Commit 843548cc7681e600b1180a91a407385b35c7f23c
1 parent
23d180f5
Exists in
spb-stable
and in
3 other branches
Fix HTTP push to public repos
When doing an HTTP push, git (as of v1.7.9) first do an info/refs request, and only if this request requires authentication it asks the user for its password and authenticates further requests. The initial request normally clears without auth on public repos as it doesn't update any ref. This patch forces every git-receive-pack requests to provide authentication.
Showing
1 changed file
with
3 additions
and
0 deletions
 
Show diff stats
lib/gitlab/backend/grack_auth.rb
| @@ -92,6 +92,9 @@ module Grack | @@ -92,6 +92,9 @@ module Grack | ||
| 92 | return false unless can?(user, action, project) | 92 | return false unless can?(user, action, project) | 
| 93 | end | 93 | end | 
| 94 | 94 | ||
| 95 | + # Never let git-receive-pack trough unauthenticated; it's | ||
| 96 | + # harmless but git < 1.8 doesn't like it | ||
| 97 | + return false if user.nil? | ||
| 95 | true | 98 | true | 
| 96 | else | 99 | else | 
| 97 | false | 100 | false |