Commit 5ef63d10 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'remote_user' into 'master'

translate gl_username -> REMOTE_USER

See merge request gitlab-org/gitlab-shell!158
parents 92a9877b 2f92f124
require 'json' require 'json'
class GitAccessStatus class GitAccessStatus
attr_reader :message, :gl_repository, :repository_path, :gitaly, :geo_node attr_reader :message, :gl_repository, :gl_username, :repository_path, :gitaly, :geo_node
def initialize(status, message, gl_repository, repository_path, gitaly, geo_node = false) def initialize(status, message, gl_repository:, gl_username:, repository_path:, gitaly:, geo_node:)
@status = status @status = status
@message = message @message = message
@gl_repository = gl_repository @gl_repository = gl_repository
@gl_username = gl_username
@repository_path = repository_path @repository_path = repository_path
@gitaly = gitaly @gitaly = gitaly
@geo_node = geo_node @geo_node = geo_node
...@@ -16,10 +17,11 @@ class GitAccessStatus ...@@ -16,10 +17,11 @@ class GitAccessStatus
values = JSON.parse(json) values = JSON.parse(json)
self.new(values["status"], self.new(values["status"],
values["message"], values["message"],
values["gl_repository"], gl_repository: values["gl_repository"],
values["repository_path"], gl_username: values["gl_username"],
values["gitaly"], repository_path: values["repository_path"],
values["geo_node"]) gitaly: values["gitaly"],
geo_node: values["geo_node"])
end end
def allowed? def allowed?
......
...@@ -40,7 +40,13 @@ class GitlabNet ...@@ -40,7 +40,13 @@ class GitlabNet
if resp.code == '200' if resp.code == '200'
GitAccessStatus.create_from_json(resp.body) GitAccessStatus.create_from_json(resp.body)
else else
GitAccessStatus.new(false, 'API is not accessible', nil, nil, nil) GitAccessStatus.new(false,
'API is not accessible',
gl_repository: nil,
gl_username: nil,
repository_path: nil,
gitaly: nil,
geo_node: false)
end end
end end
......
...@@ -20,7 +20,7 @@ class GitlabShell ...@@ -20,7 +20,7 @@ class GitlabShell
# to undo an already set parameter: https://www.spinics.net/lists/git/msg256772.html # to undo an already set parameter: https://www.spinics.net/lists/git/msg256772.html
GIT_CONFIG_SHOW_ALL_REFS = "transfer.hideRefs=!refs".freeze GIT_CONFIG_SHOW_ALL_REFS = "transfer.hideRefs=!refs".freeze
attr_accessor :key_id, :gl_repository, :repo_name, :command, :git_access, :show_all_refs attr_accessor :key_id, :gl_repository, :repo_name, :command, :git_access, :show_all_refs, :username
attr_reader :repo_path attr_reader :repo_path
def initialize(key_id) def initialize(key_id)
...@@ -113,6 +113,7 @@ class GitlabShell ...@@ -113,6 +113,7 @@ class GitlabShell
@gl_repository = status.gl_repository @gl_repository = status.gl_repository
@gitaly = status.gitaly @gitaly = status.gitaly
@show_all_refs = status.geo_node @show_all_refs = status.geo_node
@username = status.gl_username
end end
def process_cmd(args) def process_cmd(args)
...@@ -139,7 +140,8 @@ class GitlabShell ...@@ -139,7 +140,8 @@ class GitlabShell
gitaly_request = { gitaly_request = {
'repository' => @gitaly['repository'], 'repository' => @gitaly['repository'],
'gl_repository' => @gl_repository, 'gl_repository' => @gl_repository,
'gl_id' => @key_id 'gl_id' => @key_id,
'gl_username' => @username
} }
gitaly_request['git_config_options'] = [GIT_CONFIG_SHOW_ALL_REFS] if @show_all_refs gitaly_request['git_config_options'] = [GIT_CONFIG_SHOW_ALL_REFS] if @show_all_refs
...@@ -168,7 +170,8 @@ class GitlabShell ...@@ -168,7 +170,8 @@ class GitlabShell
'LANG' => ENV['LANG'], 'LANG' => ENV['LANG'],
'GL_ID' => @key_id, 'GL_ID' => @key_id,
'GL_PROTOCOL' => GL_PROTOCOL, 'GL_PROTOCOL' => GL_PROTOCOL,
'GL_REPOSITORY' => @gl_repository 'GL_REPOSITORY' => @gl_repository,
'GL_USERNAME' => @username
} }
if @gitaly && @gitaly.include?('token') if @gitaly && @gitaly.include?('token')
env['GITALY_TOKEN'] = @gitaly['token'] env['GITALY_TOKEN'] = @gitaly['token']
......
...@@ -7,7 +7,13 @@ describe GitlabAccess do ...@@ -7,7 +7,13 @@ describe GitlabAccess do
let(:repo_path) { File.join(repository_path, repo_name) + ".git" } let(:repo_path) { File.join(repository_path, repo_name) + ".git" }
let(:api) do let(:api) do
double(GitlabNet).tap do |api| double(GitlabNet).tap do |api|
api.stub(check_access: GitAccessStatus.new(true, 'ok', 'project-1', '/home/git/repositories', nil)) api.stub(check_access: GitAccessStatus.new(true,
'ok',
gl_repository: 'project-1',
gl_username: 'testuser',
repository_path: '/home/git/repositories',
gitaly: nil,
geo_node: nil))
end end
end end
subject do subject do
...@@ -38,7 +44,15 @@ describe GitlabAccess do ...@@ -38,7 +44,15 @@ describe GitlabAccess do
context "access is denied" do context "access is denied" do
before do before do
api.stub(check_access: GitAccessStatus.new(false, 'denied', nil, nil, nil)) api.stub(check_access: GitAccessStatus.new(
false,
'denied',
gl_repository: nil,
gl_username: nil,
repository_path: nil,
gitaly: nil,
geo_node: nil
))
end end
it "returns false" do it "returns false" do
......
...@@ -19,12 +19,28 @@ describe GitlabShell do ...@@ -19,12 +19,28 @@ describe GitlabShell do
end end
end end
let(:gitaly_check_access) { GitAccessStatus.new(true, 'ok', gl_repository, repo_path, { 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default'} , 'address' => 'unix:gitaly.socket' }) } let(:gitaly_check_access) { GitAccessStatus.new(
true,
'ok',
gl_repository: gl_repository,
gl_username: gl_username,
repository_path: repo_path,
gitaly: { 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default'} , 'address' => 'unix:gitaly.socket' },
geo_node: false
)
}
let(:api) do let(:api) do
double(GitlabNet).tap do |api| double(GitlabNet).tap do |api|
api.stub(discover: { 'name' => 'John Doe' }) api.stub(discover: { 'name' => 'John Doe' })
api.stub(check_access: GitAccessStatus.new(true, 'ok', gl_repository, repo_path, nil)) api.stub(check_access: GitAccessStatus.new(
true,
'ok',
gl_repository: gl_repository,
gl_username: gl_username,
repository_path: repo_path,
gitaly: nil,
geo_node: nil))
api.stub(two_factor_recovery_codes: { api.stub(two_factor_recovery_codes: {
'success' => true, 'success' => true,
'recovery_codes' => ['f67c514de60c4953', '41278385fc00c1e0'] 'recovery_codes' => ['f67c514de60c4953', '41278385fc00c1e0']
...@@ -39,6 +55,7 @@ describe GitlabShell do ...@@ -39,6 +55,7 @@ describe GitlabShell do
let(:repo_name) { 'gitlab-ci.git' } let(:repo_name) { 'gitlab-ci.git' }
let(:repo_path) { File.join(tmp_repos_path, repo_name) } let(:repo_path) { File.join(tmp_repos_path, repo_name) }
let(:gl_repository) { 'project-1' } let(:gl_repository) { 'project-1' }
let(:gl_username) { 'testuser' }
before do before do
GitlabConfig.any_instance.stub(audit_usernames: false) GitlabConfig.any_instance.stub(audit_usernames: false)
...@@ -130,7 +147,7 @@ describe GitlabShell do ...@@ -130,7 +147,7 @@ describe GitlabShell do
end end
describe :exec do describe :exec do
let(:gitaly_message) { JSON.dump({ 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default' }, 'gl_repository' => gl_repository , 'gl_id' => key_id}) } let(:gitaly_message) { JSON.dump({ 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default' }, 'gl_repository' => gl_repository, 'gl_id' => key_id, 'gl_username' => gl_username}) }
shared_examples_for 'upload-pack' do |command| shared_examples_for 'upload-pack' do |command|
let(:ssh_cmd) { "#{command} gitlab-ci.git" } let(:ssh_cmd) { "#{command} gitlab-ci.git" }
...@@ -167,8 +184,15 @@ describe GitlabShell do ...@@ -167,8 +184,15 @@ describe GitlabShell do
context 'gitaly-upload-pack with GeoNode' do context 'gitaly-upload-pack with GeoNode' do
let(:ssh_cmd) { "git-upload-pack gitlab-ci.git" } let(:ssh_cmd) { "git-upload-pack gitlab-ci.git" }
let(:gitaly_check_access_with_geo) { GitAccessStatus.new(true, 'ok', gl_repository, repo_path, { 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default'} , 'address' => 'unix:gitaly.socket' }, true) } let(:gitaly_check_access_with_geo) { GitAccessStatus.new(
let(:gitaly_message_with_all_refs) { JSON.dump({ 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default' }, 'gl_repository' => gl_repository , 'gl_id' => key_id, 'git_config_options' => [GitlabShell::GIT_CONFIG_SHOW_ALL_REFS]}) } true,
'ok',
gl_repository: gl_repository,
gl_username: gl_username,
repository_path: repo_path,
gitaly: { 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default'} , 'address' => 'unix:gitaly.socket' },
geo_node: true) }
let(:gitaly_message_with_all_refs) { JSON.dump({ 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default' }, 'gl_repository' => gl_repository , 'gl_id' => key_id, 'gl_username' => gl_username, 'git_config_options' => [GitlabShell::GIT_CONFIG_SHOW_ALL_REFS]}) }
before { api.stub(check_access: gitaly_check_access_with_geo) } before { api.stub(check_access: gitaly_check_access_with_geo) }
after { subject.exec(ssh_cmd) } after { subject.exec(ssh_cmd) }
...@@ -346,7 +370,14 @@ describe GitlabShell do ...@@ -346,7 +370,14 @@ describe GitlabShell do
end end
it "should disallow access and log the attempt if check_access returns false status" do it "should disallow access and log the attempt if check_access returns false status" do
api.stub(check_access: GitAccessStatus.new(false, 'denied', nil, nil, nil)) api.stub(check_access: GitAccessStatus.new(
false,
'denied',
gl_repository: nil,
gl_username: nil,
repository_path: nil,
gitaly: nil,
geo_node: nil))
message = "gitlab-shell: Access denied for git command <git-upload-pack gitlab-ci.git> " message = "gitlab-shell: Access denied for git command <git-upload-pack gitlab-ci.git> "
message << "by user with key #{key_id}." message << "by user with key #{key_id}."
$logger.should_receive(:warn).with(message) $logger.should_receive(:warn).with(message)
...@@ -383,13 +414,15 @@ describe GitlabShell do ...@@ -383,13 +414,15 @@ describe GitlabShell do
'LANG' => ENV['LANG'], 'LANG' => ENV['LANG'],
'GL_ID' => key_id, 'GL_ID' => key_id,
'GL_PROTOCOL' => 'ssh', 'GL_PROTOCOL' => 'ssh',
'GL_REPOSITORY' => gl_repository 'GL_REPOSITORY' => gl_repository,
'GL_USERNAME' => 'testuser'
} }
end end
let(:exec_options) { { unsetenv_others: true, chdir: ROOT_PATH } } let(:exec_options) { { unsetenv_others: true, chdir: ROOT_PATH } }
before do before do
Kernel.stub(:exec) Kernel.stub(:exec)
shell.gl_repository = gl_repository shell.gl_repository = gl_repository
shell.username = gl_username
end end
it "uses Kernel::exec method" do it "uses Kernel::exec method" do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment