Fix SSH auth lfs locks #3152
Fix SSH auth lfs locks #3152
Conversation
sapk force-pushed the fix-ssh-auth-lfs-locks branch 3 times, most recently from a1f9481 to 7205109 Compare | I extract a function parseToken of original authenticateToken and add user reference to token claim to be able to fill ctx.User if needed for creating or deleting locks. |
tboerger added the lgtm/need 2 sapk force-pushed the fix-ssh-auth-lfs-locks branch from 3b60454 to 894d1ea Compare 
Codecov Report
@@ Coverage Diff @@ ## master #3152 +/- ## ========================================== - Coverage 35.66% 35.57% -0.09% ========================================== Files 281 281 Lines 40552 40579 +27 ========================================== - Hits 14463 14437 -26 - Misses 23957 24001 +44 - Partials 2132 2141 +9
Continue to review full report at Codecov.
|
| LGTM |
tboerger added lgtm/need 1 
| The authentication seems to work for the lock feature, but I am not able to push LFS object anymore: From gitea log: |
| @flozz thanks for the testing. Will look at it |
models/lfs_lock.go Outdated
There was a problem hiding this comment.
Two thoughts:
- We shouldn't ignore errors here; we should at least log them.
- We should double-check that loading the
OwnerandRepoevery time we read from the database is necessary. IMO, it seems a bit wasteful
There was a problem hiding this comment.
I added repo during dev because I needed it at one time but this could be revert to only use repoID if it to much additional workload.
models/lfs_lock.go Outdated
There was a problem hiding this comment.
Why this change? Is it really worth passing the repository if the only thing we care about it the id?
There was a problem hiding this comment.
Now I remember it is to use HasAccess that need a repo reference.
There was a problem hiding this comment.
Maybe I could make a func accessLevel and hasAccess that use repoID more generally for better perf ? (I think in a other PR ?)
There was a problem hiding this comment.
Ah, I must have missed the call to CheckLFSAccessForRepo. Yes, perhaps in another PR
There was a problem hiding this comment.
In fact after reviewing code of accessLevel, it use repo.IsPrivate that need a repo reference so.
modules/lfs/locks.go Outdated
There was a problem hiding this comment.
Would it be cleaner to write responses to ctx, instead of returning the response status? Right now, the person calling this function needs to know that 200 is a special return value (which isn't documented anywhere)
models/lfs_lock.go Outdated
There was a problem hiding this comment.
Maybe it's cleaner to pass the AccessMode directly, instead of a bool?
sapk force-pushed the fix-ssh-auth-lfs-locks branch 2 times, most recently from 32caa14 to 2155d57 Compare 
integrations/pgsql.ini.tmpl Outdated
| DISABLE_SSH = false | ||
| SSH_PORT = 22 | ||
| SSH_LISTEN_HOST = localhost | ||
| SSH_PORT = 2222 |
There was a problem hiding this comment.
Do not use same port for multiple database tests as they are run in parallel
| seems that ssh port change requires update in tests |
models/lfs_lock.go Outdated
| "time" | ||
| | ||
| api "code.gitea.io/sdk/gitea" | ||
| "github.com/ngaut/log" |
There was a problem hiding this comment.
import format: see https://github.com/go-gitea/gitea/blob/master/CONTRIBUTING.md#styleguide
There was a problem hiding this comment.
@ethantkoenig sorry I pass it as WIP seen I want to setup test for various git access to make that I don't break anything in future. It is my editor that setup this import, I will review my code once it works and remove WIP when ready. Sorry for the distrurb.
sapk force-pushed the fix-ssh-auth-lfs-locks branch 2 times, most recently from 71eb418 to 8116752 Compare | @flozz can you re-test? It should be good now |
| Ok found my mistake in 2723ca5d82dee097e8fa4c0080a5492ec0bb44b8 |
sapk force-pushed the fix-ssh-auth-lfs-locks branch 2 times, most recently from 31c8e64 to 5d8d6c6 Compare | Wait for #3377 to have tests before |
* test: integration add git cli tests Extracted form for easing review process and debug #3152 * test: integration add git cli big file commit * fix: Don't rewrite key if internal server
sapk force-pushed the fix-ssh-auth-lfs-locks branch 4 times, most recently from cfbd6e3 to e658af2 Compare sapk force-pushed the fix-ssh-auth-lfs-locks branch from e658af2 to ac9e714 Compare sapk force-pushed the fix-ssh-auth-lfs-locks branch from c0c0fda to bad1991 Compare | @ethantkoenig need your approval |
| @ethantkoenig we need to release 1.4.0 soon, can you please review this? |
tboerger added lgtm/done models/lfs_lock.go Outdated
| func (l *LFSLock) AfterLoad() { | ||
| l.Owner, _ = GetUserByID(l.OwnerID) | ||
| var err error | ||
| l.Owner, err = GetUserByID(l.OwnerID) |
There was a problem hiding this comment.
Will performing database queries inside AfterLoad lead to deadlock problems if the query that triggered AfterLoad is part of a transaction? See #1813
There was a problem hiding this comment.
@ethantkoenig queries should not be affected by locking and will load last committed data even if update/insert is in progress
There was a problem hiding this comment.
I see. In #1813 the offending SQL was a write which blocked on an ongoing transaction, but if you're sure that reading won't block on ongoing transactions then this is okay.
There was a problem hiding this comment.
You should use
func (l *LFSLock) AfterLoad(sess *xorm.Session) { }to avoid that.
| @lunny need your approval |
7 participants
Mostly don't reinvent the wheel to fix #3084 by re-using func of lfs.