diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | GITLAB_SHELL_VERSION | 2 | ||||
| -rw-r--r-- | VERSION | 2 | ||||
| -rw-r--r-- | app/controllers/projects/blob_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/projects/edit_tree_controller.rb | 2 | ||||
| -rw-r--r-- | app/services/files/base_service.rb | 6 | ||||
| -rw-r--r-- | config/initializers/gitlab_shell_secret_token.rb | 19 | ||||
| -rw-r--r-- | features/project/source/browse_files.feature | 20 | ||||
| -rw-r--r-- | features/steps/project/source/browse_files.rb | 8 | ||||
| -rw-r--r-- | features/steps/shared/paths.rb | 9 | ||||
| -rw-r--r-- | lib/api/files.rb | 6 | ||||
| -rw-r--r-- | lib/api/helpers.rb | 8 | ||||
| -rw-r--r-- | lib/api/internal.rb | 4 | ||||
| -rw-r--r-- | lib/backup/repository.rb | 2 | ||||
| -rw-r--r-- | spec/requests/api/internal_spec.rb | 14 |
15 files changed, 86 insertions, 19 deletions
diff --git a/.gitignore b/.gitignore index 4f778371512..2c6b65b7b7d 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,4 @@ public/assets/ .envrc dump.rdb tags +.gitlab_shell_secret diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION index 38f77a65b30..7ec1d6db408 100644 --- a/GITLAB_SHELL_VERSION +++ b/GITLAB_SHELL_VERSION @@ -1 +1 @@ -2.0.1 +2.1.0 @@ -1 +1 @@ -7.4.0.rc1 +7.5.0.pre diff --git a/app/controllers/projects/blob_controller.rb b/app/controllers/projects/blob_controller.rb index 7009e3b1bc8..0944c7421ee 100644 --- a/app/controllers/projects/blob_controller.rb +++ b/app/controllers/projects/blob_controller.rb @@ -20,7 +20,7 @@ class Projects::BlobController < Projects::ApplicationController flash[:notice] = "Your changes have been successfully committed" redirect_to project_tree_path(@project, @ref) else - flash[:alert] = result[:error] + flash[:alert] = result[:message] render :show end end diff --git a/app/controllers/projects/edit_tree_controller.rb b/app/controllers/projects/edit_tree_controller.rb index 8976d7c7be8..fdc1a85d8d7 100644 --- a/app/controllers/projects/edit_tree_controller.rb +++ b/app/controllers/projects/edit_tree_controller.rb @@ -22,7 +22,7 @@ class Projects::EditTreeController < Projects::BaseTreeController redirect_to after_edit_path else - flash[:alert] = result[:error] + flash[:alert] = result[:message] render :show end end diff --git a/app/services/files/base_service.rb b/app/services/files/base_service.rb index db6f0831f8b..bd245100955 100644 --- a/app/services/files/base_service.rb +++ b/app/services/files/base_service.rb @@ -10,12 +10,6 @@ module Files private - def success - out = super() - out[:error] = '' - out - end - def repository project.repository end diff --git a/config/initializers/gitlab_shell_secret_token.rb b/config/initializers/gitlab_shell_secret_token.rb new file mode 100644 index 00000000000..8d2b771e535 --- /dev/null +++ b/config/initializers/gitlab_shell_secret_token.rb @@ -0,0 +1,19 @@ +# Be sure to restart your server when you modify this file. + +require 'securerandom' + +# Your secret key for verifying the gitlab_shell. + + +secret_file = Rails.root.join('.gitlab_shell_secret') +gitlab_shell_symlink = File.join(Gitlab.config.gitlab_shell.path, '.gitlab_shell_secret') + +unless File.exist? secret_file + # Generate a new token of 16 random hexadecimal characters and store it in secret_file. + token = SecureRandom.hex(16) + File.write(secret_file, token) +end + +if File.exist?(Gitlab.config.gitlab_shell.path) && !File.exist?(gitlab_shell_symlink) + FileUtils.symlink(secret_file, gitlab_shell_symlink) +end
\ No newline at end of file diff --git a/features/project/source/browse_files.feature b/features/project/source/browse_files.feature index aca255b9444..b7d70881d56 100644 --- a/features/project/source/browse_files.feature +++ b/features/project/source/browse_files.feature @@ -35,6 +35,16 @@ Feature: Project Source Browse Files And I should see its new content @javascript + Scenario: If I enter an illegal file name I see an error message + Given I click on "new file" link in repo + And I fill the new file name with an illegal name + And I edit code + And I fill the commit message + And I click on "Commit changes" + Then I am on the new file page + And I see a commit error message + + @javascript Scenario: I can edit file Given I click on ".gitignore" file in repo And I click button "Edit" @@ -50,6 +60,16 @@ Feature: Project Source Browse Files Then I am redirected to the ".gitignore" And I should see its new content + @javascript @wip + Scenario: If I don't change the content of the file I see an error message + Given I click on ".gitignore" file in repo + And I click button "edit" + And I fill the commit message + And I click on "Commit changes" + # Test fails because carriage returns are added to the file. + Then I am on the ".gitignore" edit file page + And I see a commit error message + @javascript Scenario: I can see editing preview Given I click on ".gitignore" file in repo diff --git a/features/steps/project/source/browse_files.rb b/features/steps/project/source/browse_files.rb index 20f8f6c24ae..665f5d6d195 100644 --- a/features/steps/project/source/browse_files.rb +++ b/features/steps/project/source/browse_files.rb @@ -61,6 +61,10 @@ class Spinach::Features::ProjectSourceBrowseFiles < Spinach::FeatureSteps fill_in :file_name, with: new_file_name end + step 'I fill the new file name with an illegal name' do + fill_in :file_name, with: '.git' + end + step 'I fill the commit message' do fill_in :commit_message, with: 'Not yet a commit message.' end @@ -151,6 +155,10 @@ class Spinach::Features::ProjectSourceBrowseFiles < Spinach::FeatureSteps expect(page).not_to have_link('permalink') end + step 'I see a commit error message' do + expect(page).to have_content('Your changes could not be committed') + end + private def set_new_content diff --git a/features/steps/shared/paths.rb b/features/steps/shared/paths.rb index 1f238f8befd..5f292255ce1 100644 --- a/features/steps/shared/paths.rb +++ b/features/steps/shared/paths.rb @@ -265,6 +265,15 @@ module SharedPaths visit project_blob_path(@project, File.join(root_ref, '.gitignore')) end + step 'I am on the new file page' do + current_path.should eq(project_new_tree_path(@project, root_ref)) + end + + step 'I am on the ".gitignore" edit file page' do + current_path.should eq(project_edit_tree_path( + @project, File.join(root_ref, '.gitignore'))) + end + step 'I visit project source page for "6d39438"' do visit project_tree_path(@project, "6d39438") end diff --git a/lib/api/files.rb b/lib/api/files.rb index e63e635a4d3..84e1d311781 100644 --- a/lib/api/files.rb +++ b/lib/api/files.rb @@ -85,7 +85,7 @@ module API branch_name: branch_name } else - render_api_error!(result[:error], 400) + render_api_error!(result[:message], 400) end end @@ -117,7 +117,7 @@ module API branch_name: branch_name } else - render_api_error!(result[:error], 400) + render_api_error!(result[:message], 400) end end @@ -149,7 +149,7 @@ module API branch_name: branch_name } else - render_api_error!(result[:error], 400) + render_api_error!(result[:message], 400) end end end diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 3262884f6d3..027fb20ec46 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -67,6 +67,10 @@ module API unauthorized! unless current_user end + def authenticate_by_gitlab_shell_token! + unauthorized! unless secret_token == params['secret_token'] + end + def authenticated_as_admin! forbidden! unless current_user.is_admin? end @@ -193,5 +197,9 @@ module API abilities end end + + def secret_token + File.read(Rails.root.join('.gitlab_shell_secret')) + end end end diff --git a/lib/api/internal.rb b/lib/api/internal.rb index 9ac659f50fd..ebf2296097d 100644 --- a/lib/api/internal.rb +++ b/lib/api/internal.rb @@ -1,6 +1,10 @@ module API # Internal access API class Internal < Grape::API + before { + authenticate_by_gitlab_shell_token! + } + namespace 'internal' do # Check if git command is allowed to project # diff --git a/lib/backup/repository.rb b/lib/backup/repository.rb index 4e99d4bbe5c..380beac708d 100644 --- a/lib/backup/repository.rb +++ b/lib/backup/repository.rb @@ -30,7 +30,7 @@ module Backup if File.exists?(path_to_repo(wiki)) print " * #{wiki.path_with_namespace} ... " - if wiki.empty? + if wiki.repository.empty? puts " [SKIPPED]".cyan else output, status = Gitlab::Popen.popen(%W(git --git-dir=#{path_to_repo(wiki)} bundle create #{path_to_bundle(wiki)} --all)) diff --git a/spec/requests/api/internal_spec.rb b/spec/requests/api/internal_spec.rb index 6df5ef38961..677b1494041 100644 --- a/spec/requests/api/internal_spec.rb +++ b/spec/requests/api/internal_spec.rb @@ -5,10 +5,11 @@ describe API::API, api: true do let(:user) { create(:user) } let(:key) { create(:key, user: user) } let(:project) { create(:project) } + let(:secret_token) { File.read Rails.root.join('.gitlab_shell_secret') } describe "GET /internal/check", no_db: true do it do - get api("/internal/check") + get api("/internal/check"), secret_token: secret_token response.status.should == 200 json_response['api_version'].should == API::API.version @@ -17,7 +18,7 @@ describe API::API, api: true do describe "GET /internal/discover" do it do - get(api("/internal/discover"), key_id: key.id) + get(api("/internal/discover"), key_id: key.id, secret_token: secret_token) response.status.should == 200 @@ -159,7 +160,8 @@ describe API::API, api: true do api("/internal/allowed"), key_id: key.id, project: project.path_with_namespace, - action: 'git-upload-pack' + action: 'git-upload-pack', + secret_token: secret_token ) end @@ -169,7 +171,8 @@ describe API::API, api: true do changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master', key_id: key.id, project: project.path_with_namespace, - action: 'git-receive-pack' + action: 'git-receive-pack', + secret_token: secret_token ) end @@ -179,7 +182,8 @@ describe API::API, api: true do ref: 'master', key_id: key.id, project: project.path_with_namespace, - action: 'git-upload-archive' + action: 'git-upload-archive', + secret_token: secret_token ) end end |