debian-mirror-gitlab/app/controllers/import/github_controller.rb

# frozen_string_literal: true

class Import::GithubController < Import::BaseController
  extend ::Gitlab::Utils::Override

  include ImportHelper
  include ActionView::Helpers::SanitizeHelper

  before_action :verify_import_enabled
  before_action :provider_auth, only: [:status, :realtime_changes, :create]
  before_action :expire_etag_cache, only: [:status, :create]

  OAuthConfigMissingError = Class.new(StandardError)

  rescue_from OAuthConfigMissingError, with: :missing_oauth_config
  rescue_from Octokit::Unauthorized, with: :provider_unauthorized
  rescue_from Octokit::TooManyRequests, with: :provider_rate_limit
  rescue_from Gitlab::GithubImport::RateLimitError, with: :rate_limit_threshold_exceeded

  PAGE_LENGTH = 25

  def new
    if !ci_cd_only? && github_import_configured? && logged_in_with_provider?
      go_to_provider_for_permissions
    elsif session[access_token_key]
      redirect_to status_import_url
    end
  end

  def callback
    session[access_token_key] = get_token(params[:code])
    redirect_to status_import_url
  end

  def personal_access_token
    session[access_token_key] = params[:personal_access_token]&.strip
    redirect_to status_import_url
  end

  def status
    # Request repos to display error page if provider token is invalid
    # Improving in https://gitlab.com/gitlab-org/gitlab-foss/issues/55585
    client_repos

    super
  end

  def create
    result = Import::GithubService.new(client, current_user, import_params).execute(access_params, provider_name)

    if result[:status] == :success
      render json: serialized_imported_projects(result[:project])
    else
      render json: { errors: result[:message] }, status: result[:http_status]
    end
  end

  def realtime_changes
    super
  end

  protected

  # rubocop: disable CodeReuse/ActiveRecord
  override :importable_repos
  def importable_repos
    already_added_projects_names = already_added_projects.pluck(:import_source)

    client_repos.reject { |repo| already_added_projects_names.include?(repo.full_name) }
  end
  # rubocop: enable CodeReuse/ActiveRecord

  override :incompatible_repos
  def incompatible_repos
    []
  end

  override :provider_name
  def provider_name
    :github
  end

  override :provider_url
  def provider_url
    strong_memoize(:provider_url) do
      oauth_config&.dig('url').presence || 'https://github.com'
    end
  end

  private

  def import_params
    params.permit(permitted_import_params)
  end

  def permitted_import_params
    [:repo_id, :new_name, :target_namespace]
  end

  def serialized_imported_projects(projects = already_added_projects)
    ProjectSerializer.new.represent(projects, serializer: :import, provider_url: provider_url)
  end

  def expire_etag_cache
    Gitlab::EtagCaching::Store.new.tap do |store|
      store.touch(realtime_changes_path)
    end
  end

  def client
    @client ||= if Feature.enabled?(:remove_legacy_github_client)
                  Gitlab::GithubImport::Client.new(session[access_token_key])
                else
                  Gitlab::LegacyGithubImport::Client.new(session[access_token_key], **client_options)
                end
  end

  def client_repos
    @client_repos ||= if Feature.enabled?(:remove_legacy_github_client)
                        if sanitized_filter_param
                          client.search_repos_by_name(sanitized_filter_param, pagination_options)[:items]
                        else
                          client.octokit.repos(nil, pagination_options)
                        end
                      else
                        filtered(client.repos)
                      end
  end

  def sanitized_filter_param
    super

    @filter = @filter&.tr(' ', '')&.tr(':', '')
  end

  def oauth_client
    raise OAuthConfigMissingError unless oauth_config

    @oauth_client ||= ::OAuth2::Client.new(
      oauth_config.app_id,
      oauth_config.app_secret,
      oauth_options.merge(ssl: { verify: oauth_config['verify_ssl'] })
    )
  end

  def oauth_config
    @oauth_config ||= Gitlab::Auth::OAuth::Provider.config_for('github')
  end

  def oauth_options
    if oauth_config
      oauth_config.dig('args', 'client_options').deep_symbolize_keys
    else
      OmniAuth::Strategies::GitHub.default_options[:client_options].symbolize_keys
    end
  end

