Moves project creationg to git access check for git push

GITLAB_SHELL_VERSION

-6.0.2
+6.0.3

app/controllers/projects/git_http_controller.rb

@@ -11,7 +11,6 @@ class Projects::GitHttpController < Projects::GitHttpClientController
   # GET /foo/bar.git/info/refs?service=git-receive-pack (git push)
   def info_refs
     log_user_activity if upload_pack?
-    create_new_project if receive_pack? && project.blank?
 
     render_ok
   end
@@ -36,10 +35,6 @@ def upload_pack?
     git_command == 'git-upload-pack'
   end
 
-  def receive_pack?
-    git_command == 'git-receive-pack'
-  end
-
   def git_command
     if action_name == 'info_refs'
       params[:service]
@@ -48,10 +43,6 @@ def git_command
     end
   end
 
-  def create_new_project
-    @project = ::Projects::CreateFromPushService.new(user, params[:project_id], namespace, 'http').execute
-  end
-
   def render_ok
     set_workhorse_internal_api_content_type
     render json: Gitlab::Workhorse.git_http_ok(repository, wiki?, user, action_name)
@@ -70,7 +61,10 @@ def render_422(exception)
   end
 
   def access
-    @access ||= access_klass.new(access_actor, project, 'http', authentication_abilities: authentication_abilities, redirected_path: redirected_path, target_namespace: namespace)
+    @access ||= access_klass.new(access_actor, project,
+      'http', authentication_abilities: authentication_abilities,
+              namespace_path: params[:namespace_id], project_path: project_path,
+              redirected_path: redirected_path)
   end
 
   def access_actor
@@ -82,14 +76,15 @@ def access_check
     # Use the magic string '_any' to indicate we do not know what the
     # changes are. This is also what gitlab-shell does.
     access.check(git_command, '_any')
+    @project ||= access.project
   end
 
   def access_klass
     @access_klass ||= wiki? ? Gitlab::GitAccessWiki : Gitlab::GitAccess
   end
 
-  def namespace
-    @namespace ||= Namespace.find_by_full_path(params[:namespace_id])
+  def project_path
+    @project_path ||= params[:project_id].sub(/\.git$/, '')
   end
 
   def log_user_activity

app/services/projects/create_from_push_service.rb

-module Projects
-  class CreateFromPushService < BaseService
-    attr_reader :user, :project_path, :namespace, :protocol
-
-    def initialize(user, project_path, namespace, protocol)
-      @user = user
-      @project_path = project_path
-      @namespace = namespace
-      @protocol = protocol
-    end
-
-    def execute
-      return unless user
-
-      project = Projects::CreateService.new(user, project_params).execute
-
-      if project.saved?
-        Gitlab::Checks::ProjectCreated.new(project, user, protocol).add_message
-      else
-        raise Gitlab::GitAccess::ProjectCreationError, "Could not create project: #{project.errors.full_messages.join(', ')}"
-      end
-
-      project
-    end
-
-    private
-
-    def project_params
-      {
-        description: "",
-        path: project_path.gsub(/\.git$/, ''),
-        namespace_id: namespace&.id,
-        visibility_level: Gitlab::VisibilityLevel::PRIVATE.to_s
-      }
-    end
-  end
-end

doc/gitlab-basics/create-project.md

@@ -39,18 +39,18 @@
 
 When you create a new repo locally, instead of going to GitLab to manually
 create a new project and then push the repo, you can directly push it to
-GitLab to create the new project, all without leaving your terminal. That
-will automatically create a new project under a GitLab namespace that you have access to 
-with its visibility set to private by default (you can later change it).
+GitLab to create the new project, all without leaving your terminal. If you have access to that
+namespace, we will automatically create a new project under that GitLab namespace with its 
+visibility set to private by default (you can later change it in the UI).
 
