diff options
| author | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2014-10-20 10:47:43 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dzaporozhets@gitlab.com> | 2014-10-20 10:47:43 +0000 |
| commit | ab2db486b8014e509455b624dfd1719f77e27ede (patch) | |
| tree | e0ad46182e7b86946e3c2790ce7e6f9d95964358 /lib | |
| parent | d4bc1255817e6cdab95596096067bdc611b71280 (diff) | |
| parent | 2e485af7b051512f804ae46a81cba480d2eca46f (diff) | |
| download | gitlab-ce-ab2db486b8014e509455b624dfd1719f77e27ede.tar.gz | |
Merge branch 'security-api-internal-publicity' into 'master'
Gitlab-shell identification
Part of gitlab/gitlabhq#1528
See merge request !1185
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/helpers.rb | 8 | ||||
| -rw-r--r-- | lib/api/internal.rb | 4 |
2 files changed, 12 insertions, 0 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 3262884f6d3..027fb20ec46 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -67,6 +67,10 @@ module API unauthorized! unless current_user end + def authenticate_by_gitlab_shell_token! + unauthorized! unless secret_token == params['secret_token'] + end + def authenticated_as_admin! forbidden! unless current_user.is_admin? end @@ -193,5 +197,9 @@ module API abilities end end + + def secret_token + File.read(Rails.root.join('.gitlab_shell_secret')) + end end end diff --git a/lib/api/internal.rb b/lib/api/internal.rb index 9ac659f50fd..ebf2296097d 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -1,6 +1,10 @@ module API # Internal access API class Internal < Grape::API + before { + authenticate_by_gitlab_shell_token! + } + namespace 'internal' do # Check if git command is allowed to project # |