Extract literal string into constant

This string was used in two places but they are definitely related. repo_url is building the basic auth string that will be acceped by build_access_token_check

Extract literal string into constant
This string was used in two places but they are definitely related. repo_url is building the basic auth string that will be acceped by build_access_token_check
d85d238a · Thong Kuah · fa909a4a · d85d238a · d85d238a · d85d238a
Commit d85d238a authored Jul 27, 2020 by Thong Kuah
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 3 deletions

app/models/ci/build.rb app/models/ci/build.rb +1 -1

lib/gitlab/auth.rb lib/gitlab/auth.rb +3 -1

spec/lib/gitlab/auth_spec.rb spec/lib/gitlab/auth_spec.rb +11 -1

No files found.
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -596,7 +596,7 @@ module Ci
    def repo_url
      return unless token

-      auth = "gitlab-ci-token:#{token}@"
+      auth = "#{::Gitlab::Auth::CI_JOB_USER}:#{token}@"
      project.http_url_to_repo.sub(%r{^https?://}) do |prefix|
        prefix + auth
      end

--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -26,6 +26,8 @@ module Gitlab
    # Default scopes for OAuth applications that don't define their own
    DEFAULT_SCOPES = [:api].freeze

+    CI_JOB_USER = 'gitlab-ci-token'
+
    class << self
      prepend_if_ee('EE::Gitlab::Auth') # rubocop: disable Cop/InjectEnterpriseEditionModule

@@ -254,7 +256,7 @@ module Gitlab
      end

      def build_access_token_check(login, password)
-        return unless login == 'gitlab-ci-token'
+        return unless login == CI_JOB_USER
        return unless password

        build = find_build_by_token(password)

--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -149,7 +149,9 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do
    end

    context 'build token' do
-      subject { gl_auth.find_for_git_client('gitlab-ci-token', build.token, project: project, ip: 'ip') }
+      subject { gl_auth.find_for_git_client(username, build.token, project: project, ip: 'ip') }
+
+      let(:username) { 'gitlab-ci-token' }

      context 'for running build' do
        let!(:build) { create(:ci_build, :running) }
@@ -170,6 +172,14 @@ RSpec.describe Gitlab::Auth, :use_clean_rails_memory_store_caching do

          expect(subject).to eq(Gitlab::Auth::Result.new(nil, nil, nil, nil))
        end
+
+        context 'username is not gitlab-ci-token' do
+          let(:username) { 'another_username' }
+
+          it 'fails to authenticate' do
+            expect(subject).to eq(Gitlab::Auth::Result.new(nil, nil, nil, nil))
+          end
+        end
      end

      (Ci::HasStatus::AVAILABLE_STATUSES - ['running']).each do |build_status|