Merge branch 'fix_pat_auth-11-4' into 'security-11-4'

[11.4] Fix Token lookup for Git over HTTP and registry authentication See merge request gitlab/gitlabhq!2577

Merge branch 'fix_pat_auth-11-4' into 'security-11-4'
[11.4] Fix Token lookup for Git over HTTP and registry authentication See merge request gitlab/gitlabhq!2577
c847f172 · Robert Speicher · Jan Provaznik · 5091cc4f · c847f172 · c847f172
Commit c847f172 authored Oct 26, 2018 by Robert Speicher Committed by Jan Provaznik Oct 29, 2018
Showing with 3 additions and 5 deletions

app/finders/personal_access_tokens_finder.rb app/finders/personal_access_tokens_finder.rb +1 -1

app/models/user.rb app/models/user.rb +1 -1

lib/gitlab/auth.rb lib/gitlab/auth.rb +1 -3

No files found.
--- a/app/finders/personal_access_tokens_finder.rb
+++ b/app/finders/personal_access_tokens_finder.rb
@@ -3,7 +3,7 @@
 class PersonalAccessTokensFinder
  attr_accessor :params

-  delegate :build, :find, :find_by, to: :execute
+  delegate :build, :find, :find_by, :find_by_token, to: :execute

  def initialize(params = {})
    @params = params

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -463,7 +463,7 @@ class User < ActiveRecord::Base
    def find_by_personal_access_token(token_string)
      return unless token_string

-      PersonalAccessTokensFinder.new(state: 'active').find_by(token: token_string)&.user # rubocop: disable CodeReuse/Finder
+      PersonalAccessTokensFinder.new(state: 'active').find_by_token(token_string)&.user # rubocop: disable CodeReuse/Finder
    end

    # Returns a user for the given SSH key.

--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -151,17 +151,15 @@ module Gitlab
      end
      # rubocop: enable CodeReuse/ActiveRecord

-      # rubocop: disable CodeReuse/ActiveRecord
      def personal_access_token_check(password)
        return unless password.present?

-        token = PersonalAccessTokensFinder.new(state: 'active').find_by(token: password)
+        token = PersonalAccessTokensFinder.new(state: 'active').find_by_token(password)

        if token && valid_scoped_token?(token, available_scopes)
          Gitlab::Auth::Result.new(token.user, nil, :personal_access_token, abilities_for_scopes(token.scopes))
        end
      end
-      # rubocop: enable CodeReuse/ActiveRecord

      def valid_oauth_token?(token)
        token && token.accessible? && valid_scoped_token?(token, [:api])