Commit 71aff7f6 authored by Patricio Cano's avatar Patricio Cano

Use special characters for `lfs+deploy-key` to prevent a someone from creating...

Use special characters for `lfs+deploy-key` to prevent a someone from creating a user with this username, and method name refactoring.
parent c144db29
...@@ -22,7 +22,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController ...@@ -22,7 +22,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController
if allow_basic_auth? && basic_auth_provided? if allow_basic_auth? && basic_auth_provided?
login, password = user_name_and_password(request) login, password = user_name_and_password(request)
handle_authentication(login, password) handle_basic_authentication(login, password)
if ci? || user if ci? || user
return # Allow access return # Allow access
...@@ -110,7 +110,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController ...@@ -110,7 +110,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController
@ci.present? @ci.present?
end end
def handle_authentication(login, password) def handle_basic_authentication(login, password)
auth_result = Gitlab::Auth.find_for_git_client(login, password, project: project, ip: request.ip) auth_result = Gitlab::Auth.find_for_git_client(login, password, project: project, ip: request.ip)
case auth_result.type case auth_result.type
......
...@@ -115,7 +115,7 @@ module Gitlab ...@@ -115,7 +115,7 @@ module Gitlab
def lfs_token_check(login, password) def lfs_token_check(login, password)
actor = actor =
if login =~ /\Alfs-deploy-key-\d+\Z/ if login =~ /\Alfs\+deploy-key-\d+\Z/
/\d+\Z/.match(login) do |id| /\d+\Z/.match(login) do |id|
DeployKey.find(id[0]) DeployKey.find(id[0])
end end
......
...@@ -30,7 +30,7 @@ module Gitlab ...@@ -30,7 +30,7 @@ module Gitlab
end end
def actor_name def actor_name
actor.is_a?(User) ? actor.username : "lfs-deploy-key-#{actor.id}" actor.is_a?(User) ? actor.username : "lfs+deploy-key-#{actor.id}"
end end
private private
......
...@@ -37,8 +37,8 @@ describe Gitlab::Auth, lib: true do ...@@ -37,8 +37,8 @@ describe Gitlab::Auth, lib: true do
ip = 'ip' ip = 'ip'
token = Gitlab::LfsToken.new(key).generate token = Gitlab::LfsToken.new(key).generate
expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: "lfs-deploy-key-#{key.id}") expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: "lfs+deploy-key-#{key.id}")
expect(gl_auth.find_for_git_client("lfs-deploy-key-#{key.id}", token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(key, :lfs_deploy_token)) expect(gl_auth.find_for_git_client("lfs+deploy-key-#{key.id}", token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(key, :lfs_deploy_token))
end end
it 'recognizes OAuth tokens' do it 'recognizes OAuth tokens' do
......
...@@ -40,7 +40,7 @@ describe Gitlab::LfsToken, lib: true do ...@@ -40,7 +40,7 @@ describe Gitlab::LfsToken, lib: true do
it_behaves_like 'an LFS token generator' it_behaves_like 'an LFS token generator'
it 'returns the correct username' do it 'returns the correct username' do
expect(handler.actor_name).to eq("lfs-deploy-key-#{actor.id}") expect(handler.actor_name).to eq("lfs+deploy-key-#{actor.id}")
end end
it 'returns the correct token type' do it 'returns the correct token type' do
......
...@@ -124,7 +124,7 @@ describe API::API, api: true do ...@@ -124,7 +124,7 @@ describe API::API, api: true do
lfs_auth(key, project) lfs_auth(key, project)
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(json_response['username']).to eq("lfs-deploy-key-#{key.id}") expect(json_response['username']).to eq("lfs+deploy-key-#{key.id}")
expect(json_response['lfs_token']).to eq(Gitlab::LfsToken.new(key).value) expect(json_response['lfs_token']).to eq(Gitlab::LfsToken.new(key).value)
expect(json_response['repository_http_path']).to eq(project.http_url_to_repo) expect(json_response['repository_http_path']).to eq(project.http_url_to_repo)
end end
......
...@@ -917,7 +917,7 @@ describe 'Git LFS API and storage' do ...@@ -917,7 +917,7 @@ describe 'Git LFS API and storage' do
end end
def authorize_deploy_key def authorize_deploy_key
ActionController::HttpAuthentication::Basic.encode_credentials("lfs-deploy-key-#{key.id}", Gitlab::LfsToken.new(key).generate) ActionController::HttpAuthentication::Basic.encode_credentials("lfs+deploy-key-#{key.id}", Gitlab::LfsToken.new(key).generate)
end end
def fork_project(project, user, object = nil) def fork_project(project, user, object = nil)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment