2012-06-29 05:30:31 +02:00
|
|
|
module Grack
|
|
|
|
class Auth < Rack::Auth::Basic
|
2012-10-21 11:12:14 +02:00
|
|
|
attr_accessor :user, :project
|
2012-06-29 05:30:31 +02:00
|
|
|
|
|
|
|
def valid?
|
2012-06-29 09:43:15 +02:00
|
|
|
# Authentication with username and password
|
2012-11-26 10:23:08 +01:00
|
|
|
login, password = @auth.credentials
|
|
|
|
|
|
|
|
self.user = User.find_by_email(login) || User.find_by_username(login)
|
|
|
|
|
2012-06-29 15:40:23 +02:00
|
|
|
return false unless user.try(:valid_password?, password)
|
|
|
|
|
2012-11-26 10:23:08 +01:00
|
|
|
email = user.email
|
|
|
|
|
2012-07-02 10:44:45 +02:00
|
|
|
# Set GL_USER env variable
|
|
|
|
ENV['GL_USER'] = email
|
|
|
|
# Pass Gitolite update hook
|
|
|
|
ENV['GL_BYPASS_UPDATE_HOOK'] = "true"
|
|
|
|
|
2012-06-29 09:43:15 +02:00
|
|
|
# Find project by PATH_INFO from env
|
2012-11-26 10:23:08 +01:00
|
|
|
if m = /^\/([\w\.\/-]+)\.git/.match(@request.path_info).to_a
|
|
|
|
self.project = Project.find_with_namespace(m.last)
|
2012-10-21 11:12:14 +02:00
|
|
|
return false unless project
|
2012-06-29 09:43:15 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
# Git upload and receive
|
2012-09-17 12:36:23 +02:00
|
|
|
if @request.get?
|
2012-10-21 11:12:14 +02:00
|
|
|
validate_get_request
|
2012-09-17 12:36:23 +02:00
|
|
|
elsif @request.post?
|
2012-10-21 11:12:14 +02:00
|
|
|
validate_post_request
|
2012-06-29 12:11:37 +02:00
|
|
|
else
|
|
|
|
false
|
2012-06-29 09:43:15 +02:00
|
|
|
end
|
2012-10-21 11:12:14 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
def validate_get_request
|
2012-12-11 21:28:40 +01:00
|
|
|
can?(user, :download_code, project)
|
2012-10-21 11:12:14 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
def validate_post_request
|
|
|
|
if @request.path_info.end_with?('git-upload-pack')
|
2012-12-11 21:28:40 +01:00
|
|
|
can?(user, :download_code, project)
|
2012-10-21 11:12:14 +02:00
|
|
|
elsif @request.path_info.end_with?('git-receive-pack')
|
|
|
|
action = if project.protected_branch?(current_ref)
|
|
|
|
:push_code_to_protected_branches
|
|
|
|
else
|
|
|
|
:push_code
|
|
|
|
end
|
|
|
|
|
|
|
|
can?(user, action, project)
|
|
|
|
else
|
|
|
|
false
|
|
|
|
end
|
|
|
|
end
|
2012-06-29 12:11:37 +02:00
|
|
|
|
2012-10-22 17:45:42 +02:00
|
|
|
def can?(object, action, subject)
|
|
|
|
abilities.allowed?(object, action, subject)
|
|
|
|
end
|
|
|
|
|
2012-06-29 12:11:37 +02:00
|
|
|
def current_ref
|
|
|
|
if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
|
2012-08-25 09:24:21 +02:00
|
|
|
input = Zlib::GzipReader.new(@request.body).read
|
2012-06-29 12:11:37 +02:00
|
|
|
else
|
2012-08-25 09:24:21 +02:00
|
|
|
input = @request.body.read
|
2012-06-29 12:11:37 +02:00
|
|
|
end
|
2012-08-25 09:24:21 +02:00
|
|
|
# Need to reset seek point
|
|
|
|
@request.body.rewind
|
2012-10-26 14:05:57 +02:00
|
|
|
/refs\/heads\/([\w\.-]+)/.match(input).to_a.first
|
2012-06-29 12:11:37 +02:00
|
|
|
end
|
2012-10-22 17:45:42 +02:00
|
|
|
|
|
|
|
protected
|
|
|
|
|
|
|
|
def abilities
|
|
|
|
@abilities ||= begin
|
|
|
|
abilities = Six.new
|
|
|
|
abilities << Ability
|
|
|
|
abilities
|
|
|
|
end
|
|
|
|
end
|
2012-06-29 09:43:15 +02:00
|
|
|
end# Auth
|
|
|
|
end# Grack
|