GitLab: Handle certificate issues

Allow to bypass certificate verifications.
Currently the bypassing is not stored into the settings,
so this is not permanent.

Change-Id: Ieb564464a28cf2d4973c6b1baa696d6c22b07177
Reviewed-by: David Schulz <david.schulz@qt.io>

src/plugins/gitlab/gitlabparameters.h

@@ -57,7 +57,7 @@ public:
     unsigned short port = 0;
 
     bool secure = true;
-    bool validateCert = true; // TODO
+    bool validateCert = true;
 };
 
 class GitLabParameters

src/plugins/gitlab/gitlabplugin.cpp

@@ -307,6 +307,30 @@ GitLabOptionsPage *GitLabPlugin::optionsPage()
     return &dd->optionsPage;
 }
 
+bool GitLabPlugin::handleCertificateIssue(const Utils::Id &serverId)
+{
+    QTC_ASSERT(dd, return false);
+
+    GitLabServer server = dd->parameters.serverForId(serverId);
+    if (QMessageBox::question(Core::ICore::dialogParent(),
+                              QCoreApplication::translate(
+                                  "GitLab::GitLabDialog", "Certificate Error"),
+                              QCoreApplication::translate(
+                                  "GitLab::GitLabDialog",
+                                  "Server certificate for %1 cannot be authenticated.\n"
+                                  "Do you want to disable SSL verification for this server?\n"
+                                  "Note: This can expose you to man-in-the-middle attack.")
+                              .arg(server.host))
+            == QMessageBox::Yes) {
+        int index = dd->parameters.gitLabServers.indexOf(server);
+        server.validateCert = false;
+        dd->parameters.gitLabServers.replace(index, server);
+        emit dd->optionsPage.settingsChanged();
+        return true;
+    }
+    return false;
+}
+
 void GitLabPlugin::linkedStateChanged(bool enabled)
 {
     QTC_ASSERT(dd, return);

src/plugins/gitlab/gitlabplugin.h

@@ -53,6 +53,7 @@ public:
     static GitLabParameters *globalParameters();
     static GitLabProjectSettings *projectSettings(ProjectExplorer::Project *project);
     static GitLabOptionsPage *optionsPage();
+    static bool handleCertificateIssue(const Utils::Id &serverId);
 
     static void linkedStateChanged(bool enabled);
 private:

src/plugins/gitlab/queryrunner.cpp

@@ -102,9 +102,10 @@ QString Query::toString() const
 
 QueryRunner::QueryRunner(const Query &query, const Utils::Id &id, QObject *parent)
     : QObject(parent)
+    , m_serverId(id)
 {
     const GitLabParameters *p = GitLabPlugin::globalParameters();
-    const auto server = p->serverForId(id);
+    const auto server = p->serverForId(m_serverId);
     QStringList args = server.curlArguments();
     m_paginated = query.hasPaginatedResults();
     if (m_paginated)
@@ -161,7 +162,18 @@ void QueryRunner::processFinished()
     if (m_process.exitStatus() != QProcess::NormalExit) {
         errorTermination(tr("%1 crashed.").arg(executable));
         return;
-    } else if (m_process.exitCode()) {
+    } else if (int exitCode = m_process.exitCode()) {
+        if (exitCode == 35 || exitCode == 60) { // common ssl certificate issues
+            if (GitLabPlugin::handleCertificateIssue(m_serverId)) {
+                m_running = false;
+                // prepend -k for re-requesting the same query
+                Utils::CommandLine cmdline = m_process.commandLine();
+                cmdline.prependArgs({"-k"});
+                m_process.setCommand(cmdline);
+                start();
+                return;
+            }
+        }
         errorTermination(tr("%1 returned %2.").arg(executable).arg(m_process.exitCode()));
         return;
     }

src/plugins/gitlab/queryrunner.h

@@ -25,12 +25,11 @@
 
 #pragma once
 
+#include <utils/id.h>
 #include <utils/qtcprocess.h>
 
 #include <QObject>
 
-namespace Utils { class Id; }
-
 namespace GitLab {
 
 class Query
@@ -78,6 +77,7 @@ private:
     void processFinished();
 
     Utils::QtcProcess m_process;
+    Utils::Id m_serverId;
     bool m_running = false;
     bool m_paginated = false;
 };