Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
dd37a10d
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
dd37a10d
编写于
2月 23, 2015
作者:
D
Douwe Maan
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Don't leak information about private project existence via Git-over-SSH/HTTP.
上级
039fd3c5
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
50 addition
and
41 deletion
+50
-41
lib/api/internal.rb
lib/api/internal.rb
+22
-17
lib/gitlab/backend/grack_auth.rb
lib/gitlab/backend/grack_auth.rb
+28
-24
未找到文件。
lib/api/internal.rb
浏览文件 @
dd37a10d
...
@@ -16,6 +16,17 @@ module API
...
@@ -16,6 +16,17 @@ module API
#
#
post
"/allowed"
do
post
"/allowed"
do
status
200
status
200
actor
=
if
params
[
:key_id
]
Key
.
find_by
(
id:
params
[
:key_id
])
elsif
params
[
:user_id
]
User
.
find_by
(
id:
params
[
:user_id
])
end
unless
actor
return
Gitlab
::
GitAccessStatus
.
new
(
false
,
'No such user or key'
)
end
project_path
=
params
[
:project
]
project_path
=
params
[
:project
]
# Check for *.wiki repositories.
# Check for *.wiki repositories.
...
@@ -32,26 +43,20 @@ module API
...
@@ -32,26 +43,20 @@ module API
project
=
Project
.
find_with_namespace
(
project_path
)
project
=
Project
.
find_with_namespace
(
project_path
)
unless
project
if
project
return
Gitlab
::
GitAccessStatus
.
new
(
false
,
'No such project'
)
status
=
access
.
check
(
actor
,
params
[
:action
],
project
,
params
[
:changes
]
)
end
end
actor
=
if
params
[
:key_id
]
if
project
&&
status
&&
status
.
allowed?
Key
.
find_by
(
id:
params
[
:key_id
])
status
elsif
params
[
:user_id
]
else
User
.
find_by
(
id:
params
[
:user_id
])
Gitlab
::
GitAccessStatus
.
new
(
false
,
'No such project'
)
end
unless
actor
return
Gitlab
::
GitAccessStatus
.
new
(
false
,
'No such user or key'
)
end
end
access
.
check
(
actor
,
params
[
:action
],
project
,
params
[
:changes
]
)
end
end
#
#
...
...
lib/gitlab/backend/grack_auth.rb
浏览文件 @
dd37a10d
...
@@ -10,8 +10,9 @@ module Grack
...
@@ -10,8 +10,9 @@ module Grack
@request
=
Rack
::
Request
.
new
(
env
)
@request
=
Rack
::
Request
.
new
(
env
)
@auth
=
Request
.
new
(
env
)
@auth
=
Request
.
new
(
env
)
# Need this patch due to the rails mount
@gitlab_ci
=
false
# Need this patch due to the rails mount
# Need this if under RELATIVE_URL_ROOT
# Need this if under RELATIVE_URL_ROOT
unless
Gitlab
.
config
.
gitlab
.
relative_url_root
.
empty?
unless
Gitlab
.
config
.
gitlab
.
relative_url_root
.
empty?
# If website is mounted using relative_url_root need to remove it first
# If website is mounted using relative_url_root need to remove it first
...
@@ -22,8 +23,12 @@ module Grack
...
@@ -22,8 +23,12 @@ module Grack
@env
[
'SCRIPT_NAME'
]
=
""
@env
[
'SCRIPT_NAME'
]
=
""
if
project
auth!
auth!
if
project
&&
authorized_request?
@app
.
call
(
env
)
elsif
@user
.
nil?
&&
!
@gitlab_ci
unauthorized
else
else
render_not_found
render_not_found
end
end
...
@@ -32,35 +37,30 @@ module Grack
...
@@ -32,35 +37,30 @@ module Grack
private
private
def
auth!
def
auth!
if
@auth
.
provided?
return
unless
@auth
.
provided?
return
bad_request
unless
@auth
.
basic?
# Authentication with username and password
login
,
password
=
@auth
.
credentials
# Allow authentication for GitLab CI service
return
bad_request
unless
@auth
.
basic?
# if valid token passed
if
gitlab_ci_request?
(
login
,
password
)
return
@app
.
call
(
env
)
end
@user
=
authenticate_user
(
login
,
password
)
# Authentication with username and password
login
,
password
=
@auth
.
credentials
if
@user
# Allow authentication for GitLab CI service
Gitlab
::
ShellEnv
.
set_env
(
@user
)
# if valid token passed
@env
[
'REMOTE_USER'
]
=
@auth
.
username
if
gitlab_ci_request?
(
login
,
password
)
end
@gitlab_ci
=
true
return
end
end
if
authorized_request?
@user
=
authenticate_user
(
login
,
password
)
@app
.
call
(
env
)
else
if
@user
unauthorized
Gitlab
::
ShellEnv
.
set_env
(
@user
)
@env
[
'REMOTE_USER'
]
=
@auth
.
username
end
end
end
end
def
gitlab_ci_request?
(
login
,
password
)
def
gitlab_ci_request?
(
login
,
password
)
if
login
==
"gitlab-ci-token"
&&
project
.
gitlab_ci?
if
login
==
"gitlab-ci-token"
&&
project
&&
project
.
gitlab_ci?
token
=
project
.
gitlab_ci_service
.
token
token
=
project
.
gitlab_ci_service
.
token
if
token
.
present?
&&
token
==
password
&&
git_cmd
==
'git-upload-pack'
if
token
.
present?
&&
token
==
password
&&
git_cmd
==
'git-upload-pack'
...
@@ -107,6 +107,8 @@ module Grack
...
@@ -107,6 +107,8 @@ module Grack
end
end
def
authorized_request?
def
authorized_request?
return
true
if
@gitlab_ci
case
git_cmd
case
git_cmd
when
*
Gitlab
::
GitAccess
::
DOWNLOAD_COMMANDS
when
*
Gitlab
::
GitAccess
::
DOWNLOAD_COMMANDS
if
user
if
user
...
@@ -141,7 +143,9 @@ module Grack
...
@@ -141,7 +143,9 @@ module Grack
end
end
def
project
def
project
@project
||=
project_by_path
(
@request
.
path_info
)
return
@project
if
defined?
(
@project
)
@project
=
project_by_path
(
@request
.
path_info
)
end
end
def
project_by_path
(
path
)
def
project_by_path
(
path
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录