Merge pull request #2867 from NoEffex/master
Support default TTL for authentication tokens acquired via SSH
This commit is contained in:
commit
2d37e5811b
@ -303,6 +303,14 @@ be scoped inside the configuration for a remote.
|
||||
The default is `true`; you can disable this behaviour and have all files
|
||||
writeable by setting either variable to 0, 'no' or 'false'.
|
||||
|
||||
* `lfs.defaulttokenttl`
|
||||
|
||||
This setting sets a default token TTL when git-lfs-authenticate does not
|
||||
include the TTL in the JSON response but still enforces it.
|
||||
|
||||
Note that this is only necessary for larger repositories hosted on LFS
|
||||
servers that don't include the TTL.
|
||||
|
||||
## LFSCONFIG
|
||||
|
||||
The .lfsconfig file in a repository is read and interpreted in the same format
|
||||
|
@ -72,7 +72,7 @@ func NewClient(ctx Context) (*Client, error) {
|
||||
}
|
||||
|
||||
cacheCreds := gitEnv.Bool("lfs.cachecredentials", true)
|
||||
var sshResolver SSHResolver = &sshAuthClient{os: osEnv}
|
||||
var sshResolver SSHResolver = &sshAuthClient{os: osEnv, git: gitEnv}
|
||||
if cacheCreds {
|
||||
sshResolver = withSSHCache(sshResolver)
|
||||
}
|
||||
|
@ -59,18 +59,27 @@ type sshAuthResponse struct {
|
||||
Message string `json:"-"`
|
||||
Href string `json:"href"`
|
||||
Header map[string]string `json:"header"`
|
||||
ExpiresAt time.Time `json:"expires_at"`
|
||||
ExpiresIn int `json:"expires_in"`
|
||||
ExpiresAt *time.Time `json:"expires_at"`
|
||||
ExpiresIn *int `json:"expires_in"`
|
||||
|
||||
createdAt time.Time
|
||||
}
|
||||
|
||||
func (r *sshAuthResponse) IsExpiredWithin(d time.Duration) (time.Time, bool) {
|
||||
return tools.IsExpiredAtOrIn(r.createdAt, d, r.ExpiresAt, time.Duration(r.ExpiresIn)*time.Second)
|
||||
expiresAt := time.Time{}
|
||||
if r.ExpiresAt != nil {
|
||||
expiresAt = *r.ExpiresAt
|
||||
}
|
||||
expiresIn := 0
|
||||
if r.ExpiresIn != nil {
|
||||
expiresIn = *r.ExpiresIn
|
||||
}
|
||||
return tools.IsExpiredAtOrIn(r.createdAt, d, expiresAt, time.Duration(expiresIn)*time.Second)
|
||||
}
|
||||
|
||||
type sshAuthClient struct {
|
||||
os config.Environment
|
||||
os config.Environment
|
||||
git config.Environment
|
||||
}
|
||||
|
||||
func (c *sshAuthClient) Resolve(e Endpoint, method string) (sshAuthResponse, error) {
|
||||
@ -100,6 +109,13 @@ func (c *sshAuthClient) Resolve(e Endpoint, method string) (sshAuthResponse, err
|
||||
res.Message = strings.TrimSpace(errbuf.String())
|
||||
} else {
|
||||
err = json.Unmarshal(outbuf.Bytes(), &res)
|
||||
if res.ExpiresIn == nil && res.ExpiresAt == nil {
|
||||
ttl := c.git.Int("lfs.defaulttokenttl", 0)
|
||||
if ttl < 0 {
|
||||
ttl = 0
|
||||
}
|
||||
res.ExpiresIn = &ttl
|
||||
}
|
||||
res.createdAt = now
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user