Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
a322607c
Commit
a322607c
authored
May 22, 2019
by
GitLab Bot
Browse files
Options
Browse Files
Download
Plain Diff
Automatic merge of gitlab-org/gitlab-ce master
parents
8590dbe7
0c7300cd
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
28 additions
and
117 deletions
+28
-117
changelogs/unreleased/8723-geo-remove-gitlab-lfstoken-legacyredisdevisetoken-implementation-and-usage-geo.yml
...n-legacyredisdevisetoken-implementation-and-usage-geo.yml
+5
-0
lib/gitlab/lfs_token.rb
lib/gitlab/lfs_token.rb
+1
-41
spec/lib/gitlab/lfs_token_spec.rb
spec/lib/gitlab/lfs_token_spec.rb
+22
-76
No files found.
changelogs/unreleased/8723-geo-remove-gitlab-lfstoken-legacyredisdevisetoken-implementation-and-usage-geo.yml
0 → 100644
View file @
a322607c
---
title
:
'
Geo:
Remove
Gitlab::LfsToken::LegacyRedisDeviseToken
implementation
and
usage'
merge_request
:
28546
author
:
type
:
changed
lib/gitlab/lfs_token.rb
View file @
a322607c
...
@@ -35,8 +35,7 @@ module Gitlab
...
@@ -35,8 +35,7 @@ module Gitlab
end
end
def
token_valid?
(
token_to_check
)
def
token_valid?
(
token_to_check
)
HMACToken
.
new
(
actor
).
token_valid?
(
token_to_check
)
||
HMACToken
.
new
(
actor
).
token_valid?
(
token_to_check
)
LegacyRedisDeviseToken
.
new
(
actor
).
token_valid?
(
token_to_check
)
end
end
def
deploy_key_pushable?
(
project
)
def
deploy_key_pushable?
(
project
)
...
@@ -103,44 +102,5 @@ module Gitlab
...
@@ -103,44 +102,5 @@ module Gitlab
Settings
.
attr_encrypted_db_key_base
.
first
(
16
)
Settings
.
attr_encrypted_db_key_base
.
first
(
16
)
end
end
end
end
# TODO: LegacyRedisDeviseToken and references need to be removed after
# next released milestone
#
class
LegacyRedisDeviseToken
TOKEN_LENGTH
=
50
DEFAULT_EXPIRY_TIME
=
1800
*
1000
# 30 mins
def
initialize
(
actor
)
@actor
=
actor
end
def
token_valid?
(
token_to_check
)
Devise
.
secure_compare
(
stored_token
,
token_to_check
)
end
def
stored_token
Gitlab
::
Redis
::
SharedState
.
with
{
|
redis
|
redis
.
get
(
state_key
)
}
end
# This method exists purely to facilitate legacy testing to ensure the
# same redis key is used.
#
def
store_new_token
(
expiry_time_in_ms
=
DEFAULT_EXPIRY_TIME
)
Gitlab
::
Redis
::
SharedState
.
with
do
|
redis
|
new_token
=
Devise
.
friendly_token
(
TOKEN_LENGTH
)
redis
.
set
(
state_key
,
new_token
,
px:
expiry_time_in_ms
)
new_token
end
end
private
attr_reader
:actor
def
state_key
"gitlab:lfs_token:
#{
actor
.
class
.
name
.
underscore
}
_
#{
actor
.
id
}
"
end
end
end
end
end
end
spec/lib/gitlab/lfs_token_spec.rb
View file @
a322607c
...
@@ -77,96 +77,42 @@ describe Gitlab::LfsToken, :clean_gitlab_redis_shared_state do
...
@@ -77,96 +77,42 @@ describe Gitlab::LfsToken, :clean_gitlab_redis_shared_state do
let
(
:actor
)
{
create
(
:user
,
username:
'test_user_lfs_1'
)
}
let
(
:actor
)
{
create
(
:user
,
username:
'test_user_lfs_1'
)
}
let
(
:lfs_token
)
{
described_class
.
new
(
actor
)
}
let
(
:lfs_token
)
{
described_class
.
new
(
actor
)
}
context
'for an HMAC token'
do
context
'where the token is invalid'
do
before
do
context
"because it's junk"
do
# We're not interested in testing LegacyRedisDeviseToken here
it
'returns false'
do
allow
(
Gitlab
::
LfsToken
::
LegacyRedisDeviseToken
).
to
receive_message_chain
(
:new
,
:token_valid?
).
and_return
(
false
)
expect
(
lfs_token
.
token_valid?
(
'junk'
)).
to
be_falsey
end
context
'where the token is invalid'
do
context
"because it's junk"
do
it
'returns false'
do
expect
(
lfs_token
.
token_valid?
(
'junk'
)).
to
be_falsey
end
end
context
"because it's been fiddled with"
do
it
'returns false'
do
fiddled_token
=
lfs_token
.
token
.
tap
{
|
token
|
token
[
0
]
=
'E'
}
expect
(
lfs_token
.
token_valid?
(
fiddled_token
)).
to
be_falsey
end
end
context
"because it was generated with a different secret"
do
it
'returns false'
do
different_actor
=
create
(
:user
,
username:
'test_user_lfs_2'
)
different_secret_token
=
described_class
.
new
(
different_actor
).
token
expect
(
lfs_token
.
token_valid?
(
different_secret_token
)).
to
be_falsey
end
end
context
"because it's expired"
do
it
'returns false'
do
expired_token
=
lfs_token
.
token
# Needs to be at least 1860 seconds, because the default expiry is
# 1800 seconds with an additional 60 second leeway.
Timecop
.
freeze
(
Time
.
now
+
1865
)
do
expect
(
lfs_token
.
token_valid?
(
expired_token
)).
to
be_falsey
end
end
end
end
end
end
context
'where the token is valid'
do
context
"because it's been fiddled with"
do
it
'returns true'
do
it
'returns false'
do
expect
(
lfs_token
.
token_valid?
(
lfs_token
.
token
)).
to
be_truthy
fiddled_token
=
lfs_token
.
token
.
tap
{
|
token
|
token
[
0
]
=
'E'
}
expect
(
lfs_token
.
token_valid?
(
fiddled_token
)).
to
be_falsey
end
end
end
end
end
context
'for a LegacyRedisDevise token'
do
before
do
# We're not interested in testing HMACToken here
allow_any_instance_of
(
Gitlab
::
LfsToken
::
HMACToken
).
to
receive
(
:token_valid?
).
and_return
(
false
)
end
context
'where the token is invalid'
do
context
"because it's junk"
do
it
'returns false'
do
expect
(
lfs_token
.
token_valid?
(
'junk'
)).
to
be_falsey
end
end
context
"because it's been fiddled with"
do
context
"because it was generated with a different secret"
do
it
'returns false'
do
it
'returns false'
do
generated_token
=
Gitlab
::
LfsToken
::
LegacyRedisDeviseToken
.
new
(
actor
).
store_new_token
different_actor
=
create
(
:user
,
username:
'test_user_lfs_2'
)
fiddled_token
=
generated_token
.
tap
{
|
token
|
token
[
0
]
=
'E'
}
different_secret_token
=
described_class
.
new
(
different_actor
).
token
expect
(
lfs_token
.
token_valid?
(
fiddled_token
)).
to
be_falsey
expect
(
lfs_token
.
token_valid?
(
different_secret_token
)).
to
be_falsey
end
end
context
"because it was generated with a different secret"
do
it
'returns false'
do
different_actor
=
create
(
:user
,
username:
'test_user_lfs_2'
)
different_secret_token
=
described_class
.
new
(
different_actor
).
token
expect
(
lfs_token
.
token_valid?
(
different_secret_token
)).
to
be_falsey
end
end
end
end
context
"because it's expired"
do
context
"because it's expired"
do
it
'returns false'
do
it
'returns false'
do
generated_token
=
Gitlab
::
LfsToken
::
LegacyRedisDeviseToken
.
new
(
actor
).
store_new_token
(
1
)
expired_token
=
lfs_token
.
token
# We need a real sleep here because we need to wait for redis to expire the key.
# Needs to be at least 1860 seconds, because the default expiry is
sleep
(
0.01
)
# 1800 seconds with an additional 60 second leeway.
expect
(
lfs_token
.
token_valid?
(
generated_token
)).
to
be_falsey
Timecop
.
freeze
(
Time
.
now
+
1865
)
do
expect
(
lfs_token
.
token_valid?
(
expired_token
)).
to
be_falsey
end
end
end
end
end
end
context
'where the token is valid'
do
context
'where the token is valid'
do
it
'returns true'
do
it
'returns true'
do
generated_token
=
Gitlab
::
LfsToken
::
LegacyRedisDeviseToken
.
new
(
actor
).
store_new_token
expect
(
lfs_token
.
token_valid?
(
lfs_token
.
token
)).
to
be_truthy
expect
(
lfs_token
.
token_valid?
(
generated_token
)).
to
be_truthy
end
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment