add secret token

e981f4eb · Valery Sizov · d01eac99 · e981f4eb · e981f4eb · e981f4eb
Commit e981f4eb authored 10 years ago by Valery Sizov
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@ tmp/*
 /*.log*
 authorized_keys.lock
 coverage/
+.gitlab_shell_secret
+.bundle
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -76,6 +76,7 @@ class GitlabNet
    url = URI.parse(url)
    http = http_client_for url
    request = http_request_for url
+    request.set_form_data(secret_token: secret_token)

    http.start { |http| http.request(request) }.tap do |resp|
      if resp.code == "200"
@@ -92,7 +93,7 @@ class GitlabNet
    url = URI.parse(url)
    http = http_client_for(url)
    request = http_request_for(url, :post)
-    request.set_form_data(params)
+    request.set_form_data(params.merge(secret_token: secret_token))

    http.start { |http| http.request(request) }.tap do |resp|
      if resp.code == "200"
@@ -116,4 +117,8 @@ class GitlabNet
      end
    end
  end
+
+  def secret_token
+    @secret_token ||= File.read File.join(ROOT_PATH, '.gitlab_shell_secret')
+  end
 end
--- a/spec/gitlab_net_spec.rb
+++ b/spec/gitlab_net_spec.rb
@@ -8,6 +8,7 @@ describe GitlabNet, vcr: true do

  before do
    gitlab_net.stub!(:host).and_return('https://dev.gitlab.org/api/v3/internal')
+    gitlab_net.stub!(:secret_token).and_return('a123')
  end

  describe :check do
@@ -17,6 +18,13 @@ describe GitlabNet, vcr: true do
        result.code.should == '200'
      end
    end
+
+    it 'adds the secret_token to request' do
+      VCR.use_cassette("check-ok") do
+        Net::HTTP::Get.any_instance.should_receive(:set_form_data).with(hash_including(secret_token: 'a123'))
+        gitlab_net.check
+      end
+    end
  end

  describe :discover do
@@ -26,6 +34,13 @@ describe GitlabNet, vcr: true do
        user['name'].should == 'Dmitriy Zaporozhets'
      end
    end
+
+    it 'adds the secret_token to request' do
+      VCR.use_cassette("discover-ok") do
+          Net::HTTP::Get.any_instance.should_receive(:set_form_data).with(hash_including(secret_token: 'a123'))
+          gitlab_net.discover('key-126')
+        end
+      end
  end

  describe :allowed? do
@@ -37,6 +52,13 @@ describe GitlabNet, vcr: true do
        end
      end

+      it 'adds the secret_token theo request' do
+        VCR.use_cassette("allowed-pull") do
+          Net::HTTP::Post.any_instance.should_receive(:set_form_data).with(hash_including(secret_token: 'a123'))
+          gitlab_net.allowed?('git-receive-pack', 'gitlab/gitlabhq.git', 'key-126', changes)          
+        end
+      end
+
      it 'should allow push access for dev.gitlab.org' do
        VCR.use_cassette("allowed-push") do
          access = gitlab_net.allowed?('git-upload-pack', 'gitlab/gitlabhq.git', 'key-126', changes)

--- a/spec/vcr_cassettes/allowed-pull.yml
+++ b/spec/vcr_cassettes/allowed-pull.yml
@@ -5,7 +5,7 @@ http_interactions:
    uri: https://dev.gitlab.org/api/v3/internal/allowed
    body:
      encoding: US-ASCII
-      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=126
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=126&secret_token=a123
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3

--- a/spec/vcr_cassettes/allowed-push.yml
+++ b/spec/vcr_cassettes/allowed-push.yml
@@ -5,7 +5,7 @@ http_interactions:
    uri: https://dev.gitlab.org/api/v3/internal/allowed
    body:
      encoding: US-ASCII
-      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=126
+      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=126&secret_token=a123
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3

--- a/spec/vcr_cassettes/check-ok.yml
+++ b/spec/vcr_cassettes/check-ok.yml
@@ -5,7 +5,7 @@ http_interactions:
    uri: https://dev.gitlab.org/api/v3/internal/check
    body:
      encoding: US-ASCII
-      string: ''
+      string: secret_token=a123
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3

--- a/spec/vcr_cassettes/denied-pull.yml
+++ b/spec/vcr_cassettes/denied-pull.yml
@@ -5,7 +5,7 @@ http_interactions:
    uri: https://dev.gitlab.org/api/v3/internal/allowed
    body:
      encoding: US-ASCII
-      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=2
+      string: action=git-receive-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=2&secret_token=a123
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3

--- a/spec/vcr_cassettes/denied-push-with-user.yml
+++ b/spec/vcr_cassettes/denied-push-with-user.yml
@@ -5,7 +5,7 @@ http_interactions:
    uri: https://dev.gitlab.org/api/v3/internal/allowed
    body:
      encoding: US-ASCII
-      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&user_id=1
+      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&user_id=1&secret_token=a123
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3

--- a/spec/vcr_cassettes/denied-push.yml
+++ b/spec/vcr_cassettes/denied-push.yml
@@ -5,7 +5,7 @@ http_interactions:
    uri: https://dev.gitlab.org/api/v3/internal/allowed
    body:
      encoding: US-ASCII
-      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=2
+      string: action=git-upload-pack&changes=0000000000000000000000000000000000000000+92d0970eefd7acb6d548878925ce2208cfe2d2ec+refs%2Fheads%2Fbranch4&project=gitlab%2Fgitlabhq&key_id=2&secret_token=a123
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3

--- a/spec/vcr_cassettes/discover-ok.yml
+++ b/spec/vcr_cassettes/discover-ok.yml
@@ -5,7 +5,7 @@ http_interactions:
    uri: https://dev.gitlab.org/api/v3/internal/discover?key_id=126
    body:
      encoding: US-ASCII
-      string: ''
+      string: secret_token=a123
    headers:
      Accept-Encoding:
      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3