Merge branch 'security-api-internal-publicity' into 'master'

Gitlab-shell identification

Part of gitlab/gitlabhq#1528

See merge request !1185

2 files changed, 12 insertions, 0 deletions

diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 3262884f6d3..027fb20ec46 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -67,6 +67,10 @@ module API
       unauthorized! unless current_user
     end
 
+    def authenticate_by_gitlab_shell_token!
+      unauthorized! unless secret_token == params['secret_token']
+    end
+
     def authenticated_as_admin!
       forbidden! unless current_user.is_admin?
     end
@@ -193,5 +197,9 @@ module API
                        abilities
                      end
     end
+
+    def secret_token
+      File.read(Rails.root.join('.gitlab_shell_secret'))
+    end
   end
 end
diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index 9ac659f50fd..ebf2296097d 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -1,6 +1,10 @@
 module API
   # Internal access API
   class Internal < Grape::API
+    before {
+      authenticate_by_gitlab_shell_token!
+    }
+
     namespace 'internal' do
       # Check if git command is allowed to project
       #