 This can be done by using either SSH or HTTP:
 
 ```
 ## Git push using SSH
-git push git@gitlab.com:namespace/nonexistent-project.git branch_name
+git push git@gitlab.example.com:namespace/nonexistent-project.git
 
 ## Git push using HTTP
-git push https://gitlab.com/namespace/nonexistent-project.git branch_name
+git push https://gitlab.example.com/namespace/nonexistent-project.git
 ```
 
 Once the push finishes successfully, a remote message will indicate
@@ -61,15 +61,12 @@ remote:
 remote: The private project namespace/nonexistent-project was created.
 remote:
 remote: To configure the remote, run:
-remote:   git remote add origin https://gitlab.com/namespace/nonexistent-project.git
+remote:   git remote add origin https://gitlab.example.com/namespace/nonexistent-project.git
 remote:
 remote: To view the project, visit:
-remote:   https://gitlab.com/namespace/nonexistent-project
+remote:   https://gitlab.example.com/namespace/nonexistent-project
 remote:
 ```
 
-If the project name is already in use, your push will be rejected
-to prevent accidental overwriting the existing project.
-
 [import it]: ../workflow/importing/README.md
 [reserved]:  ../user/reserved_names.md

lib/api/helpers/internal_helpers.rb

 module API
   module Helpers
     module InternalHelpers
-      include Gitlab::Utils::StrongMemoize
-
       attr_reader :redirected_path
 
       def wiki?
@@ -49,10 +47,6 @@ def log_user_activity(actor)
         ::Users::ActivityService.new(actor, 'Git SSH').execute if commands.include?(params[:action])
       end
 
-      def receive_pack?
-        params[:action] == 'git-receive-pack'
-      end
-
       def merge_request_urls
         ::MergeRequests::GetUrlsService.new(project).execute(params[:changes])
       end
@@ -66,16 +60,18 @@ def redis_ping
         false
       end
 
-      def project_namespace
-        strong_memoize(:project_namespace) do
-          project&.namespace || Namespace.find_by_full_path(project_match[:namespace_path])
-        end
+      def project_path
+        project&.path || project_path_match[:project_path]
+      end
+
+      def namespace_path
+        project&.namespace&.full_path || project_path_match[:namespace_path]
       end
 
       private
 
-      def project_match
-        @project_match ||= params[:project].match(Gitlab::PathRegex.full_project_git_path_regex) || {}
+      def project_path_match
+        @project_path_match ||= params[:project].match(Gitlab::PathRegex.full_project_git_path_regex) || {}
       end
 
       # rubocop:disable Gitlab/ModuleWithInstanceVariables

lib/api/internal.rb

@@ -42,23 +42,18 @@ class Internal < Grape::API
           end
 
         access_checker_klass = wiki? ? Gitlab::GitAccessWiki : Gitlab::GitAccess
-        access_checker = access_checker_klass
-          .new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities, redirected_path: redirected_path, target_namespace: project_namespace)
+        access_checker = access_checker_klass.new(actor, project,
+          protocol, authentication_abilities: ssh_authentication_abilities,
+                    namespace_path: namespace_path, project_path: project_path,
+                    redirected_path: redirected_path)
 
         begin
           access_checker.check(params[:action], params[:changes])
+          @project ||= access_checker.project
         rescue Gitlab::GitAccess::UnauthorizedError, Gitlab::GitAccess::NotFoundError => e
           return { status: false, message: e.message }
         end
 
-        if receive_pack? && project.blank?
-          begin
-            @project = ::Projects::CreateFromPushService.new(user, project_match[:project_path], project_namespace, protocol).execute
-          rescue Gitlab::GitAccess::ProjectCreationError => e
-            return { status: false, message: e.message }
-          end
-        end
-
         log_user_activity(actor)
 
         {

lib/gitlab/checks/base_project.rb → lib/gitlab/checks/post_push_message.rb

 module Gitlab
   module Checks
-    class BaseProject
+    class PostPushMessage
       def initialize(project, user, protocol)
         @project = project
         @user = user

lib/gitlab/checks/project_created.rb

 module Gitlab
   module Checks
-    class ProjectCreated < BaseProject
+    class ProjectCreated < PostPushMessage
       PROJECT_CREATED = "project_created".freeze
 
       def message
-        <<~MESSAGE.strip_heredoc
+        <<~MESSAGE
 
-        The private project #{project.full_path} was created.
+        The private project #{project.full_path} was successfully created.
 
         To configure the remote, run:
           git remote add origin #{url_to_repo}

lib/gitlab/checks/project_moved.rb

 module Gitlab
   module Checks
-    class ProjectMoved < BaseProject
+    class ProjectMoved < PostPushMessage
       REDIRECT_NAMESPACE = "redirect_namespace".freeze
 
       def initialize(project, user, protocol, redirected_path)
@@ -10,7 +10,7 @@ def initialize(project, user, protocol, redirected_path)
       end
 
       def message(rejected: false)
-        <<~MESSAGE.strip_heredoc
+        <<~MESSAGE
         Project '#{redirected_path}' was moved to '#{project.full_path}'.
 
         Please update your Git remote:

lib/gitlab/git_access.rb

@@ -28,32 +28,37 @@ class GitAccess
     PUSH_COMMANDS = %w{ git-receive-pack }.freeze
     ALL_COMMANDS = DOWNLOAD_COMMANDS + PUSH_COMMANDS
 
-    attr_reader :actor, :project, :protocol, :authentication_abilities, :redirected_path, :target_namespace
+    attr_reader :actor, :project, :protocol, :authentication_abilities, :namespace_path, :project_path, :redirected_path
 
-    def initialize(actor, project, protocol, authentication_abilities:, redirected_path: nil, target_namespace: nil)
+    def initialize(actor, project, protocol, authentication_abilities:, namespace_path: nil, project_path: nil, redirected_path: nil)
       @actor    = actor
       @project  = project
       @protocol = protocol
-      @redirected_path = redirected_path
       @authentication_abilities = authentication_abilities
-      @target_namespace = target_namespace
+      @namespace_path = namespace_path
+      @project_path = project_path
+      @redirected_path = redirected_path
     end
 
     def check(cmd, changes)
       check_protocol!
       check_valid_actor!
       check_active_user!
-      check_project_accessibility!(cmd)
-      check_project_moved!
       check_command_disabled!(cmd)
       check_command_existence!(cmd)
-      check_repository_existence!(cmd)
+      check_db_accessibility!(cmd)
+
+      ensure_project_on_push!(cmd, changes)
+
+      check_project_accessibility!
+      check_project_moved!
+      check_repository_existence!
 
       case cmd
       when *DOWNLOAD_COMMANDS
         check_download_access!
       when *PUSH_COMMANDS
-        check_push_access!(cmd, changes)
+        check_push_access!(changes)
       end
 
       true
@@ -99,8 +104,8 @@ def check_active_user!
       end
     end
 
-    def check_project_accessibility!(cmd)
-      unless can_create_project_in_namespace?(cmd) || can_read_project?
+    def check_project_accessibility!
+      if project.blank? || !can_read_project?
         raise NotFoundError, ERROR_MESSAGES[:project_not_found]
       end
     end
@@ -143,16 +148,49 @@ def check_command_existence!(cmd)
       end
     end
 
-    def check_repository_existence!(cmd)
-      unless can_create_project_in_namespace?(cmd) || project.repository.exists?
+    def check_db_accessibility!(cmd)
+      return unless receive_pack?(cmd)
+
+      if Gitlab::Database.read_only?
+        raise UnauthorizedError, push_to_read_only_message
+      end
+    end
+
+    def ensure_project_on_push!(cmd, changes)
+      return if project || deploy_key?
+      return unless receive_pack?(cmd) && changes == '_any' && authentication_abilities.include?(:push_code)
+
+      namespace = Namespace.find_by_full_path(namespace_path)
+
+      return unless user&.can?(:create_projects, namespace)
+
+      project_params = {
+        path: project_path,
+        namespace_id: namespace.id,
+        visibility_level: Gitlab::VisibilityLevel::PRIVATE
+      }
+
+      project = Projects::CreateService.new(user, project_params).execute
+
+      unless project.saved?
+        raise ProjectCreationError, "Could not create project: #{project.errors.full_messages.join(', ')}"
+      end
+
+      @project = project
+      user_access.project = @project
+
+      Checks::ProjectCreated.new(project, user, protocol).add_message
+    end
+
+    def check_repository_existence!
+      unless project.repository.exists?
         raise UnauthorizedError, ERROR_MESSAGES[:no_repo]
       end
     end
 
     def check_download_access!
-      return if deploy_key?
-
-      passed = user_can_download_code? ||
+      passed = deploy_key? ||
+        user_can_download_code? ||
         build_can_download_code? ||
         guest_can_download_code?
 
@@ -161,13 +199,7 @@ def check_download_access!
       end
     end
 
-    def check_push_access!(cmd, changes)
-      if Gitlab::Database.read_only?
-        raise UnauthorizedError, push_to_read_only_message
-      end
-
-      return if can_create_project_in_namespace?(cmd)
-
+    def check_push_access!(changes)
       if project.repository_read_only?
         raise UnauthorizedError, ERROR_MESSAGES[:read_only]
       end
@@ -180,8 +212,6 @@ def check_push_access!(cmd, changes)
         raise UnauthorizedError, ERROR_MESSAGES[:upload]
       end
 
-      return if changes.blank? # Allow access.
-
       check_change_access!(changes)
     end
 
@@ -198,6 +228,8 @@ def check_deploy_key_push_access!
     end
 
     def check_change_access!(changes)
+      return if changes.blank? # Allow access.
+
       changes_list = Gitlab::ChangesList.new(changes)
 
       # Iterate over all changes to find if user allowed all of them to be applied
@@ -240,14 +272,6 @@ def can_read_project?
       end || Guest.can?(:read_project, project)
     end
 
-    def can_create_project_in_namespace?(cmd)
-      strong_memoize(:can_create_project_in_namespace) do
-        return false unless push?(cmd) && target_namespace && project.blank?
-
-        user.can?(:create_projects, target_namespace)
-      end
-    end
-
     def http?
       protocol == 'http'
     end
@@ -260,10 +284,6 @@ def receive_pack?(command)
       command == 'git-receive-pack'
     end
 
-    def push?(cmd)
-      PUSH_COMMANDS.include?(cmd)
-    end
-
     def upload_pack_disabled_over_http?
       !Gitlab.config.gitlab_shell.upload_pack
     end

lib/gitlab/path_regex.rb

@@ -188,7 +188,7 @@ def full_project_path_regex
     end
 
     def full_project_git_path_regex
-      @full_project_git_path_regex ||= /\A\/?(?<namespace_path>#{full_namespace_route_regex})\/(?<project_path>#{project_git_route_regex})\z/.freeze
+      @full_project_git_path_regex ||= %r{\A\/?(?<namespace_path>#{full_namespace_route_regex})\/(?<project_path>#{project_route_regex})\.git\z}
     end
 
     def full_namespace_format_regex

lib/gitlab/user_access.rb

@@ -6,7 +6,8 @@ class UserAccess
       [user&.id, project&.id]
     end
 
-    attr_reader :user, :project
+    attr_reader :user
+    attr_accessor :project
 
     def initialize(user, project: nil)
       @user = user

spec/lib/gitlab/git_access_spec.rb

@@ -5,11 +5,19 @@
 
   let(:actor) { user }
   let(:project) { create(:project, :repository) }
+  let(:project_path) { project.path }
+  let(:namespace_path) { project&.namespace&.path }
   let(:protocol) { 'ssh' }
   let(:authentication_abilities) { %i[read_project download_code push_code] }
   let(:redirected_path) { nil }
 
-  let(:access) { described_class.new(actor, project, protocol, authentication_abilities: authentication_abilities, redirected_path: redirected_path) }
+  let(:access) do
+    described_class.new(actor, project,
+      protocol, authentication_abilities: authentication_abilities,
+                namespace_path: namespace_path, project_path: project_path,
+                redirected_path: redirected_path)
+  end
+
   let(:push_access_check) { access.check('git-receive-pack', '_any') }
   let(:pull_access_check) { access.check('git-upload-pack', '_any') }
 
@@ -145,6 +153,7 @@ def disable_protocol(protocol)
 
     context 'when the project is nil' do
       let(:project) { nil }
+      let(:project_path) { "new-project" }
 
       it 'blocks push and pull with "not found"' do
         aggregate_failures do
@@ -154,7 +163,13 @@ def disable_protocol(protocol)
       end
 
       context 'when user is allowed to create project in namespace' do
-        let(:access) { described_class.new(actor, nil, protocol, authentication_abilities: authentication_abilities, redirected_path: redirected_path, target_namespace: user.namespace) }
+        let(:namespace_path) { user.namespace.path }
+        let(:access) do
+          described_class.new(actor, nil,
+            protocol, authentication_abilities: authentication_abilities,
+                      project_path: project_path, namespace_path: namespace_path,
+                      redirected_path: redirected_path)
+        end
 
         it 'blocks pull access with "not found"' do
           expect { pull_access_check }.to raise_not_found
@@ -167,7 +182,13 @@ def disable_protocol(protocol)
 
       context 'when user is not allowed to create project in namespace' do
         let(:user2) { create(:user) }
-        let(:access) { described_class.new(actor, nil, protocol, authentication_abilities: authentication_abilities, redirected_path: redirected_path, target_namespace: user2.namespace) }
+        let(:namespace_path) { user2.namespace.path }
+        let(:access) do
+          described_class.new(actor, nil,
+            protocol, authentication_abilities: authentication_abilities,
+                      project_path: project_path, namespace_path: namespace_path,
+                      redirected_path: redirected_path)
+        end
 
         it 'blocks push and pull with "not found"' do
           aggregate_failures do
@@ -297,6 +318,52 @@ def disable_protocol(protocol)
     end
   end
 
+  describe '#check_authentication_abilities!' do
+    before do
+      project.add_master(user)
+    end
+
+    context 'when download' do
+      let(:authentication_abilities) { [] }
+
+      it 'raises unauthorized with download error' do
+        expect { pull_access_check }.to raise_unauthorized(described_class::ERROR_MESSAGES[:download])
+      end
+
+      context 'when authentication abilities include download code' do
+        let(:authentication_abilities) { [:download_code] }
+
+        it 'does not raise any errors' do
+          expect { pull_access_check }.not_to raise_error
+        end
+      end
+
+      context 'when authentication abilities include build download code' do
+        let(:authentication_abilities) { [:build_download_code] }
+
+        it 'does not raise any errors' do
+          expect { pull_access_check }.not_to raise_error
+        end
+      end
+    end
+
+    context 'when upload' do
+      let(:authentication_abilities) { [] }
+
+      it 'raises unauthorized with push error' do
+        expect { push_access_check }.to raise_unauthorized(described_class::ERROR_MESSAGES[:upload])
+      end
+
+      context 'when authentication abilities include push code' do
+        let(:authentication_abilities) { [:push_code] }
+
+        it 'does not raise any errors' do
+          expect { push_access_check }.not_to raise_error
+        end
+      end
+    end
+  end
+
   describe '#check_command_disabled!' do
     before do
       project.add_master(user)
@@ -335,34 +402,112 @@ def disable_protocol(protocol)
     end
   end
 
-  describe '#check_namespace_accessibility!' do
-    context 'when project exists' do
-      context 'when user can pull or push' do
-        before do
-          project.add_master(user)
+  describe '#check_db_accessibility!' do
+    context 'when in a read-only GitLab instance' do
+      before do
+        create(:protected_branch, name: 'feature', project: project)
+        allow(Gitlab::Database).to receive(:read_only?) { true }
+      end
+
+      it { expect { push_access_check }.to raise_unauthorized(described_class::ERROR_MESSAGES[:cannot_push_to_read_only]) }
+    end
+  end
+
+  describe '#ensure_project_on_push!' do
+    let(:access) do
+      described_class.new(actor, project,
+        protocol, authentication_abilities: authentication_abilities,
+                  project_path: project_path, namespace_path: namespace_path,
+                  redirected_path: redirected_path)
+    end
+
+    context 'when push' do
+      let(:cmd) { 'git-receive-pack' }
+
+      context 'when project does not exist' do
+        let(:project_path) { "nonexistent" }
+        let(:project) { nil }
+
+        context 'when changes is _any' do
+          let(:changes) { '_any' }
+
+          context 'when authentication abilities include push code' do
+            let(:authentication_abilities) { [:push_code] }
+
+            context 'when user can create project in namespace' do
+              let(:namespace_path) { user.namespace.path }
+
+              it 'creates a new project' do
+                expect { access.send(:ensure_project_on_push!, cmd, changes) }.to change { Project.count }.by(1)
+              end
+            end
+
+            context 'when user cannot create project in namespace' do
+              let(:user2) { create(:user) }
+              let(:namespace_path) { user2.namespace.path }
+
+              it 'does not create a new project' do
+                expect { access.send(:ensure_project_on_push!, cmd, changes) }.not_to change { Project.count }
+              end
+            end
+          end
+
+          context 'when authentication abilities do not include push code' do
+            let(:authentication_abilities) { [] }
+
+            context 'when user can create project in namespace' do