From 7f0f6e7621cbc60504f0c1f1bf1541d5b95a4ff8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C5=82gorzata=20Ksionek?= Date: Tue, 17 Sep 2019 16:36:37 +0200 Subject: Add ip address to headers --- go/internal/gitlabnet/client.go | 12 ++++++++++++ go/internal/gitlabnet/client_test.go | 30 ++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/go/internal/gitlabnet/client.go b/go/internal/gitlabnet/client.go index dacb1d6..26c24d4 100644 --- a/go/internal/gitlabnet/client.go +++ b/go/internal/gitlabnet/client.go @@ -7,6 +7,7 @@ import ( "fmt" "io" "net/http" + "os" "strings" "gitlab.com/gitlab-org/gitlab-shell/go/internal/config" @@ -109,6 +110,9 @@ func (c *GitlabClient) DoRequest(method, path string, data interface{}) (*http.R request.Header.Set(secretHeaderName, encodedSecret) request.Header.Add("Content-Type", "application/json") + ip := ipAddr() + request.Header.Add("X_FORWARDED_FOR", ip) + request.Close = true response, err := c.httpClient.Do(request) @@ -123,6 +127,14 @@ func (c *GitlabClient) DoRequest(method, path string, data interface{}) (*http.R return response, nil } +func ipAddr() string { + address := os.Getenv("SSH_CONNECTION") + if address != "" { + return strings.Fields(address)[0] + } + return address +} + func ParseJSON(hr *http.Response, response interface{}) error { if err := json.NewDecoder(hr.Body).Decode(response); err != nil { return ParsingError diff --git a/go/internal/gitlabnet/client_test.go b/go/internal/gitlabnet/client_test.go index e8499dc..debe618 100644 --- a/go/internal/gitlabnet/client_test.go +++ b/go/internal/gitlabnet/client_test.go @@ -6,6 +6,7 @@ import ( "fmt" "io/ioutil" "net/http" + "os" "path" "testing" @@ -50,6 +51,13 @@ func TestClients(t *testing.T) { fmt.Fprint(w, r.Header.Get(secretHeaderName)) }, }, + { + Path: "/api/v4/internal/with_ip", + Handler: func(w http.ResponseWriter, r *http.Request) { + header := r.Header.Get("X_FORWARDED_FOR") + require.Equal(t, header, "127.0.0.1") + }, + }, { Path: "/api/v4/internal/error", Handler: func(w http.ResponseWriter, r *http.Request) { @@ -110,6 +118,7 @@ func TestClients(t *testing.T) { testMissing(t, client) testErrorMessage(t, client) testAuthenticationHeader(t, client) + testXForwardedForHeader(t, client) }) } } @@ -217,3 +226,24 @@ func testAuthenticationHeader(t *testing.T, client *GitlabClient) { assert.Equal(t, "sssh, it's a secret", string(header)) }) } + +func testXForwardedForHeader(t *testing.T, client *GitlabClient) { + t.Run("X-Forwarded-For for GET", func(t *testing.T) { + os.Setenv("SSH_CONNECTION", "127.0.0.1 0") + response, err := client.Get("/with_ip") + defer response.Body.Close() + + require.NoError(t, err) + require.NotNil(t, response) + }) + + t.Run("X-Forwarded-For for POST", func(t *testing.T) { + data := map[string]string{"key": "value"} + os.Setenv("SSH_CONNECTION", "127.0.0.1 0") + response, err := client.Post("/with_ip", data) + defer response.Body.Close() + + require.NoError(t, err) + require.NotNil(t, response) + }) +} -- cgit v1.2.1 From 216bfafb4c0001a476e5ca630cd8c3baf7718d8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C5=82gorzata=20Ksionek?= Date: Thu, 19 Sep 2019 12:36:53 +0200 Subject: Add code review remarks --- go/internal/config/config.go | 9 +++++++++ go/internal/gitlabnet/client.go | 12 +----------- go/internal/gitlabnet/client_test.go | 10 ++++++---- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/go/internal/config/config.go b/go/internal/config/config.go index 2231851..53de6f2 100644 --- a/go/internal/config/config.go +++ b/go/internal/config/config.go @@ -6,6 +6,7 @@ import ( "os" "path" "path/filepath" + "strings" yaml "gopkg.in/yaml.v2" ) @@ -121,3 +122,11 @@ func parseSecret(cfg *Config) error { return nil } + +func (c *Config) IpAddr() string { + address := os.Getenv("SSH_CONNECTION") + if address != "" { + return strings.Fields(address)[0] + } + return address +} diff --git a/go/internal/gitlabnet/client.go b/go/internal/gitlabnet/client.go index 26c24d4..b668fbd 100644 --- a/go/internal/gitlabnet/client.go +++ b/go/internal/gitlabnet/client.go @@ -7,7 +7,6 @@ import ( "fmt" "io" "net/http" - "os" "strings" "gitlab.com/gitlab-org/gitlab-shell/go/internal/config" @@ -110,8 +109,7 @@ func (c *GitlabClient) DoRequest(method, path string, data interface{}) (*http.R request.Header.Set(secretHeaderName, encodedSecret) request.Header.Add("Content-Type", "application/json") - ip := ipAddr() - request.Header.Add("X_FORWARDED_FOR", ip) + request.Header.Add("X_FORWARDED_FOR", c.config.IpAddr()) request.Close = true @@ -127,14 +125,6 @@ func (c *GitlabClient) DoRequest(method, path string, data interface{}) (*http.R return response, nil } -func ipAddr() string { - address := os.Getenv("SSH_CONNECTION") - if address != "" { - return strings.Fields(address)[0] - } - return address -} - func ParseJSON(hr *http.Response, response interface{}) error { if err := json.NewDecoder(hr.Body).Decode(response); err != nil { return ParsingError diff --git a/go/internal/gitlabnet/client_test.go b/go/internal/gitlabnet/client_test.go index debe618..07ac7b8 100644 --- a/go/internal/gitlabnet/client_test.go +++ b/go/internal/gitlabnet/client_test.go @@ -55,7 +55,7 @@ func TestClients(t *testing.T) { Path: "/api/v4/internal/with_ip", Handler: func(w http.ResponseWriter, r *http.Request) { header := r.Header.Get("X_FORWARDED_FOR") - require.Equal(t, header, "127.0.0.1") + require.Equal(t, "127.0.0.1", header) }, }, { @@ -229,21 +229,23 @@ func testAuthenticationHeader(t *testing.T, client *GitlabClient) { func testXForwardedForHeader(t *testing.T, client *GitlabClient) { t.Run("X-Forwarded-For for GET", func(t *testing.T) { - os.Setenv("SSH_CONNECTION", "127.0.0.1 0") + err := os.Setenv("SSH_CONNECTION", "127.0.0.1 0") + require.Nil(t, err) + response, err := client.Get("/with_ip") - defer response.Body.Close() require.NoError(t, err) require.NotNil(t, response) + response.Body.Close() }) t.Run("X-Forwarded-For for POST", func(t *testing.T) { data := map[string]string{"key": "value"} os.Setenv("SSH_CONNECTION", "127.0.0.1 0") response, err := client.Post("/with_ip", data) - defer response.Body.Close() require.NoError(t, err) require.NotNil(t, response) + response.Body.Close() }) } -- cgit v1.2.1 From 8071ea113454ae26ad9822c0a41efc5bc45f3de2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C5=82gorzata=20Ksionek?= Date: Mon, 23 Sep 2019 09:48:01 +0200 Subject: Add cr remarks --- go/internal/config/config.go | 8 ++++++-- go/internal/config/config_test.go | 8 ++++++++ go/internal/gitlabnet/client.go | 2 +- go/internal/gitlabnet/client_test.go | 7 +------ 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/go/internal/config/config.go b/go/internal/config/config.go index 53de6f2..36a25c4 100644 --- a/go/internal/config/config.go +++ b/go/internal/config/config.go @@ -36,6 +36,7 @@ type Config struct { Secret string `yaml:"secret"` HttpSettings HttpSettingsConfig `yaml:"http_settings"` HttpClient *HttpClient + IPAddr string } func New() (*Config, error) { @@ -52,7 +53,10 @@ func NewFromDir(dir string) (*Config, error) { } func newFromFile(filename string) (*Config, error) { - cfg := &Config{RootDir: path.Dir(filename)} + cfg := &Config{ + RootDir: path.Dir(filename), + IPAddr: getIPAddr(), + } configBytes, err := ioutil.ReadFile(filename) if err != nil { @@ -123,7 +127,7 @@ func parseSecret(cfg *Config) error { return nil } -func (c *Config) IpAddr() string { +func getIPAddr() string { address := os.Getenv("SSH_CONNECTION") if address != "" { return strings.Fields(address)[0] diff --git a/go/internal/config/config_test.go b/go/internal/config/config_test.go index e31ff70..1dfee28 100644 --- a/go/internal/config/config_test.go +++ b/go/internal/config/config_test.go @@ -2,6 +2,7 @@ package config import ( "fmt" + "os" "path" "testing" @@ -110,3 +111,10 @@ func TestParseConfig(t *testing.T) { }) } } + +func TestGetIPAddr(t *testing.T) { + err := os.Setenv("SSH_CONNECTION", "127.0.0.1 0") + + require.Nil(t, err) + require.Equal(t, getIPAddr(), "127.0.0.1") +} diff --git a/go/internal/gitlabnet/client.go b/go/internal/gitlabnet/client.go index b668fbd..3aa30ad 100644 --- a/go/internal/gitlabnet/client.go +++ b/go/internal/gitlabnet/client.go @@ -109,7 +109,7 @@ func (c *GitlabClient) DoRequest(method, path string, data interface{}) (*http.R request.Header.Set(secretHeaderName, encodedSecret) request.Header.Add("Content-Type", "application/json") - request.Header.Add("X_FORWARDED_FOR", c.config.IpAddr()) + request.Header.Add("X_FORWARDED_FOR", c.config.IPAddr) request.Close = true diff --git a/go/internal/gitlabnet/client_test.go b/go/internal/gitlabnet/client_test.go index 07ac7b8..3f25d3c 100644 --- a/go/internal/gitlabnet/client_test.go +++ b/go/internal/gitlabnet/client_test.go @@ -6,7 +6,6 @@ import ( "fmt" "io/ioutil" "net/http" - "os" "path" "testing" @@ -108,7 +107,7 @@ func TestClients(t *testing.T) { tc.config.GitlabUrl = url tc.config.Secret = "sssh, it's a secret" - + tc.config.IPAddr = "127.0.0.1" client, err := GetClient(tc.config) require.NoError(t, err) @@ -229,9 +228,6 @@ func testAuthenticationHeader(t *testing.T, client *GitlabClient) { func testXForwardedForHeader(t *testing.T, client *GitlabClient) { t.Run("X-Forwarded-For for GET", func(t *testing.T) { - err := os.Setenv("SSH_CONNECTION", "127.0.0.1 0") - require.Nil(t, err) - response, err := client.Get("/with_ip") require.NoError(t, err) @@ -241,7 +237,6 @@ func testXForwardedForHeader(t *testing.T, client *GitlabClient) { t.Run("X-Forwarded-For for POST", func(t *testing.T) { data := map[string]string{"key": "value"} - os.Setenv("SSH_CONNECTION", "127.0.0.1 0") response, err := client.Post("/with_ip", data) require.NoError(t, err) -- cgit v1.2.1 From 9304b1d6110494147ff7113592d8473ecb3e9114 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C5=82gorzata=20Ksionek?= Date: Sun, 29 Sep 2019 17:45:49 +0200 Subject: Add cr remarks --- go/internal/config/config.go | 11 ----------- go/internal/config/config_test.go | 8 -------- go/internal/gitlabnet/client.go | 6 +++++- go/internal/gitlabnet/client_test.go | 11 +++++++++-- go/internal/sshenv/sshenv.go | 15 +++++++++++++++ go/internal/sshenv/sshenv_test.go | 17 +++++++++++++++++ go/internal/testhelper/testhelper.go | 6 ++++++ support/go-test | 2 +- 8 files changed, 53 insertions(+), 23 deletions(-) create mode 100644 go/internal/sshenv/sshenv.go create mode 100644 go/internal/sshenv/sshenv_test.go diff --git a/go/internal/config/config.go b/go/internal/config/config.go index 36a25c4..d958a82 100644 --- a/go/internal/config/config.go +++ b/go/internal/config/config.go @@ -6,7 +6,6 @@ import ( "os" "path" "path/filepath" - "strings" yaml "gopkg.in/yaml.v2" ) @@ -36,7 +35,6 @@ type Config struct { Secret string `yaml:"secret"` HttpSettings HttpSettingsConfig `yaml:"http_settings"` HttpClient *HttpClient - IPAddr string } func New() (*Config, error) { @@ -55,7 +53,6 @@ func NewFromDir(dir string) (*Config, error) { func newFromFile(filename string) (*Config, error) { cfg := &Config{ RootDir: path.Dir(filename), - IPAddr: getIPAddr(), } configBytes, err := ioutil.ReadFile(filename) @@ -126,11 +123,3 @@ func parseSecret(cfg *Config) error { return nil } - -func getIPAddr() string { - address := os.Getenv("SSH_CONNECTION") - if address != "" { - return strings.Fields(address)[0] - } - return address -} diff --git a/go/internal/config/config_test.go b/go/internal/config/config_test.go index 1dfee28..e31ff70 100644 --- a/go/internal/config/config_test.go +++ b/go/internal/config/config_test.go @@ -2,7 +2,6 @@ package config import ( "fmt" - "os" "path" "testing" @@ -111,10 +110,3 @@ func TestParseConfig(t *testing.T) { }) } } - -func TestGetIPAddr(t *testing.T) { - err := os.Setenv("SSH_CONNECTION", "127.0.0.1 0") - - require.Nil(t, err) - require.Equal(t, getIPAddr(), "127.0.0.1") -} diff --git a/go/internal/gitlabnet/client.go b/go/internal/gitlabnet/client.go index 3aa30ad..e61b58d 100644 --- a/go/internal/gitlabnet/client.go +++ b/go/internal/gitlabnet/client.go @@ -10,6 +10,7 @@ import ( "strings" "gitlab.com/gitlab-org/gitlab-shell/go/internal/config" + "gitlab.com/gitlab-org/gitlab-shell/go/internal/sshenv" ) const ( @@ -109,7 +110,10 @@ func (c *GitlabClient) DoRequest(method, path string, data interface{}) (*http.R request.Header.Set(secretHeaderName, encodedSecret) request.Header.Add("Content-Type", "application/json") - request.Header.Add("X_FORWARDED_FOR", c.config.IPAddr) + ipAddr := sshenv.LocalAddr() + if ipAddr != "" { + request.Header.Add("X-Forwarded-For", ipAddr) + } request.Close = true diff --git a/go/internal/gitlabnet/client_test.go b/go/internal/gitlabnet/client_test.go index 3f25d3c..e813e23 100644 --- a/go/internal/gitlabnet/client_test.go +++ b/go/internal/gitlabnet/client_test.go @@ -53,7 +53,7 @@ func TestClients(t *testing.T) { { Path: "/api/v4/internal/with_ip", Handler: func(w http.ResponseWriter, r *http.Request) { - header := r.Header.Get("X_FORWARDED_FOR") + header := r.Header.Get("X-Forwarded-For") require.Equal(t, "127.0.0.1", header) }, }, @@ -107,7 +107,6 @@ func TestClients(t *testing.T) { tc.config.GitlabUrl = url tc.config.Secret = "sssh, it's a secret" - tc.config.IPAddr = "127.0.0.1" client, err := GetClient(tc.config) require.NoError(t, err) @@ -228,6 +227,10 @@ func testAuthenticationHeader(t *testing.T, client *GitlabClient) { func testXForwardedForHeader(t *testing.T, client *GitlabClient) { t.Run("X-Forwarded-For for GET", func(t *testing.T) { + cleanup, err := testhelper.Setenv("SSH_CONNECTION", "127.0.0.1 0") + require.NoError(t, err) + defer cleanup() + response, err := client.Get("/with_ip") require.NoError(t, err) @@ -237,6 +240,10 @@ func testXForwardedForHeader(t *testing.T, client *GitlabClient) { t.Run("X-Forwarded-For for POST", func(t *testing.T) { data := map[string]string{"key": "value"} + cleanup, err := testhelper.Setenv("SSH_CONNECTION", "127.0.0.1 0") + require.NoError(t, err) + defer cleanup() + response, err := client.Post("/with_ip", data) require.NoError(t, err) diff --git a/go/internal/sshenv/sshenv.go b/go/internal/sshenv/sshenv.go new file mode 100644 index 0000000..c16e262 --- /dev/null +++ b/go/internal/sshenv/sshenv.go @@ -0,0 +1,15 @@ +package sshenv + +import ( + "os" + "strings" +) + +func LocalAddr() string { + address := os.Getenv("SSH_CONNECTION") + + if address != "" { + return strings.Fields(address)[0] + } + return address +} diff --git a/go/internal/sshenv/sshenv_test.go b/go/internal/sshenv/sshenv_test.go new file mode 100644 index 0000000..2691df8 --- /dev/null +++ b/go/internal/sshenv/sshenv_test.go @@ -0,0 +1,17 @@ +package sshenv + +import ( + "testing" + + "github.com/stretchr/testify/require" + "gitlab.com/gitlab-org/gitlab-shell/go/internal/testhelper" +) + +func TestLocalAddr(t *testing.T) { + cleanup, err := testhelper.Setenv("SSH_CONNECTION", "127.0.0.1 0") + require.NoError(t, err) + defer cleanup() + + require.Nil(t, err) + require.Equal(t, LocalAddr(), "127.0.0.1") +} diff --git a/go/internal/testhelper/testhelper.go b/go/internal/testhelper/testhelper.go index 5c900aa..a925c79 100644 --- a/go/internal/testhelper/testhelper.go +++ b/go/internal/testhelper/testhelper.go @@ -85,3 +85,9 @@ func getTestDataDir() (string, error) { return path.Join(path.Dir(currentFile), "testdata"), nil } + +func Setenv(key, value string) (func(), error) { + oldValue := os.Getenv(key) + err := os.Setenv(key, value) + return func() { os.Setenv(key, oldValue) }, err +} diff --git a/support/go-test b/support/go-test index 0c043f6..47fd012 100755 --- a/support/go-test +++ b/support/go-test @@ -5,7 +5,7 @@ include GoBuild def main ensure_build_dir_exists - run!(GO_ENV, %w[go test ./...], chdir: GO_DIR) + run!(GO_ENV, %w[go test -v ./...], chdir: GO_DIR) puts 'OK' end -- cgit v1.2.1 From 650ecad9bad69dbc12745c71d959a89b87ffdac7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C5=82gorzata=20Ksionek?= Date: Mon, 30 Sep 2019 10:36:35 +0200 Subject: Clean up files --- go/internal/config/config.go | 4 +--- go/internal/gitlabnet/client_test.go | 28 ++++++++++++++++++++++++++++ go/internal/sshenv/sshenv_test.go | 5 ++++- support/go-test | 2 +- 4 files changed, 34 insertions(+), 5 deletions(-) diff --git a/go/internal/config/config.go b/go/internal/config/config.go index d958a82..2231851 100644 --- a/go/internal/config/config.go +++ b/go/internal/config/config.go @@ -51,9 +51,7 @@ func NewFromDir(dir string) (*Config, error) { } func newFromFile(filename string) (*Config, error) { - cfg := &Config{ - RootDir: path.Dir(filename), - } + cfg := &Config{RootDir: path.Dir(filename)} configBytes, err := ioutil.ReadFile(filename) if err != nil { diff --git a/go/internal/gitlabnet/client_test.go b/go/internal/gitlabnet/client_test.go index e813e23..f4ab62f 100644 --- a/go/internal/gitlabnet/client_test.go +++ b/go/internal/gitlabnet/client_test.go @@ -57,6 +57,13 @@ func TestClients(t *testing.T) { require.Equal(t, "127.0.0.1", header) }, }, + { + Path: "/api/v4/internal/with_empty_ip", + Handler: func(w http.ResponseWriter, r *http.Request) { + header := r.Header.Get("X-Forwarded-For") + require.Equal(t, "", header) + }, + }, { Path: "/api/v4/internal/error", Handler: func(w http.ResponseWriter, r *http.Request) { @@ -107,6 +114,7 @@ func TestClients(t *testing.T) { tc.config.GitlabUrl = url tc.config.Secret = "sssh, it's a secret" + client, err := GetClient(tc.config) require.NoError(t, err) @@ -117,6 +125,7 @@ func TestClients(t *testing.T) { testErrorMessage(t, client) testAuthenticationHeader(t, client) testXForwardedForHeader(t, client) + testEmptyForwardedForHeader(t, client) }) } } @@ -251,3 +260,22 @@ func testXForwardedForHeader(t *testing.T, client *GitlabClient) { response.Body.Close() }) } + +func testEmptyForwardedForHeader(t *testing.T, client *GitlabClient) { + t.Run("X-Forwarded-For empty for GET", func(t *testing.T) { + response, err := client.Get("/with_empty_ip") + + require.NoError(t, err) + require.NotNil(t, response) + response.Body.Close() + }) + + t.Run("X-Forwarded-For empty for POST", func(t *testing.T) { + data := map[string]string{"key": "value"} + response, err := client.Post("/with_empty_ip", data) + + require.NoError(t, err) + require.NotNil(t, response) + response.Body.Close() + }) +} diff --git a/go/internal/sshenv/sshenv_test.go b/go/internal/sshenv/sshenv_test.go index 2691df8..d2207f5 100644 --- a/go/internal/sshenv/sshenv_test.go +++ b/go/internal/sshenv/sshenv_test.go @@ -12,6 +12,9 @@ func TestLocalAddr(t *testing.T) { require.NoError(t, err) defer cleanup() - require.Nil(t, err) require.Equal(t, LocalAddr(), "127.0.0.1") } + +func TestEmptyLocalAddr(t *testing.T) { + require.Equal(t, LocalAddr(), "") +} diff --git a/support/go-test b/support/go-test index 47fd012..0c043f6 100755 --- a/support/go-test +++ b/support/go-test @@ -5,7 +5,7 @@ include GoBuild def main ensure_build_dir_exists - run!(GO_ENV, %w[go test -v ./...], chdir: GO_DIR) + run!(GO_ENV, %w[go test ./...], chdir: GO_DIR) puts 'OK' end -- cgit v1.2.1 From 1ba172d426274832f4a76a1b540dce462ec932f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C5=82gorzata=20Ksionek?= Date: Tue, 1 Oct 2019 14:59:00 +0200 Subject: Update methods to use new path --- go/internal/command/lfsauthenticate/lfsauthenticate_test.go | 2 +- go/internal/command/receivepack/customaction_test.go | 2 +- go/internal/command/shared/accessverifier/accessverifier_test.go | 2 +- go/internal/gitlabnet/accessverifier/client.go | 2 +- go/internal/gitlabnet/accessverifier/client_test.go | 2 +- go/internal/testhelper/requesthandlers/requesthandlers.go | 4 ++-- lib/gitlab_net.rb | 2 +- lib/gitlab_shell.rb | 2 +- spec/gitlab_shell_custom_git_receive_pack_spec.rb | 2 +- spec/gitlab_shell_lfs_authentication_spec.rb | 2 +- spec/vcr_cassettes/allowed-pull.yml | 4 ++-- spec/vcr_cassettes/allowed-push-project-not-found-404-text-html.yml | 2 +- spec/vcr_cassettes/allowed-push-project-not-found-404-text-plain.yml | 2 +- spec/vcr_cassettes/allowed-push-project-not-found-404.yml | 2 +- spec/vcr_cassettes/allowed-push-project-not-found-text-html.yml | 2 +- spec/vcr_cassettes/allowed-push-project-not-found-text-plain.yml | 2 +- spec/vcr_cassettes/allowed-push-project-not-found.yml | 2 +- spec/vcr_cassettes/allowed-push.yml | 4 ++-- spec/vcr_cassettes/http-pull-disabled.yml | 4 ++-- spec/vcr_cassettes/http-push-disabled.yml | 4 ++-- spec/vcr_cassettes/ssh-pull-disabled.yml | 4 ++-- spec/vcr_cassettes/ssh-pull-project-denied-401-text-html.yml | 2 +- spec/vcr_cassettes/ssh-pull-project-denied-401-text-plain.yml | 2 +- spec/vcr_cassettes/ssh-pull-project-denied-401.yml | 2 +- spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml | 4 ++-- spec/vcr_cassettes/ssh-pull-project-denied.yml | 4 ++-- spec/vcr_cassettes/ssh-push-disabled.yml | 4 ++-- spec/vcr_cassettes/ssh-push-project-denied-401-text-html.yml | 2 +- spec/vcr_cassettes/ssh-push-project-denied-401-text-plain.yml | 2 +- spec/vcr_cassettes/ssh-push-project-denied-401.yml | 2 +- spec/vcr_cassettes/ssh-push-project-denied.yml | 4 ++-- 31 files changed, 41 insertions(+), 41 deletions(-) diff --git a/go/internal/command/lfsauthenticate/lfsauthenticate_test.go b/go/internal/command/lfsauthenticate/lfsauthenticate_test.go index a6836a8..3b5d11c 100644 --- a/go/internal/command/lfsauthenticate/lfsauthenticate_test.go +++ b/go/internal/command/lfsauthenticate/lfsauthenticate_test.go @@ -90,7 +90,7 @@ func TestLfsAuthenticateRequests(t *testing.T) { }, }, { - Path: "/api/v4/internal/allowed", + Path: "/api/v4/internal/allowed/secure", Handler: func(w http.ResponseWriter, r *http.Request) { b, err := ioutil.ReadAll(r.Body) defer r.Body.Close() diff --git a/go/internal/command/receivepack/customaction_test.go b/go/internal/command/receivepack/customaction_test.go index bd4991d..045dd6c 100644 --- a/go/internal/command/receivepack/customaction_test.go +++ b/go/internal/command/receivepack/customaction_test.go @@ -22,7 +22,7 @@ func TestCustomReceivePack(t *testing.T) { requests := []testserver.TestRequestHandler{ { - Path: "/api/v4/internal/allowed", + Path: "/api/v4/internal/allowed/secure", Handler: func(w http.ResponseWriter, r *http.Request) { b, err := ioutil.ReadAll(r.Body) require.NoError(t, err) diff --git a/go/internal/command/shared/accessverifier/accessverifier_test.go b/go/internal/command/shared/accessverifier/accessverifier_test.go index c19ed37..df9c834 100644 --- a/go/internal/command/shared/accessverifier/accessverifier_test.go +++ b/go/internal/command/shared/accessverifier/accessverifier_test.go @@ -24,7 +24,7 @@ var ( func setup(t *testing.T) (*Command, *bytes.Buffer, *bytes.Buffer, func()) { requests := []testserver.TestRequestHandler{ { - Path: "/api/v4/internal/allowed", + Path: "/api/v4/internal/allowed/secure", Handler: func(w http.ResponseWriter, r *http.Request) { b, err := ioutil.ReadAll(r.Body) require.NoError(t, err) diff --git a/go/internal/gitlabnet/accessverifier/client.go b/go/internal/gitlabnet/accessverifier/client.go index 92a7434..f0dea7d 100644 --- a/go/internal/gitlabnet/accessverifier/client.go +++ b/go/internal/gitlabnet/accessverifier/client.go @@ -80,7 +80,7 @@ func (c *Client) Verify(args *commandargs.Shell, action commandargs.CommandType, request.KeyId = args.GitlabKeyId } - response, err := c.client.Post("/allowed", request) + response, err := c.client.Post("/allowed/secure", request) if err != nil { return nil, err } diff --git a/go/internal/gitlabnet/accessverifier/client_test.go b/go/internal/gitlabnet/accessverifier/client_test.go index f534185..0f08c0b 100644 --- a/go/internal/gitlabnet/accessverifier/client_test.go +++ b/go/internal/gitlabnet/accessverifier/client_test.go @@ -157,7 +157,7 @@ func setup(t *testing.T) (*Client, func()) { requests := []testserver.TestRequestHandler{ { - Path: "/api/v4/internal/allowed", + Path: "/api/v4/internal/allowed/secure", Handler: func(w http.ResponseWriter, r *http.Request) { b, err := ioutil.ReadAll(r.Body) require.NoError(t, err) diff --git a/go/internal/testhelper/requesthandlers/requesthandlers.go b/go/internal/testhelper/requesthandlers/requesthandlers.go index a7bc427..89366cf 100644 --- a/go/internal/testhelper/requesthandlers/requesthandlers.go +++ b/go/internal/testhelper/requesthandlers/requesthandlers.go @@ -13,7 +13,7 @@ import ( func BuildDisallowedByApiHandlers(t *testing.T) []testserver.TestRequestHandler { requests := []testserver.TestRequestHandler{ { - Path: "/api/v4/internal/allowed", + Path: "/api/v4/internal/allowed/secure", Handler: func(w http.ResponseWriter, r *http.Request) { body := map[string]interface{}{ "status": false, @@ -31,7 +31,7 @@ func BuildDisallowedByApiHandlers(t *testing.T) []testserver.TestRequestHandler func BuildAllowedWithGitalyHandlers(t *testing.T, gitalyAddress string) []testserver.TestRequestHandler { requests := []testserver.TestRequestHandler{ { - Path: "/api/v4/internal/allowed", + Path: "/api/v4/internal/allowed/secure", Handler: func(w http.ResponseWriter, r *http.Request) { body := map[string]interface{}{ "status": true, diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb index 09767da..75062a6 100644 --- a/lib/gitlab_net.rb +++ b/lib/gitlab_net.rb @@ -28,7 +28,7 @@ class GitlabNet # rubocop:disable Metrics/ClassLength who_sym, _, who_v = self.class.parse_who(who) params[who_sym] = who_v - url = "#{internal_api_endpoint}/allowed" + url = "#{internal_api_endpoint}/allowed/secure" resp = post(url, params) case resp diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb index 303f4d5..f8db4c5 100644 --- a/lib/gitlab_shell.rb +++ b/lib/gitlab_shell.rb @@ -77,7 +77,7 @@ class GitlabShell # rubocop:disable Metrics/ClassLength end if @command == GIT_RECEIVE_PACK_COMMAND && access_status.custom_action? - # If the response from /api/v4/allowed is a HTTP 300, we need to perform + # If the response from /api/v4/allowed/secure is a HTTP 300, we need to perform # a Custom Action and therefore should return and not call process_cmd() # return process_custom_action(access_status) diff --git a/spec/gitlab_shell_custom_git_receive_pack_spec.rb b/spec/gitlab_shell_custom_git_receive_pack_spec.rb index 95cd8ea..755aac8 100644 --- a/spec/gitlab_shell_custom_git_receive_pack_spec.rb +++ b/spec/gitlab_shell_custom_git_receive_pack_spec.rb @@ -24,7 +24,7 @@ describe 'Custom bin/gitlab-shell git-receive-pack' do res.body = {"result" => output}.to_json end - server.mount_proc('/api/v4/internal/allowed') do |req, res| + server.mount_proc('/api/v4/internal/allowed/secure') do |req, res| res.content_type = 'application/json' key_id = req.query['key_id'] || req.query['username'] diff --git a/spec/gitlab_shell_lfs_authentication_spec.rb b/spec/gitlab_shell_lfs_authentication_spec.rb index 7cdb320..d23ec51 100644 --- a/spec/gitlab_shell_lfs_authentication_spec.rb +++ b/spec/gitlab_shell_lfs_authentication_spec.rb @@ -26,7 +26,7 @@ describe 'bin/gitlab-shell git-lfs-authentication' do end end - server.mount_proc('/api/v4/internal/allowed') do |req, res| + server.mount_proc('/api/v4/internal/allowed/secure') do |req, res| res.content_type = 'application/json' key_id = req.query['key_id'] || req.query['username'] diff --git a/spec/vcr_cassettes/allowed-pull.yml b/spec/vcr_cassettes/allowed-pull.yml index d324316..4c6f64a 100644 --- a/spec/vcr_cassettes/allowed-pull.yml +++ b/spec/vcr_cassettes/allowed-pull.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":true,"gl_repository":"project-3","gl_project_path":"gitlab-org/gitlab.test","repository_path":"/Users/dzaporozhets/Projects/gitlab-development-kit/repositories/gitlab-org/gitlab-test.git"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 10:44:52 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-404-text-html.yml b/spec/vcr_cassettes/allowed-push-project-not-found-404-text-html.yml index 4adb088..dc7744e 100644 --- a/spec/vcr_cassettes/allowed-push-project-not-found-404-text-html.yml +++ b/spec/vcr_cassettes/allowed-push-project-not-found-404-text-html.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-404-text-plain.yml b/spec/vcr_cassettes/allowed-push-project-not-found-404-text-plain.yml index a84b7d2..13f061b 100644 --- a/spec/vcr_cassettes/allowed-push-project-not-found-404-text-plain.yml +++ b/spec/vcr_cassettes/allowed-push-project-not-found-404-text-plain.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-404.yml b/spec/vcr_cassettes/allowed-push-project-not-found-404.yml index e531fcb..1ae63b4 100644 --- a/spec/vcr_cassettes/allowed-push-project-not-found-404.yml +++ b/spec/vcr_cassettes/allowed-push-project-not-found-404.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-text-html.yml b/spec/vcr_cassettes/allowed-push-project-not-found-text-html.yml index b2738fe..a9e99de 100644 --- a/spec/vcr_cassettes/allowed-push-project-not-found-text-html.yml +++ b/spec/vcr_cassettes/allowed-push-project-not-found-text-html.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-text-plain.yml b/spec/vcr_cassettes/allowed-push-project-not-found-text-plain.yml index 34532ce..b21aee3 100644 --- a/spec/vcr_cassettes/allowed-push-project-not-found-text-plain.yml +++ b/spec/vcr_cassettes/allowed-push-project-not-found-text-plain.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/allowed-push-project-not-found.yml b/spec/vcr_cassettes/allowed-push-project-not-found.yml index f25fa7e..6a74445 100644 --- a/spec/vcr_cassettes/allowed-push-project-not-found.yml +++ b/spec/vcr_cassettes/allowed-push-project-not-found.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/allowed-push.yml b/spec/vcr_cassettes/allowed-push.yml index 025614a..22e5e66 100644 --- a/spec/vcr_cassettes/allowed-push.yml +++ b/spec/vcr_cassettes/allowed-push.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":true,"gl_repository":"project-3","gl_project_path":"gitlab-org/gitlab.test","repository_path":"/Users/dzaporozhets/Projects/gitlab-development-kit/repositories/gitlab-org/gitlab-test.git"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 10:44:52 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/http-pull-disabled.yml b/spec/vcr_cassettes/http-pull-disabled.yml index 23ef3e5..6f2aa1f 100644 --- a/spec/vcr_cassettes/http-pull-disabled.yml +++ b/spec/vcr_cassettes/http-pull-disabled.