Commit 611cf13b authored by Alain Takoudjou's avatar Alain Takoudjou

NXD lib:gitlab:auth Accept Basic auth from project runner_token

From gitlab 8.12 there is new CI job permissions model which only accept login
from ci token for running job. Then the access is revoked after the job is finished.
In Nexedi, when have a lot of URLs which rely on gitlab-ci-token and project-runners-token, so
we need to re-allow access else access to all those URL will be refused.

More info are here: https://docs.gitlab.com/ee/user/project/new_ci_build_permissions_model.html#before-gitlab-8-12
parent 94ddf244
...@@ -155,6 +155,11 @@ module Gitlab ...@@ -155,6 +155,11 @@ module Gitlab
return unless login == 'gitlab-ci-token' return unless login == 'gitlab-ci-token'
return unless password return unless password
# XXX-nxd: we also accept runners_token if enabled on projects
project = Project.with_builds_enabled.find_by(runners_token: password)
if project
Gitlab::Auth::Result.new(nil, project, :ci, build_authentication_abilities)
else
build = ::Ci::Build.running.find_by_token(password) build = ::Ci::Build.running.find_by_token(password)
return unless build return unless build
return unless build.project.builds_enabled? return unless build.project.builds_enabled?
...@@ -167,6 +172,7 @@ module Gitlab ...@@ -167,6 +172,7 @@ module Gitlab
Gitlab::Auth::Result.new(nil, build.project, :ci, build_authentication_abilities) Gitlab::Auth::Result.new(nil, build.project, :ci, build_authentication_abilities)
end end
end end
end
public public
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment