push via http now served via /allowed API

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

push via http now served via /allowed API
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Dmitriy Zaporozhets
1 parent f18a714f
Showing 1 changed file with 5 additions and 42 deletions Show diff stats
lib/gitlab/backend/grack_auth.rb
@@ -5,7 +5,7 @@ module Grack
   class Auth < Rack::Auth::Basic
     include Helpers
  
-    attr_accessor :user, :project, :ref, :env
+    attr_accessor :user, :project, :env
  
     def call(env)
       @env = env
@@ -80,24 +80,11 @@ module Grack
     def authorize_request(service)
       case service
       when 'git-upload-pack'
-        can?(user, :download_code, project)
-      when'git-receive-pack'
-        refs.each do |ref|
-          action = if project.protected_branch?(ref)
-                     :push_code_to_protected_branches
-                   else
-                     :push_code
-                   end
-
-          return false unless can?(user, action, project)
-        end
-
-        # Never let git-receive-pack trough unauthenticated; it's
-        # harmless but git < 1.8 doesn't like it
-        return false if user.nil?
-        true
+        # Serve only upload request.
+        # Authorization on push will be serverd by update hook in repository
+        Gitlab::GitAccess.new.download_allowed?(user, project)
       else
-        false
+        true
       end
     end
  
@@ -114,29 +101,5 @@ module Grack
     def project
       @project ||= project_by_path(@request.path_info)
     end
-
-    def refs
-      @refs ||= parse_refs
-    end
-
-    def parse_refs
-      input = if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
-                Zlib::GzipReader.new(@request.body).read
-              else
-                @request.body.read
-              end
-
-      # Need to reset seek point
-      @request.body.rewind
-
-      # Parse refs
-      refs = input.force_encoding('ascii-8bit').scan(/refs\/heads\/([\/\w\.-]+)/n).flatten.compact
-
-      # Cleanup grabare from refs
-      # if push to multiple branches
-      refs.map do |ref|
-        ref.gsub(/00.*/, "")
-      end
-    end
   end
 end
...	...	@@ -5,7 +5,7 @@ module Grack
5	5	class Auth < Rack::Auth::Basic
6	6	include Helpers
7	7
8		- attr_accessor :user, :project, :ref, :env
	8	+ attr_accessor :user, :project, :env
9	9
10	10	def call(env)
11	11	@env = env
...	...	@@ -80,24 +80,11 @@ module Grack
80	80	def authorize_request(service)
81	81	case service
82	82	when 'git-upload-pack'
83		- can?(user, :download_code, project)
84		- when'git-receive-pack'
85		- refs.each do \|ref\|
86		- action = if project.protected_branch?(ref)
87		- :push_code_to_protected_branches
88		- else
89		- :push_code
90		- end
91		-
92		- return false unless can?(user, action, project)
93		- end
94		-
95		- # Never let git-receive-pack trough unauthenticated; it's
96		- # harmless but git < 1.8 doesn't like it
97		- return false if user.nil?
98		- true
	83	+ # Serve only upload request.
	84	+ # Authorization on push will be serverd by update hook in repository
	85	+ Gitlab::GitAccess.new.download_allowed?(user, project)
99	86	else
100		- false
	87	+ true
101	88	end
102	89	end
103	90
...	...	@@ -114,29 +101,5 @@ module Grack
114	101	def project
115	102	@project \|\|= project_by_path(@request.path_info)
116	103	end
117		-
118		- def refs
119		- @refs \|\|= parse_refs
120		- end
121		-
122		- def parse_refs
123		- input = if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
124		- Zlib::GzipReader.new(@request.body).read
125		- else
126		- @request.body.read
127		- end
128		-
129		- # Need to reset seek point
130		- @request.body.rewind
131		-
132		- # Parse refs
133		- refs = input.force_encoding('ascii-8bit').scan(/refs\/heads\/([\/\w\.-]+)/n).flatten.compact
134		-
135		- # Cleanup grabare from refs
136		- # if push to multiple branches
137		- refs.map do \|ref\|
138		- ref.gsub(/00.*/, "")
139		- end
140		- end
141	104	end
142	105	end
...	...