• Kirill Smelkov's avatar
    blob/auth: Teach it to handle HTTP Basic Auth too · 32ec77c4
    Kirill Smelkov authored
    There are cases when using user:password for /raw/... access is handy:
    
    - when using query for auth (private_token) is not convenient for some
      reason (e.g. client processing software does not handle queries well
      when generating URLs)
    
    - when we do not want to organize many artificial users and use their
      tokens, but instead just use per-project automatically setup
    
        gitlab-ci-token : <ci-token>
    
      artificial user & "password" which are already handled by auth backend
      for `git fetch` requests.
    
    Handling is easy: if main auth backend rejects access, and there is
    user:password in original request, we retry asking auth backend the way
    as `git fetch` would do.
    
    Access is granted if any of two ways to ask auth backend succeeds. This
    way both private tokens / cookies and HTTP auth are supported.
    32ec77c4
auth.go 9.21 KB