@@ -59,8 +59,8 class SysController < ActionController::Base | |||
|
59 | 59 | |
|
60 | 60 | def check_enabled |
|
61 | 61 | User.current = nil |
|
62 | unless Setting.sys_api_enabled? | |
|
63 |
render : |
|
|
62 | unless Setting.sys_api_enabled? && params[:key].to_s == Setting.sys_api_key | |
|
63 | render :text => 'Access denied. Repository management WS is disabled or key is invalid.', :status => 403 | |
|
64 | 64 | return false |
|
65 | 65 | end |
|
66 | 66 | end |
@@ -3,7 +3,15 | |||
|
3 | 3 | <div class="box tabular settings"> |
|
4 | 4 | <p><%= setting_check_box :autofetch_changesets %></p> |
|
5 | 5 | |
|
6 |
<p><%= setting_check_box :sys_api_enabled |
|
|
6 | <p><%= setting_check_box :sys_api_enabled, | |
|
7 | :onclick => "if (this.checked) { Form.Element.enable('settings_sys_api_key'); } else { Form.Element.disable('settings_sys_api_key'); }" %></p> | |
|
8 | ||
|
9 | <p><%= setting_text_field :sys_api_key, :size => 30, | |
|
10 | :id => 'settings_sys_api_key', | |
|
11 | :disabled => !Setting.sys_api_enabled?, | |
|
12 | :label => :setting_mail_handler_api_key %> | |
|
13 | <%= link_to_function l(:label_generate_key), "if ($('settings_sys_api_key').disabled == false) { $('settings_sys_api_key').value = randomKey(20) }" %> | |
|
14 | </p> | |
|
7 | 15 | |
|
8 | 16 | <p><%= setting_multiselect(:enabled_scm, REDMINE_SUPPORTED_SCM) %></p> |
|
9 | 17 |
@@ -85,6 +85,8 autofetch_changesets: | |||
|
85 | 85 | default: 1 |
|
86 | 86 | sys_api_enabled: |
|
87 | 87 | default: 0 |
|
88 | sys_api_key: | |
|
89 | default: '' | |
|
88 | 90 | commit_ref_keywords: |
|
89 | 91 | default: 'refs,references,IssueID' |
|
90 | 92 | commit_fix_keywords: |
@@ -19,18 +19,21 | |||
|
19 | 19 | # -r redmine.example.net |
|
20 | 20 | # -r http://redmine.example.net |
|
21 | 21 | # -r https://example.net/redmine |
|
22 | # -k, --key=KEY use KEY as the Redmine API key | |
|
22 | 23 | # |
|
23 | 24 | # == Options |
|
24 | 25 | # |
|
25 | 26 | # -o, --owner=OWNER owner of the repository. using the rails login |
|
26 | 27 | # allow user to browse the repository within |
|
27 |
# Redmine even for private project. If you want to |
|
|
28 |
# through Redmine.pm, you need |
|
|
28 | # Redmine even for private project. If you want to | |
|
29 | # share repositories through Redmine.pm, you need | |
|
30 | # to use the apache owner. | |
|
29 | 31 | # -g, --group=GROUP group of the repository. (default: root) |
|
30 |
# --scm=SCM the kind of SCM repository you want to create (and |
|
|
31 |
# Redmine (default: Subversion). |
|
|
32 | # and Subversion repositories. For all other kind (Bazaar, | |
|
33 |
# |
|
|
32 | # --scm=SCM the kind of SCM repository you want to create (and | |
|
33 | # register) in Redmine (default: Subversion). | |
|
34 | # reposman is able to create Git and Subversion | |
|
35 | # repositories. For all other kind, you must specify | |
|
36 | # a --command option | |
|
34 | 37 | # -u, --url=URL the base url Redmine will use to access your |
|
35 | 38 | # repositories. This option is used to automatically |
|
36 | 39 | # register the repositories in Redmine. The project |
@@ -41,8 +44,10 | |||
|
41 | 44 | # the repositories in Redmine |
|
42 | 45 | # -c, --command=COMMAND use this command instead of "svnadmin create" to |
|
43 | 46 | # create a repository. This option can be used to |
|
44 |
# create repositories other than subversion and git |
|
|
45 | # This command override the default creation for git and subversion. | |
|
47 | # create repositories other than subversion and git | |
|
48 | # kind. | |
|
49 | # This command override the default creation for git | |
|
50 | # and subversion. | |
|
46 | 51 | # -f, --force force repository creation even if the project |
|
47 | 52 | # repository is already declared in Redmine |
|
48 | 53 | # -t, --test only show what should be done |
@@ -67,6 +72,7 SUPPORTED_SCM = %w( Subversion Darcs Mercurial Bazaar Git Filesystem ) | |||
|
67 | 72 | opts = GetoptLong.new( |
|
68 | 73 | ['--svn-dir', '-s', GetoptLong::REQUIRED_ARGUMENT], |
|
69 | 74 | ['--redmine-host', '-r', GetoptLong::REQUIRED_ARGUMENT], |
|
75 | ['--key', '-k', GetoptLong::REQUIRED_ARGUMENT], | |
|
70 | 76 | ['--owner', '-o', GetoptLong::REQUIRED_ARGUMENT], |
|
71 | 77 | ['--group', '-g', GetoptLong::REQUIRED_ARGUMENT], |
|
72 | 78 | ['--url', '-u', GetoptLong::REQUIRED_ARGUMENT], |
@@ -127,6 +133,7 begin | |||
|
127 | 133 | case opt |
|
128 | 134 | when '--svn-dir'; $repos_base = arg.dup |
|
129 | 135 | when '--redmine-host'; $redmine_host = arg.dup |
|
136 | when '--key'; $api_key = arg.dup | |
|
130 | 137 | when '--owner'; $svn_owner = arg.dup; $use_groupid = false; |
|
131 | 138 | when '--group'; $svn_group = arg.dup; $use_groupid = false; |
|
132 | 139 | when '--url'; $svn_url = arg.dup |
@@ -184,7 +191,7 Project.site = "#{$redmine_host}/sys"; | |||
|
184 | 191 | |
|
185 | 192 | begin |
|
186 | 193 | # Get all active projects that have the Repository module enabled |
|
187 | projects = Project.find(:all) | |
|
194 | projects = Project.find(:all, :params => {:key => $api_key}) | |
|
188 | 195 | rescue => e |
|
189 | 196 | log("Unable to connect to #{Project.site}: #{e}", :exit => true) |
|
190 | 197 | end |
@@ -285,7 +292,7 projects.each do |project| | |||
|
285 | 292 | |
|
286 | 293 | if $svn_url |
|
287 | 294 | begin |
|
288 | project.post(:repository, :vendor => $scm, :repository => {:url => "#{$svn_url}#{project.identifier}"}) | |
|
295 | project.post(:repository, :vendor => $scm, :repository => {:url => "#{$svn_url}#{project.identifier}"}, :key => $api_key) | |
|
289 | 296 | log("\trepository #{repos_path} registered in Redmine with url #{$svn_url}#{project.identifier}"); |
|
290 | 297 | rescue => e |
|
291 | 298 | log("\trepository #{repos_path} not registered in Redmine: #{e.message}"); |
@@ -68,4 +68,25 class SysControllerTest < ActionController::TestCase | |||
|
68 | 68 | get :fetch_changesets, :id => 'unknown' |
|
69 | 69 | assert_response 404 |
|
70 | 70 | end |
|
71 | ||
|
72 | def test_disabled_ws_should_respond_with_403_error | |
|
73 | with_settings :sys_api_enabled => '0' do | |
|
74 | get :projects | |
|
75 | assert_response 403 | |
|
76 | end | |
|
77 | end | |
|
78 | ||
|
79 | def test_api_key | |
|
80 | with_settings :sys_api_key => 'my_secret_key' do | |
|
81 | get :projects, :key => 'my_secret_key' | |
|
82 | assert_response :success | |
|
83 | end | |
|
84 | end | |
|
85 | ||
|
86 | def test_wrong_key_should_respond_with_403_error | |
|
87 | with_settings :sys_api_enabled => 'my_secret_key' do | |
|
88 | get :projects, :key => 'wrong_key' | |
|
89 | assert_response 403 | |
|
90 | end | |
|
91 | end | |
|
71 | 92 | end |
General Comments 0
You need to be logged in to leave comments.
Login now