diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-19 12:08:42 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-19 12:08:42 +0300 |
commit | b76ae638462ab0f673e5915986070518dd3f9ad3 (patch) | |
tree | bdab0533383b52873be0ec0eb4d3c66598ff8b91 /lib/gitlab/middleware | |
parent | 434373eabe7b4be9593d18a585fb763f1e5f1a6f (diff) |
Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42
Diffstat (limited to 'lib/gitlab/middleware')
-rw-r--r-- | lib/gitlab/middleware/go.rb | 16 | ||||
-rw-r--r-- | lib/gitlab/middleware/multipart.rb | 2 |
2 files changed, 10 insertions, 8 deletions
diff --git a/lib/gitlab/middleware/go.rb b/lib/gitlab/middleware/go.rb index 4b65bbcc791..a1a0356ff58 100644 --- a/lib/gitlab/middleware/go.rb +++ b/lib/gitlab/middleware/go.rb @@ -127,23 +127,25 @@ module Gitlab def project_for_paths(paths, request) project = Project.where_full_path_in(paths).first - return unless Ability.allowed?(current_user(request, project), :read_project, project) + + return unless authentication_result(request, project).can_perform_action_on_project?(:read_project, project) project end - def current_user(request, project) - return unless has_basic_credentials?(request) + def authentication_result(request, project) + empty_result = Gitlab::Auth::Result::EMPTY + return empty_result unless has_basic_credentials?(request) login, password = user_name_and_password(request) auth_result = Gitlab::Auth.find_for_git_client(login, password, project: project, ip: request.ip) - return unless auth_result.success? + return empty_result unless auth_result.success? - return unless auth_result.actor&.can?(:access_git) + return empty_result unless auth_result.can?(:access_git) - return unless auth_result.authentication_abilities.include?(:read_project) + return empty_result unless auth_result.authentication_abilities_include?(:read_project) - auth_result.actor + auth_result end end end diff --git a/lib/gitlab/middleware/multipart.rb b/lib/gitlab/middleware/multipart.rb index 329041e3ba2..30b3fe3d893 100644 --- a/lib/gitlab/middleware/multipart.rb +++ b/lib/gitlab/middleware/multipart.rb @@ -177,7 +177,7 @@ module Gitlab @app.call(env) end rescue UploadedFile::InvalidPathError => e - [400, { 'Content-Type' => 'text/plain' }, e.message] + [400, { 'Content-Type' => 'text/plain' }, [e.message]] end end end |