Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
daca2144
Commit
daca2144
authored
8 years ago
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Make code more clear in what is done
parent
9f679ac2
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
14 additions
and
13 deletions
+14
-13
app/controllers/jwt_controller.rb
app/controllers/jwt_controller.rb
+5
-4
app/services/jwt/docker_authentication_service.rb
app/services/jwt/docker_authentication_service.rb
+9
-9
No files found.
app/controllers/jwt_controller.rb
View file @
daca2144
...
...
@@ -8,8 +8,9 @@ class JwtController < ApplicationController
def
auth
@authenticated
=
authenticate_with_http_basic
do
|
login
,
password
|
@ci_project
=
ci_project
(
login
,
password
)
@user
=
authenticate_user
(
login
,
password
)
unless
@ci_project
# if it's possible we first try to authenticate project with login and password
@project
=
authenticate_project
(
login
,
password
)
@user
=
authenticate_user
(
login
,
password
)
unless
@project
end
unless
@authenticated
...
...
@@ -19,7 +20,7 @@ class JwtController < ApplicationController
service
=
SERVICES
[
params
[
:service
]]
head
:not_found
unless
service
result
=
service
.
new
(
@
ci_
project
,
@user
,
auth_params
).
execute
result
=
service
.
new
(
@project
,
@user
,
auth_params
).
execute
return
head
result
[
:http_status
]
if
result
[
:http_status
]
render
json:
result
...
...
@@ -31,7 +32,7 @@ class JwtController < ApplicationController
params
.
permit
(
:service
,
:scope
,
:offline_token
,
:account
,
:client_id
)
end
def
ci
_project
(
login
,
password
)
def
authenticate
_project
(
login
,
password
)
matched_login
=
/(?<s>^[a-zA-Z]*-ci)-token$/
.
match
(
login
)
if
matched_login
.
present?
...
...
This diff is collapsed.
Click to expand it.
app/services/jwt/docker_authentication_service.rb
View file @
daca2144
...
...
@@ -5,12 +5,12 @@ module Jwt
return
error
(
'forbidden'
,
403
)
unless
current_user
end
{
token:
token
.
encoded
}
{
token:
authorized_
token
.
encoded
}
end
private
def
token
def
authorized_
token
token
=
::
Jwt
::
RSAToken
.
new
(
registry
.
key
)
token
.
issuer
=
registry
.
issuer
token
.
audience
=
params
[
:service
]
...
...
@@ -37,22 +37,22 @@ module Jwt
end
def
process_repository_access
(
type
,
name
,
actions
)
current
_project
=
Project
.
find_with_namespace
(
name
)
return
unless
current
_project
requested
_project
=
Project
.
find_with_namespace
(
name
)
return
unless
requested
_project
actions
=
actions
.
select
do
|
action
|
can_access?
(
current
_project
,
action
)
can_access?
(
requested
_project
,
action
)
end
{
type:
type
,
name:
name
,
actions:
actions
}
if
actions
end
def
can_access?
(
current_project
,
action
)
case
action
def
can_access?
(
requested_project
,
requested_
action
)
case
requested_
action
when
'pull'
current_project
==
project
||
can?
(
current_user
,
:download_code
,
current
_project
)
requested_project
.
public?
||
requested_project
==
project
||
can?
(
current_user
,
:download_code
,
requested
_project
)
when
'push'
current_project
==
project
||
can?
(
current_user
,
:push_code
,
current
_project
)
requested_project
==
project
||
can?
(
current_user
,
:push_code
,
requested
_project
)
else
false
end
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment