diff options
author | Jaime Martinez <jmartinez@gitlab.com> | 2020-05-28 07:50:18 +0300 |
---|---|---|
committer | Jaime Martinez <jmartinez@gitlab.com> | 2020-07-06 02:13:51 +0300 |
commit | fb2c26ff998b809baddeb9618aae52c49200bc8b (patch) | |
tree | 500310d07317b81acffab5d9efc2f64cf0d01fbf /internal/auth/auth.go | |
parent | cac920323f196072c28bee611a4ee9157316cd6f (diff) |
Find parent namepsace domain if auth fails for current project
Update labkit
Diffstat (limited to 'internal/auth/auth.go')
-rw-r--r-- | internal/auth/auth.go | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/internal/auth/auth.go b/internal/auth/auth.go index 453edff2..c12207ca 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -18,6 +18,7 @@ import ( log "github.com/sirupsen/logrus" "gitlab.com/gitlab-org/labkit/errortracking" + "gitlab.com/gitlab-org/gitlab-pages/internal/domain" "gitlab.com/gitlab-org/gitlab-pages/internal/httperrors" "gitlab.com/gitlab-org/gitlab-pages/internal/httptransport" "gitlab.com/gitlab-org/gitlab-pages/internal/request" @@ -511,7 +512,7 @@ func (a *Auth) RequireAuth(w http.ResponseWriter, r *http.Request) bool { } // CheckAuthentication checks if user is authenticated and has access to the project -func (a *Auth) CheckAuthentication(w http.ResponseWriter, r *http.Request, projectID uint64) bool { +func (a *Auth) CheckAuthentication(w http.ResponseWriter, r *http.Request, domain *domain.Domain) bool { logRequest(r).Debug("Authenticate request") if a == nil { @@ -522,7 +523,26 @@ func (a *Auth) CheckAuthentication(w http.ResponseWriter, r *http.Request, proje return true } - return a.checkAuthentication(w, r, projectID) + if a.checkAuthentication(w, r, domain.GetProjectID(r)) { + // if auth fails, try to resolve parent namespace domain + r.URL.Path = "/" + parent, err := domain.Resolver.Resolve(r) + if err != nil { + httperrors.Serve404(w) + return true + } + + // for namespace domains that have no access control enabled + if parent.LookupPath.IsNamespaceProject && !parent.LookupPath.HasAccessControl { + parent.ServeNotFoundHTTP(w, r) + return true + } + + httperrors.Serve404(w) + return true + } + + return false } // CheckResponseForInvalidToken checks response for invalid token and destroys session if it was invalid |