Commit 729b358ff2981d8931e27fdc33d29b9528232c32
1 parent
f18a714f
Exists in
spb-stable
and in
3 other branches
push via http now served via /allowed API
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing
1 changed file
with
5 additions
and
42 deletions
Show diff stats
lib/gitlab/backend/grack_auth.rb
@@ -5,7 +5,7 @@ module Grack | @@ -5,7 +5,7 @@ module Grack | ||
5 | class Auth < Rack::Auth::Basic | 5 | class Auth < Rack::Auth::Basic |
6 | include Helpers | 6 | include Helpers |
7 | 7 | ||
8 | - attr_accessor :user, :project, :ref, :env | 8 | + attr_accessor :user, :project, :env |
9 | 9 | ||
10 | def call(env) | 10 | def call(env) |
11 | @env = env | 11 | @env = env |
@@ -80,24 +80,11 @@ module Grack | @@ -80,24 +80,11 @@ module Grack | ||
80 | def authorize_request(service) | 80 | def authorize_request(service) |
81 | case service | 81 | case service |
82 | when 'git-upload-pack' | 82 | when 'git-upload-pack' |
83 | - can?(user, :download_code, project) | ||
84 | - when'git-receive-pack' | ||
85 | - refs.each do |ref| | ||
86 | - action = if project.protected_branch?(ref) | ||
87 | - :push_code_to_protected_branches | ||
88 | - else | ||
89 | - :push_code | ||
90 | - end | ||
91 | - | ||
92 | - return false unless can?(user, action, project) | ||
93 | - end | ||
94 | - | ||
95 | - # Never let git-receive-pack trough unauthenticated; it's | ||
96 | - # harmless but git < 1.8 doesn't like it | ||
97 | - return false if user.nil? | ||
98 | - true | 83 | + # Serve only upload request. |
84 | + # Authorization on push will be serverd by update hook in repository | ||
85 | + Gitlab::GitAccess.new.download_allowed?(user, project) | ||
99 | else | 86 | else |
100 | - false | 87 | + true |
101 | end | 88 | end |
102 | end | 89 | end |
103 | 90 | ||
@@ -114,29 +101,5 @@ module Grack | @@ -114,29 +101,5 @@ module Grack | ||
114 | def project | 101 | def project |
115 | @project ||= project_by_path(@request.path_info) | 102 | @project ||= project_by_path(@request.path_info) |
116 | end | 103 | end |
117 | - | ||
118 | - def refs | ||
119 | - @refs ||= parse_refs | ||
120 | - end | ||
121 | - | ||
122 | - def parse_refs | ||
123 | - input = if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/ | ||
124 | - Zlib::GzipReader.new(@request.body).read | ||
125 | - else | ||
126 | - @request.body.read | ||
127 | - end | ||
128 | - | ||
129 | - # Need to reset seek point | ||
130 | - @request.body.rewind | ||
131 | - | ||
132 | - # Parse refs | ||
133 | - refs = input.force_encoding('ascii-8bit').scan(/refs\/heads\/([\/\w\.-]+)/n).flatten.compact | ||
134 | - | ||
135 | - # Cleanup grabare from refs | ||
136 | - # if push to multiple branches | ||
137 | - refs.map do |ref| | ||
138 | - ref.gsub(/00.*/, "") | ||
139 | - end | ||
140 | - end | ||
141 | end | 104 | end |
142 | end | 105 | end |