Merge branch 'master' into discussions

lib/gitlab/backend/grack_auth.rb

@@ -2,25 +2,41 @@ module Grack
   class Auth < Rack::Auth::Basic
     attr_accessor :user, :project
 
-    def valid?
-      # Authentication with username and password
-      login, password = @auth.credentials
+    def call(env)
+      @env = env
+      @request = Rack::Request.new(env)
+      @auth = Request.new(env)
 
-      self.user = User.find_by_email(login) || User.find_by_username(login)
-
-      return false unless user.try(:valid_password?, password)
-
-      email = user.email
-
-      # Set GL_USER env variable
-      ENV['GL_USER'] = email
       # Pass Gitolite update hook
       ENV['GL_BYPASS_UPDATE_HOOK'] = "true"
 
-      # Find project by PATH_INFO from env
-      if m = /^\/([\w\.\/-]+)\.git/.match(@request.path_info).to_a
-        self.project = Project.find_with_namespace(m.last)
-        return false unless project
+      # Need this patch due to the rails mount
+      @env['PATH_INFO'] = @request.path
+      @env['SCRIPT_NAME'] = ""
+
+      return render_not_found unless project
+      return unauthorized unless project.public || @auth.provided?
+      return bad_request if @auth.provided? && !@auth.basic?
+
+      if valid?
+        if @auth.provided?
+          @env['REMOTE_USER'] = @auth.username
+        end
+        return @app.call(env)
+      else
+        unauthorized
+      end
+    end
+
+    def valid?
+      if @auth.provided?
+        # Authentication with username and password
+        login, password = @auth.credentials
+        self.user = User.find_by_email(login) || User.find_by_username(login)
+        return false unless user.try(:valid_password?, password)
+
+        # Set GL_USER env variable
+        ENV['GL_USER'] = user.email
       end
 
       # Git upload and receive
@@ -34,12 +50,12 @@ module Grack
     end
 
     def validate_get_request
-      can?(user, :download_code, project)
+      project.public || can?(user, :download_code, project)
     end
 
     def validate_post_request
       if @request.path_info.end_with?('git-upload-pack')
-        can?(user, :download_code, project)
+        project.public || can?(user, :download_code, project)
       elsif @request.path_info.end_with?('git-receive-pack')
         action = if project.protected_branch?(current_ref)
                    :push_code_to_protected_branches
@@ -68,6 +84,22 @@ module Grack
       /refs\/heads\/([\w\.-]+)/.match(input).to_a.first
     end
 
+    def project
+      unless instance_variable_defined? :@project
+        # Find project by PATH_INFO from env
+        if m = /^\/([\w\.\/-]+)\.git/.match(@request.path_info).to_a
+          @project = Project.find_with_namespace(m.last)
+        end
+      end
+      return @project
+    end
+
+    PLAIN_TYPE = {"Content-Type" => "text/plain"}
+
+    def render_not_found
+      [404, PLAIN_TYPE, ["Not Found"]]
+    end
+
     protected
 
     def abilities

lib/tasks/gitlab/check.rake

@@ -2,7 +2,7 @@ namespace :gitlab do
   desc "GITLAB | Check the configuration of GitLab and its environment"
   task check: %w{gitlab:env:check
                  gitlab:gitolite:check
-                 gitlab:resque:check
+                 gitlab:sidekiq:check
                  gitlab:app:check}
 
 
@@ -317,7 +317,7 @@ namespace :gitlab do
       gitolite_ssh_user = Gitlab.config.gitolite.ssh_user
       print "Has no \"-e\" in ~#{gitolite_ssh_user}/.profile ... "
 
-      profile_file = File.join(gitolite_home, ".profile")
+      profile_file = File.join(gitolite_user_home, ".profile")
 
       unless File.read(profile_file) =~ /^-e PATH/
         puts "yes".green
@@ -475,7 +475,7 @@ namespace :gitlab do
     def check_dot_gitolite_exists
       print "Config directory exists? ... "
 
-      gitolite_config_path = File.join(gitolite_home, ".gitolite")
+      gitolite_config_path = File.join(gitolite_user_home, ".gitolite")
 
       if File.directory?(gitolite_config_path)
         puts "yes".green
@@ -496,13 +496,13 @@ namespace :gitlab do
     def check_dot_gitolite_permissions
       print "Config directory access is drwxr-x---? ... "
 
-      gitolite_config_path = File.join(gitolite_home, ".gitolite")
+      gitolite_config_path = File.join(gitolite_user_home, ".gitolite")
       unless File.exists?(gitolite_config_path)
         puts "can't check because of previous errors".magenta
         return
       end
 
-      if `stat --printf %a #{gitolite_config_path}` == "750"
+      if File.stat(gitolite_config_path).mode.to_s(8).ends_with?("750")
         puts "yes".green
       else
         puts "no".red
@@ -520,18 +520,17 @@ namespace :gitlab do
       gitolite_ssh_user = Gitlab.config.gitolite.ssh_user
       print "Config directory owned by #{gitolite_ssh_user}:#{gitolite_ssh_user} ... "
 
-      gitolite_config_path = File.join(gitolite_home, ".gitolite")
+      gitolite_config_path = File.join(gitolite_user_home, ".gitolite")
       unless File.exists?(gitolite_config_path)
         puts "can't check because of previous errors".magenta
         return
       end
 
-      if `stat --printf %U #{gitolite_config_path}` == gitolite_ssh_user && # user
-         `stat --printf %G #{gitolite_config_path}` == gitolite_ssh_user #group
+      if File.stat(gitolite_config_path).uid == uid_for(gitolite_ssh_user) &&
+         File.stat(gitolite_config_path).gid == gid_for(gitolite_ssh_user)
         puts "yes".green
       else
         puts "no".red
-        puts "#{gitolite_config_path} is not owned by #{gitolite_ssh_user}".red
         try_fixing_it(
           "sudo chown -R #{gitolite_ssh_user}:#{gitolite_ssh_user} #{gitolite_config_path}"
         )
@@ -559,7 +558,7 @@ namespace :gitlab do
     end
 
     def check_gitoliterc_git_config_keys
-      gitoliterc_path = File.join(gitolite_home, ".gitolite.rc")
+      gitoliterc_path = File.join(gitolite_user_home, ".gitolite.rc")
 
       print "Allow all Git config keys in .gitolite.rc ... "
       option_name = if has_gitolite3?
@@ -588,7 +587,7 @@ namespace :gitlab do
     end
 
     def check_gitoliterc_repo_umask
-      gitoliterc_path = File.join(gitolite_home, ".gitolite.rc")
+      gitoliterc_path = File.join(gitolite_user_home, ".gitolite.rc")
 
       print "Repo umask is 0007 in .gitolite.rc? ... "
       option_name = if has_gitolite3?
@@ -722,11 +721,10 @@ namespace :gitlab do
         return
       end
 
-      if `stat --printf %a #{repo_base_path}` == "6770"
+      if File.stat(repo_base_path).mode.to_s(8).ends_with?("6770")
         puts "yes".green
       else
         puts "no".red
-        puts "#{repo_base_path} is not writable".red
         try_fixing_it(
           "sudo chmod -R ug+rwXs,o-rwx #{repo_base_path}"
         )
@@ -747,12 +745,11 @@ namespace :gitlab do
         return
       end
 
-      if `stat --printf %U #{repo_base_path}` == gitolite_ssh_user && # user
-         `stat --printf %G #{repo_base_path}` == gitolite_ssh_user #group
+      if File.stat(repo_base_path).uid == uid_for(gitolite_ssh_user) &&
+         File.stat(repo_base_path).gid == gid_for(gitolite_ssh_user)
         puts "yes".green
       else
         puts "no".red
-        puts "#{repo_base_path} is not owned by #{gitolite_ssh_user}".red
         try_fixing_it(
           "sudo chown -R #{gitolite_ssh_user}:#{gitolite_ssh_user} #{repo_base_path}"
         )
@@ -833,7 +830,8 @@ namespace :gitlab do
           next
         end
 
-        if run_and_match("stat --format %N #{project_hook_file}", /#{hook_file}.+->.+#{gitolite_hook_file}/)
+        if File.lstat(project_hook_file).symlink? &&
+            File.realpath(project_hook_file) == File.realpath(gitolite_hook_file)
           puts "ok".green
         else
           puts "not a link to Gitolite's hook".red
@@ -852,12 +850,12 @@ namespace :gitlab do
     # Helper methods
     ########################
 
-    def gitolite_home
+    def gitolite_user_home
       File.expand_path("~#{Gitlab.config.gitolite.ssh_user}")
     end
 
     def gitolite_version
-      gitolite_version_file = "#{gitolite_home}/gitolite/src/VERSION"
+      gitolite_version_file = "#{gitolite_user_home}/gitolite/src/VERSION"
       if File.readable?(gitolite_version_file)
         File.read(gitolite_version_file)
       end
@@ -870,22 +868,22 @@ namespace :gitlab do
 
 
 
-  namespace :resque do
+  namespace :sidekiq do
     desc "GITLAB | Check the configuration of Sidekiq"
     task check: :environment  do
       warn_user_is_not_gitlab
-      start_checking "Resque"
+      start_checking "Sidekiq"
 
-      check_resque_running
+      check_sidekiq_running
 
-      finished_checking "Resque"
+      finished_checking "Sidekiq"
     end
 
 
     # Checks
     ########################
 
-    def check_resque_running
+    def check_sidekiq_running
       print "Running? ... "
 
       if run_and_match("ps aux | grep -i sidekiq", /sidekiq \d\.\d\.\d.+$/)
@@ -893,9 +891,7 @@ namespace :gitlab do
       else
         puts "no".red
         try_fixing_it(
-          "sudo service gitlab restart",
-          "or",
-          "sudo /etc/init.d/gitlab restart"
+          "sudo -u gitlab -H bundle exec rake sidekiq:start"
         )
         for_more_information(
           see_installation_guide_section("Install Init Script"),

lib/tasks/gitlab/info.rake

@@ -3,20 +3,6 @@ namespace :gitlab do
     desc "GITLAB | Show information about GitLab and its environment"
     task info: :environment  do
 
-      # check which OS is running
-      os_name = run("lsb_release -irs")
-      os_name ||= if File.readable?('/etc/system-release')
-                    File.read('/etc/system-release')
-                  end
-      os_name ||= if File.readable?('/etc/debian_version')
-                    debian_version = File.read('/etc/debian_version')
-                    "Debian #{debian_version}"
-                  end
-      os_name ||= if File.readable?('/etc/SuSE-release')
-                    File.read('/etc/SuSE-release')
-                  end
-      os_name.try(:squish!)
-
       # check if there is an RVM environment
       rvm_version = run_and_match("rvm --version", /[\d\.]+/).try(:to_s)
       # check Ruby version

lib/tasks/gitlab/task_helpers.rake

@@ -1,5 +1,27 @@
 namespace :gitlab do
 
+  # Check which OS is running
+  #
+  # It will primarily use lsb_relase to determine the OS.
+  # It has fallbacks to Debian, SuSE and OS X.
+  def os_name
+    os_name = run("lsb_release -irs")
+    os_name ||= if File.readable?('/etc/system-release')
+                  File.read('/etc/system-release')
+                end
+    os_name ||= if File.readable?('/etc/debian_version')
+                  debian_version = File.read('/etc/debian_version')
+                  "Debian #{debian_version}"
+                end
+    os_name ||= if File.readable?('/etc/SuSE-release')
+                  File.read('/etc/SuSE-release')
+                end
+    os_name ||= if os_x_version = run("sw_vers -productVersion")
+                  "Mac OS X #{os_x_version}"
+                end
+    os_name.try(:squish!)
+  end
+
   # Runs the given command and matches the output agains the given pattern
   #
   # Returns nil if nothing matched
@@ -23,6 +45,15 @@ namespace :gitlab do
     end
   end
 
+  def uid_for(user_name)
+    run("id -u #{user_name}").chomp.to_i
+  end
+
+  def gid_for(group_name)
+    group_line = File.read("/etc/group").lines.select{|l| l.start_with?("#{group_name}:")}.first
+    group_line.split(":")[2].to_i
+  end
+
   def warn_user_is_not_gitlab
     unless @warned_user_not_gitlab
       current_user = run("whoami").chomp

lib/tasks/sidekiq.rake

@@ -6,18 +6,10 @@ namespace :sidekiq do
 
   desc "GITLAB | Start sidekiq"
   task :start do
-    run "nohup bundle exec sidekiq -q post_receive,mailer,system_hook,common,default -e #{rails_env} -P #{pidfile} >> #{root_path}/log/sidekiq.log 2>&1 &"
-  end
-
-  def root_path
-    @root_path ||= File.join(File.expand_path(File.dirname(__FILE__)), "../..")
+    run "nohup bundle exec sidekiq -q post_receive,mailer,system_hook,common,default -e #{Rails.env} -P #{pidfile} >> #{Rails.root.join("log", "sidekiq.log")} 2>&1 &"
   end
 
   def pidfile
-    "#{root_path}/tmp/pids/sidekiq.pid"
-  end
-
-  def rails_env
-    ENV['RAILS_ENV'] || "production"
+    Rails.root.join("tmp", "pids", "sidekiq.pid")
   end
 end