  def authorize_url
    if Feature.enabled?(:remove_legacy_github_client)
      oauth_client.auth_code.authorize_url(
        redirect_uri: callback_import_url,
        scope: 'repo, user, user:email'
      )
    else
      client.authorize_url(callback_import_url)
    end
  end

  def get_token(code)
    if Feature.enabled?(:remove_legacy_github_client)
      oauth_client.auth_code.get_token(code).token
    else
      client.get_token(code)
    end
  end

  def verify_import_enabled
    render_404 unless import_enabled?
  end

  def go_to_provider_for_permissions
    redirect_to authorize_url
  end

  def import_enabled?
    __send__("#{provider_name}_import_enabled?") # rubocop:disable GitlabSecurity/PublicSend
  end

  def realtime_changes_path
    public_send("realtime_changes_import_#{provider_name}_path", format: :json) # rubocop:disable GitlabSecurity/PublicSend
  end

  def new_import_url
    public_send("new_import_#{provider_name}_url", extra_import_params) # rubocop:disable GitlabSecurity/PublicSend
  end

  def status_import_url
    public_send("status_import_#{provider_name}_url", extra_import_params) # rubocop:disable GitlabSecurity/PublicSend
  end

  def callback_import_url
    public_send("users_import_#{provider_name}_callback_url", extra_import_params) # rubocop:disable GitlabSecurity/PublicSend
  end

  def provider_unauthorized
    session[access_token_key] = nil
    redirect_to new_import_url,
      alert: "Access denied to your #{Gitlab::ImportSources.title(provider_name.to_s)} account."
  end

  def provider_rate_limit(exception)
    reset_time = Time.zone.at(exception.response_headers['x-ratelimit-reset'].to_i)
    session[access_token_key] = nil
    redirect_to new_import_url,
      alert: _("GitHub API rate limit exceeded. Try again after %{reset_time}") % { reset_time: reset_time }
  end

  def missing_oauth_config
    session[access_token_key] = nil
    redirect_to new_import_url,
      alert: _('Missing OAuth configuration for GitHub.')
  end

  def access_token_key
    :"#{provider_name}_access_token"
  end

  def access_params
    { github_access_token: session[access_token_key] }
  end

  # rubocop: disable CodeReuse/ActiveRecord
  def logged_in_with_provider?
    current_user.identities.exists?(provider: provider_name)
  end
  # rubocop: enable CodeReuse/ActiveRecord

  def provider_auth
    if !ci_cd_only? && session[access_token_key].blank?
      go_to_provider_for_permissions
    end
  end

  def ci_cd_only?
    %w[1 true].include?(params[:ci_cd_only])
  end

  def client_options
    { wait_for_rate_limit_reset: false }
  end

  def extra_import_params
    {}
  end

  def rate_limit_threshold_exceeded
    head :too_many_requests
  end

  def pagination_options
    {
      page: [1, params[:page].to_i].max,
      per_page: PAGE_LENGTH
    }
  end
end

Import::GithubController.prepend_mod_with('Import::GithubController')
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# frozen_string_literal: true`

Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`class Import::GithubController < Import::BaseController`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`extend ::Gitlab::Utils::Override`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`include ImportHelper`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`include ActionView::Helpers::SanitizeHelper`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`before_action :verify_import_enabled`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`before_action :provider_auth, only: [:status, :realtime_changes, :create]`
			`before_action :expire_etag_cache, only: [:status, :create]`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`OAuthConfigMissingError = Class.new(StandardError)`

			`rescue_from OAuthConfigMissingError, with: :missing_oauth_config`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`rescue_from Octokit::Unauthorized, with: :provider_unauthorized`
New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`rescue_from Octokit::TooManyRequests, with: :provider_rate_limit`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`rescue_from Gitlab::GithubImport::RateLimitError, with: :rate_limit_threshold_exceeded`
Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`PAGE_LENGTH = 25`

Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30			`def new`
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`if !ci_cd_only? && github_import_configured? && logged_in_with_provider?`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`go_to_provider_for_permissions`
			`elsif session[access_token_key]`
			`redirect_to status_import_url`
Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30			`end`
			`end`

Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`def callback`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`session[access_token_key] = get_token(params[:code])`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`redirect_to status_import_url`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`

Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30			`def personal_access_token`
New upstream version 11.5.3+dfsg 2018-12-13 13:39:08 +05:30			`session[access_token_key] = params[:personal_access_token]&.strip`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`redirect_to status_import_url`
Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30			`end`

Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`def status`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`# Request repos to display error page if provider token is invalid`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`# Improving in https://gitlab.com/gitlab-org/gitlab-foss/issues/55585`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`client_repos`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`super`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`

			`def create`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`result = Import::GithubService.new(client, current_user, import_params).execute(access_params, provider_name)`
New upstream version 11.8.0 2019-03-02 22:35:43 +05:30
			`if result[:status] == :success`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`render json: serialized_imported_projects(result[:project])`
New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`else`
New upstream version 11.8.0 2019-03-02 22:35:43 +05:30			`render json: { errors: result[:message] }, status: result[:http_status]`
New upstream version 8.12.1+dfsg1 2016-09-29 09:46:39 +05:30			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`def realtime_changes`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`super`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`end`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`protected`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`# rubocop: disable CodeReuse/ActiveRecord`
			`override :importable_repos`
			`def importable_repos`
			`already_added_projects_names = already_added_projects.pluck(:import_source)`
New upstream version 11.8.0 2019-03-02 22:35:43 +05:30
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`client_repos.reject { \|repo\| already_added_projects_names.include?(repo.full_name) }`
New upstream version 11.8.0 2019-03-02 22:35:43 +05:30			`end`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`# rubocop: enable CodeReuse/ActiveRecord`
New upstream version 11.8.0 2019-03-02 22:35:43 +05:30
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`override :incompatible_repos`
			`def incompatible_repos`
			`[]`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`end`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`override :provider_name`
			`def provider_name`
			`:github`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`end`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`override :provider_url`
			`def provider_url`
			`strong_memoize(:provider_url) do`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`oauth_config&.dig('url').presence \|\| 'https://github.com'`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`end`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`end`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`private`

			`def import_params`
			`params.permit(permitted_import_params)`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`end`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`def permitted_import_params`
			`[:repo_id, :new_name, :target_namespace]`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`end`

New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`def serialized_imported_projects(projects = already_added_projects)`
			`ProjectSerializer.new.represent(projects, serializer: :import, provider_url: provider_url)`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`end`

			`def expire_etag_cache`
			`Gitlab::EtagCaching::Store.new.tap do \|store\|`
			`store.touch(realtime_changes_path)`
			`end`
			`end`

Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`def client`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`@client \|\|= if Feature.enabled?(:remove_legacy_github_client)`
			`Gitlab::GithubImport::Client.new(session[access_token_key])`
			`else`
New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`Gitlab::LegacyGithubImport::Client.new(session[access_token_key], **client_options)`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`def client_repos`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`@client_repos \|\|= if Feature.enabled?(:remove_legacy_github_client)`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30			`if sanitized_filter_param`
			`client.search_repos_by_name(sanitized_filter_param, pagination_options)[:items]`
			`else`
			`client.octokit.repos(nil, pagination_options)`
			`end`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`else`
			`filtered(client.repos)`
			`end`
			`end`

New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`def sanitized_filter_param`
			`super`

			`@filter = @filter&.tr(' ', '')&.tr(':', '')`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`end`

			`def oauth_client`
			`raise OAuthConfigMissingError unless oauth_config`

			`@oauth_client \|\|= ::OAuth2::Client.new(`
			`oauth_config.app_id,`
			`oauth_config.app_secret,`
			`oauth_options.merge(ssl: { verify: oauth_config['verify_ssl'] })`
			`)`
			`end`

			`def oauth_config`
			`@oauth_config \|\|= Gitlab::Auth::OAuth::Provider.config_for('github')`
			`end`

			`def oauth_options`
			`if oauth_config`
			`oauth_config.dig('args', 'client_options').deep_symbolize_keys`
			`else`
			`OmniAuth::Strategies::GitHub.default_options[:client_options].symbolize_keys`
			`end`
			`end`

