• Douglas Barbosa Alexandre's avatar
    Refactoring Gitlab::Geo::OauthSession class · 1793e839
    Douglas Barbosa Alexandre authored
    The Gitlab::Geo::OauthSession has a lot of responsibilities,
    this changes extracts each responsability into a proper class:
    
    - GitLab::Geo::Oauth::Session
    - GitLab::Geo::Oauth::LoginState
    - GitLab::Geo::Oauth::LogoutState
    - GitLab::Geo::Oauth::LogoutToken
    - GitLab::ReturnToLocation
    1793e839
login_state.rb 1017 Bytes
# frozen_string_literal: true

module Gitlab
  module Geo
    module Oauth
      class LoginState
        attr_reader :return_to

        def self.from_state(state)
          salt, hmac, return_to = state.to_s.split(':', 3)
          self.new(salt: salt, hmac: hmac, return_to: return_to)
        end

        def initialize(return_to:, salt: nil, hmac: nil)
          @return_to = return_to
          @salt = salt
          @hmac = hmac
        end

        def valid?
          return false unless salt.present? && hmac.present?

          hmac == generate_hmac
        end

        def encode
          "#{salt}:#{generate_hmac}:#{return_to}"
        end

        private

        attr_reader :hmac

        def generate_hmac
          digest = OpenSSL::Digest::SHA256.new
          key = Gitlab::Application.secrets.secret_key_base + salt

          OpenSSL::HMAC.hexdigest(digest, key, return_to.to_s)
        end

        def salt
          @salt ||= SecureRandom.hex(8)
        end
      end
    end
  end
end