Merge pull request #7382 from Razer6/git_ref_validation

Validate branch/tag-names and references WebUI, API

7 files changed, 90 insertions, 18 deletions

diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb
index 3c8e7ec73f6..6845fc5e6e6 100644
--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -17,9 +17,17 @@ class Projects::BranchesController < Projects::ApplicationController
   end
 
   def create
-    @branch = CreateBranchService.new.execute(project, params[:branch_name], params[:ref], current_user)
-
-    redirect_to project_tree_path(@project, @branch.name)
+    result = CreateBranchService.new.execute(project,
+                                             params[:branch_name],
+                                             params[:ref],
+                                             current_user)
+    if result[:status] == :success
+      @branch = result[:branch]
+      redirect_to project_tree_path(@project, @branch.name)
+    else
+      @error = result[:message]
+      render action: 'new'
+    end
   end
 
   def destroy
diff --git a/app/controllers/projects/tags_controller.rb b/app/controllers/projects/tags_controller.rb
index e03a9f4d66d..b84c497131a 100644
--- a/app/controllers/projects/tags_controller.rb
+++ b/app/controllers/projects/tags_controller.rb
@@ -13,10 +13,15 @@ class Projects::TagsController < Projects::ApplicationController
   end
 
   def create
-    @tag = CreateTagService.new.execute(@project, params[:tag_name],
-                                        params[:ref], current_user)
-
-    redirect_to project_tags_path(@project)
+    result = CreateTagService.new.execute(@project, params[:tag_name],
+                                          params[:ref], current_user)
+    if result[:status] == :success
+      @tag = result[:tag]
+      redirect_to project_tags_path(@project)
+    else
+      @error = result[:message]
+      render action: 'new'
+    end
   end
 
   def destroy
diff --git a/app/services/create_branch_service.rb b/app/services/create_branch_service.rb
index 98beeee8354..79b8239602e 100644
--- a/app/services/create_branch_service.rb
+++ b/app/services/create_branch_service.rb
@@ -1,13 +1,38 @@
 class CreateBranchService
   def execute(project, branch_name, ref, current_user)
+    valid_branch = Gitlab::GitRefValidator.validate(branch_name)
+    if valid_branch == false
+      return error('Branch name invalid')
+    end
+
     repository = project.repository
+    existing_branch = repository.find_branch(branch_name)
+    if existing_branch
+      return error('Branch already exists')
+    end
+
     repository.add_branch(branch_name, ref)
     new_branch = repository.find_branch(branch_name)
 
     if new_branch
       Event.create_ref_event(project, current_user, new_branch, 'add')
+      return success(new_branch)
+    else
+      return error('Invalid reference name')
     end
+  end
+
+  def error(message)
+    {
+      message: message,
+      status: :error
+    }
+  end
 
-    new_branch
+  def success(branch)
+    {
+      branch: branch,
+      status: :success
+    }
   end
 end
diff --git a/app/services/create_tag_service.rb b/app/services/create_tag_service.rb
index 97766677405..6869acbe467 100644
--- a/app/services/create_tag_service.rb
+++ b/app/services/create_tag_service.rb
@@ -1,13 +1,38 @@
 class CreateTagService
   def execute(project, tag_name, ref, current_user)
+    valid_tag = Gitlab::GitRefValidator.validate(tag_name)
+    if valid_tag == false
+      return error('Tag name invalid')
+    end
+
     repository = project.repository
+    existing_tag = repository.find_tag(tag_name)
+    if existing_tag
+      return error('Tag already exists')
+    end
+
     repository.add_tag(tag_name, ref)
     new_tag = repository.find_tag(tag_name)
 
     if new_tag
       Event.create_ref_event(project, current_user, new_tag, 'add', 'refs/tags')
+      return success(new_tag)
+    else
+      return error('Invalid reference name')
     end
+  end
+
+  def error(message)
+    {
+      message: message,
+      status: :error
+    }
+  end
 
