Merge pull request #783 from warpc/782-url_to_closed_project

[refs #782] support user hash token auth in git; add base auth to git url sending to build system
This commit is contained in:
Vladimir Sharshov 2012-12-14 10:09:47 -08:00
commit fc4bd690a8
5 changed files with 13 additions and 7 deletions

View File

@ -322,7 +322,7 @@ class BuildList < ActiveRecord::Base
id, id,
include_repos, include_repos,
priority, priority,
project.git_project_address project.git_project_address(user)
) )
end end
@status @status
@ -443,7 +443,7 @@ class BuildList < ActiveRecord::Base
:time_living => 43200, # 12 hours :time_living => 43200, # 12 hours
:distrib_type => build_for_platform.distrib_type, :distrib_type => build_for_platform.distrib_type,
# :git_project_address => 'https://abf.rosalinux.ru/server/gnome-settings-daemon.git', # :git_project_address => 'https://abf.rosalinux.ru/server/gnome-settings-daemon.git',
:git_project_address => project.git_project_address, :git_project_address => project.git_project_address(user),
# :commit_hash => 'fbb2549e44d97226fea6748a4f95d1d82ffb8726', # :commit_hash => 'fbb2549e44d97226fea6748a4f95d1d82ffb8726',
:commit_hash => commit_hash, :commit_hash => commit_hash,
:build_requires => build_requires, :build_requires => build_requires,

View File

@ -117,10 +117,11 @@ class Project < ActiveRecord::Base
owner == user owner == user
end end
def git_project_address def git_project_address auth_user
host ||= EventLog.current_controller.request.host_with_port rescue ::Rosa::Application.config.action_mailer.default_url_options[:host] host ||= EventLog.current_controller.request.host_with_port rescue ::Rosa::Application.config.action_mailer.default_url_options[:host]
protocol = APP_CONFIG['mailer_https_url'] ? "https" : "http" rescue "http" protocol = APP_CONFIG['mailer_https_url'] ? "https" : "http" rescue "http"
Rails.application.routes.url_helpers.project_url(self.owner.uname, self.name, :host => host, :protocol => protocol) + ".git" opts = {:host => host, :protocol => protocol, :user => auth_user.authentication_token, :password => ''}
Rails.application.routes.url_helpers.project_url(self.owner.uname, self.name, opts) + ".git"
#path #share by NFS #path #share by NFS
end end

View File

@ -86,8 +86,13 @@ class User < Avatar
class << self class << self
def find_for_database_authentication(warden_conditions) def find_for_database_authentication(warden_conditions)
conditions = warden_conditions.dup conditions = warden_conditions.dup
login = conditions.delete(:login) login = conditions.delete(:login)
where(conditions).where(["lower(uname) = :value OR lower(email) = :value", { :value => login.downcase }]).first pass = conditions.delete(:pass)
user = User.where(conditions).where(:authentication_token => login).first ||
User.where(conditions).where(["lower(uname) = :value OR lower(email) = :value", { :value => login.downcase}]).first
return user if !user.access_locked? and (user.authentication_token == login or user.valid_password?(pass))
nil
end end
def new_with_session(params, session) def new_with_session(params, session)

View File

@ -51,7 +51,7 @@ module Rosa
config.encoding = "utf-8" config.encoding = "utf-8"
# Configure sensitive parameters which will be filtered from the log file. # Configure sensitive parameters which will be filtered from the log file.
config.filter_parameters += [:password, :secret] config.filter_parameters += [:password, :secret, :authentication_token]
# Enable the asset pipeline # Enable the asset pipeline
config.assets.enabled = true config.assets.enabled = true

View File

@ -12,7 +12,7 @@ module Grack
return render_not_found if project.blank? return render_not_found if project.blank?
return ::Rack::Auth::Basic.new(@app) do |u, p| return ::Rack::Auth::Basic.new(@app) do |u, p|
user = User.find_for_database_authentication(:login => u) and !user.access_locked? and user.valid_password?(p) and user = User.find_for_database_authentication({:login => u, :pass => p}) and
ability = ::Ability.new(user) and ability.can?(action, project) # project.members.include?(user) ability = ::Ability.new(user) and ability.can?(action, project) # project.members.include?(user)
end.call(env) unless project.public? and read? # need auth end.call(env) unless project.public? and read? # need auth
end end