Merge branch 'allow-disabling-of-git-access-protocol' into 'master'

Add setting that allows admins to choose which Git access protocols are enabled. ## What does this MR do? It allows admins to disable one of the two protocols for Git access. They can choose to enable just SSH, HTTP or allow both. If one of them is disabled, the clone URL in the project will show only the allowed protocol, and no dropdown to change protocols will be presented. ## What are the relevant issue numbers? Full implementation on GitLab's side for #18601 GitLab Shell implementation: gitlab-org/gitlab-shell!62 GitLab Workhorse implementation: gitlab-org/gitlab-workhorse!51 ## Screenshots (if relevant) ![Screen_Shot_2016-06-16_at_12.26.19_PM](/uploads/bad845142e9704a7385b2eaca51fd4eb/Screen_Shot_2016-06-16_at_12.26.19_PM.png) ![Screen_Shot_2016-06-20_at_4.24.54_PM](/uploads/6e452dd269e06f0be23841ce93866ed6/Screen_Shot_2016-06-20_at_4.24.54_PM.png) /cc @jschatz1 this MR touches the UI. Please review. See merge request !4696
author: Douwe Maan <douwe@gitlab.com> 2016-07-05 22:57:19 +0000
committer: Douwe Maan <douwe@gitlab.com> 2016-07-05 22:57:19 +0000
commit: cfd5870b62e9d76e564ffc64db1d1281b4a363bb (patch)
tree: 34adec49220b96c99aea7139cd0794405ecd7b8d /spec/requests
parent: 1141eaf5c83f927ccc064b6c5d162081fdd22894 (diff)
parent: 0bdf6fe4ba90f0a1dc7777d17651667776dfb91b (diff)
download: gitlab-ce-cfd5870b62e9d76e564ffc64db1d1281b4a363bb.tar.gz
1 files changed, 66 insertions, 5 deletions
diff --git a/spec/requests/api/internal_spec.rb b/spec/requests/api/internal_spec.rb
index fcea45f19ba..e567d36afa8 100644
--- a/spec/requests/api/internal_spec.rb
+++ b/spec/requests/api/internal_spec.rb
@@ -207,26 +207,86 @@ describe API::API, api: true  do
         expect(json_response["status"]).to be_falsey
       end
     end
+
+    context 'ssh access has been disabled' do
+      before do
+        settings = ::ApplicationSetting.create_from_defaults
+        settings.update_attribute(:enabled_git_access_protocol, 'http')
+      end
+
+      it 'rejects the SSH push' do
+        push(key, project)
+
+        expect(response.status).to eq(200)
+        expect(json_response['status']).to be_falsey
+        expect(json_response['message']).to eq 'Git access over SSH is not allowed'
+      end
+
+      it 'rejects the SSH pull' do
+        pull(key, project)
+
+        expect(response.status).to eq(200)
+        expect(json_response['status']).to be_falsey
+        expect(json_response['message']).to eq 'Git access over SSH is not allowed'
+      end
+    end
+
+    context 'http access has been disabled' do
+      before do
+        settings = ::ApplicationSetting.create_from_defaults
+        settings.update_attribute(:enabled_git_access_protocol, 'ssh')
+      end
+
+      it 'rejects the HTTP push' do
+        push(key, project, 'http')
+
+        expect(response.status).to eq(200)
+        expect(json_response['status']).to be_falsey
+        expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
+      end
+
+      it 'rejects the HTTP pull' do
+        pull(key, project, 'http')
+
+        expect(response.status).to eq(200)
+        expect(json_response['status']).to be_falsey
+        expect(json_response['message']).to eq 'Git access over HTTP is not allowed'
+      end
+    end
+
+    context 'web actions are always allowed' do
+      it 'allows WEB push' do
+        settings = ::ApplicationSetting.create_from_defaults
+        settings.update_attribute(:enabled_git_access_protocol, 'ssh')
+        project.team << [user, :developer]
+        push(key, project, 'web')
+
+        expect(response.status).to eq(200)
+        expect(json_response['status']).to be_truthy
+      end
+    end
   end
 
-  def pull(key, project)
+  def pull(key, project, protocol = 'ssh')
     post(
       api("/internal/allowed"),
       key_id: key.id,
       project: project.path_with_namespace,
       action: 'git-upload-pack',
-      secret_token: secret_token
+      secret_token: secret_token,
+      protocol: protocol
     )
   end
 
-  def push(key, project)
+  def push(key, project, protocol = 'ssh')
     post(
       api("/internal/allowed"),
       changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master',
       key_id: key.id,
       project: project.path_with_namespace,
       action: 'git-receive-pack',
-      secret_token: secret_token
+      secret_token: secret_token,
+      protocol: protocol
     )
   end
 
@@ -237,7 +297,8 @@ describe API::API, api: true  do
       key_id: key.id,
       project: project.path_with_namespace,
       action: 'git-upload-archive',
-      secret_token: secret_token
+      secret_token: secret_token,
+      protocol: 'ssh'
     )
   end
 end
author	Douwe Maan <douwe@gitlab.com>	2016-07-05 22:57:19 +0000
committer	Douwe Maan <douwe@gitlab.com>	2016-07-05 22:57:19 +0000
commit	cfd5870b62e9d76e564ffc64db1d1281b4a363bb (patch)
tree	34adec49220b96c99aea7139cd0794405ecd7b8d /spec/requests
parent	1141eaf5c83f927ccc064b6c5d162081fdd22894 (diff)
parent	0bdf6fe4ba90f0a1dc7777d17651667776dfb91b (diff)
download	gitlab-ce-cfd5870b62e9d76e564ffc64db1d1281b4a363bb.tar.gz