Merge branch 'security-api-internal-publicity' into 'master'

Gitlab-shell identification Part of gitlab/gitlabhq#1528 See merge request !1185
author: Dmitriy Zaporozhets <dzaporozhets@gitlab.com> 2014-10-20 10:47:43 +0000
committer: Dmitriy Zaporozhets <dzaporozhets@gitlab.com> 2014-10-20 10:47:43 +0000
commit: ab2db486b8014e509455b624dfd1719f77e27ede (patch)
tree: e0ad46182e7b86946e3c2790ce7e6f9d95964358 /lib/api/helpers.rb
parent: d4bc1255817e6cdab95596096067bdc611b71280 (diff)
parent: 2e485af7b051512f804ae46a81cba480d2eca46f (diff)
download: gitlab-ce-ab2db486b8014e509455b624dfd1719f77e27ede.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 3262884f6d3..027fb20ec46 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -67,6 +67,10 @@ module API
       unauthorized! unless current_user
     end
 
+    def authenticate_by_gitlab_shell_token!
+      unauthorized! unless secret_token == params['secret_token']
+    end
+
     def authenticated_as_admin!
       forbidden! unless current_user.is_admin?
     end
@@ -193,5 +197,9 @@ module API
                        abilities
                      end
     end
+
+    def secret_token
+      File.read(Rails.root.join('.gitlab_shell_secret'))
+    end
   end
 end
author	Dmitriy Zaporozhets <dzaporozhets@gitlab.com>	2014-10-20 10:47:43 +0000
committer	Dmitriy Zaporozhets <dzaporozhets@gitlab.com>	2014-10-20 10:47:43 +0000
commit	ab2db486b8014e509455b624dfd1719f77e27ede (patch)
tree	e0ad46182e7b86946e3c2790ce7e6f9d95964358 /lib/api/helpers.rb
parent	d4bc1255817e6cdab95596096067bdc611b71280 (diff)
parent	2e485af7b051512f804ae46a81cba480d2eca46f (diff)
download	gitlab-ce-ab2db486b8014e509455b624dfd1719f77e27ede.tar.gz