-    new_tag
+  def success(branch)
+    {
+      tag: branch,
+      status: :success
+    }
   end
 end
diff --git a/app/services/delete_branch_service.rb b/app/services/delete_branch_service.rb
index ce2d8093dff..a94dabcdfc0 100644
--- a/app/services/delete_branch_service.rb
+++ b/app/services/delete_branch_service.rb
@@ -5,21 +5,21 @@ class DeleteBranchService
 
     # No such branch
     unless branch
-      return error('No such branch')
+      return error('No such branch', 404)
     end
 
     if branch_name == repository.root_ref
-      return error('Cannot remove HEAD branch')
+      return error('Cannot remove HEAD branch', 405)
     end
 
     # Dont allow remove of protected branch
     if project.protected_branch?(branch_name)
-      return error('Protected branch cant be removed')
+      return error('Protected branch cant be removed', 405)
     end
 
     # Dont allow user to remove branch if he is not allowed to push
     unless current_user.can?(:push_code, project)
-      return error('You dont have push access to repo')
+      return error('You dont have push access to repo', 405)
     end
 
     if repository.rm_branch(branch_name)
@@ -30,9 +30,10 @@ class DeleteBranchService
     end
   end
 
-  def error(message)
+  def error(message, return_code = 400)
     {
       message: message,
+      return_code: return_code,
       state: :error
     }
   end
diff --git a/app/views/projects/branches/new.html.haml b/app/views/projects/branches/new.html.haml
index 5da2ede2937..3f202f7ea6b 100644
--- a/app/views/projects/branches/new.html.haml
+++ b/app/views/projects/branches/new.html.haml
@@ -1,3 +1,7 @@
+- if @error
+  .alert.alert-danger
+    %button{ type: "button", class: "close", "data-dismiss" => "alert"} &times;
+    = @error
 %h3.page-title
   %i.icon-code-fork
   New branch
@@ -5,11 +9,11 @@
   .form-group
     = label_tag :branch_name, 'Name for new branch', class: 'control-label'
     .col-sm-10
-      = text_field_tag :branch_name, nil, placeholder: 'enter new branch name', required: true, tabindex: 1, class: 'form-control'
+      = text_field_tag :branch_name, params[:branch_name], placeholder: 'enter new branch name', required: true, tabindex: 1, class: 'form-control'
   .form-group
     = label_tag :ref, 'Create from', class: 'control-label'
     .col-sm-10
-      = text_field_tag :ref, nil, placeholder: 'existing branch name, tag or commit SHA', required: true, tabindex: 2, class: 'form-control'
+      = text_field_tag :ref, params[:ref], placeholder: 'existing branch name, tag or commit SHA', required: true, tabindex: 2, class: 'form-control'
   .form-actions
     = submit_tag 'Create branch', class: 'btn btn-create', tabindex: 3
     = link_to 'Cancel', project_branches_path(@project), class: 'btn btn-cancel'
diff --git a/app/views/projects/tags/new.html.haml b/app/views/projects/tags/new.html.haml
index a9fd97f8915..f3a34d37df5 100644
--- a/app/views/projects/tags/new.html.haml
+++ b/app/views/projects/tags/new.html.haml
@@ -1,3 +1,7 @@
+- if @error
+  .alert.alert-danger
+    %button{ type: "button", class: "close", "data-dismiss" => "alert"} &times;
+    = @error
 %h3.page-title
   %i.icon-code-fork
   New tag
@@ -5,11 +9,11 @@
   .form-group
     = label_tag :tag_name, 'Name for new tag', class: 'control-label'
     .col-sm-10
-      = text_field_tag :tag_name, nil, placeholder: 'v3.0.1', required: true, tabindex: 1, class: 'form-control'
+      = text_field_tag :tag_name, params[:tag_name], placeholder: 'v3.0.1', required: true, tabindex: 1, class: 'form-control'
   .form-group
     = label_tag :ref, 'Create from', class: 'control-label'
     .col-sm-10
-      = text_field_tag :ref, nil, placeholder: 'master', required: true, tabindex: 2, class: 'form-control'
+      = text_field_tag :ref, params[:ref], placeholder: 'master', required: true, tabindex: 2, class: 'form-control'
       .light Branch name or commit SHA
   .form-actions
     = submit_tag 'Create tag', class: 'btn btn-create', tabindex: 3