BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
646018a4
Commit
646018a4
authored
May 22, 2016
by
Kamil Trzcinski
Committed by
Grzegorz Bizon
May 23, 2016
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix the CI login to Container Registry (the gitlab-ci-token user)
parent
b4c47368
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
6 additions
and
5 deletions
+6
-5
CHANGELOG
CHANGELOG
+1
-0
jwt_controller.rb
app/controllers/jwt_controller.rb
+1
-1
container_registry_authentication_service.rb
...ervices/auth/container_registry_authentication_service.rb
+1
-1
jwt_controller_spec.rb
spec/requests/jwt_controller_spec.rb
+1
-1
container_registry_authentication_service_spec.rb
...es/auth/container_registry_authentication_service_spec.rb
+2
-2
No files found.
CHANGELOG
View file @
646018a4
...
@@ -32,6 +32,7 @@ v 8.8.0 (unreleased)
...
@@ -32,6 +32,7 @@ v 8.8.0 (unreleased)
- Bump mail_room to 0.7.0 to fix stuck IDLE connections
- Bump mail_room to 0.7.0 to fix stuck IDLE connections
- Remove future dates from contribution calendar graph.
- Remove future dates from contribution calendar graph.
- Support e-mail notifications for comments on project snippets
- Support e-mail notifications for comments on project snippets
- Fix the CI login to Container Registry (the gitlab-ci-token user)
- Fix API leak of notes of unauthorized issues, snippets and merge requests
- Fix API leak of notes of unauthorized issues, snippets and merge requests
- Use ActionDispatch Remote IP for Akismet checking
- Use ActionDispatch Remote IP for Akismet checking
- Fix error when visiting commit builds page before build was updated
- Fix error when visiting commit builds page before build was updated
...
...
app/controllers/jwt_controller.rb
View file @
646018a4
...
@@ -36,7 +36,7 @@ class JwtController < ApplicationController
...
@@ -36,7 +36,7 @@ class JwtController < ApplicationController
end
end
def
authenticate_project
(
login
,
password
)
def
authenticate_project
(
login
,
password
)
if
login
==
'gitlab
_ci_
token'
if
login
==
'gitlab
-ci-
token'
Project
.
find_by
(
builds_enabled:
true
,
runners_token:
password
)
Project
.
find_by
(
builds_enabled:
true
,
runners_token:
password
)
end
end
end
end
...
...
app/services/auth/container_registry_authentication_service.rb
View file @
646018a4
...
@@ -6,7 +6,7 @@ module Auth
...
@@ -6,7 +6,7 @@ module Auth
return
error
(
'not found'
,
404
)
unless
registry
.
enabled
return
error
(
'not found'
,
404
)
unless
registry
.
enabled
if
params
[
:offline_token
]
if
params
[
:offline_token
]
return
error
(
'unauthorized'
,
401
)
unless
current_user
return
error
(
'unauthorized'
,
401
)
unless
current_user
||
project
else
else
return
error
(
'forbidden'
,
403
)
unless
scope
return
error
(
'forbidden'
,
403
)
unless
scope
end
end
...
...
spec/requests/jwt_controller_spec.rb
View file @
646018a4
...
@@ -23,7 +23,7 @@ describe JwtController do
...
@@ -23,7 +23,7 @@ describe JwtController do
context
'when using authorized request'
do
context
'when using authorized request'
do
context
'using CI token'
do
context
'using CI token'
do
let
(
:project
)
{
create
(
:empty_project
,
runners_token:
'token'
,
builds_enabled:
builds_enabled
)
}
let
(
:project
)
{
create
(
:empty_project
,
runners_token:
'token'
,
builds_enabled:
builds_enabled
)
}
let
(
:headers
)
{
{
authorization:
credentials
(
'gitlab
_ci_
token'
,
project
.
runners_token
)
}
}
let
(
:headers
)
{
{
authorization:
credentials
(
'gitlab
-ci-
token'
,
project
.
runners_token
)
}
}
subject!
{
get
'/jwt/auth'
,
parameters
,
headers
}
subject!
{
get
'/jwt/auth'
,
parameters
,
headers
}
...
...
spec/services/auth/container_registry_authentication_service_spec.rb
View file @
646018a4
...
@@ -127,12 +127,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
...
@@ -127,12 +127,12 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
context
'project authorization'
do
context
'project authorization'
do
let
(
:current_project
)
{
create
(
:empty_project
)
}
let
(
:current_project
)
{
create
(
:empty_project
)
}
context
'
dis
allow to use offline_token'
do
context
'allow to use offline_token'
do
let
(
:current_params
)
do
let
(
:current_params
)
do
{
offline_token:
true
}
{
offline_token:
true
}
end
end
it_behaves_like
'an
unauthoriz
ed'
it_behaves_like
'an
authenticat
ed'
end
end
context
'allow to pull and push images'
do
context
'allow to pull and push images'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment