Commit 41ebd06d authored by Francisco Lopez's avatar Francisco Lopez

Some fixes after rebase

parent 470b5dc3
...@@ -99,36 +99,12 @@ class ApplicationController < ActionController::Base ...@@ -99,36 +99,12 @@ class ApplicationController < ActionController::Base
return try(:authenticated_user) return try(:authenticated_user)
end end
<<<<<<< HEAD
def authenticate_user_from_personal_access_token!
token = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence
return unless token.present?
user = User.find_by_personal_access_token(token)
sessionless_sign_in(user)
end
# This filter handles authentication for atom request with an rss_token
def authenticate_user_from_rss_token!
return unless request.format.atom?
token = params[:rss_token].presence
return unless token.present?
user = User.find_by_rss_token(token)
sessionless_sign_in(user)
=======
# This filter handles private tokens, personal access tokens, and atom # This filter handles private tokens, personal access tokens, and atom
# requests with rss tokens # requests with rss tokens
def authenticate_sessionless_user! def authenticate_sessionless_user!
user = Gitlab::Auth::RequestAuthenticator.new(request).find_sessionless_user user = Gitlab::Auth::RequestAuthenticator.new(request).find_sessionless_user
sessionless_sign_in(user) if user sessionless_sign_in(user) if user
>>>>>>> Add request throttles
end end
def log_exception(exception) def log_exception(exception)
......
...@@ -72,33 +72,16 @@ module API ...@@ -72,33 +72,16 @@ module API
end end
end end
def raise_unauthorized_error! private
raise UnauthorizedError
end
# If token is presented and valid, then it sets @current_user. def handle_return_value!(value, &block)
# raise UnauthorizedError unless value
# If the token does not have sufficient scopes to cover the requred scopes,
# then it raises InsufficientScopeError.
#
# If the token is expired, then it raises ExpiredError.
#
# If the token is revoked, then it raises RevokedError.
#
# If the token is not found (nil), then it returns nil
#
# Arguments:
#
# scopes: (optional) scopes required for this guard.
# Defaults to empty array.
def find_user_by_access_token(access_token)
scopes = scopes_registered_for_endpoint
# Expiration, revocation and scopes are verified in `find_user_by_access_token` block_given? ? yield(value) : value
access_token = PersonalAccessToken.find_by(token: token) end
raise UnauthorizedError unless access_token
access_token def private_token
params[PRIVATE_TOKEN_PARAM].presence || env[PRIVATE_TOKEN_HEADER].presence
end end
# An array of scopes that were registered (using `allow_access_with_scope`) # An array of scopes that were registered (using `allow_access_with_scope`)
......
...@@ -12,11 +12,11 @@ module Gitlab ...@@ -12,11 +12,11 @@ module Gitlab
end end
def user def user
find_sessionless_user || find_session_user find_sessionless_user || find_user_from_warden
end end
def find_sessionless_user def find_sessionless_user
find_user_by_private_token || find_user_by_rss_token || find_user_by_oauth_token find_user_from_access_token || find_user_by_rss_token
end end
end end
end end
......
...@@ -2,77 +2,67 @@ module Gitlab ...@@ -2,77 +2,67 @@ module Gitlab
module Auth module Auth
module UserAuthFinders module UserAuthFinders
# Check the Rails session for valid authentication details # Check the Rails session for valid authentication details
def find_session_user def find_user_from_warden
request.env['warden']&.authenticate if verified_request? request.env['warden']&.authenticate if verified_request?
end end
def find_user_by_private_token def find_user_by_rss_token
token = private_token return unless request.format.atom?
return unless token.present?
user =
find_user_by_authentication_token(token) ||
find_user_by_personal_access_token(token)
raise_unauthorized_error! unless user token = request.params[:rss_token].presence
return unless token.present?
user handle_return_value!(User.find_by_rss_token(token))
end end
def find_user_by_rss_token def find_user_from_access_token
return unless request.path.ends_with?('atom') || request.format.atom? return unless access_token
token = request.params[:rss_token].presence validate_access_token!
return unless token.present?
user = User.find_by_rss_token(token) handle_return_value!(access_token&.user)
raise_unauthorized_error! unless user end
user def validate_access_token!(scopes: [])
end end
def find_user_by_oauth_token private
access_token = find_oauth_access_token
return unless access_token def handle_return_value!(value, &block)
return unless value
find_user_by_access_token(access_token) block_given? ? yield(value) : value
end end
private def access_token
return @access_token if defined?(@access_token)
@access_token = find_oauth_access_token || find_personal_access_token
end
def private_token def private_token
request.params[:private_token].presence || request.params[:private_token].presence ||
request.headers['PRIVATE-TOKEN'].presence request.headers['PRIVATE-TOKEN'].presence
end end
def find_user_by_authentication_token(token_string) def find_personal_access_token
User.find_by_authentication_token(token_string) token = private_token.to_s
end return unless token.present?
def find_user_by_personal_access_token(token_string)
access_token = PersonalAccessToken.find_by_token(token_string)
return unless access_token
find_user_by_access_token(access_token) # Expiration, revocation and scopes are verified in `validate_access_token!`
handle_return_value!(PersonalAccessToken.find_by(token: token))
end end
def find_oauth_access_token def find_oauth_access_token
return @oauth_access_token if defined?(@oauth_access_token)
current_request = ensure_action_dispatch_request(request) current_request = ensure_action_dispatch_request(request)
token = Doorkeeper::OAuth::Token.from_request(current_request, *Doorkeeper.configuration.access_token_methods) token = Doorkeeper::OAuth::Token.from_request(current_request, *Doorkeeper.configuration.access_token_methods)
return @oauth_access_token = nil unless token return unless token
@oauth_access_token = OauthAccessToken.by_token(token)
raise_unauthorized_error! unless @oauth_access_token
@oauth_access_token.revoke_previous_refresh_token! # Expiration, revocation and scopes are verified in `validate_access_token!`
@oauth_access_token handle_return_value!(OauthAccessToken.by_token(token)) do |oauth_token|
oauth_token.revoke_previous_refresh_token!
oauth_token
end end
def find_user_by_access_token(access_token)
access_token&.user
end end
# Check if the request is GET/HEAD, or if CSRF token is valid. # Check if the request is GET/HEAD, or if CSRF token is valid.
...@@ -85,10 +75,6 @@ module Gitlab ...@@ -85,10 +75,6 @@ module Gitlab
ActionDispatch::Request.new(request.env) ActionDispatch::Request.new(request.env)
end end
def raise_unauthorized_error!
return nil
end
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment