diff options
Diffstat (limited to 'lib/gitlab/backend/grack_auth.rb')
-rw-r--r-- | lib/gitlab/backend/grack_auth.rb | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/lib/gitlab/backend/grack_auth.rb b/lib/gitlab/backend/grack_auth.rb index dc87aa52a3e..aa46c9a6d49 100644 --- a/lib/gitlab/backend/grack_auth.rb +++ b/lib/gitlab/backend/grack_auth.rb @@ -10,7 +10,7 @@ module Grack @request = Rack::Request.new(env) @auth = Request.new(env) - @gitlab_ci = false + @ci = false # Need this patch due to the rails mount # Need this if under RELATIVE_URL_ROOT @@ -28,7 +28,7 @@ module Grack if project && authorized_request? # Tell gitlab-git-http-server the request is OK, and what the GL_ID is render_grack_auth_ok - elsif @user.nil? && !@gitlab_ci + elsif @user.nil? && !@ci unauthorized else render_not_found @@ -47,8 +47,8 @@ module Grack # Allow authentication for GitLab CI service # if valid token passed - if gitlab_ci_request?(login, password) - @gitlab_ci = true + if ci_request?(login, password) + @ci = true return end @@ -60,12 +60,17 @@ module Grack end end - def gitlab_ci_request?(login, password) - if login == "gitlab-ci-token" && project && project.gitlab_ci? - token = project.gitlab_ci_service.token + def ci_request?(login, password) + matched_login = /(?<s>^[a-zA-Z]*-ci)-token$/.match(login) - if token.present? && token == password && git_cmd == 'git-upload-pack' - return true + if project && matched_login.present? && git_cmd == 'git-upload-pack' + underscored_service = matched_login['s'].underscore + + if Service.available_services_names.include?(underscored_service) + service_method = "#{underscored_service}_service" + service = project.send(service_method) + + return service && service.activated? && service.valid_token?(password) end end @@ -124,7 +129,7 @@ module Grack end def authorized_request? - return true if @gitlab_ci + return true if @ci case git_cmd when *Gitlab::GitAccess::DOWNLOAD_COMMANDS |