lfs_authenticate(operation)
+    lfs_access = api.lfs_authenticate(@gl_id, @repo_name, operation)
 
     return unless lfs_access
 
diff --git a/spec/gitlab_net_spec.rb b/spec/gitlab_net_spec.rb
index 0656084..07b772b 100644
--- a/spec/gitlab_net_spec.rb
+++ b/spec/gitlab_net_spec.rb
@@ -67,12 +67,27 @@ describe GitlabNet, vcr: true do
 
   describe '#lfs_authenticate' do
     context 'lfs authentication succeeded' do
-      it 'should return the correct data' do
-        VCR.use_cassette('lfs-authenticate-ok') do
-          lfs_access = gitlab_net.lfs_authenticate(key, project)
-          expect(lfs_access.username).to eq('root')
-          expect(lfs_access.lfs_token).to eq('Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ')
-          expect(lfs_access.repository_http_path).to eq(URI.join(internal_api_endpoint.sub('api/v4', ''), project).to_s)
+      let(:repository_http_path) { URI.join(internal_api_endpoint.sub('api/v4', ''), project).to_s }
+
+      context 'for download operation' do
+        it 'should return the correct data' do
+          VCR.use_cassette('lfs-authenticate-ok-download') do
+            lfs_access = gitlab_net.lfs_authenticate(key, project, 'download')
+            expect(lfs_access.username).to eq('root')
+            expect(lfs_access.lfs_token).to eq('Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ')
+            expect(lfs_access.repository_http_path).to eq(repository_http_path)
+          end
+        end
+      end
+
+      context 'for upload operation' do
+        it 'should return the correct data' do
+          VCR.use_cassette('lfs-authenticate-ok-upload') do
+            lfs_access = gitlab_net.lfs_authenticate(key, project, 'upload')
+            expect(lfs_access.username).to eq('root')
+            expect(lfs_access.lfs_token).to eq('Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ')
+            expect(lfs_access.repository_http_path).to eq(repository_http_path)
+          end
         end
       end
     end
diff --git a/spec/vcr_cassettes/lfs-authenticate-ok-download.yml b/spec/vcr_cassettes/lfs-authenticate-ok-download.yml
new file mode 100644
index 0000000..e832c90
--- /dev/null
+++ b/spec/vcr_cassettes/lfs-authenticate-ok-download.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/lfs_authenticate
+    body:
+      encoding: US-ASCII
+      string: project=gitlab-org%2Fgitlab-test.git&key_id=1&operation=download&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '158'
+      Content-Type:
+      - application/json
+      Date:
+      - Wed, 21 Jun 2017 10:44:50 GMT
+      Etag:
+      - W/"0a8ccf1603566e521c169d5e43c86cd2"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - d82d6071-1868-4a37-b026-65ab37f96f2f
+      X-Runtime:
+      - '0.331056'
+    body:
+      encoding: UTF-8
+      string: '{"username":"root","lfs_token":"Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ","repository_http_path":"http://localhost:3000/gitlab-org/gitlab-test.git"}'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 10:44:50 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/lfs-authenticate-ok-upload.yml b/spec/vcr_cassettes/lfs-authenticate-ok-upload.yml
new file mode 100644
index 0000000..e4fa335
--- /dev/null
+++ b/spec/vcr_cassettes/lfs-authenticate-ok-upload.yml
@@ -0,0 +1,46 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: http://localhost:3000/api/v4/internal/lfs_authenticate
+    body:
+      encoding: US-ASCII
+      string: project=gitlab-org%2Fgitlab-test.git&key_id=1&operation=upload&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
+    headers:
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+      User-Agent:
+      - Ruby
+      Content-Type:
+      - application/x-www-form-urlencoded
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Length:
+      - '158'
+      Content-Type:
+      - application/json
+      Date:
+      - Wed, 21 Jun 2017 10:44:50 GMT
+      Etag:
+      - W/"0a8ccf1603566e521c169d5e43c86cd2"
+      Vary:
+      - Origin
+      X-Frame-Options:
+      - SAMEORIGIN
+      X-Request-Id:
+      - d82d6071-1868-4a37-b026-65ab37f96f2f
+      X-Runtime:
+      - '0.331056'
+    body:
+      encoding: UTF-8
+      string: '{"username":"root","lfs_token":"Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ","repository_http_path":"http://localhost:3000/gitlab-org/gitlab-test.git"}'
+    http_version:
+  recorded_at: Wed, 21 Jun 2017 10:44:50 GMT
+recorded_with: VCR 2.4.0
diff --git a/spec/vcr_cassettes/lfs-authenticate-ok.yml b/spec/vcr_cassettes/lfs-authenticate-ok.yml
deleted file mode 100644
index 929e1d5..0000000
--- a/spec/vcr_cassettes/lfs-authenticate-ok.yml
+++ /dev/null
@@ -1,46 +0,0 @@
----
-http_interactions:
-- request:
-    method: post
-    uri: http://localhost:3000/api/v4/internal/lfs_authenticate
-    body:
-      encoding: US-ASCII
-      string: project=gitlab-org%2Fgitlab-test.git&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A
-    headers:
-      Accept-Encoding:
-      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
-      Accept:
-      - "*/*"
-      User-Agent:
-      - Ruby
-      Content-Type:
-      - application/x-www-form-urlencoded
-  response:
-    status:
-      code: 200
-      message: OK
-    headers:
-      Cache-Control:
-      - max-age=0, private, must-revalidate
-      Content-Length:
-      - '158'
-      Content-Type:
-      - application/json
-      Date:
-      - Wed, 21 Jun 2017 10:44:50 GMT
-      Etag:
-      - W/"0a8ccf1603566e521c169d5e43c86cd2"
-      Vary:
-      - Origin
-      X-Frame-Options:
-      - SAMEORIGIN
-      X-Request-Id:
-      - d82d6071-1868-4a37-b026-65ab37f96f2f
-      X-Runtime:
-      - '0.331056'
-    body:
-      encoding: UTF-8
-      string: '{"username":"root","lfs_token":"Hyzhyde_wLUeyUQsR3tHGTG8eNocVQm4ssioTEsBSdb6KwCSzQ","repository_http_path":"http://localhost:3000/gitlab-org/gitlab-test.git"}'
-    http_version: 
-  recorded_at: Wed, 21 Jun 2017 10:44:50 GMT
-recorded_with: VCR 2.4.0
-- 
cgit v1.2.1