Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
41ebd06d
Commit
41ebd06d
authored
Nov 07, 2017
by
Francisco Lopez
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Some fixes after rebase
parent
470b5dc3
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
41 additions
and
96 deletions
+41
-96
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+0
-24
lib/api/api_guard.rb
lib/api/api_guard.rb
+7
-24
lib/gitlab/auth/request_authenticator.rb
lib/gitlab/auth/request_authenticator.rb
+2
-2
lib/gitlab/auth/user_auth_finders.rb
lib/gitlab/auth/user_auth_finders.rb
+32
-46
No files found.
app/controllers/application_controller.rb
View file @
41ebd06d
...
...
@@ -99,36 +99,12 @@ class ApplicationController < ActionController::Base
return
try
(
:authenticated_user
)
end
<<<<<<<
HEAD
def
authenticate_user_from_personal_access_token!
token
=
params
[
:private_token
].
presence
||
request
.
headers
[
'PRIVATE-TOKEN'
].
presence
return
unless
token
.
present?
user
=
User
.
find_by_personal_access_token
(
token
)
sessionless_sign_in
(
user
)
end
# This filter handles authentication for atom request with an rss_token
def
authenticate_user_from_rss_token!
return
unless
request
.
format
.
atom?
token
=
params
[
:rss_token
].
presence
return
unless
token
.
present?
user
=
User
.
find_by_rss_token
(
token
)
sessionless_sign_in
(
user
)
=======
# This filter handles private tokens, personal access tokens, and atom
# requests with rss tokens
def
authenticate_sessionless_user!
user
=
Gitlab
::
Auth
::
RequestAuthenticator
.
new
(
request
).
find_sessionless_user
sessionless_sign_in
(
user
)
if
user
>>>>>>>
Add
request
throttles
end
def
log_exception
(
exception
)
...
...
lib/api/api_guard.rb
View file @
41ebd06d
...
...
@@ -72,33 +72,16 @@ module API
end
end
def
raise_unauthorized_error!
raise
UnauthorizedError
end
private
# If token is presented and valid, then it sets @current_user.
#
# If the token does not have sufficient scopes to cover the requred scopes,
# then it raises InsufficientScopeError.
#
# If the token is expired, then it raises ExpiredError.
#
# If the token is revoked, then it raises RevokedError.
#
# If the token is not found (nil), then it returns nil
#
# Arguments:
#
# scopes: (optional) scopes required for this guard.
# Defaults to empty array.
def
find_user_by_access_token
(
access_token
)
scopes
=
scopes_registered_for_endpoint
def
handle_return_value!
(
value
,
&
block
)
raise
UnauthorizedError
unless
value
# Expiration, revocation and scopes are verified in `find_user_by_access_token`
access_token
=
PersonalAccessToken
.
find_by
(
token:
token
)
raise
UnauthorizedError
unless
access_token
block_given?
?
yield
(
value
)
:
value
end
access_token
def
private_token
params
[
PRIVATE_TOKEN_PARAM
].
presence
||
env
[
PRIVATE_TOKEN_HEADER
].
presence
end
# An array of scopes that were registered (using `allow_access_with_scope`)
...
...
lib/gitlab/auth/request_authenticator.rb
View file @
41ebd06d
...
...
@@ -12,11 +12,11 @@ module Gitlab
end
def
user
find_sessionless_user
||
find_
session_user
find_sessionless_user
||
find_
user_from_warden
end
def
find_sessionless_user
find_user_
by_private_token
||
find_user_by_rss_token
||
find_user_by_oauth
_token
find_user_
from_access_token
||
find_user_by_rss
_token
end
end
end
...
...
lib/gitlab/auth/user_auth_finders.rb
View file @
41ebd06d
...
...
@@ -2,77 +2,67 @@ module Gitlab
module
Auth
module
UserAuthFinders
# Check the Rails session for valid authentication details
def
find_
session_user
def
find_
user_from_warden
request
.
env
[
'warden'
]
&
.
authenticate
if
verified_request?
end
def
find_user_by_private_token
token
=
private_token
return
unless
token
.
present?
user
=
find_user_by_authentication_token
(
token
)
||
find_user_by_personal_access_token
(
token
)
def
find_user_by_rss_token
return
unless
request
.
format
.
atom?
raise_unauthorized_error!
unless
user
token
=
request
.
params
[
:rss_token
].
presence
return
unless
token
.
present?
user
handle_return_value!
(
User
.
find_by_rss_token
(
token
))
end
def
find_user_
by_r
ss_token
return
unless
request
.
path
.
ends_with?
(
'atom'
)
||
request
.
format
.
atom?
def
find_user_
from_acce
ss_token
return
unless
access_token
token
=
request
.
params
[
:rss_token
].
presence
return
unless
token
.
present?
validate_access_token!
user
=
User
.
find_by_rss_token
(
token
)
raise_unauthorized_error!
unless
user
handle_return_value!
(
access_token
&
.
user
)
end
user
def
validate_access_token!
(
scopes:
[])
end
def
find_user_by_oauth_token
access_token
=
find_oauth_access_token
private
return
unless
access_token
def
handle_return_value!
(
value
,
&
block
)
return
unless
value
find_user_by_access_token
(
access_token
)
block_given?
?
yield
(
value
)
:
value
end
private
def
access_token
return
@access_token
if
defined?
(
@access_token
)
@access_token
=
find_oauth_access_token
||
find_personal_access_token
end
def
private_token
request
.
params
[
:private_token
].
presence
||
request
.
headers
[
'PRIVATE-TOKEN'
].
presence
end
def
find_user_by_authentication_token
(
token_string
)
User
.
find_by_authentication_token
(
token_string
)
end
def
find_user_by_personal_access_token
(
token_string
)
access_token
=
PersonalAccessToken
.
find_by_token
(
token_string
)
return
unless
access_token
def
find_personal_access_token
token
=
private_token
.
to_s
return
unless
token
.
present?
find_user_by_access_token
(
access_token
)
# Expiration, revocation and scopes are verified in `validate_access_token!`
handle_return_value!
(
PersonalAccessToken
.
find_by
(
token:
token
))
end
def
find_oauth_access_token
return
@oauth_access_token
if
defined?
(
@oauth_access_token
)
current_request
=
ensure_action_dispatch_request
(
request
)
token
=
Doorkeeper
::
OAuth
::
Token
.
from_request
(
current_request
,
*
Doorkeeper
.
configuration
.
access_token_methods
)
return
@oauth_access_token
=
nil
unless
token
@oauth_access_token
=
OauthAccessToken
.
by_token
(
token
)
raise_unauthorized_error!
unless
@oauth_access_token
return
unless
token
@oauth_access_token
.
revoke_previous_refresh_token!
@oauth_access_token
# Expiration, revocation and scopes are verified in `validate_access_token!`
handle_return_value!
(
OauthAccessToken
.
by_token
(
token
))
do
|
oauth_token
|
oauth_token
.
revoke_previous_refresh_token!
oauth_token
end
def
find_user_by_access_token
(
access_token
)
access_token
&
.
user
end
# Check if the request is GET/HEAD, or if CSRF token is valid.
...
...
@@ -85,10 +75,6 @@ module Gitlab
ActionDispatch
::
Request
.
new
(
request
.
env
)
end
def
raise_unauthorized_error!
return
nil
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment