From 2bb5d517a2e12416f11117f943858b3249efbfe9 Mon Sep 17 00:00:00 2001 From: Alexander Machehin Date: Fri, 14 Dec 2012 17:25:10 +0600 Subject: [PATCH 1/2] [refs #782] add base auth to git url --- app/models/build_list.rb | 4 ++-- app/models/project.rb | 5 +++-- app/models/user.rb | 5 ++++- config/application.rb | 2 +- lib/plugins/grack/auth.rb | 2 +- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/app/models/build_list.rb b/app/models/build_list.rb index d3af2ffa6..981cde909 100644 --- a/app/models/build_list.rb +++ b/app/models/build_list.rb @@ -322,7 +322,7 @@ class BuildList < ActiveRecord::Base id, include_repos, priority, - project.git_project_address + project.git_project_address(user) ) end @status @@ -443,7 +443,7 @@ class BuildList < ActiveRecord::Base :time_living => 43200, # 12 hours :distrib_type => build_for_platform.distrib_type, # :git_project_address => 'https://abf.rosalinux.ru/server/gnome-settings-daemon.git', - :git_project_address => project.git_project_address, + :git_project_address => project.git_project_address(user), # :commit_hash => 'fbb2549e44d97226fea6748a4f95d1d82ffb8726', :commit_hash => commit_hash, :build_requires => build_requires, diff --git a/app/models/project.rb b/app/models/project.rb index 7fb0a55ac..6325616e9 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -117,10 +117,11 @@ class Project < ActiveRecord::Base owner == user end - def git_project_address + def git_project_address auth_user host ||= EventLog.current_controller.request.host_with_port rescue ::Rosa::Application.config.action_mailer.default_url_options[:host] protocol = APP_CONFIG['mailer_https_url'] ? "https" : "http" rescue "http" - Rails.application.routes.url_helpers.project_url(self.owner.uname, self.name, :host => host, :protocol => protocol) + ".git" + opts = {:host => host, :protocol => protocol, :user => auth_user.authentication_token, :password => ''} + Rails.application.routes.url_helpers.project_url(self.owner.uname, self.name, opts) + ".git" #path #share by NFS end diff --git a/app/models/user.rb b/app/models/user.rb index b640134ed..71c4d8012 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -87,7 +87,10 @@ class User < Avatar def find_for_database_authentication(warden_conditions) conditions = warden_conditions.dup login = conditions.delete(:login) - where(conditions).where(["lower(uname) = :value OR lower(email) = :value", { :value => login.downcase }]).first + user = User.where(conditions).where(:authentication_token => login).first || + User.where(conditions).where(["lower(uname) = :value OR lower(email) = :value", { :value => login.downcase}]).first + return user if !user.access_locked? and (user.authentication_token == login or user.valid_password?(p)) + nil end def new_with_session(params, session) diff --git a/config/application.rb b/config/application.rb index b6e82755f..13f0a15c1 100644 --- a/config/application.rb +++ b/config/application.rb @@ -51,7 +51,7 @@ module Rosa config.encoding = "utf-8" # Configure sensitive parameters which will be filtered from the log file. - config.filter_parameters += [:password, :secret] + config.filter_parameters += [:password, :secret, :authentication_token] # Enable the asset pipeline config.assets.enabled = true diff --git a/lib/plugins/grack/auth.rb b/lib/plugins/grack/auth.rb index 598dd11a1..c87ee0fcf 100644 --- a/lib/plugins/grack/auth.rb +++ b/lib/plugins/grack/auth.rb @@ -12,7 +12,7 @@ module Grack return render_not_found if project.blank? return ::Rack::Auth::Basic.new(@app) do |u, p| - user = User.find_for_database_authentication(:login => u) and !user.access_locked? and user.valid_password?(p) and + user = User.find_for_database_authentication(:login => u) and ability = ::Ability.new(user) and ability.can?(action, project) # project.members.include?(user) end.call(env) unless project.public? and read? # need auth end From 2f1a21cbdfa94455764ce63795f771f0952146c3 Mon Sep 17 00:00:00 2001 From: Alexander Machehin Date: Fri, 14 Dec 2012 19:20:46 +0600 Subject: [PATCH 2/2] [refs #782] restore login&pass authentication --- app/models/user.rb | 4 +++- lib/plugins/grack/auth.rb | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/models/user.rb b/app/models/user.rb index 71c4d8012..ab277c086 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -86,10 +86,12 @@ class User < Avatar class << self def find_for_database_authentication(warden_conditions) conditions = warden_conditions.dup + login = conditions.delete(:login) + pass = conditions.delete(:pass) user = User.where(conditions).where(:authentication_token => login).first || User.where(conditions).where(["lower(uname) = :value OR lower(email) = :value", { :value => login.downcase}]).first - return user if !user.access_locked? and (user.authentication_token == login or user.valid_password?(p)) + return user if !user.access_locked? and (user.authentication_token == login or user.valid_password?(pass)) nil end diff --git a/lib/plugins/grack/auth.rb b/lib/plugins/grack/auth.rb index c87ee0fcf..4b2f14385 100644 --- a/lib/plugins/grack/auth.rb +++ b/lib/plugins/grack/auth.rb @@ -12,7 +12,7 @@ module Grack return render_not_found if project.blank? return ::Rack::Auth::Basic.new(@app) do |u, p| - user = User.find_for_database_authentication(:login => u) and + user = User.find_for_database_authentication({:login => u, :pass => p}) and ability = ::Ability.new(user) and ability.can?(action, project) # project.members.include?(user) end.call(env) unless project.public? and read? # need auth end