Skip to content

G
gitlab-ce
Commit e50eb47d authored by Gabriel Mazetto's avatar Gabriel Mazetto
Browse files
Options

Fix OAuth session code for Geo

parent 0a8cfbd5
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 6 deletions
app/controllers/oauth/geo_auth_controller.rb
View file @ e50eb47d
......@@ -23,7 +23,7 @@ class Oauth::GeoAuthController < ActionController::Base
token = client.auth_code.get_token(params[:code], redirect_uri: oauth_geo_callback_url).token
@user_session = ::Geo::User.new(state: params[:state])
@user_session = Geo::OauthSession.new(state: params[:state])
remote_user = @user_session.authenticate(access_token: token)
user = User.find(remote_user['id'])
......
app/models/geo/oauth_session.rb
View file @ e50eb47d
......@@ -12,13 +12,13 @@ class Geo::OauthSession
salt, hmac, return_to = state.split(':', 3)
return false unless return_to
hmac == self.generate_oauth_hmac(salt)
hmac == generate_oauth_hmac(salt, return_to)
end
def generate_oauth_state
return unless return_to
salt = generate_oauth_salt
hmac = generate_oauth_hmac(salt)
hmac = generate_oauth_hmac(salt, return_to)
"#{salt}:#{hmac}:#{return_to}"
end
......@@ -42,8 +42,8 @@ class Geo::OauthSession
SecureRandom.hex(16)
end
def generate_oauth_hmac(salt)
return unless return_to
def generate_oauth_hmac(salt, return_to)
return false unless return_to
digest = OpenSSL::Digest.new('sha256')
key = Gitlab::Application.secrets.secret_key_base + salt
OpenSSL::HMAC.hexdigest(digest, key, return_to)
......
lib/gitlab/geo.rb
View file @ e50eb47d
......@@ -41,7 +41,7 @@ module Gitlab
end
def self.oauth_authentication
return false unless self.readonly?
return false unless Gitlab::Geo.secondary?
Gitlab::Geo.current_node.oauth_application
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7