Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
21153a4f
Commit
21153a4f
authored
Nov 09, 2017
by
Francisco Lopez
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Homogenising the type of the request handled by UserAuthFinder. Also tests fixed
parent
aecc3eb0
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
32 additions
and
29 deletions
+32
-29
lib/api/api_guard.rb
lib/api/api_guard.rb
+0
-3
lib/gitlab/auth/request_authenticator.rb
lib/gitlab/auth/request_authenticator.rb
+0
-2
lib/gitlab/auth/user_auth_finders.rb
lib/gitlab/auth/user_auth_finders.rb
+11
-8
spec/requests/api/helpers_spec.rb
spec/requests/api/helpers_spec.rb
+21
-16
No files found.
lib/api/api_guard.rb
View file @
21153a4f
...
@@ -6,9 +6,6 @@ module API
...
@@ -6,9 +6,6 @@ module API
module
APIGuard
module
APIGuard
extend
ActiveSupport
::
Concern
extend
ActiveSupport
::
Concern
PRIVATE_TOKEN_HEADER
=
"HTTP_PRIVATE_TOKEN"
.
freeze
PRIVATE_TOKEN_PARAM
=
:private_token
included
do
|
base
|
included
do
|
base
|
# OAuth2 Resource Server Authentication
# OAuth2 Resource Server Authentication
use
Rack
::
OAuth2
::
Server
::
Resource
::
Bearer
,
'The API'
do
|
request
|
use
Rack
::
OAuth2
::
Server
::
Resource
::
Bearer
,
'The API'
do
|
request
|
...
...
lib/gitlab/auth/request_authenticator.rb
View file @
21153a4f
...
@@ -7,8 +7,6 @@ module Gitlab
...
@@ -7,8 +7,6 @@ module Gitlab
attr_reader
:request
attr_reader
:request
delegate
:params
,
:env
,
to: :request
def
initialize
(
request
)
def
initialize
(
request
)
@request
=
request
@request
=
request
end
end
...
...
lib/gitlab/auth/user_auth_finders.rb
View file @
21153a4f
...
@@ -6,13 +6,13 @@ module Gitlab
...
@@ -6,13 +6,13 @@ module Gitlab
# Check the Rails session for valid authentication details
# Check the Rails session for valid authentication details
def
find_user_from_warden
def
find_user_from_warden
env
[
'warden'
]
&
.
authenticate
if
verified_request?
current_request
.
env
[
'warden'
]
&
.
authenticate
if
verified_request?
end
end
def
find_user_from_rss_token
def
find_user_from_rss_token
return
unless
request
.
format
.
atom?
return
unless
current_
request
.
format
.
atom?
token
=
params
[
:rss_token
].
presence
token
=
current_request
.
params
[
:rss_token
].
presence
return
unless
token
return
unless
token
handle_return_value!
(
User
.
find_by_rss_token
(
token
))
handle_return_value!
(
User
.
find_by_rss_token
(
token
))
...
@@ -23,7 +23,7 @@ module Gitlab
...
@@ -23,7 +23,7 @@ module Gitlab
validate_access_token!
validate_access_token!
handle_return_value!
(
access_token
&
.
user
)
handle_return_value!
(
access_token
.
user
)
end
end
def
validate_access_token!
(
scopes:
[])
def
validate_access_token!
(
scopes:
[])
...
@@ -54,8 +54,8 @@ module Gitlab
...
@@ -54,8 +54,8 @@ module Gitlab
end
end
def
private_token
def
private_token
params
[
PRIVATE_TOKEN_PARAM
].
presence
||
current_request
.
params
[
PRIVATE_TOKEN_PARAM
].
presence
||
env
[
PRIVATE_TOKEN_HEADER
].
presence
current_request
.
env
[
PRIVATE_TOKEN_HEADER
].
presence
end
end
def
find_personal_access_token
def
find_personal_access_token
...
@@ -67,7 +67,6 @@ module Gitlab
...
@@ -67,7 +67,6 @@ module Gitlab
end
end
def
find_oauth_access_token
def
find_oauth_access_token
current_request
=
ensure_action_dispatch_request
(
request
)
token
=
Doorkeeper
::
OAuth
::
Token
.
from_request
(
current_request
,
*
Doorkeeper
.
configuration
.
access_token_methods
)
token
=
Doorkeeper
::
OAuth
::
Token
.
from_request
(
current_request
,
*
Doorkeeper
.
configuration
.
access_token_methods
)
return
unless
token
return
unless
token
...
@@ -80,7 +79,7 @@ module Gitlab
...
@@ -80,7 +79,7 @@ module Gitlab
# Check if the request is GET/HEAD, or if CSRF token is valid.
# Check if the request is GET/HEAD, or if CSRF token is valid.
def
verified_request?
def
verified_request?
Gitlab
::
RequestForgeryProtection
.
verified?
(
request
.
env
)
Gitlab
::
RequestForgeryProtection
.
verified?
(
current_
request
.
env
)
end
end
def
ensure_action_dispatch_request
(
request
)
def
ensure_action_dispatch_request
(
request
)
...
@@ -88,6 +87,10 @@ module Gitlab
...
@@ -88,6 +87,10 @@ module Gitlab
ActionDispatch
::
Request
.
new
(
request
.
env
)
ActionDispatch
::
Request
.
new
(
request
.
env
)
end
end
def
current_request
@current_request
||=
ensure_action_dispatch_request
(
request
)
end
end
end
end
end
end
end
spec/requests/api/helpers_spec.rb
View file @
21153a4f
...
@@ -11,7 +11,6 @@ describe API::Helpers do
...
@@ -11,7 +11,6 @@ describe API::Helpers do
let
(
:admin
)
{
create
(
:admin
)
}
let
(
:admin
)
{
create
(
:admin
)
}
let
(
:key
)
{
create
(
:key
,
user:
user
)
}
let
(
:key
)
{
create
(
:key
,
user:
user
)
}
let
(
:params
)
{
{}
}
let
(
:csrf_token
)
{
SecureRandom
.
base64
(
ActionController
::
RequestForgeryProtection
::
AUTHENTICITY_TOKEN_LENGTH
)
}
let
(
:csrf_token
)
{
SecureRandom
.
base64
(
ActionController
::
RequestForgeryProtection
::
AUTHENTICITY_TOKEN_LENGTH
)
}
let
(
:env
)
do
let
(
:env
)
do
{
{
...
@@ -19,11 +18,13 @@ describe API::Helpers do
...
@@ -19,11 +18,13 @@ describe API::Helpers do
'rack.session'
=>
{
'rack.session'
=>
{
_csrf_token:
csrf_token
_csrf_token:
csrf_token
},
},
'REQUEST_METHOD'
=>
'GET'
'REQUEST_METHOD'
=>
'GET'
,
'CONTENT_TYPE'
=>
'text/plain;charset=utf-8'
}
}
end
end
let
(
:header
)
{
}
let
(
:header
)
{
}
let
(
:request
)
{
Grape
::
Request
.
new
(
env
)}
let
(
:request
)
{
Grape
::
Request
.
new
(
env
)}
let
(
:params
)
{
request
.
params
}
before
do
before
do
allow_any_instance_of
(
self
.
class
).
to
receive
(
:options
).
and_return
({})
allow_any_instance_of
(
self
.
class
).
to
receive
(
:options
).
and_return
({})
...
@@ -38,6 +39,10 @@ describe API::Helpers do
...
@@ -38,6 +39,10 @@ describe API::Helpers do
raise
Exception
.
new
(
"
#{
status
}
-
#{
message
}
"
)
raise
Exception
.
new
(
"
#{
status
}
-
#{
message
}
"
)
end
end
def
set_param
(
key
,
value
)
request
.
update_param
(
key
,
value
)
end
describe
".current_user"
do
describe
".current_user"
do
subject
{
current_user
}
subject
{
current_user
}
...
@@ -133,13 +138,13 @@ describe API::Helpers do
...
@@ -133,13 +138,13 @@ describe API::Helpers do
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
user
)
}
let
(
:personal_access_token
)
{
create
(
:personal_access_token
,
user:
user
)
}
it
"returns a 401 response for an invalid token"
do
it
"returns a 401 response for an invalid token"
do
env
[
API
::
APIGuard
::
PRIVATE_TOKEN_HEADER
]
=
'invalid token'
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
'invalid token'
expect
{
current_user
}.
to
raise_error
/401/
expect
{
current_user
}.
to
raise_error
/401/
end
end
it
"returns a 403 response for a user without access"
do
it
"returns a 403 response for a user without access"
do
env
[
API
::
APIGuard
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
allow_any_instance_of
(
Gitlab
::
UserAccess
).
to
receive
(
:allowed?
).
and_return
(
false
)
allow_any_instance_of
(
Gitlab
::
UserAccess
).
to
receive
(
:allowed?
).
and_return
(
false
)
expect
{
current_user
}.
to
raise_error
/403/
expect
{
current_user
}.
to
raise_error
/403/
...
@@ -147,33 +152,33 @@ describe API::Helpers do
...
@@ -147,33 +152,33 @@ describe API::Helpers do
it
'returns a 403 response for a user who is blocked'
do
it
'returns a 403 response for a user who is blocked'
do
user
.
block!
user
.
block!
env
[
API
::
APIGuard
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
expect
{
current_user
}.
to
raise_error
/403/
expect
{
current_user
}.
to
raise_error
/403/
end
end
it
"sets current_user"
do
it
"sets current_user"
do
env
[
API
::
APIGuard
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
expect
(
current_user
).
to
eq
(
user
)
expect
(
current_user
).
to
eq
(
user
)
end
end
it
"does not allow tokens without the appropriate scope"
do
it
"does not allow tokens without the appropriate scope"
do
personal_access_token
=
create
(
:personal_access_token
,
user:
user
,
scopes:
[
'read_user'
])
personal_access_token
=
create
(
:personal_access_token
,
user:
user
,
scopes:
[
'read_user'
])
env
[
API
::
APIGuard
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
expect
{
current_user
}.
to
raise_error
API
::
APIGuard
::
InsufficientScopeError
expect
{
current_user
}.
to
raise_error
API
::
APIGuard
::
InsufficientScopeError
end
end
it
'does not allow revoked tokens'
do
it
'does not allow revoked tokens'
do
personal_access_token
.
revoke!
personal_access_token
.
revoke!
env
[
API
::
APIGuard
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
expect
{
current_user
}.
to
raise_error
API
::
APIGuard
::
RevokedError
expect
{
current_user
}.
to
raise_error
API
::
APIGuard
::
RevokedError
end
end
it
'does not allow expired tokens'
do
it
'does not allow expired tokens'
do
personal_access_token
.
update_attributes!
(
expires_at:
1
.
day
.
ago
)
personal_access_token
.
update_attributes!
(
expires_at:
1
.
day
.
ago
)
env
[
API
::
APIGuard
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
personal_access_token
.
token
expect
{
current_user
}.
to
raise_error
API
::
APIGuard
::
ExpiredError
expect
{
current_user
}.
to
raise_error
API
::
APIGuard
::
ExpiredError
end
end
...
@@ -351,7 +356,7 @@ describe API::Helpers do
...
@@ -351,7 +356,7 @@ describe API::Helpers do
context
'when using param'
do
context
'when using param'
do
context
'when providing username'
do
context
'when providing username'
do
before
do
before
do
params
[
API
::
Helpers
::
SUDO_PARAM
]
=
user
.
username
set_param
(
API
::
Helpers
::
SUDO_PARAM
,
user
.
username
)
end
end
it_behaves_like
'successful sudo'
it_behaves_like
'successful sudo'
...
@@ -359,7 +364,7 @@ describe API::Helpers do
...
@@ -359,7 +364,7 @@ describe API::Helpers do
context
'when providing user ID'
do
context
'when providing user ID'
do
before
do
before
do
params
[
API
::
Helpers
::
SUDO_PARAM
]
=
user
.
id
.
to_s
set_param
(
API
::
Helpers
::
SUDO_PARAM
,
user
.
id
.
to_s
)
end
end
it_behaves_like
'successful sudo'
it_behaves_like
'successful sudo'
...
@@ -369,7 +374,7 @@ describe API::Helpers do
...
@@ -369,7 +374,7 @@ describe API::Helpers do
context
'when user does not exist'
do
context
'when user does not exist'
do
before
do
before
do
params
[
API
::
Helpers
::
SUDO_PARAM
]
=
'nonexistent'
set_param
(
API
::
Helpers
::
SUDO_PARAM
,
'nonexistent'
)
end
end
it
'raises an error'
do
it
'raises an error'
do
...
@@ -383,7 +388,7 @@ describe API::Helpers do
...
@@ -383,7 +388,7 @@ describe API::Helpers do
token
.
scopes
=
%w[api]
token
.
scopes
=
%w[api]
token
.
save!
token
.
save!
params
[
API
::
Helpers
::
SUDO_PARAM
]
=
user
.
id
.
to_s
set_param
(
API
::
Helpers
::
SUDO_PARAM
,
user
.
id
.
to_s
)
end
end
it
'raises an error'
do
it
'raises an error'
do
...
@@ -397,7 +402,7 @@ describe API::Helpers do
...
@@ -397,7 +402,7 @@ describe API::Helpers do
token
.
user
=
user
token
.
user
=
user
token
.
save!
token
.
save!
params
[
API
::
Helpers
::
SUDO_PARAM
]
=
user
.
id
.
to_s
set_param
(
API
::
Helpers
::
SUDO_PARAM
,
user
.
id
.
to_s
)
end
end
it
'raises an error'
do
it
'raises an error'
do
...
@@ -421,7 +426,7 @@ describe API::Helpers do
...
@@ -421,7 +426,7 @@ describe API::Helpers do
context
'passed as param'
do
context
'passed as param'
do
before
do
before
do
params
[
API
::
APIGuard
::
PRIVATE_TOKEN_PARAM
]
=
token
.
token
set_param
(
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_PARAM
,
token
.
token
)
end
end
it_behaves_like
'sudo'
it_behaves_like
'sudo'
...
@@ -429,7 +434,7 @@ describe API::Helpers do
...
@@ -429,7 +434,7 @@ describe API::Helpers do
context
'passed as header'
do
context
'passed as header'
do
before
do
before
do
env
[
API
::
APIGuard
::
PRIVATE_TOKEN_HEADER
]
=
token
.
token
env
[
Gitlab
::
Auth
::
UserAuthFinders
::
PRIVATE_TOKEN_HEADER
]
=
token
.
token
end
end
it_behaves_like
'sudo'
it_behaves_like
'sudo'
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment