diff options
| author | Igor Drozdov <idrozdov@gitlab.com> | 2019-04-11 18:26:16 +0300 |
|---|---|---|
| committer | Igor Drozdov <idrozdov@gitlab.com> | 2019-05-29 14:03:50 +0300 |
| commit | 3d4821a8e76d49b388b218824714d3bcb8c54dbf (patch) | |
| tree | eca97cf51cb76b05fb335ac8f1b172f44965751e /app/controllers | |
| parent | aa8e75916ad8cf3f8481bc740519676205dd0082 (diff) | |
Hide password on import by url form
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/concerns/import_url_params.rb | 17 | ||||
| -rw-r--r-- | app/controllers/projects/imports_controller.rb | 7 | ||||
| -rw-r--r-- | app/controllers/projects_controller.rb | 2 |
3 files changed, 24 insertions, 2 deletions
diff --git a/app/controllers/concerns/import_url_params.rb b/app/controllers/concerns/import_url_params.rb new file mode 100644 index 00000000000..765654ca2cb --- /dev/null +++ b/app/controllers/concerns/import_url_params.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +module ImportUrlParams + def import_url_params + { import_url: import_params_to_full_url(params[:project]) } + end + + def import_params_to_full_url(params) + Gitlab::UrlSanitizer.new( + params[:import_url], + credentials: { + user: params[:import_url_user], + password: params[:import_url_password] + } + ).full_url + end +end diff --git a/app/controllers/projects/imports_controller.rb b/app/controllers/projects/imports_controller.rb index 4640be015de..afbf9fd7720 100644 --- a/app/controllers/projects/imports_controller.rb +++ b/app/controllers/projects/imports_controller.rb @@ -2,6 +2,7 @@ class Projects::ImportsController < Projects::ApplicationController include ContinueParams + include ImportUrlParams # Authorize before_action :authorize_admin_project! @@ -67,10 +68,12 @@ class Projects::ImportsController < Projects::ApplicationController end def import_params_attributes - [:import_url] + [] end def import_params - params.require(:project).permit(import_params_attributes) + params.require(:project) + .permit(import_params_attributes) + .merge(import_url_params) end end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index e88c46144ef..12db493978b 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -7,6 +7,7 @@ class ProjectsController < Projects::ApplicationController include PreviewMarkdown include SendFileUpload include RecordUserLastActivity + include ImportUrlParams prepend_before_action(only: [:show]) { authenticate_sessionless_user!(:rss) } @@ -333,6 +334,7 @@ class ProjectsController < Projects::ApplicationController def project_params(attributes: []) params.require(:project) .permit(project_params_attributes + attributes) + .merge(import_url_params) end def project_params_attributes |