Commit 729b358f authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

push via http now served via /allowed API

Signed-off-by: default avatarDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
parent f18a714f
......@@ -5,7 +5,7 @@ module Grack
class Auth < Rack::Auth::Basic
include Helpers
attr_accessor :user, :project, :ref, :env
attr_accessor :user, :project, :env
def call(env)
@env = env
......@@ -80,24 +80,11 @@ module Grack
def authorize_request(service)
case service
when 'git-upload-pack'
can?(user, :download_code, project)
when'git-receive-pack'
refs.each do |ref|
action = if project.protected_branch?(ref)
:push_code_to_protected_branches
else
:push_code
end
return false unless can?(user, action, project)
end
# Never let git-receive-pack trough unauthenticated; it's
# harmless but git < 1.8 doesn't like it
return false if user.nil?
true
# Serve only upload request.
# Authorization on push will be serverd by update hook in repository
Gitlab::GitAccess.new.download_allowed?(user, project)
else
false
true
end
end
......@@ -114,29 +101,5 @@ module Grack
def project
@project ||= project_by_path(@request.path_info)
end
def refs
@refs ||= parse_refs
end
def parse_refs
input = if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
Zlib::GzipReader.new(@request.body).read
else
@request.body.read
end
# Need to reset seek point
@request.body.rewind
# Parse refs
refs = input.force_encoding('ascii-8bit').scan(/refs\/heads\/([\/\w\.-]+)/n).flatten.compact
# Cleanup grabare from refs
# if push to multiple branches
refs.map do |ref|
ref.gsub(/00.*/, "")
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment