From 0093aa4783b33593e4eb1d451e0a0f5437d6a609 Mon Sep 17 00:00:00 2001 From: Erik Michelson Date: Sun, 3 Apr 2022 22:47:42 +0200 Subject: [PATCH] Fix GitLab snippet export The snippet export broke due to two reasons. First of all, the request to GitLab fail in the default configuration due to the CSP not being set properly. This commit adds the configured GitLab base url to the connect-src directives. The second problem is a change in the GitLab API spec. Instead of `code` and `file_name` the GitLab API now requires an `files` array with `content` and `file_path` entries per snippet. Signed-off-by: Erik Michelson --- lib/csp.js | 5 ++++ lib/response.js | 10 +++++-- public/docs/release-notes.md | 1 + public/js/index.js | 58 +++++++++++++++--------------------- test/csp.js | 3 ++ 5 files changed, 40 insertions(+), 37 deletions(-) diff --git a/lib/csp.js b/lib/csp.js index 82573beaf..dc3706e2a 100644 --- a/lib/csp.js +++ b/lib/csp.js @@ -50,6 +50,10 @@ const allowPDFEmbedDirectives = { frameSrc: ['*'] // Chrome also checks PDFs against frame-src } +const configuredGitLabInstanceDirectives = { + connectSrc: [config.gitlab.baseURL] +} + CspStrategy.computeDirectives = function () { const directives = {} mergeDirectives(directives, config.csp.directives) @@ -59,6 +63,7 @@ CspStrategy.computeDirectives = function () { mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives) mergeDirectivesIf(!config.csp.allowFraming, directives, disallowFramingDirectives) mergeDirectivesIf(config.csp.allowPDFEmbed, directives, allowPDFEmbedDirectives) + mergeDirectivesIf(config.isGitlabSnippetsEnable, directives, configuredGitLabInstanceDirectives) addInlineScriptExceptions(directives) addUpgradeUnsafeRequestsOptionTo(directives) addReportURI(directives) diff --git a/lib/response.js b/lib/response.js index 44696a55f..f6bb6efd6 100644 --- a/lib/response.js +++ b/lib/response.js @@ -156,9 +156,13 @@ function gitlabActionProjects (req, res, note) { if (!user) { return errors.errorNotFound(res) } - const ret = { baseURL: config.gitlab.baseURL, version: config.gitlab.version } - ret.accesstoken = user.accessToken - ret.profileid = user.profileid + const ret = { + baseURL: config.gitlab.baseURL, + version: config.gitlab.version, + accesstoken: user.accessToken, + profileid: user.profileid, + projects: [] + } const apiUrl = `${config.gitlab.baseURL}/api/${config.gitlab.version}/projects?membership=yes&per_page=100&access_token=${user.accessToken}` fetch(apiUrl).then(resp => { if (!resp.ok) { diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index a6cc80720..e31a33789 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -6,6 +6,7 @@ - Fix error that Libravatar user avatars were not shown when using OAuth2 login - Fix `bin/manage_users` not accepting numeric passwords (thanks to [@carr0t2](https://github.com/carr0t2) for reporting) - Fix visibility of modals for screen readers +- Fix GitLab snippet export (thanks to [@semjongeist](https://github.com/semjongeist) for reporting) - Fix missing inline authorship colors (thanks to [@EBendinelli](https://github.com/EBendinelli) for reporting) ### Enhancements diff --git a/public/js/index.js b/public/js/index.js index de2a35221..763093805 100644 --- a/public/js/index.js +++ b/public/js/index.js @@ -1921,9 +1921,12 @@ $('#snippetExportModalConfirm').click(function () { const data = { title: $('#snippetExportModalTitle').val(), - file_name: $('#snippetExportModalFileName').val(), - code: editor.getValue(), - visibility_level: $('#snippetExportModalVisibility').val(), + files: [ + { + file_path: $('#snippetExportModalFileName').val(), + content: editor.getValue() + } + ], visibility: $('#snippetExportModalVisibility').val() === '0' ? 'private' @@ -1934,40 +1937,27 @@ $('#snippetExportModalConfirm').click(function () { if ( !data.title || - !data.file_name || - !data.code || - !data.visibility_level || + !data.files[0].file_path || + !data.files[0].content || !$('#snippetExportModalProjects').val() ) { return } $('#snippetExportModalLoading').show() - const fullURL = - baseURL + - '/api/' + - version + - '/projects/' + - $('#snippetExportModalProjects').val() + - '/snippets?access_token=' + - accesstoken - $.post(fullURL, data, function (ret) { - $('#snippetExportModalLoading').hide() - $('#snippetExportModal').modal('hide') - const redirect = - baseURL + - '/' + - $( - "#snippetExportModalProjects option[value='" + - $('#snippetExportModalProjects').val() + - "']" - ).text() + - '/snippets/' + - ret.id - showMessageModal( - ' Export to Snippet', - 'Export Successful!', - redirect, - 'View Snippet Here', - true - ) + const fullURL = `${baseURL}/api/${version}/projects/${$('#snippetExportModalProjects').val()}/snippets?access_token=${accesstoken}` + $.ajax(fullURL, { + data: JSON.stringify(data), + contentType: 'application/json', + type: 'POST', + success: function (ret) { + $('#snippetExportModalLoading').hide() + $('#snippetExportModal').modal('hide') + showMessageModal( + ' Export to Snippet', + 'Export Successful!', + ret.web_url, + 'View Snippet Here', + true + ) + } }) }) diff --git a/test/csp.js b/test/csp.js index a1edc9e95..afb959264 100644 --- a/test/csp.js +++ b/test/csp.js @@ -29,6 +29,9 @@ describe('Content security policies', function () { }, dropbox: { appKey: undefined + }, + gitlab: { + baseURL: undefined } } })