Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-ce
Commits
0c47b68d
Commit
0c47b68d
authored
May 18, 2016
by
Rubén Dávila
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Mask credentials from URL when import of project has failed.
parent
28eea9bd
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
107 additions
and
33 deletions
+107
-33
app/models/project.rb
app/models/project.rb
+2
-2
app/workers/repository_import_worker.rb
app/workers/repository_import_worker.rb
+1
-1
db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb
...e/20160302152808_remove_wrong_import_url_from_projects.rb
+1
-1
lib/gitlab/url_sanitizer.rb
lib/gitlab/url_sanitizer.rb
+15
-2
spec/lib/gitlab/import_url_spec.rb
spec/lib/gitlab/import_url_spec.rb
+0
-21
spec/lib/gitlab/url_sanitizer_spec.rb
spec/lib/gitlab/url_sanitizer_spec.rb
+68
-0
spec/workers/repository_import_worker_spec.rb
spec/workers/repository_import_worker_spec.rb
+20
-6
No files found.
app/models/project.rb
View file @
0c47b68d
...
...
@@ -376,14 +376,14 @@ class Project < ActiveRecord::Base
end
def
import_url
=
(
value
)
import_url
=
Gitlab
::
ImportUrl
.
new
(
value
)
import_url
=
Gitlab
::
UrlSanitizer
.
new
(
value
)
create_or_update_import_data
(
credentials:
import_url
.
credentials
)
super
(
import_url
.
sanitized_url
)
end
def
import_url
if
import_data
&&
super
import_url
=
Gitlab
::
ImportUrl
.
new
(
super
,
credentials:
import_data
.
credentials
)
import_url
=
Gitlab
::
UrlSanitizer
.
new
(
super
,
credentials:
import_data
.
credentials
)
import_url
.
full_url
else
super
...
...
app/workers/repository_import_worker.rb
View file @
0c47b68d
...
...
@@ -13,7 +13,7 @@ class RepositoryImportWorker
result
=
Projects
::
ImportService
.
new
(
project
,
current_user
).
execute
if
result
[
:status
]
==
:error
project
.
update
(
import_error:
result
[
:message
]
)
project
.
update
(
import_error:
Gitlab
::
UrlSanitizer
.
sanitize
(
result
[
:message
])
)
project
.
import_fail
return
end
...
...
db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb
View file @
0c47b68d
...
...
@@ -24,7 +24,7 @@ class RemoveWrongImportUrlFromProjects < ActiveRecord::Migration
def
process_projects_with_wrong_url
projects_with_wrong_import_url
.
each
do
|
project
|
begin
import_url
=
Gitlab
::
ImportUrl
.
new
(
project
[
"import_url"
])
import_url
=
Gitlab
::
UrlSanitizer
.
new
(
project
[
"import_url"
])
update_import_url
(
import_url
,
project
)
update_import_data
(
import_url
,
project
)
...
...
lib/gitlab/
import_url
.rb
→
lib/gitlab/
url_sanitizer
.rb
View file @
0c47b68d
module
Gitlab
class
ImportUrl
class
UrlSanitizer
def
self
.
sanitize
(
content
)
regexp
=
URI
::
Parser
.
new
.
make_regexp
([
'http'
,
'https'
,
'ssh'
,
'git'
])
content
.
gsub
(
regexp
)
{
|
url
|
new
(
url
).
masked_url
}
end
def
initialize
(
url
,
credentials:
nil
)
@url
=
URI
.
parse
(
URI
.
encode
(
url
))
@url
=
Addressable
::
URI
.
parse
(
URI
.
encode
(
url
))
@credentials
=
credentials
end
...
...
@@ -9,6 +15,13 @@ module Gitlab
@sanitized_url
||=
safe_url
.
to_s
end
def
masked_url
url
=
@url
.
dup
url
.
password
=
"*****"
unless
url
.
password
.
nil?
url
.
user
=
"*****"
unless
url
.
user
.
nil?
url
.
to_s
end
def
credentials
@credentials
||=
{
user:
@url
.
user
,
password:
@url
.
password
}
end
...
...
spec/lib/gitlab/import_url_spec.rb
deleted
100644 → 0
View file @
28eea9bd
require
'spec_helper'
describe
Gitlab
::
ImportUrl
do
let
(
:credentials
)
{
{
user:
'blah'
,
password:
'password'
}
}
let
(
:import_url
)
do
Gitlab
::
ImportUrl
.
new
(
"https://github.com/me/project.git"
,
credentials:
credentials
)
end
describe
:full_url
do
it
{
expect
(
import_url
.
full_url
).
to
eq
(
"https://blah:password@github.com/me/project.git"
)
}
end
describe
:sanitized_url
do
it
{
expect
(
import_url
.
sanitized_url
).
to
eq
(
"https://github.com/me/project.git"
)
}
end
describe
:credentials
do
it
{
expect
(
import_url
.
credentials
).
to
eq
(
credentials
)
}
end
end
spec/lib/gitlab/url_sanitizer_spec.rb
0 → 100644
View file @
0c47b68d
require
'spec_helper'
describe
Gitlab
::
UrlSanitizer
,
lib:
true
do
let
(
:credentials
)
{
{
user:
'blah'
,
password:
'password'
}
}
let
(
:url_sanitizer
)
do
described_class
.
new
(
"https://github.com/me/project.git"
,
credentials:
credentials
)
end
describe
'.sanitize'
do
def
sanitize_url
(
url
)
# We want to try with multi-line content because is how error messages are formatted
described_class
.
sanitize
(
%Q{
remote: Not Found
fatal: repository '
#{
url
}
' not found
}
)
end
it
'mask the credentials from HTTP URLs'
do
filtered_content
=
sanitize_url
(
'http://user:pass@test.com/root/repoC.git/'
)
expect
(
filtered_content
).
to
include
(
"http://*****:*****@test.com/root/repoC.git/"
)
end
it
'mask the credentials from HTTPS URLs'
do
filtered_content
=
sanitize_url
(
'https://user:pass@test.com/root/repoA.git/'
)
expect
(
filtered_content
).
to
include
(
"https://*****:*****@test.com/root/repoA.git/"
)
end
it
'mask credentials from SSH URLs'
do
filtered_content
=
sanitize_url
(
'ssh://user@host.test/path/to/repo.git'
)
expect
(
filtered_content
).
to
include
(
"ssh://*****@host.test/path/to/repo.git"
)
end
it
'does not modify Git URLs'
do
# git protocol does not support authentication
filtered_content
=
sanitize_url
(
'git://host.test/path/to/repo.git'
)
expect
(
filtered_content
).
to
include
(
"git://host.test/path/to/repo.git"
)
end
it
'does not modify scp-like URLs'
do
filtered_content
=
sanitize_url
(
'user@server:project.git'
)
expect
(
filtered_content
).
to
include
(
"user@server:project.git"
)
end
end
describe
'#sanitized_url'
do
it
{
expect
(
url_sanitizer
.
sanitized_url
).
to
eq
(
"https://github.com/me/project.git"
)
}
end
describe
'#credentials'
do
it
{
expect
(
url_sanitizer
.
credentials
).
to
eq
(
credentials
)
}
end
describe
'#full_url'
do
it
{
expect
(
url_sanitizer
.
full_url
).
to
eq
(
"https://blah:password@github.com/me/project.git"
)
}
it
'supports scp-like URLs'
do
sanitizer
=
described_class
.
new
(
'user@server:project.git'
)
expect
(
sanitizer
.
full_url
).
to
eq
(
'user@server:project.git'
)
end
end
end
spec/workers/repository_import_worker_spec.rb
View file @
0c47b68d
...
...
@@ -6,14 +6,28 @@ describe RepositoryImportWorker do
subject
{
described_class
.
new
}
describe
'#perform'
do
it
'imports a project'
do
expect_any_instance_of
(
Projects
::
ImportService
).
to
receive
(
:execute
).
and_return
({
status: :ok
})
context
'when the import was successful'
do
it
'imports a project'
do
expect_any_instance_of
(
Projects
::
ImportService
).
to
receive
(
:execute
).
and_return
({
status: :ok
})
expect_any_instance_of
(
Repository
).
to
receive
(
:expire_emptiness_caches
)
expect_any_instance_of
(
Project
).
to
receive
(
:import_finish
)
expect_any_instance_of
(
Repository
).
to
receive
(
:expire_emptiness_caches
)
expect_any_instance_of
(
Project
).
to
receive
(
:import_finish
)
subject
.
perform
(
project
.
id
)
subject
.
perform
(
project
.
id
)
end
end
context
'when the import has failed'
do
it
'hide the credentials that were used in the import URL'
do
error
=
%Q{remote: Not Found fatal: repository 'https://user:pass@test.com/root/repoC.git/' not found }
expect_any_instance_of
(
Projects
::
ImportService
).
to
receive
(
:execute
).
and_return
({
status: :error
,
message:
error
})
subject
.
perform
(
project
.
id
)
expect
(
project
.
reload
.
import_error
).
to
include
(
"https://*****:*****@test.com/root/repoC.git/"
)
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment