Merge pull request #2867 from NoEffex/master
Support default TTL for authentication tokens acquired via SSH
This commit is contained in:
commit
2d37e5811b
@ -303,6 +303,14 @@ be scoped inside the configuration for a remote.
|
|||||||
The default is `true`; you can disable this behaviour and have all files
|
The default is `true`; you can disable this behaviour and have all files
|
||||||
writeable by setting either variable to 0, 'no' or 'false'.
|
writeable by setting either variable to 0, 'no' or 'false'.
|
||||||
|
|
||||||
|
* `lfs.defaulttokenttl`
|
||||||
|
|
||||||
|
This setting sets a default token TTL when git-lfs-authenticate does not
|
||||||
|
include the TTL in the JSON response but still enforces it.
|
||||||
|
|
||||||
|
Note that this is only necessary for larger repositories hosted on LFS
|
||||||
|
servers that don't include the TTL.
|
||||||
|
|
||||||
## LFSCONFIG
|
## LFSCONFIG
|
||||||
|
|
||||||
The .lfsconfig file in a repository is read and interpreted in the same format
|
The .lfsconfig file in a repository is read and interpreted in the same format
|
||||||
|
@ -72,7 +72,7 @@ func NewClient(ctx Context) (*Client, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
cacheCreds := gitEnv.Bool("lfs.cachecredentials", true)
|
cacheCreds := gitEnv.Bool("lfs.cachecredentials", true)
|
||||||
var sshResolver SSHResolver = &sshAuthClient{os: osEnv}
|
var sshResolver SSHResolver = &sshAuthClient{os: osEnv, git: gitEnv}
|
||||||
if cacheCreds {
|
if cacheCreds {
|
||||||
sshResolver = withSSHCache(sshResolver)
|
sshResolver = withSSHCache(sshResolver)
|
||||||
}
|
}
|
||||||
|
@ -59,18 +59,27 @@ type sshAuthResponse struct {
|
|||||||
Message string `json:"-"`
|
Message string `json:"-"`
|
||||||
Href string `json:"href"`
|
Href string `json:"href"`
|
||||||
Header map[string]string `json:"header"`
|
Header map[string]string `json:"header"`
|
||||||
ExpiresAt time.Time `json:"expires_at"`
|
ExpiresAt *time.Time `json:"expires_at"`
|
||||||
ExpiresIn int `json:"expires_in"`
|
ExpiresIn *int `json:"expires_in"`
|
||||||
|
|
||||||
createdAt time.Time
|
createdAt time.Time
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *sshAuthResponse) IsExpiredWithin(d time.Duration) (time.Time, bool) {
|
func (r *sshAuthResponse) IsExpiredWithin(d time.Duration) (time.Time, bool) {
|
||||||
return tools.IsExpiredAtOrIn(r.createdAt, d, r.ExpiresAt, time.Duration(r.ExpiresIn)*time.Second)
|
expiresAt := time.Time{}
|
||||||
|
if r.ExpiresAt != nil {
|
||||||
|
expiresAt = *r.ExpiresAt
|
||||||
|
}
|
||||||
|
expiresIn := 0
|
||||||
|
if r.ExpiresIn != nil {
|
||||||
|
expiresIn = *r.ExpiresIn
|
||||||
|
}
|
||||||
|
return tools.IsExpiredAtOrIn(r.createdAt, d, expiresAt, time.Duration(expiresIn)*time.Second)
|
||||||
}
|
}
|
||||||
|
|
||||||
type sshAuthClient struct {
|
type sshAuthClient struct {
|
||||||
os config.Environment
|
os config.Environment
|
||||||
|
git config.Environment
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *sshAuthClient) Resolve(e Endpoint, method string) (sshAuthResponse, error) {
|
func (c *sshAuthClient) Resolve(e Endpoint, method string) (sshAuthResponse, error) {
|
||||||
@ -100,6 +109,13 @@ func (c *sshAuthClient) Resolve(e Endpoint, method string) (sshAuthResponse, err
|
|||||||
res.Message = strings.TrimSpace(errbuf.String())
|
res.Message = strings.TrimSpace(errbuf.String())
|
||||||
} else {
|
} else {
|
||||||
err = json.Unmarshal(outbuf.Bytes(), &res)
|
err = json.Unmarshal(outbuf.Bytes(), &res)
|
||||||
|
if res.ExpiresIn == nil && res.ExpiresAt == nil {
|
||||||
|
ttl := c.git.Int("lfs.defaulttokenttl", 0)
|
||||||
|
if ttl < 0 {
|
||||||
|
ttl = 0
|
||||||
|
}
|
||||||
|
res.ExpiresIn = &ttl
|
||||||
|
}
|
||||||
res.createdAt = now
|
res.createdAt = now
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user