Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
3a62f156
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
3a62f156
编写于
12月 30, 2018
作者:
M
mortyccp
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Remove authentication via warden and PRIVATE_TOKEN header
上级
b7e0a09d
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
32 addition
and
77 deletion
+32
-77
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+12
-12
lib/gitlab/middleware/go.rb
lib/gitlab/middleware/go.rb
+2
-19
spec/lib/gitlab/middleware/go_spec.rb
spec/lib/gitlab/middleware/go_spec.rb
+18
-46
未找到文件。
lib/gitlab/auth.rb
浏览文件 @
3a62f156
...
...
@@ -170,6 +170,18 @@ module Gitlab
end
# rubocop: disable CodeReuse/ActiveRecord
def
abilities_for_scopes
(
scopes
)
abilities_by_scope
=
{
api:
full_authentication_abilities
,
read_registry:
[
:read_container_image
],
read_repository:
[
:download_code
]
}
scopes
.
flat_map
do
|
scope
|
abilities_by_scope
.
fetch
(
scope
.
to_sym
,
[])
end
.
uniq
end
def
deploy_token_check
(
login
,
password
)
return
unless
password
.
present?
...
...
@@ -234,18 +246,6 @@ module Gitlab
public
def
abilities_for_scopes
(
scopes
)
abilities_by_scope
=
{
api:
full_authentication_abilities
,
read_registry:
[
:read_container_image
],
read_repository:
[
:download_code
]
}
scopes
.
flat_map
do
|
scope
|
abilities_by_scope
.
fetch
(
scope
.
to_sym
,
[])
end
.
uniq
end
def
build_authentication_abilities
[
:read_project
,
...
...
lib/gitlab/middleware/go.rb
浏览文件 @
3a62f156
...
...
@@ -117,32 +117,15 @@ module Gitlab
end
def
current_user
(
request
,
project
)
current_user_from_access_token_and_warden?
(
request
)
||
current_user_from_basic_authentication?
(
request
,
project
)
end
def
current_user_from_access_token_and_warden?
(
request
)
authenticator
=
Gitlab
::
Auth
::
RequestAuthenticator
.
new
(
request
)
user
=
authenticator
.
find_user_from_access_token
||
authenticator
.
find_user_from_warden
return
unless
user
&
.
can?
(
:access_api
)
# Right now, the `api` scope is the only one that should be able to determine private project existence.
return
unless
authenticator
.
valid_access_token?
(
scopes:
[
:api
])
user
end
def
current_user_from_basic_authentication?
(
request
,
project
)
return
unless
has_basic_credentials?
(
request
)
login
,
password
=
user_name_and_password
(
request
)
auth_result
=
Gitlab
::
Auth
.
find_for_git_client
(
login
,
password
,
project:
project
,
ip:
request
.
ip
)
return
unless
auth_result
.
success?
return
unless
auth_result
.
actor
&
.
can?
(
:access_
api
)
return
unless
auth_result
.
actor
&
.
can?
(
:access_
git
)
if
auth_result
.
type
==
:personal_access_token
api_sceope_abilities
=
Gitlab
::
Auth
.
abilities_for_scopes
([
:api
])
return
unless
auth_result
.
authentication_abilities
.
sort
==
api_sceope_abilities
.
sort
end
return
unless
auth_result
.
authentication_abilities
.
include?
(
:read_project
)
auth_result
.
actor
end
...
...
spec/lib/gitlab/middleware/go_spec.rb
浏览文件 @
3a62f156
...
...
@@ -96,40 +96,10 @@ describe Gitlab::Middleware::Go do
it_behaves_like
'unauthorized'
end
end
context
'using warden'
do
before
do
env
[
'warden'
]
=
double
(
authenticate:
current_user
)
end
context
'when active'
do
it_behaves_like
'authenticated'
end
context
'when blocked'
do
context
'with user is blocked'
do
before
do
current_user
.
block!
end
it_behaves_like
'unauthorized'
end
end
context
'using a personal access token'
do
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
current_user
)
}
before
do
env
[
'HTTP_PRIVATE_TOKEN'
]
=
personal_access_token
.
token
end
context
'with api scope'
do
it_behaves_like
'authenticated'
end
context
'with read_user scope'
do
before
do
personal_access_token
.
update_attribute
(
:scopes
,
[
:read_user
])
current_user
.
block
end
it_behaves_like
'unauthorized'
...
...
@@ -137,23 +107,25 @@ describe Gitlab::Middleware::Go do
end
context
'using basic auth'
do
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
current_user
)
}
before
do
env
[
'REMOTE_ADDR'
]
=
"192.168.0.1"
env
[
'HTTP_AUTHORIZATION'
]
=
ActionController
::
HttpAuthentication
::
Basic
.
encode_credentials
(
current_user
.
username
,
personal_access_token
.
token
)
end
context
'using a personal access token'
do
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
current_user
)
}
context
'with api scope'
do
it_behaves_like
'authenticated'
end
context
'with read_user scope'
do
before
do
personal_access_token
.
update_attribute
(
:scopes
,
[
:read_user
])
env
[
'REMOTE_ADDR'
]
=
"192.168.0.1"
env
[
'HTTP_AUTHORIZATION'
]
=
ActionController
::
HttpAuthentication
::
Basic
.
encode_credentials
(
current_user
.
username
,
personal_access_token
.
token
)
end
context
'with api scope'
do
it_behaves_like
'authenticated'
end
context
'with read_user scope'
do
before
do
personal_access_token
.
update_attribute
(
:scopes
,
[
:read_user
])
end
it_behaves_like
'unauthorized'
end
it_behaves_like
'unauthorized'
end
end
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录