Commit 710cd82c authored by Rémy Coutable's avatar Rémy Coutable

Set Git-specific env in /api/internal/allowed

Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent 05aa038c
...@@ -53,12 +53,12 @@ module API ...@@ -53,12 +53,12 @@ module API
] ]
end end
def parse_allowed_environment_variables def parse_env
return if params[:env].blank? return {} if params[:env].blank?
JSON.parse(params[:env]) JSON.parse(params[:env])
rescue JSON::ParserError rescue JSON::ParserError
{}
end end
end end
end end
......
...@@ -11,14 +11,16 @@ module API ...@@ -11,14 +11,16 @@ module API
# Params: # Params:
# key_id - ssh key id for Git over SSH # key_id - ssh key id for Git over SSH
# user_id - user id for Git over HTTP # user_id - user id for Git over HTTP
# protocol - Git access protocol being used, e.g. HTTP or SSH
# project - project path with namespace # project - project path with namespace
# action - git action (git-upload-pack or git-receive-pack) # action - git action (git-upload-pack or git-receive-pack)
# ref - branch name # changes - changes as "oldrev newrev ref", see Gitlab::ChangesList
# forced_push - forced_push
# protocol - Git access protocol being used, e.g. HTTP or SSH
post "/allowed" do post "/allowed" do
status 200 status 200
# Stores some Git-specific env thread-safely
Gitlab::Git::Env.set(parse_env)
actor = actor =
if params[:key_id] if params[:key_id]
Key.find_by(id: params[:key_id]) Key.find_by(id: params[:key_id])
...@@ -30,18 +32,10 @@ module API ...@@ -30,18 +32,10 @@ module API
actor.update_last_used_at if actor.is_a?(Key) actor.update_last_used_at if actor.is_a?(Key)
access = access_checker = wiki? ? Gitlab::GitAccessWiki : Gitlab::GitAccess
if wiki? access_status = access_checker
Gitlab::GitAccessWiki.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities) .new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities)
else .check(params[:action], params[:changes])
Gitlab::GitAccess.new(actor,
project,
protocol,
authentication_abilities: ssh_authentication_abilities,
env: parse_allowed_environment_variables)
end
access_status = access.check(params[:action], params[:changes])
response = { status: access_status.status, message: access_status.message } response = { status: access_status.status, message: access_status.message }
......
...@@ -153,6 +153,22 @@ describe API::Internal, api: true do ...@@ -153,6 +153,22 @@ describe API::Internal, api: true do
project.team << [user, :developer] project.team << [user, :developer]
end end
context 'with env passed as a JSON' do
it 'sets env in RequestStore' do
expect(Gitlab::Git::Env).to receive(:set).with({
'GIT_OBJECT_DIRECTORY' => 'foo',
'GIT_ALTERNATE_OBJECT_DIRECTORIES' => 'bar'
})
push(key, project.wiki, env: {
GIT_OBJECT_DIRECTORY: 'foo',
GIT_ALTERNATE_OBJECT_DIRECTORIES: 'bar'
}.to_json)
expect(response).to have_http_status(200)
end
end
context "git push with project.wiki" do context "git push with project.wiki" do
it 'responds with success' do it 'responds with success' do
push(key, project.wiki) push(key, project.wiki)
...@@ -463,7 +479,7 @@ describe API::Internal, api: true do ...@@ -463,7 +479,7 @@ describe API::Internal, api: true do
) )
end end
def push(key, project, protocol = 'ssh') def push(key, project, protocol = 'ssh', env: nil)
post( post(
api("/internal/allowed"), api("/internal/allowed"),
changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master', changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master',
...@@ -471,7 +487,8 @@ describe API::Internal, api: true do ...@@ -471,7 +487,8 @@ describe API::Internal, api: true do
project: project.repository.path_to_repo, project: project.repository.path_to_repo,
action: 'git-receive-pack', action: 'git-receive-pack',
secret_token: secret_token, secret_token: secret_token,
protocol: protocol protocol: protocol,
env: env
) )
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment