Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
7ec1fa21
Commit
7ec1fa21
authored
8 years ago
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Make authentication service for Container Registry to be compatible with < Docker 1.11
parent
2485bd7b
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
20 additions
and
33 deletions
+20
-33
CHANGELOG
CHANGELOG
+1
-0
app/controllers/jwt_controller.rb
app/controllers/jwt_controller.rb
+1
-1
app/services/auth/container_registry_authentication_service.rb
...ervices/auth/container_registry_authentication_service.rb
+1
-3
spec/services/auth/container_registry_authentication_service_spec.rb
...es/auth/container_registry_authentication_service_spec.rb
+17
-29
No files found.
CHANGELOG
View file @
7ec1fa21
...
...
@@ -15,6 +15,7 @@ v 8.9.0 (unreleased)
- Remove 'main language' feature
- Projects pending deletion will render a 404 page
- Measure queue duration between gitlab-workhorse and Rails
- Make authentication service for Container Registry to be compatible with < Docker 1.11
v 8.8.3
- Fix gitlab importer failing to import new projects due to missing credentials
...
...
This diff is collapsed.
Click to expand it.
app/controllers/jwt_controller.rb
View file @
7ec1fa21
...
...
@@ -32,7 +32,7 @@ class JwtController < ApplicationController
end
def
auth_params
params
.
permit
(
:service
,
:scope
,
:
offline_token
,
:
account
,
:client_id
)
params
.
permit
(
:service
,
:scope
,
:account
,
:client_id
)
end
def
authenticate_project
(
login
,
password
)
...
...
This diff is collapsed.
Click to expand it.
app/services/auth/container_registry_authentication_service.rb
View file @
7ec1fa21
...
...
@@ -5,9 +5,7 @@ module Auth
def
execute
return
error
(
'not found'
,
404
)
unless
registry
.
enabled
if
params
[
:offline_token
]
return
error
(
'unauthorized'
,
401
)
unless
current_user
||
project
else
unless
current_user
||
project
return
error
(
'forbidden'
,
403
)
unless
scope
end
...
...
This diff is collapsed.
Click to expand it.
spec/services/auth/container_registry_authentication_service_spec.rb
View file @
7ec1fa21
...
...
@@ -14,7 +14,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
allow_any_instance_of
(
JSONWebToken
::
RSAToken
).
to
receive
(
:key
).
and_return
(
rsa_key
)
end
shared_examples
'a
n authenticated
'
do
shared_examples
'a
valid token
'
do
it
{
is_expected
.
to
include
(
:token
)
}
it
{
expect
(
payload
).
to
include
(
'access'
)
}
end
...
...
@@ -28,10 +28,15 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
}]
end
it_behaves_like
'a
n authenticated
'
it_behaves_like
'a
valid token
'
it
{
expect
(
payload
).
to
include
(
'access'
=>
access
)
}
end
shared_examples
'an inaccessible'
do
it_behaves_like
'a valid token'
it
{
expect
(
payload
).
to
include
(
'access'
=>
[])
}
end
shared_examples
'a pullable'
do
it_behaves_like
'a accessible'
do
let
(
:actions
)
{
[
'pull'
]
}
...
...
@@ -50,11 +55,6 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
end
end
shared_examples
'an unauthorized'
do
it
{
is_expected
.
to
include
(
http_status:
401
)
}
it
{
is_expected
.
not_to
include
(
:token
)
}
end
shared_examples
'a forbidden'
do
it
{
is_expected
.
to
include
(
http_status:
403
)
}
it
{
is_expected
.
not_to
include
(
:token
)
}
...
...
@@ -75,12 +75,8 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
let
(
:project
)
{
create
(
:project
)
}
let
(
:current_user
)
{
create
(
:user
)
}
context
'allow to use offline_token'
do
let
(
:current_params
)
do
{
offline_token:
true
}
end
it_behaves_like
'an authenticated'
context
'allow to use scope-less authentication'
do
it_behaves_like
'a valid token'
end
context
'allow developer to push images'
do
...
...
@@ -120,19 +116,15 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
{
scope:
"repository:
#{
project
.
path_with_namespace
}
:pull,push"
}
end
it_behaves_like
'a
forbidden
'
it_behaves_like
'a
n inaccessible
'
end
end
context
'project authorization'
do
let
(
:current_project
)
{
create
(
:empty_project
)
}
context
'allow to use offline_token'
do
let
(
:current_params
)
do
{
offline_token:
true
}
end
it_behaves_like
'an authenticated'
context
'allow to use scope-less authentication'
do
it_behaves_like
'a valid token'
end
context
'allow to pull and push images'
do
...
...
@@ -158,7 +150,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context
'disallow for private'
do
let
(
:project
)
{
create
(
:empty_project
,
:private
)
}
it_behaves_like
'a
forbidden
'
it_behaves_like
'a
n inaccessible
'
end
end
...
...
@@ -169,7 +161,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context
'disallow for all'
do
let
(
:project
)
{
create
(
:empty_project
,
:public
)
}
it_behaves_like
'a
forbidden
'
it_behaves_like
'a
n inaccessible
'
end
end
end
...
...
@@ -184,18 +176,14 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
{
scope:
"repository:
#{
project
.
path_with_namespace
}
:pull"
}
end
it_behaves_like
'a
forbidden
'
it_behaves_like
'a
n inaccessible
'
end
end
end
context
'unauthorized'
do
context
'disallow to use offline_token'
do
let
(
:current_params
)
do
{
offline_token:
true
}
end
it_behaves_like
'an unauthorized'
context
'disallow to use scope-less authentication'
do
it_behaves_like
'a forbidden'
end
context
'for invalid scope'
do
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment