Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
6d43c95b
Commit
6d43c95b
authored
Sep 19, 2016
by
Kamil Trzcinski
1
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Revert all changes introduced by
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043
parent
79f60e2b
Changes
13
Hide whitespace changes
Inline
Side-by-side
Showing
13 changed files
with
3 additions
and
245 deletions
+3
-245
CHANGELOG
CHANGELOG
+0
-1
app/controllers/projects/git_http_client_controller.rb
app/controllers/projects/git_http_client_controller.rb
+0
-6
app/helpers/lfs_helper.rb
app/helpers/lfs_helper.rb
+1
-1
doc/workflow/lfs/lfs_administration.md
doc/workflow/lfs/lfs_administration.md
+2
-2
doc/workflow/lfs/manage_large_binaries_with_git_lfs.md
doc/workflow/lfs/manage_large_binaries_with_git_lfs.md
+0
-8
lib/api/internal.rb
lib/api/internal.rb
+0
-13
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+0
-25
lib/gitlab/auth/result.rb
lib/gitlab/auth/result.rb
+0
-4
lib/gitlab/lfs_token.rb
lib/gitlab/lfs_token.rb
+0
-54
spec/lib/gitlab/auth_spec.rb
spec/lib/gitlab/auth_spec.rb
+0
-18
spec/lib/gitlab/lfs_token_spec.rb
spec/lib/gitlab/lfs_token_spec.rb
+0
-51
spec/requests/api/internal_spec.rb
spec/requests/api/internal_spec.rb
+0
-46
spec/requests/lfs_http_spec.rb
spec/requests/lfs_http_spec.rb
+0
-16
No files found.
CHANGELOG
View file @
6d43c95b
...
@@ -106,7 +106,6 @@ v 8.12.0 (unreleased)
...
@@ -106,7 +106,6 @@ v 8.12.0 (unreleased)
- Remove green outline from `New branch unavailable` button on issue page !5858 (winniehell)
- Remove green outline from `New branch unavailable` button on issue page !5858 (winniehell)
- Fix repo title alignment (ClemMakesApps)
- Fix repo title alignment (ClemMakesApps)
- Change update interval of contacted_at
- Change update interval of contacted_at
- Add LFS support to SSH !6043
- Fix branch title trailing space on hover (ClemMakesApps)
- Fix branch title trailing space on hover (ClemMakesApps)
- Don't include 'Created By' tag line when importing from GitHub if there is a linked GitLab account (EspadaV8)
- Don't include 'Created By' tag line when importing from GitHub if there is a linked GitLab account (EspadaV8)
- Award emoji tooltips containing more than 10 usernames are now truncated !4780 (jlogandavison)
- Award emoji tooltips containing more than 10 usernames are now truncated !4780 (jlogandavison)
...
...
app/controllers/projects/git_http_client_controller.rb
View file @
6d43c95b
...
@@ -132,12 +132,6 @@ class Projects::GitHttpClientController < Projects::ApplicationController
...
@@ -132,12 +132,6 @@ class Projects::GitHttpClientController < Projects::ApplicationController
authentication_project
==
project
authentication_project
==
project
end
end
def
lfs_deploy_key?
authentication_result
.
lfs_deploy_token?
&&
actor
&&
actor
.
projects
.
include?
(
project
)
end
def
authentication_has_download_access?
def
authentication_has_download_access?
has_authentication_ability?
(
:download_code
)
||
has_authentication_ability?
(
:build_download_code
)
has_authentication_ability?
(
:download_code
)
||
has_authentication_ability?
(
:build_download_code
)
end
end
...
...
app/helpers/lfs_helper.rb
View file @
6d43c95b
...
@@ -25,7 +25,7 @@ module LfsHelper
...
@@ -25,7 +25,7 @@ module LfsHelper
def
lfs_download_access?
def
lfs_download_access?
return
false
unless
project
.
lfs_enabled?
return
false
unless
project
.
lfs_enabled?
project
.
public?
||
ci?
||
lfs_deploy_key?
||
user_can_download_code?
||
build_can_download_code?
project
.
public?
||
ci?
||
user_can_download_code?
||
build_can_download_code?
end
end
def
user_can_download_code?
def
user_can_download_code?
...
...
doc/workflow/lfs/lfs_administration.md
View file @
6d43c95b
...
@@ -45,5 +45,5 @@ In `config/gitlab.yml`:
...
@@ -45,5 +45,5 @@ In `config/gitlab.yml`:
*
Currently, storing GitLab Git LFS objects on a non-local storage (like S3 buckets)
*
Currently, storing GitLab Git LFS objects on a non-local storage (like S3 buckets)
is not supported
is not supported
*
Currently, removing LFS objects from GitLab Git LFS storage is not supported
*
Currently, removing LFS objects from GitLab Git LFS storage is not supported
*
LFS authentications via SSH
was added with GitLab 8.12
*
LFS authentications via SSH
is not supported for the time being
*
Only compatible with the GitLFS client versions 1.1.0
and up,
or 1.0.2.
*
Only compatible with the GitLFS client versions 1.1.0 or 1.0.2.
doc/workflow/lfs/manage_large_binaries_with_git_lfs.md
View file @
6d43c95b
...
@@ -35,10 +35,6 @@ Documentation for GitLab instance administrators is under [LFS administration do
...
@@ -35,10 +35,6 @@ Documentation for GitLab instance administrators is under [LFS administration do
credentials store is recommended
credentials store is recommended
*
Git LFS always assumes HTTPS so if you have GitLab server on HTTP you will have
*
Git LFS always assumes HTTPS so if you have GitLab server on HTTP you will have
to add the URL to Git config manually (see #troubleshooting)
to add the URL to Git config manually (see #troubleshooting)
>**Note**: With 8.12 GitLab added LFS support to SSH. The Git LFS communication
still goes over HTTP, but now the SSH client passes the correct credentials
to the Git LFS client, so no action is required by the user.
## Using Git LFS
## Using Git LFS
...
@@ -136,10 +132,6 @@ git config --add lfs.url "http://gitlab.example.com/group/project.git/info/lfs"
...
@@ -136,10 +132,6 @@ git config --add lfs.url "http://gitlab.example.com/group/project.git/info/lfs"
### Credentials are always required when pushing an object
### Credentials are always required when pushing an object
>**Note**: With 8.12 GitLab added LFS support to SSH. The Git LFS communication
still goes over HTTP, but now the SSH client passes the correct credentials
to the Git LFS client, so no action is required by the user.
Given that Git LFS uses HTTP Basic Authentication to authenticate the user pushing
Given that Git LFS uses HTTP Basic Authentication to authenticate the user pushing
the LFS object on every push for every object, user HTTPS credentials are required.
the LFS object on every push for every object, user HTTPS credentials are required.
...
...
lib/api/internal.rb
View file @
6d43c95b
...
@@ -82,19 +82,6 @@ module API
...
@@ -82,19 +82,6 @@ module API
response
response
end
end
post
"/lfs_authenticate"
do
status
200
key
=
Key
.
find
(
params
[
:key_id
])
token_handler
=
Gitlab
::
LfsToken
.
new
(
key
)
{
username:
token_handler
.
actor_name
,
lfs_token:
token_handler
.
generate
,
repository_http_path:
project
.
http_url_to_repo
}
end
get
"/merge_request_urls"
do
get
"/merge_request_urls"
do
::
MergeRequests
::
GetUrlsService
.
new
(
project
).
execute
(
params
[
:changes
])
::
MergeRequests
::
GetUrlsService
.
new
(
project
).
execute
(
params
[
:changes
])
end
end
...
...
lib/gitlab/auth.rb
View file @
6d43c95b
...
@@ -11,7 +11,6 @@ module Gitlab
...
@@ -11,7 +11,6 @@ module Gitlab
build_access_token_check
(
login
,
password
)
||
build_access_token_check
(
login
,
password
)
||
user_with_password_for_git
(
login
,
password
)
||
user_with_password_for_git
(
login
,
password
)
||
oauth_access_token_check
(
login
,
password
)
||
oauth_access_token_check
(
login
,
password
)
||
lfs_token_check
(
login
,
password
)
||
personal_access_token_check
(
login
,
password
)
||
personal_access_token_check
(
login
,
password
)
||
Result
.
new
Result
.
new
...
@@ -103,30 +102,6 @@ module Gitlab
...
@@ -103,30 +102,6 @@ module Gitlab
end
end
end
end
def
lfs_token_check
(
login
,
password
)
deploy_key_matches
=
login
.
match
(
/\Alfs\+deploy-key-(\d+)\z/
)
actor
=
if
deploy_key_matches
DeployKey
.
find
(
deploy_key_matches
[
1
])
else
User
.
by_login
(
login
)
end
if
actor
token_handler
=
Gitlab
::
LfsToken
.
new
(
actor
)
authentication_abilities
=
if
token_handler
.
user?
full_authentication_abilities
else
read_authentication_abilities
end
Result
.
new
(
actor
,
nil
,
token_handler
.
type
,
authentication_abilities
)
if
Devise
.
secure_compare
(
token_handler
.
value
,
password
)
end
end
def
build_access_token_check
(
login
,
password
)
def
build_access_token_check
(
login
,
password
)
return
unless
login
==
'gitlab-ci-token'
return
unless
login
==
'gitlab-ci-token'
return
unless
password
return
unless
password
...
...
lib/gitlab/auth/result.rb
View file @
6d43c95b
...
@@ -5,10 +5,6 @@ module Gitlab
...
@@ -5,10 +5,6 @@ module Gitlab
type
==
:ci
type
==
:ci
end
end
def
lfs_deploy_token?
type
==
:lfs_deploy_token
end
def
success?
def
success?
actor
.
present?
||
type
==
:ci
actor
.
present?
||
type
==
:ci
end
end
...
...
lib/gitlab/lfs_token.rb
deleted
100644 → 0
View file @
79f60e2b
module
Gitlab
class
LfsToken
attr_accessor
:actor
TOKEN_LENGTH
=
50
EXPIRY_TIME
=
1800
def
initialize
(
actor
)
@actor
=
case
actor
when
DeployKey
,
User
actor
when
Key
actor
.
user
else
raise
'Bad Actor'
end
end
def
generate
token
=
Devise
.
friendly_token
(
TOKEN_LENGTH
)
Gitlab
::
Redis
.
with
do
|
redis
|
redis
.
set
(
redis_key
,
token
,
ex:
EXPIRY_TIME
)
end
token
end
def
value
Gitlab
::
Redis
.
with
do
|
redis
|
redis
.
get
(
redis_key
)
end
end
def
user?
actor
.
is_a?
(
User
)
end
def
type
actor
.
is_a?
(
User
)
?
:lfs_token
:
:lfs_deploy_token
end
def
actor_name
actor
.
is_a?
(
User
)
?
actor
.
username
:
"lfs+deploy-key-
#{
actor
.
id
}
"
end
private
def
redis_key
"gitlab:lfs_token:
#{
actor
.
class
.
name
.
underscore
}
_
#{
actor
.
id
}
"
if
actor
end
end
end
spec/lib/gitlab/auth_spec.rb
View file @
6d43c95b
...
@@ -61,24 +61,6 @@ describe Gitlab::Auth, lib: true do
...
@@ -61,24 +61,6 @@ describe Gitlab::Auth, lib: true do
expect
(
gl_auth
.
find_for_git_client
(
user
.
username
,
'password'
,
project:
nil
,
ip:
ip
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
user
,
nil
,
:gitlab_or_ldap
,
full_authentication_abilities
))
expect
(
gl_auth
.
find_for_git_client
(
user
.
username
,
'password'
,
project:
nil
,
ip:
ip
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
user
,
nil
,
:gitlab_or_ldap
,
full_authentication_abilities
))
end
end
it
'recognizes user lfs tokens'
do
user
=
create
(
:user
)
ip
=
'ip'
token
=
Gitlab
::
LfsToken
.
new
(
user
).
generate
expect
(
gl_auth
).
to
receive
(
:rate_limit!
).
with
(
ip
,
success:
true
,
login:
user
.
username
)
expect
(
gl_auth
.
find_for_git_client
(
user
.
username
,
token
,
project:
nil
,
ip:
ip
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
user
,
nil
,
:lfs_token
,
read_authentication_abilities
))
end
it
'recognizes deploy key lfs tokens'
do
key
=
create
(
:deploy_key
)
ip
=
'ip'
token
=
Gitlab
::
LfsToken
.
new
(
key
).
generate
expect
(
gl_auth
).
to
receive
(
:rate_limit!
).
with
(
ip
,
success:
true
,
login:
"lfs+deploy-key-
#{
key
.
id
}
"
)
expect
(
gl_auth
.
find_for_git_client
(
"lfs+deploy-key-
#{
key
.
id
}
"
,
token
,
project:
nil
,
ip:
ip
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
key
,
nil
,
:lfs_deploy_token
,
read_authentication_abilities
))
end
it
'recognizes OAuth tokens'
do
it
'recognizes OAuth tokens'
do
user
=
create
(
:user
)
user
=
create
(
:user
)
application
=
Doorkeeper
::
Application
.
create!
(
name:
"MyApp"
,
redirect_uri:
"https://app.com"
,
owner:
user
)
application
=
Doorkeeper
::
Application
.
create!
(
name:
"MyApp"
,
redirect_uri:
"https://app.com"
,
owner:
user
)
...
...
spec/lib/gitlab/lfs_token_spec.rb
deleted
100644 → 0
View file @
79f60e2b
require
'spec_helper'
describe
Gitlab
::
LfsToken
,
lib:
true
do
describe
'#generate and #value'
do
shared_examples
'an LFS token generator'
do
it
'returns a randomly generated token'
do
token
=
handler
.
generate
expect
(
token
).
not_to
be_nil
expect
(
token
).
to
be_a
String
expect
(
token
.
length
).
to
eq
50
end
it
'returns the correct token based on the key'
do
token
=
handler
.
generate
expect
(
handler
.
value
).
to
eq
(
token
)
end
end
context
'when the actor is a user'
do
let
(
:actor
)
{
create
(
:user
)
}
let
(
:handler
)
{
described_class
.
new
(
actor
)
}
it_behaves_like
'an LFS token generator'
it
'returns the correct username'
do
expect
(
handler
.
actor_name
).
to
eq
(
actor
.
username
)
end
it
'returns the correct token type'
do
expect
(
handler
.
type
).
to
eq
(
:lfs_token
)
end
end
context
'when the actor is a deploy key'
do
let
(
:actor
)
{
create
(
:deploy_key
)
}
let
(
:handler
)
{
described_class
.
new
(
actor
)
}
it_behaves_like
'an LFS token generator'
it
'returns the correct username'
do
expect
(
handler
.
actor_name
).
to
eq
(
"lfs+deploy-key-
#{
actor
.
id
}
"
)
end
it
'returns the correct token type'
do
expect
(
handler
.
type
).
to
eq
(
:lfs_deploy_token
)
end
end
end
end
spec/requests/api/internal_spec.rb
View file @
6d43c95b
...
@@ -100,43 +100,6 @@ describe API::API, api: true do
...
