Rename JWT to JSONWebToken

f4f9184a · Kamil Trzcinski · df973df8 · f4f9184a · f4f9184a · f4f9184a
Commit f4f9184a authored May 14, 2016 by Kamil Trzcinski
8 changed files
--- a/app/controllers/jwt_controller.rb
+++ b/app/controllers/jwt_controller.rb
@@ -4,7 +4,7 @@ class JwtController < ApplicationController
  before_action :authenticate_project_or_user
  SERVICES = {
-    'container_registry' => Auth::ContainerRegistryAuthenticationService,
+    Auth::ContainerRegistryAuthenticationService::AUDIENCE => Auth::ContainerRegistryAuthenticationService,
  }
  def auth

--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -61,7 +61,7 @@ class Ability
          :read_merge_request,
          :read_note,
          :read_commit_status,
-          :read_container_registry,
+          :read_container_image,
          :download_code
        ]
@@ -204,7 +204,7 @@ class Ability
        :admin_label,
        :read_commit_status,
        :read_build,
-        :read_container_registry,
+        :read_container_image,
      ]
    end
@@ -219,8 +219,8 @@ class Ability
        :create_merge_request,
        :create_wiki,
        :push_code,
-        :create_container_registry,
+        :create_container_image,
-        :update_container_registry,
+        :update_container_image,
      ]
    end
@@ -247,7 +247,7 @@ class Ability
        :admin_project,
        :admin_commit_status,
        :admin_build,
-        :admin_container_registry,
+        :admin_container_image,
      ]
    end
@@ -293,7 +293,7 @@ class Ability
      end
      unless project.container_registry_enabled
-        rules += named_abilities('container_registry')
+        rules += named_abilities('container_image')
      end
      rules

--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -9,39 +9,34 @@ module Auth
        return error('forbidden', 403) unless current_user
      end
-      return error('forbidden', 401) if scopes.blank?
+      return error('forbidden', 401) unless scope
-      { token: authorized_token(scopes).encoded }
+      { token: authorized_token(scope).encoded }
    end
    private
-    def authorized_token(access)
+    def authorized_token(*accesses)
-      token = ::JWT::RSAToken.new(registry.key)
+      token = JSONWebToken::RSAToken.new(registry.key)
      token.issuer = registry.issuer
      token.audience = params[:service]
      token.subject = current_user.try(:username)
-      token[:access] = access
+      token[:access] = accesses
      token
    end
-    def scopes
+    def scope
      return unless params[:scope]
-      @scopes ||= begin
+      @scope ||= process_scope(params[:scope])
-        scope = process_scope(params[:scope])
-        [scope].compact
-      end
    end
    def process_scope(scope)
      type, name, actions = scope.split(':', 3)
      actions = actions.split(',')
+      return unless type == 'repository'
-      case type
+      process_repository_access(type, name, actions)
-      when 'repository'
-        process_repository_access(type, name, actions)
-      end
    end
    def process_repository_access(type, name, actions)
@@ -60,9 +55,9 @@ module Auth
      case requested_action
      when 'pull'
-        requested_project == project || can?(current_user, :read_container_registry, requested_project)
+        requested_project == project || can?(current_user, :read_container_image, requested_project)
      when 'push'
-        requested_project == project || can?(current_user, :create_container_registry, requested_project)
+        requested_project == project || can?(current_user, :create_container_image, requested_project)
      else
        false
      end

--- a/lib/jwt/rsa_token.rb
+++ b/lib/jwt/rsa_token.rb
-module JWT
+module JSONWebToken
  class RSAToken < Token
    attr_reader :key_file

--- a/lib/jwt/token.rb
+++ b/lib/jwt/token.rb
-module JWT
+module JSONWebToken
  class Token
    attr_accessor :issuer, :subject, :audience, :id
    attr_accessor :issued_at, :not_before, :expire_time

--- a/spec/lib/jwt/rsa_token_spec.rb
+++ b/spec/lib/jwt/rsa_token_spec.rb
-describe JWT::RSAToken do
+describe JSONWebToken::RSAToken do
  let(:rsa_key) { generate_key }
  let(:rsa_token) { described_class.new(nil) }
  let(:rsa_encoded) { rsa_token.encoded }

--- a/spec/lib/jwt/token_spec.rb
+++ b/spec/lib/jwt/token_spec.rb
-describe JWT::Token do
+describe JSONWebToken::Token do
  let(:token) { described_class.new }
  context 'custom parameters' do

--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -18,7 +18,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
  before do
    allow(Gitlab.config.registry).to receive_messages(registry_settings)
-    allow_any_instance_of(JWT::RSAToken).to receive(:key).and_return(rsa_key)
+    allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key)
  end
  shared_examples 'an authenticated' do