Refactor git http controllers to rely on auth results differently

Auth results can return an ambiguous actor, either user or deploy token. Refactor to explicitly get user or deploy token rather than accessing the actor directly.

Refactor git http controllers to rely on auth results differently
e6cc4e90 · Drew Blessing · c3033257 · e6cc4e90 · e6cc4e90 · e6cc4e90
--- a/app/controllers/repositories/git_http_client_controller.rb
+++ b/app/controllers/repositories/git_http_client_controller.rb
@@ -8,12 +8,9 @@ class GitHttpClientController < Repositories::ApplicationController

    attr_reader :authentication_result, :redirected_path

-    delegate :actor, :authentication_abilities, to: :authentication_result, allow_nil: true
+    delegate :authentication_abilities, to: :authentication_result, allow_nil: true
    delegate :type, to: :authentication_result, allow_nil: true, prefix: :auth_result

-    alias_method :user, :actor
-    alias_method :authenticated_user, :actor
-
    # Git clients will not know what authenticity token to send along
    skip_around_action :set_session_storage
    skip_before_action :verify_authenticity_token
@@ -22,8 +19,16 @@ class GitHttpClientController < Repositories::ApplicationController

    feature_category :source_code_management

+    def authenticated_user
+      authentication_result&.user || authentication_result&.deploy_token
+    end
+
    private

+    def user
+      authenticated_user
+    end
+
    def download_request?
      raise NotImplementedError
    end

--- a/ee/app/controllers/ee/repositories/git_http_controller.rb
+++ b/ee/app/controllers/ee/repositories/git_http_controller.rb
@@ -30,6 +30,7 @@ def git_receive_pack

      private

+      override :user
      def user
        super || geo_push_user&.user
      end

--- a/spec/controllers/repositories/git_http_controller_spec.rb
+++ b/spec/controllers/repositories/git_http_controller_spec.rb
@@ -90,6 +90,14 @@ def send_request
        end
      end
    end
+
+    context 'when the user is a deploy token' do
+      it_behaves_like Repositories::GitHttpController do
+        let(:container) { project }
+        let(:user) { create(:deploy_token, :project, projects: [project]) }
+        let(:access_checker_class) { Gitlab::GitAccess }
+      end
+    end
  end

  context 'when repository container is a project wiki' do

--- a/spec/support/shared_examples/controllers/repositories/git_http_controller_shared_examples.rb
+++ b/spec/support/shared_examples/controllers/repositories/git_http_controller_shared_examples.rb
@@ -50,7 +50,8 @@

    context 'with authorized user' do
      before do
-        request.headers.merge! auth_env(user.username, user.password, nil)
+        password = user.try(:password) || user.try(:token)
+        request.headers.merge! auth_env(user.username, password, nil)
      end

      it 'returns 200' do
@@ -71,9 +72,10 @@
        it 'adds user info to the logs' do
          get :info_refs, params: params

-          expect(log_data).to include('username' => user.username,
-                                      'user_id' => user.id,
-                                      'meta.user' => user.username)
+          user_log_data = { 'username' => user.username, 'user_id' => user.id }
+          user_log_data['meta.user'] = user.username if user.is_a?(User)
+
+          expect(log_data).to include(user_log_data)
        end
      end
    end