root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'rs-issue-12944' into 'master' 

Use a custom Devise failure app to handle unauthenticated .zip requests

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/12944

See merge request !2828
This commit is contained in:
Douwe Maan 2016-03-11 22:34:33 +00:00
parent 70bf6dc702 5844a21a0a
commit cb81c8a5ef
3 changed files with 54 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config/initializers/devise.rb
View File

@ -203,11 +203,11 @@ Devise.setup do |config|
# If you want to use other strategies, that are not supported by Devise, or # If you want to use other strategies, that are not supported by Devise, or
# change the failure app, you can configure them inside the config.warden block. # change the failure app, you can configure them inside the config.warden block.
# #
# config.warden do |manager| config.warden do |manager|
# manager.failure_app = AnotherApp manager.failure_app = Gitlab::DeviseFailure
# manager.intercept_401 = false # manager.intercept_401 = false
# manager.default_strategies(scope: :user).unshift :some_external_strategy # manager.default_strategies(scope: :user).unshift :some_external_strategy
# end end
if Gitlab::LDAP::Config.enabled? if Gitlab::LDAP::Config.enabled?
Gitlab.config.ldap.servers.values.each do |server| Gitlab.config.ldap.servers.values.each do |server|

23
lib/gitlab/devise_failure.rb Normal file
View File

@ -0,0 +1,23 @@
module Gitlab
class DeviseFailure < Devise::FailureApp
protected
# Override `Devise::FailureApp#request_format` to handle a special case
#
# This tells Devise to handle an unauthenticated `.zip` request as an HTML
# request (i.e., redirect to sign in).
#
# Otherwise, Devise would respond with a 401 Unauthorized with
# `Content-Type: application/zip` and a response body in plaintext, and the
# browser would freak out.
#
# See https://gitlab.com/gitlab-org/gitlab-ce/issues/12944
def request_format
if request.format == :zip
Mime::Type.lookup_by_extension(:html).ref
else
super
end
end
end
end

19
spec/controllers/projects/repositories_controller_spec.rb
View File

@ -2,14 +2,24 @@ require "spec_helper"
describe Projects::RepositoriesController do describe Projects::RepositoriesController do
let(:project) { create(:project) } let(:project) { create(:project) }
let(:user) { create(:user) }
describe "GET archive" do describe "GET archive" do
before do context 'as a guest' do
sign_in(user) it 'responds with redirect in correct format' do
project.team << [user, :developer] get :archive, namespace_id: project.namespace.path, project_id: project.path, format: "zip"
expect(response.content_type).to start_with 'text/html'
expect(response).to be_redirect
end
end end
context 'as a user' do
let(:user) { create(:user) }
before do
project.team << [user, :developer]
sign_in(user)
end
it "uses Gitlab::Workhorse" do it "uses Gitlab::Workhorse" do
expect(Gitlab::Workhorse).to receive(:send_git_archive).with(project, "master", "zip") expect(Gitlab::Workhorse).to receive(:send_git_archive).with(project, "master", "zip")
@ -29,4 +39,5 @@ describe Projects::RepositoriesController do
end end
end end
end end
end
end end