Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
a72c4b7a
Commit
a72c4b7a
authored
Sep 16, 2020
by
Philippe Vienne
Committed by
Imre Farkas
Sep 16, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
fix: allow bot account to clone through http (#219551)
parent
3027ba6f
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
37 additions
and
3 deletions
+37
-3
changelogs/unreleased/fix-219551_project_token_http.yml
changelogs/unreleased/fix-219551_project_token_http.yml
+5
-0
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+9
-3
spec/lib/gitlab/auth_spec.rb
spec/lib/gitlab/auth_spec.rb
+23
-0
No files found.
changelogs/unreleased/fix-219551_project_token_http.yml
0 → 100644
View file @
a72c4b7a
---
title
:
allow project bot account to clone through http
merge_request
:
40635
author
:
Philippe Vienne @PhilippeVienne
type
:
fixed
lib/gitlab/auth.rb
View file @
a72c4b7a
...
@@ -50,7 +50,7 @@ module Gitlab
...
@@ -50,7 +50,7 @@ module Gitlab
build_access_token_check
(
login
,
password
)
||
build_access_token_check
(
login
,
password
)
||
lfs_token_check
(
login
,
password
,
project
)
||
lfs_token_check
(
login
,
password
,
project
)
||
oauth_access_token_check
(
login
,
password
)
||
oauth_access_token_check
(
login
,
password
)
||
personal_access_token_check
(
password
)
||
personal_access_token_check
(
password
,
project
)
||
deploy_token_check
(
login
,
password
,
project
)
||
deploy_token_check
(
login
,
password
,
project
)
||
user_with_password_for_git
(
login
,
password
)
||
user_with_password_for_git
(
login
,
password
)
||
Gitlab
::
Auth
::
Result
.
new
Gitlab
::
Auth
::
Result
.
new
...
@@ -189,12 +189,18 @@ module Gitlab
...
@@ -189,12 +189,18 @@ module Gitlab
end
end
end
end
def
personal_access_token_check
(
password
)
def
personal_access_token_check
(
password
,
project
)
return
unless
password
.
present?
return
unless
password
.
present?
token
=
PersonalAccessTokensFinder
.
new
(
state:
'active'
).
find_by_token
(
password
)
token
=
PersonalAccessTokensFinder
.
new
(
state:
'active'
).
find_by_token
(
password
)
if
token
&&
valid_scoped_token?
(
token
,
all_available_scopes
)
&&
token
.
user
.
can?
(
:log_in
)
return
unless
token
return
if
project
&&
token
.
user
.
project_bot?
&&
!
project
.
bots
.
include?
(
token
.
user
)
return
unless
valid_scoped_token?
(
token
,
all_available_scopes
)
if
token
.
user
.
project_bot?
||
token
.
user
.
can?
(
:log_in
)
Gitlab
::
Auth
::
Result
.
new
(
token
.
user
,
nil
,
:personal_access_token
,
abilities_for_scopes
(
token
.
scopes
))
Gitlab
::
Auth
::
Result
.
new
(
token
.
user
,
nil
,
:personal_access_token
,
abilities_for_scopes
(
token
.
scopes
))
end
end
end
end
...
...
spec/lib/gitlab/auth_spec.rb
View file @
a72c4b7a
...
@@ -358,6 +358,29 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
...
@@ -358,6 +358,29 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
.
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
nil
,
nil
,
nil
,
nil
))
.
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
nil
,
nil
,
nil
,
nil
))
end
end
end
end
context
'when using a project access token'
do
let_it_be
(
:project_bot_user
)
{
create
(
:user
,
:project_bot
)
}
let_it_be
(
:project_access_token
)
{
create
(
:personal_access_token
,
user:
project_bot_user
)
}
context
'with valid project access token'
do
before_all
do
project
.
add_maintainer
(
project_bot_user
)
end
it
'succeeds'
do
expect
(
gl_auth
.
find_for_git_client
(
project_bot_user
.
username
,
project_access_token
.
token
,
project:
project
,
ip:
'ip'
))
.
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
project_bot_user
,
nil
,
:personal_access_token
,
described_class
.
full_authentication_abilities
))
end
end
context
'with invalid project access token'
do
it
'fails'
do
expect
(
gl_auth
.
find_for_git_client
(
project_bot_user
.
username
,
project_access_token
.
token
,
project:
project
,
ip:
'ip'
))
.
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
nil
,
nil
,
nil
,
nil
))
end
end
end
end
end
context
'while using regular user and password'
do
context
'while using regular user and password'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment