Commit af9bbadc authored by Stan Hu's avatar Stan Hu

Merge branch 'check-for-present-runner-token' into 'master'

Fix Error 500 when visiting build page of project with nil runners_token

Properly ensure that the token exists and add defensively check for a
non-nil value.

Closes #4294

See merge request !2294
parents 70cba8e9 b7aa13a0
...@@ -39,6 +39,7 @@ v 8.3.3 (unreleased) ...@@ -39,6 +39,7 @@ v 8.3.3 (unreleased)
- Fix project transfer e-mail sending incorrect paths in e-mail notification (Stan Hu) - Fix project transfer e-mail sending incorrect paths in e-mail notification (Stan Hu)
- Enable "Add key" button when user fills in a proper key (Stan Hu) - Enable "Add key" button when user fills in a proper key (Stan Hu)
- Fix error in processing reply-by-email messages (Jason Lee) - Fix error in processing reply-by-email messages (Jason Lee)
- Fix Error 500 when visiting build page of project with nil runners_token (Stan Hu)
v 8.3.2 v 8.3.2
- Change single user API endpoint to return more detailed data (Michael Potthoff) - Change single user API endpoint to return more detailed data (Michael Potthoff)
......
...@@ -206,7 +206,7 @@ module Ci ...@@ -206,7 +206,7 @@ module Ci
def trace def trace
trace = raw_trace trace = raw_trace
if project && trace.present? if project && trace.present? && project.runners_token.present?
trace.gsub(project.runners_token, 'xxxxxx') trace.gsub(project.runners_token, 'xxxxxx')
else else
trace trace
......
...@@ -50,6 +50,7 @@ class Project < ActiveRecord::Base ...@@ -50,6 +50,7 @@ class Project < ActiveRecord::Base
include Sortable include Sortable
include AfterCommitQueue include AfterCommitQueue
include CaseSensitivity include CaseSensitivity
include TokenAuthenticatable
extend Gitlab::ConfigHelper extend Gitlab::ConfigHelper
...@@ -193,10 +194,8 @@ class Project < ActiveRecord::Base ...@@ -193,10 +194,8 @@ class Project < ActiveRecord::Base
if: ->(project) { project.avatar.present? && project.avatar_changed? } if: ->(project) { project.avatar.present? && project.avatar_changed? }
validates :avatar, file_size: { maximum: 200.kilobytes.to_i } validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
before_validation :set_runners_token_token add_authentication_token_field :runners_token
def set_runners_token_token before_save :ensure_runners_token
self.runners_token = SecureRandom.hex(15) if self.runners_token.blank?
end
mount_uploader :avatar, AvatarUploader mount_uploader :avatar, AvatarUploader
...@@ -900,4 +899,8 @@ class Project < ActiveRecord::Base ...@@ -900,4 +899,8 @@ class Project < ActiveRecord::Base
return true unless forked? return true unless forked?
Gitlab::VisibilityLevel.allowed_fork_levels(forked_from_project.visibility_level).include?(level.to_i) Gitlab::VisibilityLevel.allowed_fork_levels(forked_from_project.visibility_level).include?(level.to_i)
end end
def runners_token
ensure_runners_token!
end
end end
require 'spec_helper'
describe Ci::Build, models: true do
let(:build) { create(:ci_build) }
let(:test_trace) { 'This is a test' }
describe '#trace' do
it 'obfuscates project runners token' do
allow(build).to receive(:raw_trace).and_return("Test: #{build.project.runners_token}")
expect(build.trace).to eq("Test: xxxxxx")
end
it 'empty project runners token' do
allow(build).to receive(:raw_trace).and_return(test_trace)
# runners_token can't normally be set to nil
allow(build.project).to receive(:runners_token).and_return(nil)
expect(build.trace).to eq(test_trace)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment