Commit 71aff7f6 authored by Patricio Cano's avatar Patricio Cano

Use special characters for `lfs+deploy-key` to prevent a someone from creating...

Use special characters for `lfs+deploy-key` to prevent a someone from creating a user with this username, and method name refactoring.
parent c144db29
......@@ -22,7 +22,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController
if allow_basic_auth? && basic_auth_provided?
login, password = user_name_and_password(request)
handle_authentication(login, password)
handle_basic_authentication(login, password)
if ci? || user
return # Allow access
......@@ -110,7 +110,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController
@ci.present?
end
def handle_authentication(login, password)
def handle_basic_authentication(login, password)
auth_result = Gitlab::Auth.find_for_git_client(login, password, project: project, ip: request.ip)
case auth_result.type
......
......@@ -115,7 +115,7 @@ module Gitlab
def lfs_token_check(login, password)
actor =
if login =~ /\Alfs-deploy-key-\d+\Z/
if login =~ /\Alfs\+deploy-key-\d+\Z/
/\d+\Z/.match(login) do |id|
DeployKey.find(id[0])
end
......
......@@ -30,7 +30,7 @@ module Gitlab
end
def actor_name
actor.is_a?(User) ? actor.username : "lfs-deploy-key-#{actor.id}"
actor.is_a?(User) ? actor.username : "lfs+deploy-key-#{actor.id}"
end
private
......
......@@ -37,8 +37,8 @@ describe Gitlab::Auth, lib: true do
ip = 'ip'
token = Gitlab::LfsToken.new(key).generate
expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: "lfs-deploy-key-#{key.id}")
expect(gl_auth.find_for_git_client("lfs-deploy-key-#{key.id}", token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(key, :lfs_deploy_token))
expect(gl_auth).to receive(:rate_limit!).with(ip, success: true, login: "lfs+deploy-key-#{key.id}")
expect(gl_auth.find_for_git_client("lfs+deploy-key-#{key.id}", token, project: nil, ip: ip)).to eq(Gitlab::Auth::Result.new(key, :lfs_deploy_token))
end
it 'recognizes OAuth tokens' do
......
......@@ -40,7 +40,7 @@ describe Gitlab::LfsToken, lib: true do
it_behaves_like 'an LFS token generator'
it 'returns the correct username' do
expect(handler.actor_name).to eq("lfs-deploy-key-#{actor.id}")
expect(handler.actor_name).to eq("lfs+deploy-key-#{actor.id}")
end
it 'returns the correct token type' do
......
......@@ -124,7 +124,7 @@ describe API::API, api: true do
lfs_auth(key, project)
expect(response).to have_http_status(200)
expect(json_response['username']).to eq("lfs-deploy-key-#{key.id}")
expect(json_response['username']).to eq("lfs+deploy-key-#{key.id}")
expect(json_response['lfs_token']).to eq(Gitlab::LfsToken.new(key).value)
expect(json_response['repository_http_path']).to eq(project.http_url_to_repo)
end
......
......@@ -917,7 +917,7 @@ describe 'Git LFS API and storage' do
end
def authorize_deploy_key
ActionController::HttpAuthentication::Basic.encode_credentials("lfs-deploy-key-#{key.id}", Gitlab::LfsToken.new(key).generate)
ActionController::HttpAuthentication::Basic.encode_credentials("lfs+deploy-key-#{key.id}", Gitlab::LfsToken.new(key).generate)
end
def fork_project(project, user, object = nil)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment