Commit 0ca8db25 authored by Kamil Trzcinski's avatar Kamil Trzcinski

Try to fix auth service

parent 03b3fe13
...@@ -3,12 +3,12 @@ module API ...@@ -3,12 +3,12 @@ module API
class Auth < Grape::API class Auth < Grape::API
namespace 'auth' do namespace 'auth' do
get 'token' do get 'token' do
required_attributes! [:scope, :service] required_attributes! [:service]
keys = attributes_for_keys [:scope, :service] keys = attributes_for_keys [:offline_token, :scope, :service]
case keys[:service] case keys[:service]
when 'docker' when 'docker'
docker_token_auth(keys[:scope]) docker_token_auth(keys[:scope], keys[:offline_token])
else else
not_found! not_found!
end end
...@@ -16,19 +16,23 @@ module API ...@@ -16,19 +16,23 @@ module API
end end
helpers do helpers do
def docker_token_auth(scope) def docker_token_auth(scope, offline_token)
auth!
if offline_token
forbidden! unless @user
elsif scope
@type, @path, actions = scope.split(':', 3) @type, @path, actions = scope.split(':', 3)
bad_request!("invalid type: #{type}") unless type == 'repository' bad_request!("invalid type: #{@type}") unless @type == 'repository'
@actions = actions.split(',') @actions = actions.split(',')
bad_request!('missing actions') if @actions.empty? bad_request!('missing actions') if @actions.empty?
@project = Project.find_with_namespace(path) @project = Project.find_with_namespace(@path)
not_found!('Project') unless @project not_found!('Project') unless @project
auth!
authorize_actions!(@actions) authorize_actions!(@actions)
end
{ token: encode(docker_payload) } { token: encode(docker_payload) }
end end
...@@ -50,7 +54,7 @@ module API ...@@ -50,7 +54,7 @@ module API
@user = authenticate_user(login, password) @user = authenticate_user(login, password)
if @user if @user
request.env['REMOTE_USER'] = @auth.username request.env['REMOTE_USER'] = @user.username
end end
end end
...@@ -71,10 +75,6 @@ module API ...@@ -71,10 +75,6 @@ module API
def authenticate_user(login, password) def authenticate_user(login, password)
user = Gitlab::Auth.new.find(login, password) user = Gitlab::Auth.new.find(login, password)
unless user
user = oauth_access_token_check(login, password)
end
# If the user authenticated successfully, we reset the auth failure count # If the user authenticated successfully, we reset the auth failure count
# from Rack::Attack for that IP. A client may attempt to authenticate # from Rack::Attack for that IP. A client may attempt to authenticate
# with a username and blank password first, and only after it receives # with a username and blank password first, and only after it receives
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment