Fix GitLab snippet export

The snippet export broke due to two reasons.
First of all, the request to GitLab fail in the
default configuration due to the CSP not being
set properly. This commit adds the configured
GitLab base url to the connect-src directives.
The second problem is a change in the GitLab API
spec. Instead of `code` and `file_name` the
GitLab API now requires an `files` array with
`content` and `file_path` entries per snippet.

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2022-04-03 22:47:42 +02:00 committed by David Mehren
parent 0195f16d9a
commit 0093aa4783
5 changed files with 40 additions and 37 deletions

View file

@ -50,6 +50,10 @@ const allowPDFEmbedDirectives = {
frameSrc: ['*'] // Chrome also checks PDFs against frame-src frameSrc: ['*'] // Chrome also checks PDFs against frame-src
} }
const configuredGitLabInstanceDirectives = {
connectSrc: [config.gitlab.baseURL]
}
CspStrategy.computeDirectives = function () { CspStrategy.computeDirectives = function () {
const directives = {} const directives = {}
mergeDirectives(directives, config.csp.directives) mergeDirectives(directives, config.csp.directives)
@ -59,6 +63,7 @@ CspStrategy.computeDirectives = function () {
mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives) mergeDirectivesIf(config.dropbox.appKey, directives, dropboxDirectives)
mergeDirectivesIf(!config.csp.allowFraming, directives, disallowFramingDirectives) mergeDirectivesIf(!config.csp.allowFraming, directives, disallowFramingDirectives)
mergeDirectivesIf(config.csp.allowPDFEmbed, directives, allowPDFEmbedDirectives) mergeDirectivesIf(config.csp.allowPDFEmbed, directives, allowPDFEmbedDirectives)
mergeDirectivesIf(config.isGitlabSnippetsEnable, directives, configuredGitLabInstanceDirectives)
addInlineScriptExceptions(directives) addInlineScriptExceptions(directives)
addUpgradeUnsafeRequestsOptionTo(directives) addUpgradeUnsafeRequestsOptionTo(directives)
addReportURI(directives) addReportURI(directives)

View file

@ -156,9 +156,13 @@ function gitlabActionProjects (req, res, note) {
if (!user) { if (!user) {
return errors.errorNotFound(res) return errors.errorNotFound(res)
} }
const ret = { baseURL: config.gitlab.baseURL, version: config.gitlab.version } const ret = {
ret.accesstoken = user.accessToken baseURL: config.gitlab.baseURL,
ret.profileid = user.profileid version: config.gitlab.version,
accesstoken: user.accessToken,
profileid: user.profileid,
projects: []
}
const apiUrl = `${config.gitlab.baseURL}/api/${config.gitlab.version}/projects?membership=yes&per_page=100&access_token=${user.accessToken}` const apiUrl = `${config.gitlab.baseURL}/api/${config.gitlab.version}/projects?membership=yes&per_page=100&access_token=${user.accessToken}`
fetch(apiUrl).then(resp => { fetch(apiUrl).then(resp => {
if (!resp.ok) { if (!resp.ok) {

View file

@ -6,6 +6,7 @@
- Fix error that Libravatar user avatars were not shown when using OAuth2 login - Fix error that Libravatar user avatars were not shown when using OAuth2 login
- Fix `bin/manage_users` not accepting numeric passwords (thanks to [@carr0t2](https://github.com/carr0t2) for reporting) - Fix `bin/manage_users` not accepting numeric passwords (thanks to [@carr0t2](https://github.com/carr0t2) for reporting)
- Fix visibility of modals for screen readers - Fix visibility of modals for screen readers
- Fix GitLab snippet export (thanks to [@semjongeist](https://github.com/semjongeist) for reporting)
- Fix missing inline authorship colors (thanks to [@EBendinelli](https://github.com/EBendinelli) for reporting) - Fix missing inline authorship colors (thanks to [@EBendinelli](https://github.com/EBendinelli) for reporting)
### Enhancements ### Enhancements

View file

@ -1921,9 +1921,12 @@ $('#snippetExportModalConfirm').click(function () {
const data = { const data = {
title: $('#snippetExportModalTitle').val(), title: $('#snippetExportModalTitle').val(),
file_name: $('#snippetExportModalFileName').val(), files: [
code: editor.getValue(), {
visibility_level: $('#snippetExportModalVisibility').val(), file_path: $('#snippetExportModalFileName').val(),
content: editor.getValue()
}
],
visibility: visibility:
$('#snippetExportModalVisibility').val() === '0' $('#snippetExportModalVisibility').val() === '0'
? 'private' ? 'private'
@ -1934,40 +1937,27 @@ $('#snippetExportModalConfirm').click(function () {
if ( if (
!data.title || !data.title ||
!data.file_name || !data.files[0].file_path ||
!data.code || !data.files[0].content ||
!data.visibility_level ||
!$('#snippetExportModalProjects').val() !$('#snippetExportModalProjects').val()
) { return } ) { return }
$('#snippetExportModalLoading').show() $('#snippetExportModalLoading').show()
const fullURL = const fullURL = `${baseURL}/api/${version}/projects/${$('#snippetExportModalProjects').val()}/snippets?access_token=${accesstoken}`
baseURL + $.ajax(fullURL, {
'/api/' + data: JSON.stringify(data),
version + contentType: 'application/json',
'/projects/' + type: 'POST',
$('#snippetExportModalProjects').val() + success: function (ret) {
'/snippets?access_token=' +
accesstoken
$.post(fullURL, data, function (ret) {
$('#snippetExportModalLoading').hide() $('#snippetExportModalLoading').hide()
$('#snippetExportModal').modal('hide') $('#snippetExportModal').modal('hide')
const redirect =
baseURL +
'/' +
$(
"#snippetExportModalProjects option[value='" +
$('#snippetExportModalProjects').val() +
"']"
).text() +
'/snippets/' +
ret.id
showMessageModal( showMessageModal(
'<i class="fa fa-gitlab"></i> Export to Snippet', '<i class="fa fa-gitlab"></i> Export to Snippet',
'Export Successful!', 'Export Successful!',
redirect, ret.web_url,
'View Snippet Here', 'View Snippet Here',
true true
) )
}
}) })
}) })

View file

@ -29,6 +29,9 @@ describe('Content security policies', function () {
}, },
dropbox: { dropbox: {
appKey: undefined appKey: undefined
},
gitlab: {
baseURL: undefined
} }
} }
}) })