Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Tatuya Kamada
gitlab-ce
Commits
e900ff97
Commit
e900ff97
authored
May 13, 2016
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Improve JwtController code
parent
9ef9e008
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
19 additions
and
18 deletions
+19
-18
app/controllers/jwt_controller.rb
app/controllers/jwt_controller.rb
+19
-18
No files found.
app/controllers/jwt_controller.rb
View file @
e900ff97
class
JwtController
<
ApplicationController
class
JwtController
<
ApplicationController
skip_before_action
:authenticate_user!
skip_before_action
:authenticate_user!
skip_before_action
:verify_authenticity_token
skip_before_action
:verify_authenticity_token
before_action
:authenticate_project_or_user
SERVICES
=
{
SERVICES
=
{
'container_registry'
=>
::
Gitlab
::
JWT
::
ContainerRegistryAuthenticationService
,
'container_registry'
=>
::
Gitlab
::
JWT
::
ContainerRegistryAuthenticationService
,
}
}
def
auth
def
auth
@authenticated
=
authenticate_with_http_basic
do
|
login
,
password
|
# if it's possible we first try to authenticate project with login and password
@project
=
authenticate_project
(
login
,
password
)
@user
=
authenticate_user
(
login
,
password
)
unless
@project
end
unless
@authenticated
head
:forbidden
if
ActionController
::
HttpAuthentication
::
Basic
.
has_basic_credentials?
(
request
)
end
service
=
SERVICES
[
params
[
:service
]]
service
=
SERVICES
[
params
[
:service
]]
head
:not_found
unless
service
head
:not_found
unless
service
...
@@ -28,21 +19,30 @@ class JwtController < ApplicationController
...
@@ -28,21 +19,30 @@ class JwtController < ApplicationController
private
private
def
authenticate_project_or_user
authenticate_with_http_basic
do
|
login
,
password
|
# if it's possible we first try to authenticate project with login and password
@project
=
authenticate_project
(
login
,
password
)
return
if
@project
@user
=
authenticate_user
(
login
,
password
)
return
if
@user
end
if
ActionController
::
HttpAuthentication
::
Basic
.
has_basic_credentials?
(
request
)
head
:forbidden
end
end
def
auth_params
def
auth_params
params
.
permit
(
:service
,
:scope
,
:offline_token
,
:account
,
:client_id
)
params
.
permit
(
:service
,
:scope
,
:offline_token
,
:account
,
:client_id
)
end
end
def
authenticate_project
(
login
,
password
)
def
authenticate_project
(
login
,
password
)
matched_login
=
/(?<s>^[a-zA-Z]*-ci)-token$/
.
match
(
login
)
if
login
==
'gitlab_ci_token'
if
matched_login
.
present?
underscored_service
=
matched_login
[
's'
].
underscore
if
underscored_service
==
'gitlab_ci'
Project
.
find_by
(
builds_enabled:
true
,
runners_token:
password
)
Project
.
find_by
(
builds_enabled:
true
,
runners_token:
password
)
end
end
end
end
end
def
authenticate_user
(
login
,
password
)
def
authenticate_user
(
login
,
password
)
user
=
Gitlab
::
Auth
.
new
.
find
(
login
,
password
)
user
=
Gitlab
::
Auth
.
new
.
find
(
login
,
password
)
...
@@ -77,6 +77,7 @@ class JwtController < ApplicationController
...
@@ -77,6 +77,7 @@ class JwtController < ApplicationController
if
banned
if
banned
Rails
.
logger
.
info
"IP
#{
request
.
ip
}
failed to login "
\
Rails
.
logger
.
info
"IP
#{
request
.
ip
}
failed to login "
\
"as
#{
login
}
but has been temporarily banned from Git auth"
"as
#{
login
}
but has been temporarily banned from Git auth"
return
end
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment