Commit 729b358ff2981d8931e27fdc33d29b9528232c32

Authored by Dmitriy Zaporozhets
1 parent f18a714f

push via http now served via /allowed API

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing 1 changed file with 5 additions and 42 deletions   Show diff stats
lib/gitlab/backend/grack_auth.rb
@@ -5,7 +5,7 @@ module Grack @@ -5,7 +5,7 @@ module Grack
5 class Auth < Rack::Auth::Basic 5 class Auth < Rack::Auth::Basic
6 include Helpers 6 include Helpers
7 7
8 - attr_accessor :user, :project, :ref, :env 8 + attr_accessor :user, :project, :env
9 9
10 def call(env) 10 def call(env)
11 @env = env 11 @env = env
@@ -80,24 +80,11 @@ module Grack @@ -80,24 +80,11 @@ module Grack
80 def authorize_request(service) 80 def authorize_request(service)
81 case service 81 case service
82 when 'git-upload-pack' 82 when 'git-upload-pack'
83 - can?(user, :download_code, project)  
84 - when'git-receive-pack'  
85 - refs.each do |ref|  
86 - action = if project.protected_branch?(ref)  
87 - :push_code_to_protected_branches  
88 - else  
89 - :push_code  
90 - end  
91 -  
92 - return false unless can?(user, action, project)  
93 - end  
94 -  
95 - # Never let git-receive-pack trough unauthenticated; it's  
96 - # harmless but git < 1.8 doesn't like it  
97 - return false if user.nil?  
98 - true 83 + # Serve only upload request.
  84 + # Authorization on push will be serverd by update hook in repository
  85 + Gitlab::GitAccess.new.download_allowed?(user, project)
99 else 86 else
100 - false 87 + true
101 end 88 end
102 end 89 end
103 90
@@ -114,29 +101,5 @@ module Grack @@ -114,29 +101,5 @@ module Grack
114 def project 101 def project
115 @project ||= project_by_path(@request.path_info) 102 @project ||= project_by_path(@request.path_info)
116 end 103 end
117 -  
118 - def refs  
119 - @refs ||= parse_refs  
120 - end  
121 -  
122 - def parse_refs  
123 - input = if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/  
124 - Zlib::GzipReader.new(@request.body).read  
125 - else  
126 - @request.body.read  
127 - end  
128 -  
129 - # Need to reset seek point  
130 - @request.body.rewind  
131 -  
132 - # Parse refs  
133 - refs = input.force_encoding('ascii-8bit').scan(/refs\/heads\/([\/\w\.-]+)/n).flatten.compact  
134 -  
135 - # Cleanup grabare from refs  
136 - # if push to multiple branches  
137 - refs.map do |ref|  
138 - ref.gsub(/00.*/, "")  
139 - end  
140 - end  
141 end 104 end
142 end 105 end