Commit 729b358ff2981d8931e27fdc33d29b9528232c32
1 parent
f18a714f
Exists in
spb-stable
and in
3 other branches
push via http now served via /allowed API
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing
1 changed file
with
5 additions
and
42 deletions
Show diff stats
lib/gitlab/backend/grack_auth.rb
| @@ -5,7 +5,7 @@ module Grack | @@ -5,7 +5,7 @@ module Grack | ||
| 5 | class Auth < Rack::Auth::Basic | 5 | class Auth < Rack::Auth::Basic |
| 6 | include Helpers | 6 | include Helpers |
| 7 | 7 | ||
| 8 | - attr_accessor :user, :project, :ref, :env | 8 | + attr_accessor :user, :project, :env |
| 9 | 9 | ||
| 10 | def call(env) | 10 | def call(env) |
| 11 | @env = env | 11 | @env = env |
| @@ -80,24 +80,11 @@ module Grack | @@ -80,24 +80,11 @@ module Grack | ||
| 80 | def authorize_request(service) | 80 | def authorize_request(service) |
| 81 | case service | 81 | case service |
| 82 | when 'git-upload-pack' | 82 | when 'git-upload-pack' |
| 83 | - can?(user, :download_code, project) | ||
| 84 | - when'git-receive-pack' | ||
| 85 | - refs.each do |ref| | ||
| 86 | - action = if project.protected_branch?(ref) | ||
| 87 | - :push_code_to_protected_branches | ||
| 88 | - else | ||
| 89 | - :push_code | ||
| 90 | - end | ||
| 91 | - | ||
| 92 | - return false unless can?(user, action, project) | ||
| 93 | - end | ||
| 94 | - | ||
| 95 | - # Never let git-receive-pack trough unauthenticated; it's | ||
| 96 | - # harmless but git < 1.8 doesn't like it | ||
| 97 | - return false if user.nil? | ||
| 98 | - true | 83 | + # Serve only upload request. |
| 84 | + # Authorization on push will be serverd by update hook in repository | ||
| 85 | + Gitlab::GitAccess.new.download_allowed?(user, project) | ||
| 99 | else | 86 | else |
| 100 | - false | 87 | + true |
| 101 | end | 88 | end |
| 102 | end | 89 | end |
| 103 | 90 | ||
| @@ -114,29 +101,5 @@ module Grack | @@ -114,29 +101,5 @@ module Grack | ||
| 114 | def project | 101 | def project |
| 115 | @project ||= project_by_path(@request.path_info) | 102 | @project ||= project_by_path(@request.path_info) |
| 116 | end | 103 | end |
| 117 | - | ||
| 118 | - def refs | ||
| 119 | - @refs ||= parse_refs | ||
| 120 | - end | ||
| 121 | - | ||
| 122 | - def parse_refs | ||
| 123 | - input = if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/ | ||
| 124 | - Zlib::GzipReader.new(@request.body).read | ||
| 125 | - else | ||
| 126 | - @request.body.read | ||
| 127 | - end | ||
| 128 | - | ||
| 129 | - # Need to reset seek point | ||
| 130 | - @request.body.rewind | ||
| 131 | - | ||
| 132 | - # Parse refs | ||
| 133 | - refs = input.force_encoding('ascii-8bit').scan(/refs\/heads\/([\/\w\.-]+)/n).flatten.compact | ||
| 134 | - | ||
| 135 | - # Cleanup grabare from refs | ||
| 136 | - # if push to multiple branches | ||
| 137 | - refs.map do |ref| | ||
| 138 | - ref.gsub(/00.*/, "") | ||
| 139 | - end | ||
| 140 | - end | ||
| 141 | end | 104 | end |
| 142 | end | 105 | end |