Commit e485b3f6 authored by Lin Jen-Shin's avatar Lin Jen-Shin

Give forbidden if project for the build was deleted

Closes #25309
parent 278baa5b
......@@ -41,7 +41,7 @@ module Ci
put ":id" do
authenticate_runner!
build = Ci::Build.where(runner_id: current_runner.id).running.find(params[:id])
forbidden!('Build has been erased!') if build.erased?
authenticate_build!(build, verify_token: false)
update_runner_info
......@@ -71,9 +71,7 @@ module Ci
# PATCH /builds/:id/trace.txt
patch ":id/trace.txt" do
build = Ci::Build.find_by_id(params[:id])
not_found! unless build
authenticate_build_token!(build)
forbidden!('Build has been erased!') if build.erased?
authenticate_build!(build)
error!('400 Missing header Content-Range', 400) unless request.headers.has_key?('Content-Range')
content_range = request.headers['Content-Range']
......@@ -104,8 +102,7 @@ module Ci
Gitlab::Workhorse.verify_api_request!(headers)
not_allowed! unless Gitlab.config.artifacts.enabled
build = Ci::Build.find_by_id(params[:id])
not_found! unless build
authenticate_build_token!(build)
authenticate_build!(build)
forbidden!('build is not running') unless build.running?
if params[:filesize]
......@@ -142,10 +139,8 @@ module Ci
require_gitlab_workhorse!
not_allowed! unless Gitlab.config.artifacts.enabled
build = Ci::Build.find_by_id(params[:id])
not_found! unless build
authenticate_build_token!(build)
authenticate_build!(build)
forbidden!('Build is not running!') unless build.running?
forbidden!('Build has been erased!') if build.erased?
artifacts_upload_path = ArtifactUploader.artifacts_upload_path
artifacts = uploaded_file(:file, artifacts_upload_path)
......@@ -176,8 +171,7 @@ module Ci
# GET /builds/:id/artifacts
get ":id/artifacts" do
build = Ci::Build.find_by_id(params[:id])
not_found! unless build
authenticate_build_token!(build)
authenticate_build!(build)
artifacts_file = build.artifacts_file
unless artifacts_file.file_storage?
......@@ -202,8 +196,7 @@ module Ci
# DELETE /builds/:id/artifacts
delete ":id/artifacts" do
build = Ci::Build.find_by_id(params[:id])
not_found! unless build
authenticate_build_token!(build)
authenticate_build!(build)
build.erase_artifacts!
end
......
......@@ -13,8 +13,11 @@ module Ci
forbidden! unless current_runner
end
def authenticate_build_token!(build)
forbidden! unless build_token_valid?(build)
def authenticate_build!(build, verify_token: true)
not_found! unless build
forbidden! if verify_token && !build_token_valid?(build)
forbidden!('Project has been deleted!') unless build.project
forbidden!('Build has been erased!') if build.erased?
end
def runner_registration_token_valid?
......
......@@ -329,6 +329,25 @@ describe Ci::API::Builds do
end
end
end
context 'when project for the build has been deleted' do
let(:build) do
create(:ci_build,
:pending,
:trace,
runner_id: runner.id,
pipeline: pipeline)
end
it 'responds with forbidden' do
expect(response.status).to eq 403
end
def initial_patch_the_trace
build.project.update(pending_delete: true)
super
end
end
end
context 'when Runner makes a force-patch' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment