Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
137a8016
Commit
137a8016
authored
Sep 26, 2016
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Be nice to Docker Clients talking to JWT/auth
parent
3820ca58
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
28 additions
and
9 deletions
+28
-9
CHANGELOG
CHANGELOG
+1
-0
app/controllers/jwt_controller.rb
app/controllers/jwt_controller.rb
+16
-5
app/services/auth/container_registry_authentication_service.rb
...ervices/auth/container_registry_authentication_service.rb
+9
-2
spec/requests/jwt_controller_spec.rb
spec/requests/jwt_controller_spec.rb
+2
-2
No files found.
CHANGELOG
View file @
137a8016
...
@@ -12,6 +12,7 @@ v 8.12.2 (unreleased)
...
@@ -12,6 +12,7 @@ v 8.12.2 (unreleased)
- Fix List-Unsubscribe header in emails
- Fix List-Unsubscribe header in emails
- Fix an issue with the "Commits" section of the cycle analytics summary. !6513
- Fix an issue with the "Commits" section of the cycle analytics summary. !6513
- Fix errors importing project feature and milestone models using GitLab project import
- Fix errors importing project feature and milestone models using GitLab project import
- Make JWT messages Docker-compatible
v 8.12.1
v 8.12.1
- Fix a memory leak in HTML::Pipeline::SanitizationFilter::WHITELIST
- Fix a memory leak in HTML::Pipeline::SanitizationFilter::WHITELIST
...
...
app/controllers/jwt_controller.rb
View file @
137a8016
...
@@ -25,7 +25,7 @@ class JwtController < ApplicationController
...
@@ -25,7 +25,7 @@ class JwtController < ApplicationController
authenticate_with_http_basic
do
|
login
,
password
|
authenticate_with_http_basic
do
|
login
,
password
|
@authentication_result
=
Gitlab
::
Auth
.
find_for_git_client
(
login
,
password
,
project:
nil
,
ip:
request
.
ip
)
@authentication_result
=
Gitlab
::
Auth
.
find_for_git_client
(
login
,
password
,
project:
nil
,
ip:
request
.
ip
)
render_
403
unless
@authentication_result
.
success?
&&
render_
unauthorized
unless
@authentication_result
.
success?
&&
(
@authentication_result
.
actor
.
nil?
||
@authentication_result
.
actor
.
is_a?
(
User
))
(
@authentication_result
.
actor
.
nil?
||
@authentication_result
.
actor
.
is_a?
(
User
))
end
end
rescue
Gitlab
::
Auth
::
MissingPersonalTokenError
rescue
Gitlab
::
Auth
::
MissingPersonalTokenError
...
@@ -33,10 +33,21 @@ class JwtController < ApplicationController
...
@@ -33,10 +33,21 @@ class JwtController < ApplicationController
end
end
def
render_missing_personal_token
def
render_missing_personal_token
render
plain:
"HTTP Basic: Access denied
\n
"
\
render
json:
{
errors:
[
{
code:
'UNAUTHORIZED'
,
message:
"HTTP Basic: Access denied
\n
"
\
"You have 2FA enabled, please use a personal access token for Git over HTTP.
\n
"
\
"You have 2FA enabled, please use a personal access token for Git over HTTP.
\n
"
\
"You can generate one at
#{
profile_personal_access_tokens_url
}
"
,
"You can generate one at
#{
profile_personal_access_tokens_url
}
"
}
status:
401
]
},
status:
401
end
def
render_unauthorized
render
json:
{
errors:
[
{
code:
'UNAUTHORIZED'
,
message:
'HTTP Basic: Access denied'
}
]
},
status:
401
end
end
def
auth_params
def
auth_params
...
...
app/services/auth/container_registry_authentication_service.rb
View file @
137a8016
...
@@ -7,10 +7,10 @@ module Auth
...
@@ -7,10 +7,10 @@ module Auth
def
execute
(
authentication_abilities
:)
def
execute
(
authentication_abilities
:)
@authentication_abilities
=
authentication_abilities
@authentication_abilities
=
authentication_abilities
return
error
(
'
not found'
,
404
)
unless
registry
.
enabled
return
error
(
'
UNAVAILABLE'
,
status:
404
,
message:
'registry not enabled'
)
unless
registry
.
enabled
unless
current_user
||
project
unless
current_user
||
project
return
error
(
'
forbidden'
,
403
)
unless
scope
return
error
(
'
DENIED'
,
status:
403
,
message:
'access forbidden'
)
unless
scope
end
end
{
token:
authorized_token
(
scope
).
encoded
}
{
token:
authorized_token
(
scope
).
encoded
}
...
@@ -111,5 +111,12 @@ module Auth
...
@@ -111,5 +111,12 @@ module Auth
@authentication_abilities
.
include?
(
:create_container_image
)
&&
@authentication_abilities
.
include?
(
:create_container_image
)
&&
can?
(
current_user
,
:create_container_image
,
requested_project
)
can?
(
current_user
,
:create_container_image
,
requested_project
)
end
end
def
error
(
code
,
status
:,
message:
''
)
{
errors:
[{
code:
code
,
message:
message
}],
http_status:
status
}
end
end
end
end
end
spec/requests/jwt_controller_spec.rb
View file @
137a8016
...
@@ -39,7 +39,7 @@ describe JwtController do
...
@@ -39,7 +39,7 @@ describe JwtController do
subject!
{
get
'/jwt/auth'
,
parameters
,
headers
}
subject!
{
get
'/jwt/auth'
,
parameters
,
headers
}
it
{
expect
(
response
).
to
have_http_status
(
40
3
)
}
it
{
expect
(
response
).
to
have_http_status
(
40
1
)
}
end
end
end
end
...
@@ -77,7 +77,7 @@ describe JwtController do
...
@@ -77,7 +77,7 @@ describe JwtController do
subject!
{
get
'/jwt/auth'
,
parameters
,
headers
}
subject!
{
get
'/jwt/auth'
,
parameters
,
headers
}
it
{
expect
(
response
).
to
have_http_status
(
40
3
)
}
it
{
expect
(
response
).
to
have_http_status
(
40
1
)
}
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment