Commit 5844a21a authored by Robert Speicher's avatar Robert Speicher

Use a custom Devise failure app to handle unauthenticated .zip requests

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/12944
parent e8cd04e8
...@@ -203,11 +203,11 @@ Devise.setup do |config| ...@@ -203,11 +203,11 @@ Devise.setup do |config|
# If you want to use other strategies, that are not supported by Devise, or # If you want to use other strategies, that are not supported by Devise, or
# change the failure app, you can configure them inside the config.warden block. # change the failure app, you can configure them inside the config.warden block.
# #
# config.warden do |manager| config.warden do |manager|
# manager.failure_app = AnotherApp manager.failure_app = Gitlab::DeviseFailure
# manager.intercept_401 = false # manager.intercept_401 = false
# manager.default_strategies(scope: :user).unshift :some_external_strategy # manager.default_strategies(scope: :user).unshift :some_external_strategy
# end end
if Gitlab::LDAP::Config.enabled? if Gitlab::LDAP::Config.enabled?
Gitlab.config.ldap.servers.values.each do |server| Gitlab.config.ldap.servers.values.each do |server|
......
module Gitlab
class DeviseFailure < Devise::FailureApp
protected
# Override `Devise::FailureApp#request_format` to handle a special case
#
# This tells Devise to handle an unauthenticated `.zip` request as an HTML
# request (i.e., redirect to sign in).
#
# Otherwise, Devise would respond with a 401 Unauthorized with
# `Content-Type: application/zip` and a response body in plaintext, and the
# browser would freak out.
#
# See https://gitlab.com/gitlab-org/gitlab-ce/issues/12944
def request_format
if request.format == :zip
Mime::Type.lookup_by_extension(:html).ref
else
super
end
end
end
end
...@@ -2,30 +2,41 @@ require "spec_helper" ...@@ -2,30 +2,41 @@ require "spec_helper"
describe Projects::RepositoriesController do describe Projects::RepositoriesController do
let(:project) { create(:project) } let(:project) { create(:project) }
let(:user) { create(:user) }
describe "GET archive" do describe "GET archive" do
before do context 'as a guest' do
sign_in(user) it 'responds with redirect in correct format' do
project.team << [user, :developer] get :archive, namespace_id: project.namespace.path, project_id: project.path, format: "zip"
end
it "uses Gitlab::Workhorse" do
expect(Gitlab::Workhorse).to receive(:send_git_archive).with(project, "master", "zip")
get :archive, namespace_id: project.namespace.path, project_id: project.path, ref: "master", format: "zip" expect(response.content_type).to start_with 'text/html'
expect(response).to be_redirect
end
end end
context "when the service raises an error" do context 'as a user' do
let(:user) { create(:user) }
before do before do
allow(Gitlab::Workhorse).to receive(:send_git_archive).and_raise("Archive failed") project.team << [user, :developer]
sign_in(user)
end end
it "uses Gitlab::Workhorse" do
expect(Gitlab::Workhorse).to receive(:send_git_archive).with(project, "master", "zip")
it "renders Not Found" do
get :archive, namespace_id: project.namespace.path, project_id: project.path, ref: "master", format: "zip" get :archive, namespace_id: project.namespace.path, project_id: project.path, ref: "master", format: "zip"
end
context "when the service raises an error" do
before do
allow(Gitlab::Workhorse).to receive(:send_git_archive).and_raise("Archive failed")
end
it "renders Not Found" do
get :archive, namespace_id: project.namespace.path, project_id: project.path, ref: "master", format: "zip"
expect(response.status).to eq(404) expect(response.status).to eq(404)
end
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment