1 require_relative 'shell_env'
2 require_relative 'grack_helpers'
5 class Auth < Rack::Auth::Basic
8 attr_accessor :user, :project, :ref, :env
12 @request = Rack::Request.new(env)
13 @auth = Request.new(env)
15 # Need this patch due to the rails mount
17 # Need this if under RELATIVE_URL_ROOT
18 unless Gitlab.config.gitlab.relative_url_root.empty?
19 # If website is mounted using relative_url_root need to remove it first
20 @env['PATH_INFO'] = @request.path.sub(Gitlab.config.gitlab.relative_url_root,'')
22 @env['PATH_INFO'] = @request.path
25 @env['SCRIPT_NAME'] = ""
33 return render_not_found unless project
36 return bad_request unless @auth.basic?
38 # Authentication with username and password
39 login, password = @auth.credentials
41 # Allow authentication for GitLab CI service
42 # if valid token passed
43 if login == "gitlab-ci-token" && project.gitlab_ci?
44 token = project.gitlab_ci_service.token
46 if token.present? && token == password && service_name == 'git-upload-pack'
51 @user = authenticate_user(login, password)
54 Gitlab::ShellEnv.set_env(@user)
55 @env['REMOTE_USER'] = @auth.username
61 return unauthorized unless project.public
64 if authorized_git_request?
71 def authorized_git_request?
72 authorize_request(service_name)
75 def authenticate_user(login, password)
76 auth = Gitlab::Auth.new
77 auth.find(login, password)
80 def authorize_request(service)
82 when 'git-upload-pack'
83 project.public || can?(user, :download_code, project)
84 when'git-receive-pack'
85 action = if project.protected_branch?(ref)
86 :push_code_to_protected_branches
91 can?(user, action, project)
99 @request.params['service']
101 File.basename(@request.path)
108 @project ||= project_by_path(@request.path_info)
116 input = if @env["HTTP_CONTENT_ENCODING"] =~ /gzip/
117 Zlib::GzipReader.new(@request.body).read
122 # Need to reset seek point
124 /refs\/heads\/([\/\w\.-]+)/n.match(input.force_encoding('ascii-8bit')).to_a.last