Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
8fbfac48
Commit
8fbfac48
authored
Oct 12, 2017
by
Douwe Maan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Consistently use PersonalAccessToken instead of PersonalToken
parent
06032b31
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
15 additions
and
15 deletions
+15
-15
app/controllers/jwt_controller.rb
app/controllers/jwt_controller.rb
+3
-3
app/controllers/projects/git_http_client_controller.rb
app/controllers/projects/git_http_client_controller.rb
+3
-3
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+4
-4
spec/lib/gitlab/auth_spec.rb
spec/lib/gitlab/auth_spec.rb
+5
-5
No files found.
app/controllers/jwt_controller.rb
View file @
8fbfac48
...
...
@@ -30,11 +30,11 @@ class JwtController < ApplicationController
render_unauthorized
end
end
rescue
Gitlab
::
Auth
::
MissingPersonalTokenError
render_missing_personal_token
rescue
Gitlab
::
Auth
::
MissingPersonal
Access
TokenError
render_missing_personal_
access_
token
end
def
render_missing_personal_token
def
render_missing_personal_
access_
token
render
json:
{
errors:
[
{
code:
'UNAUTHORIZED'
,
...
...
app/controllers/projects/git_http_client_controller.rb
View file @
8fbfac48
...
...
@@ -53,8 +53,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController
send_challenges
render
plain:
"HTTP Basic: Access denied
\n
"
,
status:
401
rescue
Gitlab
::
Auth
::
MissingPersonalTokenError
render_missing_personal_token
rescue
Gitlab
::
Auth
::
MissingPersonal
Access
TokenError
render_missing_personal_
access_
token
end
def
basic_auth_provided?
...
...
@@ -78,7 +78,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController
@project
,
@wiki
,
@redirected_path
=
Gitlab
::
RepoPath
.
parse
(
"
#{
params
[
:namespace_id
]
}
/
#{
params
[
:project_id
]
}
"
)
end
def
render_missing_personal_token
def
render_missing_personal_
access_
token
render
plain:
"HTTP Basic: Access denied
\n
"
\
"You must use a personal access token with 'api' scope for Git over HTTP.
\n
"
\
"You can generate one at
#{
profile_personal_access_tokens_url
}
"
,
...
...
lib/gitlab/auth.rb
View file @
8fbfac48
module
Gitlab
module
Auth
MissingPersonalTokenError
=
Class
.
new
(
StandardError
)
MissingPersonal
Access
TokenError
=
Class
.
new
(
StandardError
)
REGISTRY_SCOPES
=
[
:read_registry
].
freeze
...
...
@@ -39,7 +39,7 @@ module Gitlab
# If sign-in is disabled and LDAP is not configured, recommend a
# personal access token on failed auth attempts
raise
Gitlab
::
Auth
::
MissingPersonalTokenError
raise
Gitlab
::
Auth
::
MissingPersonal
Access
TokenError
end
def
find_with_user_password
(
login
,
password
)
...
...
@@ -107,7 +107,7 @@ module Gitlab
user
=
find_with_user_password
(
login
,
password
)
return
unless
user
raise
Gitlab
::
Auth
::
MissingPersonalTokenError
if
user
.
two_factor_enabled?
raise
Gitlab
::
Auth
::
MissingPersonal
Access
TokenError
if
user
.
two_factor_enabled?
Gitlab
::
Auth
::
Result
.
new
(
user
,
nil
,
:gitlab_or_ldap
,
full_authentication_abilities
)
end
...
...
@@ -129,7 +129,7 @@ module Gitlab
token
=
PersonalAccessTokensFinder
.
new
(
state:
'active'
).
find_by
(
token:
password
)
if
token
&&
valid_scoped_token?
(
token
,
available_scopes
)
Gitlab
::
Auth
::
Result
.
new
(
token
.
user
,
nil
,
:personal_token
,
abilities_for_scope
(
token
.
scopes
))
Gitlab
::
Auth
::
Result
.
new
(
token
.
user
,
nil
,
:personal_
access_
token
,
abilities_for_scope
(
token
.
scopes
))
end
end
...
...
spec/lib/gitlab/auth_spec.rb
View file @
8fbfac48
...
...
@@ -164,7 +164,7 @@ describe Gitlab::Auth do
personal_access_token
=
create
(
:personal_access_token
,
scopes:
[
'api'
])
expect
(
gl_auth
).
to
receive
(
:rate_limit!
).
with
(
'ip'
,
success:
true
,
login:
''
)
expect
(
gl_auth
.
find_for_git_client
(
''
,
personal_access_token
.
token
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
personal_access_token
.
user
,
nil
,
:personal_token
,
full_authentication_abilities
))
expect
(
gl_auth
.
find_for_git_client
(
''
,
personal_access_token
.
token
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
personal_access_token
.
user
,
nil
,
:personal_
access_
token
,
full_authentication_abilities
))
end
context
'when registry is enabled'
do
...
...
@@ -176,7 +176,7 @@ describe Gitlab::Auth do
personal_access_token
=
create
(
:personal_access_token
,
scopes:
[
'read_registry'
])
expect
(
gl_auth
).
to
receive
(
:rate_limit!
).
with
(
'ip'
,
success:
true
,
login:
''
)
expect
(
gl_auth
.
find_for_git_client
(
''
,
personal_access_token
.
token
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
personal_access_token
.
user
,
nil
,
:personal_token
,
[
:read_container_image
]))
expect
(
gl_auth
.
find_for_git_client
(
''
,
personal_access_token
.
token
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
personal_access_token
.
user
,
nil
,
:personal_
access_
token
,
[
:read_container_image
]))
end
end
...
...
@@ -184,14 +184,14 @@ describe Gitlab::Auth do
impersonation_token
=
create
(
:personal_access_token
,
:impersonation
,
scopes:
[
'api'
])
expect
(
gl_auth
).
to
receive
(
:rate_limit!
).
with
(
'ip'
,
success:
true
,
login:
''
)
expect
(
gl_auth
.
find_for_git_client
(
''
,
impersonation_token
.
token
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
impersonation_token
.
user
,
nil
,
:personal_token
,
full_authentication_abilities
))
expect
(
gl_auth
.
find_for_git_client
(
''
,
impersonation_token
.
token
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
impersonation_token
.
user
,
nil
,
:personal_
access_
token
,
full_authentication_abilities
))
end
it
'limits abilities based on scope'
do
personal_access_token
=
create
(
:personal_access_token
,
scopes:
[
'read_user'
])
expect
(
gl_auth
).
to
receive
(
:rate_limit!
).
with
(
'ip'
,
success:
true
,
login:
''
)
expect
(
gl_auth
.
find_for_git_client
(
''
,
personal_access_token
.
token
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
personal_access_token
.
user
,
nil
,
:personal_token
,
[]))
expect
(
gl_auth
.
find_for_git_client
(
''
,
personal_access_token
.
token
,
project:
nil
,
ip:
'ip'
)).
to
eq
(
Gitlab
::
Auth
::
Result
.
new
(
personal_access_token
.
user
,
nil
,
:personal_
access_
token
,
[]))
end
it
'fails if password is nil'
do
...
...
@@ -234,7 +234,7 @@ describe Gitlab::Auth do
it
'throws an error suggesting user create a PAT when internal auth is disabled'
do
allow_any_instance_of
(
ApplicationSetting
).
to
receive
(
:password_authentication_enabled?
)
{
false
}
expect
{
gl_auth
.
find_for_git_client
(
'foo'
,
'bar'
,
project:
nil
,
ip:
'ip'
)
}.
to
raise_error
(
Gitlab
::
Auth
::
MissingPersonalTokenError
)
expect
{
gl_auth
.
find_for_git_client
(
'foo'
,
'bar'
,
project:
nil
,
ip:
'ip'
)
}.
to
raise_error
(
Gitlab
::
Auth
::
MissingPersonal
Access
TokenError
)
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment