Merge branch 'master' of https://github.com/gitlabhq/gitlabhq

author: Ábner Silva de Oliveira <abner.silva@gmail.com> 2014-03-22 23:43:09 +0400
committer: Ábner Silva de Oliveira <abner.silva@gmail.com> 2014-03-22 23:43:09 +0400
commit: cc575875b6c46d384601037645970667a12c8017 (patch)
tree: 401f9738158b1ec4c4ed2b0224b9766c73a01eb2 /lib
parent: 44aa6b90ddde3a7babc6ed9f50d73040d6184789 (diff)
parent: ae1a3148242907b21e9952f1964919622b4f3129 (diff)
4 files changed, 40 insertions, 27 deletions
diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb
index b3e111354f5..c2f3b851c07 100644
--- a/lib/gitlab/backend/grack_auth.rb
+++ b/lib/gitlab/backend/grack_auth.rb
@@ -22,14 +22,16 @@ module Grack
 
       @env['SCRIPT_NAME'] = ""
 
-      auth!
+      if project
+        auth!
+      else
+        render_not_found
+      end
     end
 
     private
 
     def auth!
-      return render_not_found unless project
-
       if @auth.provided?
         return bad_request unless @auth.basic?
 
@@ -38,12 +40,8 @@ module Grack
 
         # Allow authentication for GitLab CI service
         # if valid token passed
-        if login == "gitlab-ci-token" && project.gitlab_ci?
-          token = project.gitlab_ci_service.token
-
-          if token.present? && token == password && service_name == 'git-upload-pack'
-            return @app.call(env)
-          end
+        if gitlab_ci_request?(login, password)
+          return @app.call(env)
         end
 
         @user = authenticate_user(login, password)
@@ -51,23 +49,26 @@ module Grack
         if @user
           Gitlab::ShellEnv.set_env(@user)
           @env['REMOTE_USER'] = @auth.username
-        else
-          return unauthorized
         end
-
-      else
-        return unauthorized unless project.public?
       end
 
-      if authorized_git_request?
+      if authorized_request?
         @app.call(env)
       else
         unauthorized
       end
     end
 
-    def authorized_git_request?
-      authorize_request(service_name)
+    def gitlab_ci_request?(login, password)
+      if login == "gitlab-ci-token" && project.gitlab_ci?
+        token = project.gitlab_ci_service.token
+
+        if token.present? && token == password && git_cmd == 'git-upload-pack'
+          return true
+        end
+      end
+
+      false
     end
 
     def authenticate_user(login, password)
@@ -75,20 +76,31 @@ module Grack
       auth.find(login, password)
     end
 
-    def authorize_request(service)
-      case service
+    def authorized_request?
+      case git_cmd
       when *Gitlab::GitAccess::DOWNLOAD_COMMANDS
-        # Serve only upload request.
-        # Authorization on push will be serverd by update hook in repository
-        Gitlab::GitAccess.new.download_allowed?(user, project)
+        if user
+          Gitlab::GitAccess.new.download_allowed?(user, project)
+        elsif project.public?
+          # Allow clone/fetch for public projects
+          true
+        else
+          false
+        end
       when *Gitlab::GitAccess::PUSH_COMMANDS
-        true
+        if user
+          # Skip user authorization on upload request.
+          # It will be serverd by update hook in repository
+          true
+        else
+          false
+        end
       else
         false
       end
     end
 
-    def service_name
+    def git_cmd
       if @request.get?
         @request.params['service']
       elsif @request.post?
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index 5fb5505743f..1ab8f9213a3 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -34,7 +34,7 @@ module Gitlab
     end
 
     def download_allowed?(user, project)
-      if user_allowed?(user)
+      if user && user_allowed?(user)
         user.can?(:download_code, project)
       else
         false
@@ -42,7 +42,7 @@ module Gitlab
     end
 
     def push_allowed?(user, project, ref, oldrev, newrev)
-      if user_allowed?(user)
+      if user && user_allowed?(user)
         action = if project.protected_branch?(ref)
                    :push_code_to_protected_branches
                  else
diff --git a/lib/gitlab/upgrader.rb b/lib/gitlab/upgrader.rb
index 0fe4888665d..0846359f9b1 100644
--- a/lib/gitlab/upgrader.rb
+++ b/lib/gitlab/upgrader.rb
@@ -1,3 +1,4 @@
+require_relative "popen"
 require_relative "version_info"
 
 module Gitlab
diff --git a/lib/tasks/gitlab/check.rake b/lib/tasks/gitlab/check.rake
index 067735d66b1..071760c0c36 100644
--- a/lib/tasks/gitlab/check.rake
+++ b/lib/tasks/gitlab/check.rake
@@ -742,7 +742,7 @@ namespace :gitlab do
   end
 
   def check_gitlab_shell
-    required_version = Gitlab::VersionInfo.new(1, 9, 0)
+    required_version = Gitlab::VersionInfo.new(1, 9, 1)
     current_version = Gitlab::VersionInfo.parse(gitlab_shell_version)
 
     print "GitLab Shell version >= #{required_version} ? ... "
author	Ábner Silva de Oliveira <abner.silva@gmail.com>	2014-03-22 23:43:09 +0400
committer	Ábner Silva de Oliveira <abner.silva@gmail.com>	2014-03-22 23:43:09 +0400
commit	cc575875b6c46d384601037645970667a12c8017 (patch)
tree	401f9738158b1ec4c4ed2b0224b9766c73a01eb2 /lib
parent	44aa6b90ddde3a7babc6ed9f50d73040d6184789 (diff)
parent	ae1a3148242907b21e9952f1964919622b4f3129 (diff)