			`def authorize_url`
			`if Feature.enabled?(:remove_legacy_github_client)`
			`oauth_client.auth_code.authorize_url(`
			`redirect_uri: callback_import_url,`
			`scope: 'repo, user, user:email'`
			`)`
			`else`
			`client.authorize_url(callback_import_url)`
			`end`
			`end`

			`def get_token(code)`
			`if Feature.enabled?(:remove_legacy_github_client)`
			`oauth_client.auth_code.get_token(code).token`
			`else`
			`client.get_token(code)`
			`end`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`end`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`def verify_import_enabled`
			`render_404 unless import_enabled?`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`def go_to_provider_for_permissions`
New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`redirect_to authorize_url`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`def import_enabled?`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`__send__("#{provider_name}_import_enabled?") # rubocop:disable GitlabSecurity/PublicSend`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`def realtime_changes_path`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`public_send("realtime_changes_import_#{provider_name}_path", format: :json) # rubocop:disable GitlabSecurity/PublicSend`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`end`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`def new_import_url`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`public_send("new_import_#{provider_name}_url", extra_import_params) # rubocop:disable GitlabSecurity/PublicSend`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`
Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`def status_import_url`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`public_send("status_import_#{provider_name}_url", extra_import_params) # rubocop:disable GitlabSecurity/PublicSend`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

			`def callback_import_url`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`public_send("users_import_#{provider_name}_callback_url", extra_import_params) # rubocop:disable GitlabSecurity/PublicSend`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

			`def provider_unauthorized`
			`session[access_token_key] = nil`
			`redirect_to new_import_url,`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`alert: "Access denied to your #{Gitlab::ImportSources.title(provider_name.to_s)} account."`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`def provider_rate_limit(exception)`
New upstream version 13.0.0 2020-05-24 23:13:21 +05:30			`reset_time = Time.zone.at(exception.response_headers['x-ratelimit-reset'].to_i)`
New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`session[access_token_key] = nil`
			`redirect_to new_import_url,`
			`alert: _("GitHub API rate limit exceeded. Try again after %{reset_time}") % { reset_time: reset_time }`
			`end`

New upstream version 13.3.8 2020-10-24 23:57:45 +05:30			`def missing_oauth_config`
			`session[access_token_key] = nil`
			`redirect_to new_import_url,`
			`alert: _('Missing OAuth configuration for GitHub.')`
			`end`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`def access_token_key`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`:"#{provider_name}_access_token"`
Imported Upstream version 8.10.5+dfsg 2016-08-24 12:49:21 +05:30			`end`
Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30
			`def access_params`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`{ github_access_token: session[access_token_key] }`
			`end`

New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# rubocop: disable CodeReuse/ActiveRecord`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`def logged_in_with_provider?`
New upstream version 13.2.1 2020-07-28 23:09:34 +05:30			`current_user.identities.exists?(provider: provider_name)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
New upstream version 11.4.9+dfsg 2018-12-05 23:21:45 +05:30			`# rubocop: enable CodeReuse/ActiveRecord`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
			`def provider_auth`
New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`if !ci_cd_only? && session[access_token_key].blank?`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`go_to_provider_for_permissions`
			`end`
			`end`

New upstream version 12.2.8 2019-10-12 21:52:04 +05:30			`def ci_cd_only?`
			`%w[1 true].include?(params[:ci_cd_only])`
			`end`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`def client_options`
New upstream version 12.10.0 2020-04-22 19:07:51 +05:30			`{ wait_for_rate_limit_reset: false }`
Imported Upstream version 8.0.2 2015-09-25 12:07:36 +05:30			`end`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30
			`def extra_import_params`
			`{}`
			`end`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`def rate_limit_threshold_exceeded`
			`head :too_many_requests`
New upstream version 12.4.6 2019-12-21 20:55:43 +05:30			`end`
New upstream version 13.7.7 2021-02-22 17:27:13 +05:30
			`def pagination_options`
			`{`
			`page: [1, params[:page].to_i].max,`
			`per_page: PAGE_LENGTH`
			`}`
			`end`
Imported Upstream version 7.10.0 2015-04-26 12:48:37 +05:30			`end`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
New upstream version 13.12.3+ds1 2021-06-08 01:23:25 +05:30			`Import::GithubController.prepend_mod_with('Import::GithubController')`