Fix git clone revealing private repo's presence

Ensure redirection to path with .git suffix regardless whether project exists or not.
author: Mark Chao <mchao@gitlab.com> 2019-02-18 06:51:56 +0300
committer: Mark Chao <mchao@gitlab.com> 2019-02-19 08:59:24 +0300
commit: 9d046c8704c0e7df18d2f9e380e987d22b9a0b2e (patch)
tree: 7f5f53fba0bc7f3a09458fd04acb64d4ad91a29b /lib/constraints
parent: 701303a5dba78a217d8050316b0c6ea2f2c4c519 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/constraints/project_url_constrainer.rb b/lib/constraints/project_url_constrainer.rb
index eadfbf7bc01..d41490d2ebd 100644
--- a/lib/constraints/project_url_constrainer.rb
+++ b/lib/constraints/project_url_constrainer.rb
@@ -2,12 +2,13 @@
 
 module Constraints
   class ProjectUrlConstrainer
-    def matches?(request)
+    def matches?(request, existence_check: true)
       namespace_path = request.params[:namespace_id]
       project_path = request.params[:project_id] || request.params[:id]
       full_path = [namespace_path, project_path].join('/')
 
       return false unless ProjectPathValidator.valid_path?(full_path)
+      return true unless existence_check
 
       # We intentionally allow SELECT(*) here so result of this query can be used
       # as cache for further Project.find_by_full_path calls within request
author	Mark Chao <mchao@gitlab.com>	2019-02-18 06:51:56 +0300
committer	Mark Chao <mchao@gitlab.com>	2019-02-19 08:59:24 +0300
commit	9d046c8704c0e7df18d2f9e380e987d22b9a0b2e (patch)
tree	7f5f53fba0bc7f3a09458fd04acb64d4ad91a29b /lib/constraints
parent	701303a5dba78a217d8050316b0c6ea2f2c4c519 (diff)