@@ -100,43 +100,6 @@ describe API::API, api: true do
end
end
end
end
describe
"POST /internal/lfs_authenticate"
do
before
do
project
.
team
<<
[
user
,
:developer
]
end
context
'user key'
do
it
'returns the correct information about the key'
do
lfs_auth
(
key
.
id
,
project
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
[
'username'
]).
to
eq
(
user
.
username
)
expect
(
json_response
[
'lfs_token'
]).
to
eq
(
Gitlab
::
LfsToken
.
new
(
key
).
value
)
expect
(
json_response
[
'repository_http_path'
]).
to
eq
(
project
.
http_url_to_repo
)
end
it
'returns a 404 when the wrong key is provided'
do
lfs_auth
(
nil
,
project
)
expect
(
response
).
to
have_http_status
(
404
)
end
end
context
'deploy key'
do
let
(
:key
)
{
create
(
:deploy_key
)
}
it
'returns the correct information about the key'
do
lfs_auth
(
key
.
id
,
project
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
[
'username'
]).
to
eq
(
"lfs+deploy-key-
#{
key
.
id
}
"
)
expect
(
json_response
[
'lfs_token'
]).
to
eq
(
Gitlab
::
LfsToken
.
new
(
key
).
value
)
expect
(
json_response
[
'repository_http_path'
]).
to
eq
(
project
.
http_url_to_repo
)
end
end
end
describe
"GET /internal/discover"
do
describe
"GET /internal/discover"
do
it
do
it
do
get
(
api
(
"/internal/discover"
),
key_id:
key
.
id
,
secret_token:
secret_token
)
get
(
api
(
"/internal/discover"
),
key_id:
key
.
id
,
secret_token:
secret_token
)
...
@@ -426,13 +389,4 @@ describe API::API, api: true do
...
@@ -426,13 +389,4 @@ describe API::API, api: true do
protocol:
'ssh'
protocol:
'ssh'
)
)
end
end
def
lfs_auth
(
key_id
,
project
)
post
(
api
(
"/internal/lfs_authenticate"
),
key_id:
key_id
,
secret_token:
secret_token
,
project:
project
.
path_with_namespace
)
end
end
end
spec/requests/lfs_http_spec.rb
View file @
6d43c95b
...
@@ -245,18 +245,6 @@ describe 'Git LFS API and storage' do
...
@@ -245,18 +245,6 @@ describe 'Git LFS API and storage' do
end
end
end
end
context
'when deploy key is authorized'
do
let
(
:key
)
{
create
(
:deploy_key
)
}
let
(
:authorization
)
{
authorize_deploy_key
}
let
(
:update_permissions
)
do
project
.
deploy_keys
<<
key
project
.
lfs_objects
<<
lfs_object
end
it_behaves_like
'responds with a file'
end
context
'when build is authorized as'
do
context
'when build is authorized as'
do
let
(
:authorization
)
{
authorize_ci_project
}
let
(
:authorization
)
{
authorize_ci_project
}
...
@@ -1109,10 +1097,6 @@ describe 'Git LFS API and storage' do
...
@@ -1109,10 +1097,6 @@ describe 'Git LFS API and storage' do
ActionController
::
HttpAuthentication
::
Basic
.
encode_credentials
(
user
.
username
,
user
.
password
)
ActionController
::
HttpAuthentication
::
Basic
.
encode_credentials
(
user
.
username
,
user
.
password
)
end
end
def
authorize_deploy_key
ActionController
::
HttpAuthentication
::
Basic
.
encode_credentials
(
"lfs+deploy-key-
#{
key
.
id
}
"
,
Gitlab
::
LfsToken
.
new
(
key
).
generate
)
end
def
fork_project
(
project
,
user
,
object
=
nil
)
def
fork_project
(
project
,
user
,
object
=
nil
)
allow
(
RepositoryForkWorker
).
to
receive
(
:perform_async
).
and_return
(
true
)
allow
(
RepositoryForkWorker
).
to
receive
(
:perform_async
).
and_return
(
true
)
Projects
::
ForkService
.
new
(
project
,
user
,
{}).
execute
Projects
::
ForkService
.
new
(
project
,
user
,
{}).
execute
...
...
Alain Takoudjou
@alain.takoudjou
mentioned in commit
3c1bb343
·
May 03, 2017
mentioned in commit
3c1bb343
mentioned in commit 3c1bb3432b0b8448262ec9a9a3468641c82db5c1
Toggle commit list
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment