Merge branch 'fix_jwt_auth_for_not_existing_repository' into 'master'

Fix JWT token check when repository does not exist See merge request gitlab-org/gitlab-ee!11033

Merge branch 'fix_jwt_auth_for_not_existing_repository' into 'master'
Fix JWT token check when repository does not exist See merge request gitlab-org/gitlab-ee!11033
55222bae · Michael Kozono · b02d2bec · 2d838890 · 55222bae · 55222bae
Commit 55222bae authored Apr 18, 2019 by Michael Kozono
3 changed files
--- a/ee/app/controllers/ee/projects/git_http_controller.rb
+++ b/ee/app/controllers/ee/projects/git_http_controller.rb
@@ -60,11 +60,11 @@ module EE
      end

      def jwt_scope_valid?
-        decoded_authorization[:scope] == repository.full_path
+        decoded_authorization[:scope] == repository_full_path
      end

-      def repository
-        wiki? ? project.wiki.repository : project.repository
+      def repository_full_path
+        File.join(params[:namespace_id], project_path)
      end

      def decoded_authorization

--- a/ee/changelogs/unreleased/fix_jwt_auth_for_not_existing_repository.yml
+++ b/ee/changelogs/unreleased/fix_jwt_auth_for_not_existing_repository.yml
+---
+title: Fix JWT token check when repository does not exist
+merge_request: 11033
+author:
+type: fixed
--- a/ee/spec/requests/git_http_geo_spec.rb
+++ b/ee/spec/requests/git_http_geo_spec.rb
@@ -348,6 +348,22 @@ describe "Git HTTP requests (Geo)", :geo do
      end
    end

+    context 'repository does not exist' do
+      subject do
+        make_request
+        response
+      end
+
+      def make_request
+        full_path = project.full_path
+        project.destroy
+
+        get "/#{full_path}.git/info/refs", params: { service: 'git-upload-pack' }, headers: env
+      end
+
+      it { is_expected.to have_gitlab_http_status(:not_found) }
+    end
+
    context 'invalid scope' do
      subject do
        make_request