Use similar interface to access gitolite

Simplified gitolite handle logic Stubn over monkeypatch Stub only specific methods in Gitlab:Gitolite Moved grach auth to lib added specs for keys observer removes SshKey role

Use similar interface to access gitolite
Simplified gitolite handle logic Stubn over monkeypatch Stub only specific methods in Gitlab:Gitolite Moved grach auth to lib added specs for keys observer removes SshKey role
randx
1 parent aded7056
Showing 22 changed files with 361 additions and 294 deletions Show diff stats
app/models/key.rb
app/models/protected_branch.rb
app/models/users_project.rb
app/observers/key_observer.rb
app/roles/git_host.rb
app/roles/git_merge.rb
app/roles/repository.rb
app/roles/ssh_key.rb
config/environment.rb
config/initializers/5_backend.rb
config/initializers/grack_auth.rb
features/support/env.rb
lib/gitlab/backend/gitolite.rb
lib/gitlab/backend/grack_auth.rb
lib/gitlab/git_host.rb
lib/gitlab/gitolite.rb
lib/tasks/gitlab/enable_automerge.rake
lib/tasks/gitlab/gitolite_rebuild.rake
spec/observers/key_observer_spec.rb
spec/spec_helper.rb
 require 'digest/md5'
 class Key < ActiveRecord::Base
-  include SshKey
   belongs_to :user
   belongs_to :project
@@ -50,6 +49,10 @@ class Key &lt; ActiveRecord::Base
       user.projects
     end
   end
+
+  def last_deploy?
+    Key.where(identifier: identifier).count == 0
+  end
 end
 # == Schema Information
 #
 class ProtectedBranch < ActiveRecord::Base
+  include GitHost
+
   belongs_to :project
   validates_presence_of :project_id
   validates_presence_of :name
@@ -7,7 +9,7 @@ class ProtectedBranch &lt; ActiveRecord::Base
   after_destroy :update_repository
   def update_repository
-    Gitlab::GitHost.system.update_project(project.path, project)
+    git_host.update_repository(project)
   end
   def commit
 class UsersProject < ActiveRecord::Base
+  include GitHost
+
   GUEST     = 10
   REPORTER  = 20
   DEVELOPER = 30
@@ -58,9 +60,7 @@ class UsersProject &lt; ActiveRecord::Base
   end
   def update_repository
-    Gitlab::GitHost.system.new.configure do |c|
-      c.update_project(project.path, project)
-    end
+    git_host.update_repository(project)
   end
   def project_access_human
 class KeyObserver < ActiveRecord::Observer
+  include GitHost
+
   def after_save(key)
-    key.update_repository
+    git_host.set_key(key.identifier, key.key, key.projects)
   end
   def after_destroy(key)
-    key.repository_delete_key
+    return if key.is_deploy_key && !key.last_deploy?
+    git_host.remove_key(key.identifier, key.projects)
   end
 end
@@ -0,0 +1,5 @@
+module GitHost
+  def git_host
+    Gitlab::Gitolite.new
+  end
+end
@@ -1,2 +0,0 @@
-module GitMerge
-end
 module Repository
+  include GitHost
+
   def valid_repo?
     repo
   rescue
@@ -48,7 +50,7 @@ module Repository
   end
   def url_to_repo
-    Gitlab::GitHost.url_to_repo(path)
+    git_host.url_to_repo(path)
   end
   def path_to_repo
@@ -56,11 +58,11 @@ module Repository
   end
   def update_repository
-    Gitlab::GitHost.system.update_project(path, self)
+    git_host.update_repository(self)
   end
   def destroy_repository
-    Gitlab::GitHost.system.destroy_project(self)
+    git_host.remove_repository(self)
   end
   def repo_exists?
@@ -1,18 +0,0 @@
-module SshKey
-  def update_repository
-    Gitlab::GitHost.system.new.configure do |c|
-      c.update_keys(identifier, key)
-      c.update_projects(projects)
-    end
-  end
-
-  def repository_delete_key
-    Gitlab::GitHost.system.new.configure do |c|
-      #delete key file is there is no identically deploy keys
-      if !is_deploy_key || Key.where(identifier: identifier).count() == 0
-        c.delete_key(identifier)
-      end
-      c.update_projects(projects)
-    end
-  end
-end
@@ -3,5 +3,3 @@ require File.expand_path(&#39;../application&#39;, __FILE__)
 # Initialize the rails application
 Gitlab::Application.initialize!
-
-require File.join(Rails.root, "lib", "gitlab", "git_host")
@@ -0,0 +1,5 @@
+# GIT over HTTP
+require Rails.root.join("lib", "gitlab", "backend", "grack_auth")
+
+# GITOLITE backend
+require Rails.root.join("lib", "gitlab", "backend", "gitolite")
@@ -1,54 +0,0 @@
-module Grack
-  class Auth < Rack::Auth::Basic
-
-    def valid?
-      # Authentication with username and password
-      email, password = @auth.credentials
-      user = User.find_by_email(email)
-      return false unless user.try(:valid_password?, password)
-
-      # Set GL_USER env variable
-      ENV['GL_USER'] = email
-      # Pass Gitolite update hook
-      ENV['GL_BYPASS_UPDATE_HOOK'] = "true"
-
-      # Need this patch because the rails mount
-      @env['PATH_INFO'] = @env['REQUEST_PATH']
-
-      # Find project by PATH_INFO from env
-      if m = /^\/([\w-]+).git/.match(@env['PATH_INFO']).to_a
-        return false unless project = Project.find_by_path(m.last)
-      end
-
-      # Git upload and receive
-      if @env['REQUEST_METHOD'] == 'GET'
-        true
-      elsif @env['REQUEST_METHOD'] == 'POST'
-        if @env['REQUEST_URI'].end_with?('git-upload-pack')
-          return project.dev_access_for?(user)
-        elsif @env['REQUEST_URI'].end_with?('git-receive-pack')
-          if project.protected_branches.map(&:name).include?(current_ref)
-            project.master_access_for?(user)
-          else
-            project.dev_access_for?(user)
-          end
-        else
-          false
-        end
-      else
-        false
-      end
-    end# valid?
-
-    def current_ref
-      if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
-        input = Zlib::GzipReader.new(@request.body).read
-      else
-        input = @request.body.read
-      end
-      # Need to reset seek point
-      @request.body.rewind
-      /refs\/heads\/([\w-]+)/.match(input).to_a.first
-    end
-  end# Auth
-end# Grack
@@ -5,10 +5,12 @@ end
 require 'cucumber/rails'
 require 'webmock/cucumber'
+
 WebMock.allow_net_connect!
 require Rails.root.join 'spec/factories'
 require Rails.root.join 'spec/support/monkeypatch'
+require Rails.root.join 'spec/support/gitolite_stub'
 require Rails.root.join 'spec/support/login_helpers'
 require Rails.root.join 'spec/support/valid_commit'
@@ -48,3 +50,9 @@ headless = Headless.new
 headless.start
 require 'cucumber/rspec/doubles'
+
+include GitoliteStub
+
+Before do 
+  stub_gitolite!
+end
@@ -0,0 +1,195 @@
+require 'gitolite'
+require 'timeout'
+require 'fileutils'
+
+# TODO: refactor & cleanup 
+module Gitlab
+  class Gitolite
+    class AccessDenied < StandardError; end
+
+    def set_key key_id, key_content, projects
+      self.configure do |c|
+        c.update_keys(key_id, key_content)
+        c.update_project(project.path, projects)
+      end
+    end
+
+    def remove_key key_id, projects
+      self.configure do |c|
+        c.delete_key(key_id)
+        c.update_project(project.path, projects)
+      end
+    end
+
+    def update_repository project
+      self.configure do |c|
+        c.update_project(project.path, project)
+      end
+    end
+
+    alias_method :create_repository, :update_repository
+
+    def remove_repository project
+      self.configure do |c|
+        c.destroy_project(project)
+      end
+    end
+
+    def url_to_repo path
+      Gitlab.config.ssh_path + "#{path}.git"
+    end
+
+    def initialize
+      # create tmp dir
+      @local_dir = File.join(Rails.root, 'tmp',"gitlabhq-gitolite-#{Time.now.to_i}")
+    end
+
+    def enable_automerge
+      self.configure do |git|
+        git.admin_all_repo
+      end
+    end
+
+    private
+
+    def pull
+      # create tmp dir
+      @local_dir = File.join(Rails.root, 'tmp',"gitlabhq-gitolite-#{Time.now.to_i}")
+      Dir.mkdir @local_dir
+
+      `git clone #{self.class.admin_uri} #{@local_dir}/gitolite`
+    end
+
+    def push
+      Dir.chdir(File.join(@local_dir, "gitolite"))
+      `git add -A`
+      `git commit -am "Gitlab"`
+      `git push`
+      Dir.chdir(Rails.root)
+
+      FileUtils.rm_rf(@local_dir)
+    end
+
+    def configure
+      Timeout::timeout(30) do
+        File.open(File.join(Rails.root, 'tmp', "gitlabhq-gitolite.lock"), "w+") do |f|
+          begin 
+            f.flock(File::LOCK_EX)
+            pull
+            yield(self)
+            push
+          ensure
+            f.flock(File::LOCK_UN)
+          end
+        end
+      end
+    rescue Exception => ex
+      Gitlab::Logger.error(ex.message)
+      raise Gitolite::AccessDenied.new("gitolite timeout")
+    end
+
+    def destroy_project(project)
+      FileUtils.rm_rf(project.path_to_repo)
+
+      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
+      conf = ga_repo.config
+      conf.rm_repo(project.path)
+      ga_repo.save
+    end
+
+    #update or create
+    def update_keys(user, key)
+      File.open(File.join(@local_dir, 'gitolite/keydir',"#{user}.pub"), 'w') {|f| f.write(key.gsub(/\n/,'')) }
+    end
+
+    def delete_key(user)
+      File.unlink(File.join(@local_dir, 'gitolite/keydir',"#{user}.pub"))
+      `cd #{File.join(@local_dir,'gitolite')} ; git rm keydir/#{user}.pub`
+    end
+
+    # update or create
+    def update_project(repo_name, project)
+      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
+      conf = ga_repo.config
+      repo = update_project_config(project, conf)
+      conf.add_repo(repo, true)
+      
+      ga_repo.save
+    end
+
+    # Updates many projects and uses project.path as the repo path
+    # An order of magnitude faster than update_project
+    def update_projects(projects)
+      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
+      conf = ga_repo.config
+
+      projects.each do |project|
+        repo = update_project_config(project, conf)
+        conf.add_repo(repo, true)
+      end
+
+      ga_repo.save
+    end
+
+    def update_project_config(project, conf)
+      repo_name = project.path
+
+      repo = if conf.has_repo?(repo_name)
+               conf.get_repo(repo_name)
+             else 
+               ::Gitolite::Config::Repo.new(repo_name)
+             end
+
+      name_readers = project.repository_readers
+      name_writers = project.repository_writers
+      name_masters = project.repository_masters
+
+      pr_br = project.protected_branches.map(&:name).join("$ ")
+
+      repo.clean_permissions
+
+      # Deny access to protected branches for writers
+      unless name_writers.blank? || pr_br.blank?
+        repo.add_permission("-", pr_br.strip + "$ ", name_writers)
+      end
+
+      # Add read permissions
+      repo.add_permission("R", "", name_readers) unless name_readers.blank?
+
+      # Add write permissions
+      repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
+      repo.add_permission("RW+", "", name_masters) unless name_masters.blank?
+
+      repo
+    end
+
+    def admin_all_repo
+      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
+      conf = ga_repo.config
+      owner_name = ""
+
+      # Read gitolite-admin user
+      #
+      begin 
+        repo = conf.get_repo("gitolite-admin")
+        owner_name = repo.permissions[0]["RW+"][""][0]
+        raise StandardError if owner_name.blank?
+      rescue => ex
+        puts "Can't determine gitolite-admin owner".red
+        raise StandardError
+      end
+
+      # @ALL repos premission for gitolite owner
+      repo_name = "@all"
+      repo = if conf.has_repo?(repo_name)
+               conf.get_repo(repo_name)
+             else 
+               ::Gitolite::Config::Repo.new(repo_name)
+             end
+
+      repo.add_permission("RW+", "", owner_name)
+      conf.add_repo(repo, true)
+      ga_repo.save
+    end
+  end
+end
@@ -0,0 +1,54 @@
+module Grack
+  class Auth < Rack::Auth::Basic
+
+    def valid?
+      # Authentication with username and password
+      email, password = @auth.credentials
+      user = User.find_by_email(email)
+      return false unless user.try(:valid_password?, password)
+
+      # Set GL_USER env variable
+      ENV['GL_USER'] = email
+      # Pass Gitolite update hook
+      ENV['GL_BYPASS_UPDATE_HOOK'] = "true"
+
+      # Need this patch because the rails mount
+      @env['PATH_INFO'] = @env['REQUEST_PATH']
+
+      # Find project by PATH_INFO from env
+      if m = /^\/([\w-]+).git/.match(@env['PATH_INFO']).to_a
+        return false unless project = Project.find_by_path(m.last)
+      end
+
+      # Git upload and receive
+      if @env['REQUEST_METHOD'] == 'GET'
+        true
+      elsif @env['REQUEST_METHOD'] == 'POST'
+        if @env['REQUEST_URI'].end_with?('git-upload-pack')
+          return project.dev_access_for?(user)
+        elsif @env['REQUEST_URI'].end_with?('git-receive-pack')
+          if project.protected_branches.map(&:name).include?(current_ref)
+            project.master_access_for?(user)
+          else
+            project.dev_access_for?(user)
+          end
+        else
+          false
+        end
+      else
+        false
+      end
+    end# valid?
+
+    def current_ref
+      if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
+        input = Zlib::GzipReader.new(@request.body).read
+      else
+        input = @request.body.read
+      end
+      # Need to reset seek point
+      @request.body.rewind
+      /refs\/heads\/([\w-]+)/.match(input).to_a.first
+    end
+  end# Auth
+end# Grack
@@ -1,17 +0,0 @@
-require File.join(Rails.root, "lib", "gitlab", "gitolite")
-
-module Gitlab
-  class GitHost
-    def self.system
-      Gitlab::Gitolite
-    end
-
-    def self.admin_uri
-      Gitlab.config.git_host.admin_uri
-    end
-
-    def self.url_to_repo(path)
-      Gitlab.config.ssh_path + "#{path}.git"
-    end
-  end
-end
@@ -1,157 +0,0 @@
-require 'gitolite'
-require 'timeout'
-require 'fileutils'
-
-module Gitlab
-  class Gitolite
-    class AccessDenied < StandardError; end
-
-    def self.update_project(path, project)
-      self.new.configure { |git| git.update_project(path, project) }
-    end
-
-    def self.destroy_project(project)
-      self.new.configure { |git| git.destroy_project(project) }
-    end
-
-    def pull
-      # create tmp dir
-      @local_dir = File.join(Rails.root, 'tmp',"gitlabhq-gitolite-#{Time.now.to_i}")
-      Dir.mkdir @local_dir
-
-      `git clone #{GitHost.admin_uri} #{@local_dir}/gitolite`
-    end
-
-    def push
-      Dir.chdir(File.join(@local_dir, "gitolite"))
-      `git add -A`
-      `git commit -am "Gitlab"`
-      `git push`
-      Dir.chdir(Rails.root)
-
-      FileUtils.rm_rf(@local_dir)
-    end
-
-    def configure
-      Timeout::timeout(30) do
-        File.open(File.join(Rails.root, 'tmp', "gitlabhq-gitolite.lock"), "w+") do |f|
-          begin 
-            f.flock(File::LOCK_EX)
-            pull
-            yield(self)
-            push
-          ensure
-            f.flock(File::LOCK_UN)
-          end
-        end
-      end
-    rescue Exception => ex
-      Gitlab::Logger.error(ex.message)
-      raise Gitolite::AccessDenied.new("gitolite timeout")
-    end
-
-    def destroy_project(project)
-      FileUtils.rm_rf(project.path_to_repo)
-
-      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
-      conf = ga_repo.config
-      conf.rm_repo(project.path)
-      ga_repo.save
-    end
-
-    #update or create
-    def update_keys(user, key)
-      File.open(File.join(@local_dir, 'gitolite/keydir',"#{user}.pub"), 'w') {|f| f.write(key.gsub(/\n/,'')) }
-    end
-
-    def delete_key(user)
-      File.unlink(File.join(@local_dir, 'gitolite/keydir',"#{user}.pub"))
-      `cd #{File.join(@local_dir,'gitolite')} ; git rm keydir/#{user}.pub`
-    end
-
-    # update or create
-    def update_project(repo_name, project)
-      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
-      conf = ga_repo.config
-      repo = update_project_config(project, conf)
-      conf.add_repo(repo, true)
-      
-      ga_repo.save
-    end
-
-    # Updates many projects and uses project.path as the repo path
-    # An order of magnitude faster than update_project
-    def update_projects(projects)
-      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
-      conf = ga_repo.config
-
-      projects.each do |project|
-        repo = update_project_config(project, conf)
-        conf.add_repo(repo, true)
-      end
-
-      ga_repo.save
-    end
-
-    def update_project_config(project, conf)
-      repo_name = project.path
-
-      repo = if conf.has_repo?(repo_name)
-               conf.get_repo(repo_name)
-             else 
-               ::Gitolite::Config::Repo.new(repo_name)
-             end
-
-      name_readers = project.repository_readers
-      name_writers = project.repository_writers
-      name_masters = project.repository_masters
-
-      pr_br = project.protected_branches.map(&:name).join("$ ")
-
-      repo.clean_permissions
-
-      # Deny access to protected branches for writers
-      unless name_writers.blank? || pr_br.blank?
-        repo.add_permission("-", pr_br.strip + "$ ", name_writers)
-      end
-
-      # Add read permissions
-      repo.add_permission("R", "", name_readers) unless name_readers.blank?
-
-      # Add write permissions
-      repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
-      repo.add_permission("RW+", "", name_masters) unless name_masters.blank?
-
-      repo
-    end
-
-    def admin_all_repo
-      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
-      conf = ga_repo.config
-      owner_name = ""
-
-      # Read gitolite-admin user
-      #
-      begin 
-        repo = conf.get_repo("gitolite-admin")
-        owner_name = repo.permissions[0]["RW+"][""][0]
-        raise StandardError if owner_name.blank?
-      rescue => ex
-        puts "Can't determine gitolite-admin owner".red
-        raise StandardError
-      end
-
-      # @ALL repos premission for gitolite owner
-      repo_name = "@all"
-      repo = if conf.has_repo?(repo_name)
-               conf.get_repo(repo_name)
-             else 
-               ::Gitolite::Config::Repo.new(repo_name)
-             end
-
-      repo.add_permission("RW+", "", owner_name)
-      conf.add_repo(repo, true)
-      ga_repo.save
-    end
-  end
-end
@@ -2,9 +2,7 @@ namespace :gitlab do
   namespace :app do
     desc "GITLAB | Enable auto merge"
     task :enable_automerge => :environment  do
-      Gitlab::GitHost.system.new.configure do |git|
-        git.admin_all_repo
-      end
+      Gitlab::Gitolite.new.enable_automerge
       Project.find_each do |project|
         if project.repo_exists? && !project.satellite.exists?
@@ -16,7 +16,7 @@ namespace :gitlab do
     task :update_keys => :environment  do
       puts "Starting Key"
       Key.find_each(:batch_size => 100) do |key|
-        key.update_repository
+        Gitlab::Gitolite.new.set_key(key.identifier, key.key, key.projects)
         print '.'
       end
       puts "Done with keys"
@@ -0,0 +1,34 @@
+require 'spec_helper'
+
+describe KeyObserver do
+  before do 
+    @key = double('Key',
+      identifier: 'admin_654654',
+      key: '== a vaild ssh key',
+      projects: [],
+      is_deploy_key: false
+    )
+
+    @gitolite = double('Gitlab::Gitolite',
+      set_key: true,
+      remove_key: true
+    )
+
+    @observer = KeyObserver.instance
+    @observer.stub(:git_host => @gitolite)
+  end
+
+  context :after_save do
+    it do
+      @gitolite.should_receive(:set_key).with(@key.identifier, @key.key, @key.projects)
+      @observer.after_save(@key)
+    end
+  end
+
+  context :after_destroy do 
+    it do
+      @gitolite.should_receive(:remove_key).with(@key.identifier, @key.projects)
+      @observer.after_destroy(@key)
+    end
+  end
+end
@@ -27,6 +27,7 @@ RSpec.configure do |config|
   config.mock_with :rspec
   config.include LoginHelpers, type: :request
+  config.include GitoliteStub
   # If you're not using ActiveRecord, or you'd prefer not to run each of your
   # examples within a transaction, remove the following line or assign false
@@ -39,6 +40,8 @@ RSpec.configure do |config|
   end
   config.before do
+    stub_gitolite!
+
     # !!! Observers disabled by default in tests
     ActiveRecord::Base.observers.disable(:all)
     # ActiveRecord::Base.observers.enable(:all)
@@ -0,0 +1,35 @@
+module GitoliteStub
+  def stub_gitolite!
+    stub_gitlab_gitolite
+    stub_gitolite_admin
+  end
+
+  def stub_gitolite_admin
+    gitolite_repo = mock(
+      clean_permissions: true,
+      add_permission: true
+    )
+
+    gitolite_config = mock(
+      add_repo: true,
+      get_repo: gitolite_repo,
+      has_repo?: true
+    )
+
+    gitolite_admin = double(
+      'Gitolite::GitoliteAdmin', 
+      config: gitolite_config,
+      save: true,
+    )
+
+    Gitolite::GitoliteAdmin.stub(new: gitolite_admin)
+
+  end
+
+  def stub_gitlab_gitolite
+    gitlab_gitolite = Gitlab::Gitolite.new
+    Gitlab::Gitolite.stub(new: gitlab_gitolite)
+    gitlab_gitolite.stub(configure: ->() { yield(self) })
+    gitlab_gitolite.stub(update_keys: true)
+  end
+end
 # Stubbing Project <-> git host path
 # create project using Factory only
 class Project
-  def update_repository
-    true
-  end
-
-  def destroy_repository
-    true
-  end
-
   def path_to_repo
     File.join(Rails.root, "tmp", "tests", path)
   end
@@ -18,22 +10,6 @@ class Project
   end
 end
-class Key
-  def update_repository
-    true
-  end
-
-  def repository_delete_key
-    true
-  end
-end
-
-class UsersProject
-  def update_repository
-    true
-  end
-end
-
 class FakeSatellite
   def exists?
     true
@@ -43,9 +19,3 @@ class FakeSatellite
     true
   end
 end
-
-class ProtectedBranch
-  def update_repository
-    true
-  end
-end
@@ -0,0 +1,5 @@		@@ -0,0 +1,5 @@
	1	+module GitHost
	2	+ def git_host
	3	+ Gitlab::Gitolite.new
	4	+ end
	5	+end
	@@ -1,18 +0,0 @@	@@ -1,18 +0,0 @@
1	-module SshKey
2	- def update_repository
3	- Gitlab::GitHost.system.new.configure do \|c\|
4	- c.update_keys(identifier, key)
5	- c.update_projects(projects)
6	- end
7	- end
8	-
9	- def repository_delete_key
10	- Gitlab::GitHost.system.new.configure do \|c\|
11	- #delete key file is there is no identically deploy keys
12	- if !is_deploy_key \|\| Key.where(identifier: identifier).count() == 0
13	- c.delete_key(identifier)
14	- end
15	- c.update_projects(projects)
16	- end
17	- end
18	-end
	@@ -3,5 +3,3 @@ require File.expand_path('../application', __FILE__)		@@ -3,5 +3,3 @@ require File.expand_path('../application', __FILE__)
3		3
4	# Initialize the rails application	4	# Initialize the rails application
5	Gitlab::Application.initialize!	5	Gitlab::Application.initialize!
6	-
7	-require File.join(Rails.root, "lib", "gitlab", "git_host")
@@ -0,0 +1,5 @@		@@ -0,0 +1,5 @@
	1	+# GIT over HTTP
	2	+require Rails.root.join("lib", "gitlab", "backend", "grack_auth")
	3	+
	4	+# GITOLITE backend
	5	+require Rails.root.join("lib", "gitlab", "backend", "gitolite")
	@@ -1,54 +0,0 @@	@@ -1,54 +0,0 @@
1	-module Grack
2	- class Auth < Rack::Auth::Basic
3	-
4	- def valid?
5	- # Authentication with username and password
6	- email, password = @auth.credentials
7	- user = User.find_by_email(email)
8	- return false unless user.try(:valid_password?, password)
9	-
10	- # Set GL_USER env variable
11	- ENV['GL_USER'] = email
12	- # Pass Gitolite update hook
13	- ENV['GL_BYPASS_UPDATE_HOOK'] = "true"
14	-
15	- # Need this patch because the rails mount
16	- @env['PATH_INFO'] = @env['REQUEST_PATH']
17	-
18	- # Find project by PATH_INFO from env
19	- if m = /^\/([\w-]+).git/.match(@env['PATH_INFO']).to_a
20	- return false unless project = Project.find_by_path(m.last)
21	- end
22	-
23	- # Git upload and receive
24	- if @env['REQUEST_METHOD'] == 'GET'
25	- true
26	- elsif @env['REQUEST_METHOD'] == 'POST'
27	- if @env['REQUEST_URI'].end_with?('git-upload-pack')
28	- return project.dev_access_for?(user)
29	- elsif @env['REQUEST_URI'].end_with?('git-receive-pack')
30	- if project.protected_branches.map(&:name).include?(current_ref)
31	- project.master_access_for?(user)
32	- else
33	- project.dev_access_for?(user)
34	- end
35	- else
36	- false
37	- end
38	- else
39	- false
40	- end
41	- end# valid?
42	-
43	- def current_ref
44	- if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
45	- input = Zlib::GzipReader.new(@request.body).read
46	- else
47	- input = @request.body.read
48	- end
49	- # Need to reset seek point
50	- @request.body.rewind
51	- /refs\/heads\/([\w-]+)/.match(input).to_a.first
52	- end
53	- end# Auth
54	-end# Grack
	@@ -5,10 +5,12 @@ end		@@ -5,10 +5,12 @@ end
5		5
6	require 'cucumber/rails'	6	require 'cucumber/rails'
7	require 'webmock/cucumber'	7	require 'webmock/cucumber'
		8	+
8	WebMock.allow_net_connect!	9	WebMock.allow_net_connect!
9		10
10	require Rails.root.join 'spec/factories'	11	require Rails.root.join 'spec/factories'
11	require Rails.root.join 'spec/support/monkeypatch'	12	require Rails.root.join 'spec/support/monkeypatch'
		13	+require Rails.root.join 'spec/support/gitolite_stub'
12	require Rails.root.join 'spec/support/login_helpers'	14	require Rails.root.join 'spec/support/login_helpers'
13	require Rails.root.join 'spec/support/valid_commit'	15	require Rails.root.join 'spec/support/valid_commit'
14		16
	@@ -48,3 +50,9 @@ headless = Headless.new		@@ -48,3 +50,9 @@ headless = Headless.new
48	headless.start	50	headless.start
49		51
50	require 'cucumber/rspec/doubles'	52	require 'cucumber/rspec/doubles'
		53	+
		54	+include GitoliteStub
		55	+
		56	+Before do
		57	+ stub_gitolite!
		58	+end
@@ -0,0 +1,195 @@		@@ -0,0 +1,195 @@
	1	+require 'gitolite'
	2	+require 'timeout'
	3	+require 'fileutils'
	4	+
	5	+# TODO: refactor & cleanup
	6	+module Gitlab
	7	+ class Gitolite
	8	+ class AccessDenied < StandardError; end
	9	+
	10	+ def set_key key_id, key_content, projects
	11	+ self.configure do \|c\|
	12	+ c.update_keys(key_id, key_content)
	13	+ c.update_project(project.path, projects)
	14	+ end
	15	+ end
	16	+
	17	+ def remove_key key_id, projects
	18	+ self.configure do \|c\|
	19	+ c.delete_key(key_id)
	20	+ c.update_project(project.path, projects)
	21	+ end
	22	+ end
	23	+
	24	+ def update_repository project
	25	+ self.configure do \|c\|
	26	+ c.update_project(project.path, project)
	27	+ end
	28	+ end
	29	+
	30	+ alias_method :create_repository, :update_repository
	31	+
	32	+ def remove_repository project
	33	+ self.configure do \|c\|
	34	+ c.destroy_project(project)
	35	+ end
	36	+ end
	37	+
	38	+ def url_to_repo path
	39	+ Gitlab.config.ssh_path + "#{path}.git"
	40	+ end
	41	+
	42	+ def initialize
	43	+ # create tmp dir
	44	+ @local_dir = File.join(Rails.root, 'tmp',"gitlabhq-gitolite-#{Time.now.to_i}")
	45	+ end
	46	+
	47	+ def enable_automerge
	48	+ self.configure do \|git\|
	49	+ git.admin_all_repo
	50	+ end
	51	+ end
	52	+
	53	+ private
	54	+
	55	+ def pull
	56	+ # create tmp dir
	57	+ @local_dir = File.join(Rails.root, 'tmp',"gitlabhq-gitolite-#{Time.now.to_i}")
	58	+ Dir.mkdir @local_dir
	59	+
	60	+ `git clone #{self.class.admin_uri} #{@local_dir}/gitolite`
	61	+ end
	62	+
	63	+ def push
	64	+ Dir.chdir(File.join(@local_dir, "gitolite"))
	65	+ `git add -A`
	66	+ `git commit -am "Gitlab"`
	67	+ `git push`
	68	+ Dir.chdir(Rails.root)
	69	+
	70	+ FileUtils.rm_rf(@local_dir)
	71	+ end
	72	+
	73	+ def configure
	74	+ Timeout::timeout(30) do
	75	+ File.open(File.join(Rails.root, 'tmp', "gitlabhq-gitolite.lock"), "w+") do \|f\|
	76	+ begin
	77	+ f.flock(File::LOCK_EX)
	78	+ pull
	79	+ yield(self)
	80	+ push
	81	+ ensure
	82	+ f.flock(File::LOCK_UN)
	83	+ end
	84	+ end
	85	+ end
	86	+ rescue Exception => ex
	87	+ Gitlab::Logger.error(ex.message)
	88	+ raise Gitolite::AccessDenied.new("gitolite timeout")
	89	+ end
	90	+
	91	+ def destroy_project(project)
	92	+ FileUtils.rm_rf(project.path_to_repo)
	93	+
	94	+ ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
	95	+ conf = ga_repo.config
	96	+ conf.rm_repo(project.path)
	97	+ ga_repo.save
	98	+ end
	99	+
	100	+ #update or create
	101	+ def update_keys(user, key)
	102	+ File.open(File.join(@local_dir, 'gitolite/keydir',"#{user}.pub"), 'w') {\|f\| f.write(key.gsub(/\n/,'')) }
	103	+ end
	104	+
	105	+ def delete_key(user)
	106	+ File.unlink(File.join(@local_dir, 'gitolite/keydir',"#{user}.pub"))
	107	+ `cd #{File.join(@local_dir,'gitolite')} ; git rm keydir/#{user}.pub`
	108	+ end
	109	+
	110	+ # update or create
	111	+ def update_project(repo_name, project)
	112	+ ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
	113	+ conf = ga_repo.config
	114	+ repo = update_project_config(project, conf)
	115	+ conf.add_repo(repo, true)
	116	+
	117	+ ga_repo.save
	118	+ end
	119	+
	120	+ # Updates many projects and uses project.path as the repo path
	121	+ # An order of magnitude faster than update_project
	122	+ def update_projects(projects)
	123	+ ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
	124	+ conf = ga_repo.config
	125	+
	126	+ projects.each do \|project\|
	127	+ repo = update_project_config(project, conf)
	128	+ conf.add_repo(repo, true)
	129	+ end
	130	+
	131	+ ga_repo.save
	132	+ end
	133	+
	134	+ def update_project_config(project, conf)
	135	+ repo_name = project.path
	136	+
	137	+ repo = if conf.has_repo?(repo_name)
	138	+ conf.get_repo(repo_name)
	139	+ else
	140	+ ::Gitolite::Config::Repo.new(repo_name)
	141	+ end
	142	+
	143	+ name_readers = project.repository_readers
	144	+ name_writers = project.repository_writers
	145	+ name_masters = project.repository_masters
	146	+
	147	+ pr_br = project.protected_branches.map(&:name).join("$ ")
	148	+
	149	+ repo.clean_permissions
	150	+
	151	+ # Deny access to protected branches for writers
	152	+ unless name_writers.blank? \|\| pr_br.blank?
	153	+ repo.add_permission("-", pr_br.strip + "$ ", name_writers)
	154	+ end
	155	+
	156	+ # Add read permissions
	157	+ repo.add_permission("R", "", name_readers) unless name_readers.blank?
	158	+
	159	+ # Add write permissions
	160	+ repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
	161	+ repo.add_permission("RW+", "", name_masters) unless name_masters.blank?
	162	+
	163	+ repo
	164	+ end
	165	+
	166	+ def admin_all_repo
	167	+ ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
	168	+ conf = ga_repo.config
	169	+ owner_name = ""
	170	+
	171	+ # Read gitolite-admin user
	172	+ #
	173	+ begin
	174	+ repo = conf.get_repo("gitolite-admin")
	175	+ owner_name = repo.permissions[0]["RW+"][""][0]
	176	+ raise StandardError if owner_name.blank?
	177	+ rescue => ex
	178	+ puts "Can't determine gitolite-admin owner".red
	179	+ raise StandardError
	180	+ end
	181	+
	182	+ # @ALL repos premission for gitolite owner
	183	+ repo_name = "@all"
	184	+ repo = if conf.has_repo?(repo_name)
	185	+ conf.get_repo(repo_name)
	186	+ else
	187	+ ::Gitolite::Config::Repo.new(repo_name)
	188	+ end
	189	+
	190	+ repo.add_permission("RW+", "", owner_name)
	191	+ conf.add_repo(repo, true)
	192	+ ga_repo.save
	193	+ end
	194	+ end
	195	+end
@@ -0,0 +1,54 @@		@@ -0,0 +1,54 @@
	1	+module Grack
	2	+ class Auth < Rack::Auth::Basic
	3	+
	4	+ def valid?
	5	+ # Authentication with username and password
	6	+ email, password = @auth.credentials
	7	+ user = User.find_by_email(email)
	8	+ return false unless user.try(:valid_password?, password)
	9	+
	10	+ # Set GL_USER env variable
	11	+ ENV['GL_USER'] = email
	12	+ # Pass Gitolite update hook
	13	+ ENV['GL_BYPASS_UPDATE_HOOK'] = "true"
	14	+
	15	+ # Need this patch because the rails mount
	16	+ @env['PATH_INFO'] = @env['REQUEST_PATH']
	17	+
	18	+ # Find project by PATH_INFO from env
	19	+ if m = /^\/([\w-]+).git/.match(@env['PATH_INFO']).to_a
	20	+ return false unless project = Project.find_by_path(m.last)
	21	+ end
	22	+
	23	+ # Git upload and receive
	24	+ if @env['REQUEST_METHOD'] == 'GET'
	25	+ true
	26	+ elsif @env['REQUEST_METHOD'] == 'POST'
	27	+ if @env['REQUEST_URI'].end_with?('git-upload-pack')
	28	+ return project.dev_access_for?(user)
	29	+ elsif @env['REQUEST_URI'].end_with?('git-receive-pack')
	30	+ if project.protected_branches.map(&:name).include?(current_ref)
	31	+ project.master_access_for?(user)
	32	+ else
	33	+ project.dev_access_for?(user)
	34	+ end
	35	+ else
	36	+ false
	37	+ end
	38	+ else
	39	+ false
	40	+ end
	41	+ end# valid?
	42	+
	43	+ def current_ref
	44	+ if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
	45	+ input = Zlib::GzipReader.new(@request.body).read
	46	+ else
	47	+ input = @request.body.read
	48	+ end
	49	+ # Need to reset seek point
	50	+ @request.body.rewind
	51	+ /refs\/heads\/([\w-]+)/.match(input).to_a.first
	52	+ end
	53	+ end# Auth
	54	+end# Grack
	@@ -1,17 +0,0 @@	@@ -1,17 +0,0 @@
1	-require File.join(Rails.root, "lib", "gitlab", "gitolite")
2	-
3	-module Gitlab
4	- class GitHost
5	- def self.system
6	- Gitlab::Gitolite
7	- end
8	-
9	- def self.admin_uri
10	- Gitlab.config.git_host.admin_uri
11	- end
12	-
13	- def self.url_to_repo(path)
14	- Gitlab.config.ssh_path + "#{path}.git"
15	- end
16	- end
17	-end
	@@ -1,157 +0,0 @@	@@ -1,157 +0,0 @@
1	-require 'gitolite'
2	-require 'timeout'
3	-require 'fileutils'
4	-
5	-module Gitlab
6	- class Gitolite
7	- class AccessDenied < StandardError; end
8	-
9	- def self.update_project(path, project)
10	- self.new.configure { \|git\| git.update_project(path, project) }
11	- end
12	-
13	- def self.destroy_project(project)
14	- self.new.configure { \|git\| git.destroy_project(project) }
15	- end
16	-
17	- def pull
18	- # create tmp dir
19	- @local_dir = File.join(Rails.root, 'tmp',"gitlabhq-gitolite-#{Time.now.to_i}")
20	- Dir.mkdir @local_dir
21	-
22	- `git clone #{GitHost.admin_uri} #{@local_dir}/gitolite`
23	- end
24	-
25	- def push
26	- Dir.chdir(File.join(@local_dir, "gitolite"))
27	- `git add -A`
28	- `git commit -am "Gitlab"`
29	- `git push`
30	- Dir.chdir(Rails.root)
31	-
32	- FileUtils.rm_rf(@local_dir)
33	- end
34	-
35	- def configure
36	- Timeout::timeout(30) do
37	- File.open(File.join(Rails.root, 'tmp', "gitlabhq-gitolite.lock"), "w+") do \|f\|
38	- begin
39	- f.flock(File::LOCK_EX)
40	- pull
41	- yield(self)
42	- push
43	- ensure
44	- f.flock(File::LOCK_UN)
45	- end
46	- end
47	- end
48	- rescue Exception => ex
49	- Gitlab::Logger.error(ex.message)
50	- raise Gitolite::AccessDenied.new("gitolite timeout")
51	- end
52	-
53	- def destroy_project(project)
54	- FileUtils.rm_rf(project.path_to_repo)
55	-
56	- ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
57	- conf = ga_repo.config
58	- conf.rm_repo(project.path)
59	- ga_repo.save
60	- end
61	-
62	- #update or create
63	- def update_keys(user, key)
64	- File.open(File.join(@local_dir, 'gitolite/keydir',"#{user}.pub"), 'w') {\|f\| f.write(key.gsub(/\n/,'')) }
65	- end
66	-
67	- def delete_key(user)
68	- File.unlink(File.join(@local_dir, 'gitolite/keydir',"#{user}.pub"))
69	- `cd #{File.join(@local_dir,'gitolite')} ; git rm keydir/#{user}.pub`
70	- end
71	-
72	- # update or create
73	- def update_project(repo_name, project)
74	- ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
75	- conf = ga_repo.config
76	- repo = update_project_config(project, conf)
77	- conf.add_repo(repo, true)
78	-
79	- ga_repo.save
80	- end
81	-
82	- # Updates many projects and uses project.path as the repo path
83	- # An order of magnitude faster than update_project
84	- def update_projects(projects)
85	- ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
86	- conf = ga_repo.config
87	-
88	- projects.each do \|project\|
89	- repo = update_project_config(project, conf)
90	- conf.add_repo(repo, true)
91	- end
92	-
93	- ga_repo.save
94	- end
95	-
96	- def update_project_config(project, conf)
97	- repo_name = project.path
98	-
99	- repo = if conf.has_repo?(repo_name)
100	- conf.get_repo(repo_name)
101	- else
102	- ::Gitolite::Config::Repo.new(repo_name)
103	- end
104	-
105	- name_readers = project.repository_readers
106	- name_writers = project.repository_writers
107	- name_masters = project.repository_masters
108	-
109	- pr_br = project.protected_branches.map(&:name).join("$ ")
110	-
111	- repo.clean_permissions
112	-
113	- # Deny access to protected branches for writers
114	- unless name_writers.blank? \|\| pr_br.blank?
115	- repo.add_permission("-", pr_br.strip + "$ ", name_writers)
116	- end
117	-
118	- # Add read permissions
119	- repo.add_permission("R", "", name_readers) unless name_readers.blank?
120	-
121	- # Add write permissions
122	- repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
123	- repo.add_permission("RW+", "", name_masters) unless name_masters.blank?
124	-
125	- repo
126	- end
127	-
128	- def admin_all_repo
129	- ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
130	- conf = ga_repo.config
131	- owner_name = ""
132	-
133	- # Read gitolite-admin user
134	- #
135	- begin
136	- repo = conf.get_repo("gitolite-admin")
137	- owner_name = repo.permissions[0]["RW+"][""][0]
138	- raise StandardError if owner_name.blank?
139	- rescue => ex
140	- puts "Can't determine gitolite-admin owner".red
141	- raise StandardError
142	- end
143	-
144	- # @ALL repos premission for gitolite owner
145	- repo_name = "@all"
146	- repo = if conf.has_repo?(repo_name)
147	- conf.get_repo(repo_name)
148	- else
149	- ::Gitolite::Config::Repo.new(repo_name)
150	- end
151	-
152	- repo.add_permission("RW+", "", owner_name)
153	- conf.add_repo(repo, true)
154	- ga_repo.save
155	- end
156	- end
157	-end