diff --git a/app/models/project_import_data.rb b/app/models/project_import_data.rb
index 23f4e97b8aaf96adfafa7651c62c23e8f827dfd6..f3b9daa0d1a7a74e194d164b860ea27021f913bb 100644
--- a/app/models/project_import_data.rb
+++ b/app/models/project_import_data.rb
@@ -12,7 +12,7 @@ require 'file_size_validator'
class ProjectImportData < ActiveRecord::Base
belongs_to :project
- attr_encrypted :credentials, key: Gitlab::Application.secrets.db_key_base, marshal: true
+ attr_encrypted :credentials, key: Gitlab::Application.secrets.db_key_base, marshal: true, encode: true
serialize :data, JSON
diff --git a/db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb b/db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb
index dfa9f2d4dee08b82513303c5d0c0c4799668cf5a..881af783c61aeb0089cdbe7a0ab3adaf4daa9865 100644
--- a/db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb
+++ b/db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb
@@ -2,43 +2,49 @@ class RemoveWrongImportUrlFromProjects < ActiveRecord::Migration
class ImportUrlSanitizer
def initialize(url)
- @url = url
+ @url = URI.parse(url)
end
def sanitized_url
- @sanitized_url ||= @url[regex_extractor, 1] + @url[regex_extractor, 3]
+ @sanitized_url ||= safe_url
end
def credentials
- @credentials ||= @url[regex_extractor, 2]
+ @credentials ||= { user: @url.user, password: @url.password }
end
private
- # Regex matches 1 <first part of URL>, 2 <token or to be encrypted stuff>,
- # 3 <last part of URL>
- def regex_extractor
- /(.*\/\/)(.*)(\@.*)/
+ def safe_url
+ safe_url = @url.dup
+ safe_url.password = nil
+ safe_url.user = nil
+ safe_url
end
+
+ end
+
+ class FakeProjectImportData
+ extend AttrEncrypted
+ attr_accessor :credentials
+ attr_encrypted :credentials, key: Gitlab::Application.secrets.db_key_base, marshal: true, encode: true
end
def up
- projects_with_wrong_import_url.each do |project_id|
- project = Project.find(project_id["id"])
- sanitizer = ImportUrlSanitizer.new(project.import_url)
+ projects_with_wrong_import_url.each do |project|
+ sanitizer = ImportUrlSanitizer.new(project["import_url"])
ActiveRecord::Base.transaction do
- project.update_columns(import_url: sanitizer.sanitized_url)
- if project.import_data
- project.import_data.credentials = sanitizer.credentials
- project.save!
- end
+ execute("UPDATE projects SET import_url = '#{sanitizer.sanitized_url}' WHERE id = #{project['id']}")
+ fake_import_data = FakeProjectImportData.new
+ fake_import_data.credentials = sanitizer.credentials
+ execute("UPDATE project_import_data SET encrypted_credentials = '#{fake_import_data.encrypted_credentials}' WHERE project_id = #{project['id']}")
end
end
end
def projects_with_wrong_import_url
# TODO Check live with #operations for possible false positives. Also, consider regex? But may have issues MySQL/PSQL
- select_all("SELECT p.id from projects p WHERE p.import_url LIKE '%//%:%@%' or p.import_url like '#{"_"*40}@github.com%'")
+ select_all("SELECT p.id, p.import_url from projects p WHERE p.import_url LIKE '%//%:%@%' or p.import_url like '#{"_"*40}@github.com%'")
end
end
diff --git a/lib/gitlab/github_import/importer.rb b/lib/gitlab/github_import/importer.rb
index 515fd4720d52d25d7caf650c9c336f8ace8f9010..d478d3b53981f836b0df3bedfb27b1f07a0fab72 100644
--- a/lib/gitlab/github_import/importer.rb
+++ b/lib/gitlab/github_import/importer.rb
@@ -7,8 +7,8 @@ module Gitlab
def initialize(project)
@project = project
- github_session = project.import_data.credentials if import_data
- @client = Client.new(github_session["github_access_token"])
+ credentials = project.import_data.credentials if import_data
+ @client = Client.new(credentials["github_access_token"])
@formatter = Gitlab::ImportFormatter.new
end
diff --git a/lib/gitlab/github_import/project_creator.rb b/lib/gitlab/github_import/project_creator.rb
index b5ed32e5b1e0c1e6eaa4d6c9af2771acc2a82349..52aba93a51d6a64f03da5dd9758509dbc12266af 100644
--- a/lib/gitlab/github_import/project_creator.rb
+++ b/lib/gitlab/github_import/project_creator.rb
@@ -32,8 +32,7 @@ module Gitlab
def create_import_data(project)
project.create_import_data(
- credentials: { github_access_token: session_data.delete(:github_access_token) },
- data: { github_session: session_data })
+ credentials: { github_access_token: session_data.delete(:github_access_token) })
end
end
end
diff --git a/lib/gitlab/import_url_exposer.rb b/lib/gitlab/import_url_exposer.rb
index f1919dffa8a150a62c56f0956c7f3742b856ee0f..bf03f5a6daf413e70d9ea5e3fd6ad5f20b8659ee 100644
--- a/lib/gitlab/import_url_exposer.rb
+++ b/lib/gitlab/import_url_exposer.rb
@@ -2,16 +2,12 @@ module Gitlab
# Exposes an import URL that includes the credentials unencrypted.
# Extracted to its own class to prevent unintended use.
module ImportUrlExposer
- extend self
- def expose(import_url:, credentials: )
- import_url.sub("//", "//#{parsed_credentials(credentials)}@")
- end
-
- private
-
- def parsed_credentials(credentials)
- credentials.values.join(":")
+ def self.expose(import_url:, credentials: )
+ uri = URI.parse(import_url)
+ uri.user = credentials[:user]
+ uri.password = credentials[:password]
+ uri
end
end
end
diff --git a/spec/lib/gitlab/import_url_exposer_spec.rb b/spec/lib/gitlab/import_url_exposer_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..878947caea18876d01032459e07be061f9b697c8
--- /dev/null
+++ b/spec/lib/gitlab/import_url_exposer_spec.rb
@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+describe 'Gitlab::ImportUrlExposer' do
+
+ describe :expose do
+ let(:credentials) do
+ Gitlab::ImportUrlExposer.expose(import_url: "https://github.com/me/project.git", credentials: {user: 'blah', password: 'password'})
+ end
+
+ it { expect(credentials).to be_a(URI) }
+ it { expect(credentials.to_s).to eq("https://blah:password@github.com/me/project.git") }
+ end
+end