Internal allowed response disk path is ignoredzj-repo-disk-path-removal

5 files changed, 10 insertions, 26 deletions

diff --git a/lib/gitlab_access.rb b/lib/gitlab_access.rb
index e1a5e35..e597f7d 100644
--- a/lib/gitlab_access.rb
+++ b/lib/gitlab_access.rb
@@ -11,12 +11,11 @@ class GitlabAccess
 
   include NamesHelper
 
-  attr_reader :config, :gl_repository, :repo_path, :changes, :protocol
+  attr_reader :config, :gl_repository, :changes, :protocol
 
-  def initialize(gl_repository, repo_path, actor, changes, protocol)
+  def initialize(gl_repository, actor, changes, protocol)
     @config = GitlabConfig.new
     @gl_repository = gl_repository
-    @repo_path = repo_path.strip
     @actor = actor
     @changes = changes.lines
     @protocol = protocol
@@ -24,7 +23,7 @@ class GitlabAccess
 
   def exec
     status = GitlabMetrics.measure('check-access:git-receive-pack') do
-      api.check_access('git-receive-pack', @gl_repository, @repo_path, @actor, @changes, @protocol, env: ObjectDirsHelper.all_attributes.to_json)
+      api.check_access('git-receive-pack', @gl_repository, @actor, @changes, @protocol, env: ObjectDirsHelper.all_attributes.to_json)
     end
 
     raise AccessDeniedError, status.message unless status.allowed?
diff --git a/lib/gitlab_access_status.rb b/lib/gitlab_access_status.rb
index 783bc0c..e82f244 100644
--- a/lib/gitlab_access_status.rb
+++ b/lib/gitlab_access_status.rb
@@ -3,12 +3,11 @@ require 'json'
 class GitAccessStatus
   attr_reader :message, :gl_repository, :gl_username, :repository_path, :gitaly
 
-  def initialize(status, message, gl_repository:, gl_username:, repository_path:, gitaly:)
+  def initialize(status, message, gl_repository:, gl_username:, gitaly:)
     @status = status
     @message = message
     @gl_repository = gl_repository
     @gl_username = gl_username
-    @repository_path = repository_path
     @gitaly = gitaly
   end
 
@@ -18,7 +17,6 @@ class GitAccessStatus
         values["message"],
         gl_repository: values["gl_repository"],
         gl_username: values["gl_username"],
-        repository_path: values["repository_path"],
         gitaly: values["gitaly"])
   end
 
diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb
index c93cf9a..1f4467c 100644
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -15,14 +15,13 @@ class GitlabNet # rubocop:disable Metrics/ClassLength
   CHECK_TIMEOUT = 5
   READ_TIMEOUT = 300
 
-  def check_access(cmd, gl_repository, repo, actor, changes, protocol, env: {})
+  def check_access(cmd, gl_repository, actor, changes, protocol, env: {})
     changes = changes.join("\n") unless changes.is_a?(String)
 
     params = {
       action: cmd,
       changes: changes,
       gl_repository: gl_repository,
-      project: sanitize_path(repo),
       protocol: protocol,
       env: env
     }
@@ -43,7 +42,6 @@ class GitlabNet # rubocop:disable Metrics/ClassLength
                           'API is not accessible',
                           gl_repository: nil,
                           gl_username: nil,
-                          repository_path: nil,
                           gitaly: nil)
     end
   end
@@ -72,11 +70,10 @@ class GitlabNet # rubocop:disable Metrics/ClassLength
     JSON.parse(resp.body) rescue {}
   end
 
-  def merge_request_urls(gl_repository, repo_path, changes)
+  def merge_request_urls(gl_repository, changes)
     changes = changes.join("\n") unless changes.is_a?(String)
     changes = changes.encode('UTF-8', 'ASCII', invalid: :replace, replace: '')
-    url = "#{host}/merge_request_urls?project=#{URI.escape(repo_path)}&changes=#{URI.escape(changes)}"
-    url += "&gl_repository=#{URI.escape(gl_repository)}" if gl_repository
+    url = "#{host}/merge_request_urls?changes=#{URI.escape(changes)}&gl_repository=#{URI.escape(gl_repository)}"
     resp = get(url)
 
     if resp.code == '200'
diff --git a/lib/gitlab_post_receive.rb b/lib/gitlab_post_receive.rb
index 6009b19..10dbb13 100644
--- a/lib/gitlab_post_receive.rb
+++ b/lib/gitlab_post_receive.rb
@@ -8,12 +8,11 @@ require 'securerandom'
 class GitlabPostReceive
   include NamesHelper
 
-  attr_reader :config, :gl_repository, :repo_path, :changes, :jid
+  attr_reader :config, :gl_repository, :changes, :jid
 
-  def initialize(gl_repository, repo_path, actor, changes)
+  def initialize(gl_repository, actor, changes)
     @config = GitlabConfig.new
     @gl_repository = gl_repository
-    @repo_path = repo_path.strip
     @actor = actor
     @changes = changes
     @jid = SecureRandom.hex(12)
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb
index b38fefe..c631e63 100644
--- a/lib/gitlab_shell.rb
+++ b/lib/gitlab_shell.rb
@@ -19,7 +19,6 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
   GL_PROTOCOL = 'ssh'.freeze
 
   attr_accessor :key_id, :gl_repository, :repo_name, :command, :git_access, :username
-  attr_reader :repo_path
 
   def initialize(key_id)
     @key_id = key_id
@@ -105,7 +104,6 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
 
     raise AccessDeniedError, status.message unless status.allowed?
 
-    self.repo_path = status.repository_path
     @gl_repository = status.gl_repository
     @gitaly = status.gitaly
     @username = status.gl_username
@@ -123,7 +121,7 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
     end
 
     executable = @command
-    args = [repo_path]
+    args = []
 
     if GITALY_MIGRATED_COMMANDS.key?(executable) && @gitaly
       executable = GITALY_MIGRATED_COMMANDS[executable]
@@ -264,11 +262,4 @@ class GitlabShell # rubocop:disable Metrics/ClassLength
       return false
     end
   end
-
-  def repo_path=(repo_path)
-    raise ArgumentError, "Repository path not provided. Please make sure you're using GitLab v8.10 or later." unless repo_path
-    raise InvalidRepositoryPathError if File.absolute_path(repo_path) != repo_path
-
-    @repo_path = repo_path
-  end
 end