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=http&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Pulling over HTTP is not allowed."}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 10:32:01 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/http-push-disabled.yml b/spec/vcr_cassettes/http-push-disabled.yml index 676e5b8..e488634 100644 --- a/spec/vcr_cassettes/http-push-disabled.yml +++ b/spec/vcr_cassettes/http-push-disabled.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=http&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Pushing over HTTP is not allowed."}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 10:32:01 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/ssh-pull-disabled.yml b/spec/vcr_cassettes/ssh-pull-disabled.yml index 55ce261..f6717e4 100644 --- a/spec/vcr_cassettes/ssh-pull-disabled.yml +++ b/spec/vcr_cassettes/ssh-pull-disabled.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Git access over SSH is not allowed"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 12:23:57 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/ssh-pull-project-denied-401-text-html.yml b/spec/vcr_cassettes/ssh-pull-project-denied-401-text-html.yml index d334108..fb43ce8 100644 --- a/spec/vcr_cassettes/ssh-pull-project-denied-401-text-html.yml +++ b/spec/vcr_cassettes/ssh-pull-project-denied-401-text-html.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-pull-project-denied-401-text-plain.yml b/spec/vcr_cassettes/ssh-pull-project-denied-401-text-plain.yml index e072493..c44b87a 100644 --- a/spec/vcr_cassettes/ssh-pull-project-denied-401-text-plain.yml +++ b/spec/vcr_cassettes/ssh-pull-project-denied-401-text-plain.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-pull-project-denied-401.yml b/spec/vcr_cassettes/ssh-pull-project-denied-401.yml index 4a9305a..0a48da0 100644 --- a/spec/vcr_cassettes/ssh-pull-project-denied-401.yml +++ b/spec/vcr_cassettes/ssh-pull-project-denied-401.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml b/spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml index b461b5b..8cd91a6 100644 --- a/spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml +++ b/spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&user_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Git access over SSH is not allowed"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 12:24:05 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/ssh-pull-project-denied.yml b/spec/vcr_cassettes/ssh-pull-project-denied.yml index 5107d15..f8c7b87 100644 --- a/spec/vcr_cassettes/ssh-pull-project-denied.yml +++ b/spec/vcr_cassettes/ssh-pull-project-denied.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Git access over SSH is not allowed"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 12:24:04 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/ssh-push-disabled.yml b/spec/vcr_cassettes/ssh-push-disabled.yml index c061791..fc09f55 100644 --- a/spec/vcr_cassettes/ssh-push-disabled.yml +++ b/spec/vcr_cassettes/ssh-push-disabled.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Git access over SSH is not allowed"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 12:23:57 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/ssh-push-project-denied-401-text-html.yml b/spec/vcr_cassettes/ssh-push-project-denied-401-text-html.yml index 08dea91..02ea6d9 100644 --- a/spec/vcr_cassettes/ssh-push-project-denied-401-text-html.yml +++ b/spec/vcr_cassettes/ssh-push-project-denied-401-text-html.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-push-project-denied-401-text-plain.yml b/spec/vcr_cassettes/ssh-push-project-denied-401-text-plain.yml index 46d9a1d..c32d87a 100644 --- a/spec/vcr_cassettes/ssh-push-project-denied-401-text-plain.yml +++ b/spec/vcr_cassettes/ssh-push-project-denied-401-text-plain.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-push-project-denied-401.yml b/spec/vcr_cassettes/ssh-push-project-denied-401.yml index 77248e2..468b071 100644 --- a/spec/vcr_cassettes/ssh-push-project-denied-401.yml +++ b/spec/vcr_cassettes/ssh-push-project-denied-401.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-push-project-denied.yml b/spec/vcr_cassettes/ssh-push-project-denied.yml index c16e608..946db72 100644 --- a/spec/vcr_cassettes/ssh-push-project-denied.yml +++ b/spec/vcr_cassettes/ssh-push-project-denied.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed + uri: http://localhost:3000/api/v4/internal/allowed/secure body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Git access over SSH is not allowed"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 12:24:04 GMT recorded_with: VCR 2.4.0 -- cgit v1.2.1 From eff3b3c0e48e9ffc213108965f16e96f10bcda3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C5=82gorzata=20Ksionek?= Date: Tue, 1 Oct 2019 16:40:19 +0200 Subject: Reverse ruby changes --- lib/gitlab_net.rb | 2 +- spec/gitlab_shell_custom_git_receive_pack_spec.rb | 2 +- spec/gitlab_shell_lfs_authentication_spec.rb | 2 +- spec/vcr_cassettes/allowed-pull.yml | 2 +- spec/vcr_cassettes/allowed-push-project-not-found-404-text-html.yml | 2 +- spec/vcr_cassettes/allowed-push-project-not-found-404-text-plain.yml | 2 +- spec/vcr_cassettes/allowed-push-project-not-found-404.yml | 2 +- spec/vcr_cassettes/allowed-push-project-not-found-text-html.yml | 2 +- spec/vcr_cassettes/allowed-push-project-not-found-text-plain.yml | 2 +- spec/vcr_cassettes/allowed-push-project-not-found.yml | 2 +- spec/vcr_cassettes/allowed-push.yml | 2 +- spec/vcr_cassettes/http-pull-disabled.yml | 2 +- spec/vcr_cassettes/http-push-disabled.yml | 2 +- spec/vcr_cassettes/ssh-pull-disabled.yml | 2 +- spec/vcr_cassettes/ssh-pull-project-denied-401-text-html.yml | 2 +- spec/vcr_cassettes/ssh-pull-project-denied-401-text-plain.yml | 2 +- spec/vcr_cassettes/ssh-pull-project-denied-401.yml | 2 +- spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml | 2 +- spec/vcr_cassettes/ssh-pull-project-denied.yml | 2 +- spec/vcr_cassettes/ssh-push-disabled.yml | 2 +- spec/vcr_cassettes/ssh-push-project-denied-401-text-html.yml | 2 +- spec/vcr_cassettes/ssh-push-project-denied-401-text-plain.yml | 2 +- spec/vcr_cassettes/ssh-push-project-denied-401.yml | 2 +- spec/vcr_cassettes/ssh-push-project-denied.yml | 2 +- 24 files changed, 24 insertions(+), 24 deletions(-) diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb index 75062a6..09767da 100644 --- a/lib/gitlab_net.rb +++ b/lib/gitlab_net.rb @@ -28,7 +28,7 @@ class GitlabNet # rubocop:disable Metrics/ClassLength who_sym, _, who_v = self.class.parse_who(who) params[who_sym] = who_v - url = "#{internal_api_endpoint}/allowed/secure" + url = "#{internal_api_endpoint}/allowed" resp = post(url, params) case resp diff --git a/spec/gitlab_shell_custom_git_receive_pack_spec.rb b/spec/gitlab_shell_custom_git_receive_pack_spec.rb index 755aac8..95cd8ea 100644 --- a/spec/gitlab_shell_custom_git_receive_pack_spec.rb +++ b/spec/gitlab_shell_custom_git_receive_pack_spec.rb @@ -24,7 +24,7 @@ describe 'Custom bin/gitlab-shell git-receive-pack' do res.body = {"result" => output}.to_json end - server.mount_proc('/api/v4/internal/allowed/secure') do |req, res| + server.mount_proc('/api/v4/internal/allowed') do |req, res| res.content_type = 'application/json' key_id = req.query['key_id'] || req.query['username'] diff --git a/spec/gitlab_shell_lfs_authentication_spec.rb b/spec/gitlab_shell_lfs_authentication_spec.rb index d23ec51..7cdb320 100644 --- a/spec/gitlab_shell_lfs_authentication_spec.rb +++ b/spec/gitlab_shell_lfs_authentication_spec.rb @@ -26,7 +26,7 @@ describe 'bin/gitlab-shell git-lfs-authentication' do end end - server.mount_proc('/api/v4/internal/allowed/secure') do |req, res| + server.mount_proc('/api/v4/internal/allowed') do |req, res| res.content_type = 'application/json' key_id = req.query['key_id'] || req.query['username'] diff --git a/spec/vcr_cassettes/allowed-pull.yml b/spec/vcr_cassettes/allowed-pull.yml index 4c6f64a..25c263f 100644 --- a/spec/vcr_cassettes/allowed-pull.yml +++ b/spec/vcr_cassettes/allowed-pull.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-404-text-html.yml b/spec/vcr_cassettes/allowed-push-project-not-found-404-text-html.yml index dc7744e..4adb088 100644 --- a/spec/vcr_cassettes/allowed-push-project-not-found-404-text-html.yml +++ b/spec/vcr_cassettes/allowed-push-project-not-found-404-text-html.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-404-text-plain.yml b/spec/vcr_cassettes/allowed-push-project-not-found-404-text-plain.yml index 13f061b..a84b7d2 100644 --- a/spec/vcr_cassettes/allowed-push-project-not-found-404-text-plain.yml +++ b/spec/vcr_cassettes/allowed-push-project-not-found-404-text-plain.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-404.yml b/spec/vcr_cassettes/allowed-push-project-not-found-404.yml index 1ae63b4..e531fcb 100644 --- a/spec/vcr_cassettes/allowed-push-project-not-found-404.yml +++ b/spec/vcr_cassettes/allowed-push-project-not-found-404.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-text-html.yml b/spec/vcr_cassettes/allowed-push-project-not-found-text-html.yml index a9e99de..b2738fe 100644 --- a/spec/vcr_cassettes/allowed-push-project-not-found-text-html.yml +++ b/spec/vcr_cassettes/allowed-push-project-not-found-text-html.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/allowed-push-project-not-found-text-plain.yml b/spec/vcr_cassettes/allowed-push-project-not-found-text-plain.yml index b21aee3..34532ce 100644 --- a/spec/vcr_cassettes/allowed-push-project-not-found-text-plain.yml +++ b/spec/vcr_cassettes/allowed-push-project-not-found-text-plain.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/allowed-push-project-not-found.yml b/spec/vcr_cassettes/allowed-push-project-not-found.yml index 6a74445..f25fa7e 100644 --- a/spec/vcr_cassettes/allowed-push-project-not-found.yml +++ b/spec/vcr_cassettes/allowed-push-project-not-found.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/allowed-push.yml b/spec/vcr_cassettes/allowed-push.yml index 22e5e66..e61c140 100644 --- a/spec/vcr_cassettes/allowed-push.yml +++ b/spec/vcr_cassettes/allowed-push.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/http-pull-disabled.yml b/spec/vcr_cassettes/http-pull-disabled.yml index 6f2aa1f..abae549 100644 --- a/spec/vcr_cassettes/http-pull-disabled.yml +++ b/spec/vcr_cassettes/http-pull-disabled.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=http&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/http-push-disabled.yml b/spec/vcr_cassettes/http-push-disabled.yml index e488634..429fc32 100644 --- a/spec/vcr_cassettes/http-push-disabled.yml +++ b/spec/vcr_cassettes/http-push-disabled.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=http&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-pull-disabled.yml b/spec/vcr_cassettes/ssh-pull-disabled.yml index f6717e4..54ae895 100644 --- a/spec/vcr_cassettes/ssh-pull-disabled.yml +++ b/spec/vcr_cassettes/ssh-pull-disabled.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-pull-project-denied-401-text-html.yml b/spec/vcr_cassettes/ssh-pull-project-denied-401-text-html.yml index fb43ce8..d334108 100644 --- a/spec/vcr_cassettes/ssh-pull-project-denied-401-text-html.yml +++ b/spec/vcr_cassettes/ssh-pull-project-denied-401-text-html.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-pull-project-denied-401-text-plain.yml b/spec/vcr_cassettes/ssh-pull-project-denied-401-text-plain.yml index c44b87a..e072493 100644 --- a/spec/vcr_cassettes/ssh-pull-project-denied-401-text-plain.yml +++ b/spec/vcr_cassettes/ssh-pull-project-denied-401-text-plain.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-pull-project-denied-401.yml b/spec/vcr_cassettes/ssh-pull-project-denied-401.yml index 0a48da0..4a9305a 100644 --- a/spec/vcr_cassettes/ssh-pull-project-denied-401.yml +++ b/spec/vcr_cassettes/ssh-pull-project-denied-401.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml b/spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml index 8cd91a6..35a2c11 100644 --- a/spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml +++ b/spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&user_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-pull-project-denied.yml b/spec/vcr_cassettes/ssh-pull-project-denied.yml index f8c7b87..9c99a17 100644 --- a/spec/vcr_cassettes/ssh-pull-project-denied.yml +++ b/spec/vcr_cassettes/ssh-pull-project-denied.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-push-disabled.yml b/spec/vcr_cassettes/ssh-push-disabled.yml index fc09f55..7795e52 100644 --- a/spec/vcr_cassettes/ssh-push-disabled.yml +++ b/spec/vcr_cassettes/ssh-push-disabled.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=1&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-push-project-denied-401-text-html.yml b/spec/vcr_cassettes/ssh-push-project-denied-401-text-html.yml index 02ea6d9..08dea91 100644 --- a/spec/vcr_cassettes/ssh-push-project-denied-401-text-html.yml +++ b/spec/vcr_cassettes/ssh-push-project-denied-401-text-html.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-push-project-denied-401-text-plain.yml b/spec/vcr_cassettes/ssh-push-project-denied-401-text-plain.yml index c32d87a..46d9a1d 100644 --- a/spec/vcr_cassettes/ssh-push-project-denied-401-text-plain.yml +++ b/spec/vcr_cassettes/ssh-push-project-denied-401-text-plain.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-push-project-denied-401.yml b/spec/vcr_cassettes/ssh-push-project-denied-401.yml index 468b071..77248e2 100644 --- a/spec/vcr_cassettes/ssh-push-project-denied-401.yml +++ b/spec/vcr_cassettes/ssh-push-project-denied-401.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A diff --git a/spec/vcr_cassettes/ssh-push-project-denied.yml b/spec/vcr_cassettes/ssh-push-project-denied.yml index 946db72..0e6f8c8 100644 --- a/spec/vcr_cassettes/ssh-push-project-denied.yml +++ b/spec/vcr_cassettes/ssh-push-project-denied.yml @@ -2,7 +2,7 @@ http_interactions: - request: method: post - uri: http://localhost:3000/api/v4/internal/allowed/secure + uri: http://localhost:3000/api/v4/internal/allowed body: encoding: US-ASCII string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&gl_repository&project=gitlab-org%2Fgitlab-test.git&protocol=ssh&env=%7B%7D&key_id=2&secret_token=0a3938d9d95d807e94d937af3a4fbbea%0A -- cgit v1.2.1 From f00c577dec60798f10b6e8809d78a2895cfa6b04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C5=82gorzata=20Ksionek?= Date: Thu, 3 Oct 2019 11:10:39 +0200 Subject: Introduce changes from code review --- .../lfsauthenticate/lfsauthenticate_test.go | 2 +- .../command/receivepack/customaction_test.go | 2 +- .../shared/accessverifier/accessverifier_test.go | 2 +- go/internal/gitlabnet/accessverifier/client.go | 6 ++- .../gitlabnet/accessverifier/client_test.go | 2 +- go/internal/gitlabnet/client.go | 5 -- go/internal/gitlabnet/client_test.go | 60 ---------------------- go/internal/sshenv/sshenv.go | 2 +- .../testhelper/requesthandlers/requesthandlers.go | 4 +- lib/gitlab_shell.rb | 2 +- 10 files changed, 13 insertions(+), 74 deletions(-) diff --git a/go/internal/command/lfsauthenticate/lfsauthenticate_test.go b/go/internal/command/lfsauthenticate/lfsauthenticate_test.go index 3b5d11c..a6836a8 100644 --- a/go/internal/command/lfsauthenticate/lfsauthenticate_test.go +++ b/go/internal/command/lfsauthenticate/lfsauthenticate_test.go @@ -90,7 +90,7 @@ func TestLfsAuthenticateRequests(t *testing.T) { }, }, { - Path: "/api/v4/internal/allowed/secure", + Path: "/api/v4/internal/allowed", Handler: func(w http.ResponseWriter, r *http.Request) { b, err := ioutil.ReadAll(r.Body) defer r.Body.Close() diff --git a/go/internal/command/receivepack/customaction_test.go b/go/internal/command/receivepack/customaction_test.go index 045dd6c..bd4991d 100644 --- a/go/internal/command/receivepack/customaction_test.go +++ b/go/internal/command/receivepack/customaction_test.go @@ -22,7 +22,7 @@ func TestCustomReceivePack(t *testing.T) { requests := []testserver.TestRequestHandler{ { - Path: "/api/v4/internal/allowed/secure", + Path: "/api/v4/internal/allowed", Handler: func(w http.ResponseWriter, r *http.Request) { b, err := ioutil.ReadAll(r.Body) require.NoError(t, err) diff --git a/go/internal/command/shared/accessverifier/accessverifier_test.go b/go/internal/command/shared/accessverifier/accessverifier_test.go index df9c834..c19ed37 100644 --- a/go/internal/command/shared/accessverifier/accessverifier_test.go +++ b/go/internal/command/shared/accessverifier/accessverifier_test.go @@ -24,7 +24,7 @@ var ( func setup(t *testing.T) (*Command, *bytes.Buffer, *bytes.Buffer, func()) { requests := []testserver.TestRequestHandler{ { - Path: "/api/v4/internal/allowed/secure", + Path: "/api/v4/internal/allowed", Handler: func(w http.ResponseWriter, r *http.Request) { b, err := ioutil.ReadAll(r.Body) require.NoError(t, err) diff --git a/go/internal/gitlabnet/accessverifier/client.go b/go/internal/gitlabnet/accessverifier/client.go index f0dea7d..880fff5 100644 --- a/go/internal/gitlabnet/accessverifier/client.go +++ b/go/internal/gitlabnet/accessverifier/client.go @@ -8,6 +8,7 @@ import ( "gitlab.com/gitlab-org/gitlab-shell/go/internal/command/commandargs" "gitlab.com/gitlab-org/gitlab-shell/go/internal/config" "gitlab.com/gitlab-org/gitlab-shell/go/internal/gitlabnet" + "gitlab.com/gitlab-org/gitlab-shell/go/internal/sshenv" ) const ( @@ -26,6 +27,7 @@ type Request struct { Protocol string `json:"protocol"` KeyId string `json:"key_id,omitempty"` Username string `json:"username,omitempty"` + CheckIp string `json:"check_ip,omitempty"` } type Gitaly struct { @@ -80,7 +82,9 @@ func (c *Client) Verify(args *commandargs.Shell, action commandargs.CommandType, request.KeyId = args.GitlabKeyId } - response, err := c.client.Post("/allowed/secure", request) + request.CheckIp = sshenv.LocalAddr() + + response, err := c.client.Post("/allowed", request) if err != nil { return nil, err } diff --git a/go/internal/gitlabnet/accessverifier/client_test.go b/go/internal/gitlabnet/accessverifier/client_test.go index 0f08c0b..f534185 100644 --- a/go/internal/gitlabnet/accessverifier/client_test.go +++ b/go/internal/gitlabnet/accessverifier/client_test.go @@ -157,7 +157,7 @@ func setup(t *testing.T) (*Client, func()) { requests := []testserver.TestRequestHandler{ { - Path: "/api/v4/internal/allowed/secure", + Path: "/api/v4/internal/allowed", Handler: func(w http.ResponseWriter, r *http.Request) { b, err := ioutil.ReadAll(r.Body) require.NoError(t, err) diff --git a/go/internal/gitlabnet/client.go b/go/internal/gitlabnet/client.go index e61b58d..6b253e0 100644 --- a/go/internal/gitlabnet/client.go +++ b/go/internal/gitlabnet/client.go @@ -10,7 +10,6 @@ import ( "strings" "gitlab.com/gitlab-org/gitlab-shell/go/internal/config" - "gitlab.com/gitlab-org/gitlab-shell/go/internal/sshenv" ) const ( @@ -110,10 +109,6 @@ func (c *GitlabClient) DoRequest(method, path string, data interface{}) (*http.R request.Header.Set(secretHeaderName, encodedSecret) request.Header.Add("Content-Type", "application/json") - ipAddr := sshenv.LocalAddr() - if ipAddr != "" { - request.Header.Add("X-Forwarded-For", ipAddr) - } request.Close = true diff --git a/go/internal/gitlabnet/client_test.go b/go/internal/gitlabnet/client_test.go index f4ab62f..3bff18a 100644 --- a/go/internal/gitlabnet/client_test.go +++ b/go/internal/gitlabnet/client_test.go @@ -50,20 +50,6 @@ func TestClients(t *testing.T) { fmt.Fprint(w, r.Header.Get(secretHeaderName)) }, }, - { - Path: "/api/v4/internal/with_ip", - Handler: func(w http.ResponseWriter, r *http.Request) { - header := r.Header.Get("X-Forwarded-For") - require.Equal(t, "127.0.0.1", header) - }, - }, - { - Path: "/api/v4/internal/with_empty_ip", - Handler: func(w http.ResponseWriter, r *http.Request) { - header := r.Header.Get("X-Forwarded-For") - require.Equal(t, "", header) - }, - }, { Path: "/api/v4/internal/error", Handler: func(w http.ResponseWriter, r *http.Request) { @@ -233,49 +219,3 @@ func testAuthenticationHeader(t *testing.T, client *GitlabClient) { assert.Equal(t, "sssh, it's a secret", string(header)) }) } - -func testXForwardedForHeader(t *testing.T, client *GitlabClient) { - t.Run("X-Forwarded-For for GET", func(t *testing.T) { - cleanup, err := testhelper.Setenv("SSH_CONNECTION", "127.0.0.1 0") - require.NoError(t, err) - defer cleanup() - - response, err := client.Get("/with_ip") - - require.NoError(t, err) - require.NotNil(t, response) - response.Body.Close() - }) - - t.Run("X-Forwarded-For for POST", func(t *testing.T) { - data := map[string]string{"key": "value"} - cleanup, err := testhelper.Setenv("SSH_CONNECTION", "127.0.0.1 0") - require.NoError(t, err) - defer cleanup() - - response, err := client.Post("/with_ip", data) - - require.NoError(t, err) - require.NotNil(t, response) - response.Body.Close() - }) -} - -func testEmptyForwardedForHeader(t *testing.T, client *GitlabClient) { - t.Run("X-Forwarded-For empty for GET", func(t *testing.T) { - response, err := client.Get("/with_empty_ip") - - require.NoError(t, err) - require.NotNil(t, response) - response.Body.Close() - }) - - t.Run("X-Forwarded-For empty for POST", func(t *testing.T) { - data := map[string]string{"key": "value"} - response, err := client.Post("/with_empty_ip", data) - - require.NoError(t, err) - require.NotNil(t, response) - response.Body.Close() - }) -} diff --git a/go/internal/sshenv/sshenv.go b/go/internal/sshenv/sshenv.go index c16e262..387feb2 100644 --- a/go/internal/sshenv/sshenv.go +++ b/go/internal/sshenv/sshenv.go @@ -11,5 +11,5 @@ func LocalAddr() string { if address != "" { return strings.Fields(address)[0] } - return address + return "" } diff --git a/go/internal/testhelper/requesthandlers/requesthandlers.go b/go/internal/testhelper/requesthandlers/requesthandlers.go index 89366cf..b168cf7 100644 --- a/go/internal/testhelper/requesthandlers/requesthandlers.go +++ b/go/internal/testhelper/requesthandlers/requesthandlers.go @@ -13,7 +13,7 @@ import ( func BuildDisallowedByApiHandlers(t *testing.T) []testserver.TestRequestHandler { requests := []testserver.TestRequestHandler{ { - Path: "/api/v4/internal/allowed/secure", + Path: "/api/v4/internal/allowed", Handler: func(w http.ResponseWriter, r *http.Request) { body := map[string]interface{}{ "status": false, @@ -31,7 +31,7 @@ func BuildDisallowedByApiHandlers(t *testing.T) []testserver.TestRequestHandler func BuildAllowedWithGitalyHandlers(t *testing.T, gitalyAddress string) []testserver.TestRequestHandler { requests := []testserver.TestRequestHandler{ { - Path: "/api/v4/internal/allowed/secure", + Path: "/api/v4/internal/allowed", Handler: func(w http.ResponseWriter, r *http.Request) { body := map[string]interface{}{ "status": true, diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb index f8db4c5..303f4d5 100644 --- a/lib/gitlab_shell.rb +++ b/lib/gitlab_shell.rb @@ -77,7 +77,7 @@ class GitlabShell # rubocop:disable Metrics/ClassLength end if @command == GIT_RECEIVE_PACK_COMMAND && access_status.custom_action? - # If the response from /api/v4/allowed/secure is a HTTP 300, we need to perform + # If the response from /api/v4/allowed is a HTTP 300, we need to perform # a Custom Action and therefore should return and not call process_cmd() # return process_custom_action(access_status) -- cgit v1.2.1 From 93859205377ffbfb4e3d1ee035d213d0ee81bc7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C5=82gorzata=20Ksionek?= Date: Thu, 3 Oct 2019 11:37:29 +0200 Subject: Add cr remarks --- go/internal/gitlabnet/client_test.go | 2 -- go/internal/testhelper/requesthandlers/requesthandlers.go | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/go/internal/gitlabnet/client_test.go b/go/internal/gitlabnet/client_test.go index 3bff18a..e8499dc 100644 --- a/go/internal/gitlabnet/client_test.go +++ b/go/internal/gitlabnet/client_test.go @@ -110,8 +110,6 @@ func TestClients(t *testing.T) { testMissing(t, client) testErrorMessage(t, client) testAuthenticationHeader(t, client) - testXForwardedForHeader(t, client) - testEmptyForwardedForHeader(t, client) }) } } diff --git a/go/internal/testhelper/requesthandlers/requesthandlers.go b/go/internal/testhelper/requesthandlers/requesthandlers.go index b168cf7..a7bc427 100644 --- a/go/internal/testhelper/requesthandlers/requesthandlers.go +++ b/go/internal/testhelper/requesthandlers/requesthandlers.go @@ -13,7 +13,7 @@ import ( func BuildDisallowedByApiHandlers(t *testing.T) []testserver.TestRequestHandler { requests := []testserver.TestRequestHandler{ { - Path: "/api/v4/internal/allowed", + Path: "/api/v4/internal/allowed", Handler: func(w http.ResponseWriter, r *http.Request) { body := map[string]interface{}{ "status": false, -- cgit v1.2.1 From 4190843952861b9db7cc786a140be3aeb7632cbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C5=82gorzata=20Ksionek?= Date: Thu, 3 Oct 2019 11:47:42 +0200 Subject: Clean up --- go/internal/gitlabnet/client.go | 1 - spec/vcr_cassettes/allowed-pull.yml | 2 +- spec/vcr_cassettes/allowed-push.yml | 2 +- spec/vcr_cassettes/http-pull-disabled.yml | 2 +- spec/vcr_cassettes/http-push-disabled.yml | 2 +- spec/vcr_cassettes/ssh-pull-disabled.yml | 2 +- spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml | 2 +- spec/vcr_cassettes/ssh-pull-project-denied.yml | 2 +- spec/vcr_cassettes/ssh-push-disabled.yml | 2 +- spec/vcr_cassettes/ssh-push-project-denied.yml | 2 +- 10 files changed, 9 insertions(+), 10 deletions(-) diff --git a/go/internal/gitlabnet/client.go b/go/internal/gitlabnet/client.go index 6b253e0..dacb1d6 100644 --- a/go/internal/gitlabnet/client.go +++ b/go/internal/gitlabnet/client.go @@ -109,7 +109,6 @@ func (c *GitlabClient) DoRequest(method, path string, data interface{}) (*http.R request.Header.Set(secretHeaderName, encodedSecret) request.Header.Add("Content-Type", "application/json") - request.Close = true response, err := c.httpClient.Do(request) diff --git a/spec/vcr_cassettes/allowed-pull.yml b/spec/vcr_cassettes/allowed-pull.yml index 25c263f..d324316 100644 --- a/spec/vcr_cassettes/allowed-pull.yml +++ b/spec/vcr_cassettes/allowed-pull.yml @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":true,"gl_repository":"project-3","gl_project_path":"gitlab-org/gitlab.test","repository_path":"/Users/dzaporozhets/Projects/gitlab-development-kit/repositories/gitlab-org/gitlab-test.git"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 10:44:52 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/allowed-push.yml b/spec/vcr_cassettes/allowed-push.yml index e61c140..025614a 100644 --- a/spec/vcr_cassettes/allowed-push.yml +++ b/spec/vcr_cassettes/allowed-push.yml @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":true,"gl_repository":"project-3","gl_project_path":"gitlab-org/gitlab.test","repository_path":"/Users/dzaporozhets/Projects/gitlab-development-kit/repositories/gitlab-org/gitlab-test.git"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 10:44:52 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/http-pull-disabled.yml b/spec/vcr_cassettes/http-pull-disabled.yml index abae549..23ef3e5 100644 --- a/spec/vcr_cassettes/http-pull-disabled.yml +++ b/spec/vcr_cassettes/http-pull-disabled.yml @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Pulling over HTTP is not allowed."}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 10:32:01 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/http-push-disabled.yml b/spec/vcr_cassettes/http-push-disabled.yml index 429fc32..676e5b8 100644 --- a/spec/vcr_cassettes/http-push-disabled.yml +++ b/spec/vcr_cassettes/http-push-disabled.yml @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Pushing over HTTP is not allowed."}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 10:32:01 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/ssh-pull-disabled.yml b/spec/vcr_cassettes/ssh-pull-disabled.yml index 54ae895..55ce261 100644 --- a/spec/vcr_cassettes/ssh-pull-disabled.yml +++ b/spec/vcr_cassettes/ssh-pull-disabled.yml @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Git access over SSH is not allowed"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 12:23:57 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml b/spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml index 35a2c11..b461b5b 100644 --- a/spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml +++ b/spec/vcr_cassettes/ssh-pull-project-denied-with-user.yml @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Git access over SSH is not allowed"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 12:24:05 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/ssh-pull-project-denied.yml b/spec/vcr_cassettes/ssh-pull-project-denied.yml index 9c99a17..5107d15 100644 --- a/spec/vcr_cassettes/ssh-pull-project-denied.yml +++ b/spec/vcr_cassettes/ssh-pull-project-denied.yml @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Git access over SSH is not allowed"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 12:24:04 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/ssh-push-disabled.yml b/spec/vcr_cassettes/ssh-push-disabled.yml index 7795e52..c061791 100644 --- a/spec/vcr_cassettes/ssh-push-disabled.yml +++ b/spec/vcr_cassettes/ssh-push-disabled.yml @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Git access over SSH is not allowed"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 12:23:57 GMT recorded_with: VCR 2.4.0 diff --git a/spec/vcr_cassettes/ssh-push-project-denied.yml b/spec/vcr_cassettes/ssh-push-project-denied.yml index 0e6f8c8..c16e608 100644 --- a/spec/vcr_cassettes/ssh-push-project-denied.yml +++ b/spec/vcr_cassettes/ssh-push-project-denied.yml @@ -41,6 +41,6 @@ http_interactions: body: encoding: UTF-8 string: '{"status":false,"message":"Git access over SSH is not allowed"}' - http_version: + http_version: recorded_at: Wed, 21 Jun 2017 12:24:04 GMT recorded_with: VCR 2.4.0 -- cgit v1.2.1