Fix SSH auth lfs locks

[sapk]

Mostly don't reinvent the wheel to fix #3084 by re-using func of lfs.

[sapk]

I extract a function parseToken of original authenticateToken and add user reference to token claim to be able to fill ctx.User if needed for creating or deleting locks.

[codecov-io]

Codecov Report

Merging #3152 into master will decrease coverage by 0.08%.
The diff coverage is 42.95%.

@@            Coverage Diff             @@
##           master    #3152      +/-   ##
==========================================
- Coverage   35.66%   35.57%   -0.09%     
==========================================
  Files         281      281              
  Lines       40552    40579      +27     
==========================================
- Hits        14463    14437      -26     
- Misses      23957    24001      +44     
- Partials     2132     2141       +9

Impacted Files	Coverage Δ
cmd/serv.go	0% <0%> (ø)	⬆️
modules/lfs/server.go	39.07% <26.47%> (+1.4%)	⬆️
modules/lfs/locks.go	47.73% <58.53%> (-8%)	⬇️
models/lfs_lock.go	63.21% <65%> (-6.55%)	⬇️
models/error.go	32.73% <85.71%> (+0.3%)	⬆️
modules/indexer/indexer.go	70% <0%> (-7.5%)	⬇️
models/repo_indexer.go	41.15% <0%> (-5.76%)	⬇️
models/repo_list.go	65.62% <0%> (-1.57%)	⬇️
models/repo.go	43.25% <0%> (-0.19%)	⬇️
... and 1 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 97fe773...2036540. Read the comment docs.

[lafriks]

LGTM

[flozz]

The authentication seems to work for the lock feature, but I am not able to push LFS object anymore:

$ git lfs push origin master
Git LFS: (0 of 1 files) 0 B / 8 B                                                                        
batch response: Fatal error: Server error: http:https://git2.XXX.YYY/ZZZ/test-lfs.git/info/lfs/objects/batch

Errors logged to /tmp/test-lfs/.git/lfs/objects/logs/20171212T112833.900447349.log
Use `git lfs logs last` to view the log.

From gitea log:

Dec 12 11:28:33 XXX gitea[44851]: [Macaron] 2017-12-12 11:28:33: Completed POST /ZZZ/test-lfs.git/info/lfs/objects/batch 500 Internal Server Error in 1.880036ms

[lafriks]

See comment above :)

[sapk]

@flozz thanks for the testing. Will look at it

[ethantkoenig]

Two thoughts:

1. We shouldn't ignore errors here; we should at least log them.
2. We should double-check that loading the Owner and Repo every time we read from the database is necessary. IMO, it seems a bit wasteful

[sapk]

I added repo during dev because I needed it at one time but this could be revert to only use repoID if it to much additional workload.

[ethantkoenig]

Why this change? Is it really worth passing the repository if the only thing we care about it the id?

[sapk]

Now I remember it is to use HasAccess that need a repo reference.

[sapk]

Maybe I could make a func accessLevel and hasAccess that use repoID more generally for better perf ? (I think in a other PR ?)

[ethantkoenig]

Ah, I must have missed the call to CheckLFSAccessForRepo. Yes, perhaps in another PR

[sapk]

In fact after reviewing code of accessLevel, it use repo.IsPrivate that need a repo reference so.

[ethantkoenig]

Would it be cleaner to write responses to ctx, instead of returning the response status? Right now, the person calling this function needs to know that 200 is a special return value (which isn't documented anywhere)

[sapk]

I have wrote the method.

[ethantkoenig]

Maybe it's cleaner to pass the AccessMode directly, instead of a bool?

[lafriks]

Do not use same port for multiple database tests as they are run in parallel

[sapk]

Good catch

[lafriks]

seems that ssh port change requires update in tests

[ethantkoenig]

import format: see https://github.com/go-gitea/gitea/blob/master/CONTRIBUTING.md#styleguide

[sapk]

@ethantkoenig sorry I pass it as WIP seen I want to setup test for various git access to make that I don't break anything in future. It is my editor that setup this import, I will review my code once it works and remove WIP when ready. Sorry for the distrurb.

[sapk]

Fixed.

[sapk]

@flozz can you re-test? It should be good now

[sapk]

Ok found my mistake in 2723ca5d82dee097e8fa4c0080a5492ec0bb44b8
This PR add integration test from git cli for http and ssh url for normal clone/commit but also lfs file and lfs lock.

[sapk]

Wait for #3377 to have tests before

[sapk]

All is working now. What fix pgsql tests should be inside #3377 or #3346.

[lafriks]

@ethantkoenig need your approval

[lafriks]

@ethantkoenig we need to release 1.4.0 soon, can you please review this?

[ethantkoenig]

Apologies for delay

[ethantkoenig]

Will performing database queries inside AfterLoad lead to deadlock problems if the query that triggered AfterLoad is part of a transaction? See #1813

[lafriks]

@ethantkoenig queries should not be affected by locking and will load last committed data even if update/insert is in progress

[ethantkoenig]

I see. In #1813 the offending SQL was a write which blocked on an ongoing transaction, but if you're sure that reading won't block on ongoing transactions then this is okay.

[lunny]

You should use

func (l *LFSLock) AfterLoad(sess *xorm.Session) {

}

to avoid that.

[lunny]

Please follow my suggestion.

[lafriks]

@lunny need your approval