BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
41ebd06d
Commit
41ebd06d
authored
Nov 07, 2017
by
Francisco Lopez
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Some fixes after rebase
parent
470b5dc3
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
41 additions
and
96 deletions
+41
-96
application_controller.rb
app/controllers/application_controller.rb
+0
-24
api_guard.rb
lib/api/api_guard.rb
+7
-24
request_authenticator.rb
lib/gitlab/auth/request_authenticator.rb
+2
-2
user_auth_finders.rb
lib/gitlab/auth/user_auth_finders.rb
+32
-46
No files found.
app/controllers/application_controller.rb
View file @
41ebd06d
...
@@ -99,36 +99,12 @@ class ApplicationController < ActionController::Base
...
@@ -99,36 +99,12 @@ class ApplicationController < ActionController::Base
return
try
(
:authenticated_user
)
return
try
(
:authenticated_user
)
end
end
<<<<<<<
HEAD
def
authenticate_user_from_personal_access_token!
token
=
params
[
:private_token
].
presence
||
request
.
headers
[
'PRIVATE-TOKEN'
].
presence
return
unless
token
.
present?
user
=
User
.
find_by_personal_access_token
(
token
)
sessionless_sign_in
(
user
)
end
# This filter handles authentication for atom request with an rss_token
def
authenticate_user_from_rss_token!
return
unless
request
.
format
.
atom?
token
=
params
[
:rss_token
].
presence
return
unless
token
.
present?
user
=
User
.
find_by_rss_token
(
token
)
sessionless_sign_in
(
user
)
=======
# This filter handles private tokens, personal access tokens, and atom
# This filter handles private tokens, personal access tokens, and atom
# requests with rss tokens
# requests with rss tokens
def
authenticate_sessionless_user!
def
authenticate_sessionless_user!
user
=
Gitlab
::
Auth
::
RequestAuthenticator
.
new
(
request
).
find_sessionless_user
user
=
Gitlab
::
Auth
::
RequestAuthenticator
.
new
(
request
).
find_sessionless_user
sessionless_sign_in
(
user
)
if
user
sessionless_sign_in
(
user
)
if
user
>>>>>>>
Add
request
throttles
end
end
def
log_exception
(
exception
)
def
log_exception
(
exception
)
...
...
lib/api/api_guard.rb
View file @
41ebd06d
...
@@ -72,33 +72,16 @@ module API
...
@@ -72,33 +72,16 @@ module API
end
end
end
end
def
raise_unauthorized_error!
private
raise
UnauthorizedError
end
# If token is presented and valid, then it sets @current_user.
def
handle_return_value!
(
value
,
&
block
)
#
raise
UnauthorizedError
unless
value
# If the token does not have sufficient scopes to cover the requred scopes,
# then it raises InsufficientScopeError.
#
# If the token is expired, then it raises ExpiredError.
#
# If the token is revoked, then it raises RevokedError.
#
# If the token is not found (nil), then it returns nil
#
# Arguments:
#
# scopes: (optional) scopes required for this guard.
# Defaults to empty array.
def
find_user_by_access_token
(
access_token
)
scopes
=
scopes_registered_for_endpoint
# Expiration, revocation and scopes are verified in `find_user_by_access_token`
block_given?
?
yield
(
value
)
:
value
access_token
=
PersonalAccessToken
.
find_by
(
token:
token
)
end
raise
UnauthorizedError
unless
access_token
access_token
def
private_token
params
[
PRIVATE_TOKEN_PARAM
].
presence
||
env
[
PRIVATE_TOKEN_HEADER
].
presence
end
end
# An array of scopes that were registered (using `allow_access_with_scope`)
# An array of scopes that were registered (using `allow_access_with_scope`)
...
...
lib/gitlab/auth/request_authenticator.rb
View file @
41ebd06d
...
@@ -12,11 +12,11 @@ module Gitlab
...
@@ -12,11 +12,11 @@ module Gitlab
end
end
def
user
def
user
find_sessionless_user
||
find_
session_user
find_sessionless_user
||
find_
user_from_warden
end
end
def
find_sessionless_user
def
find_sessionless_user
find_user_
by_private_token
||
find_user_by_rss_token
||
find_user_by_oauth
_token
find_user_
from_access_token
||
find_user_by_rss
_token
end
end
end
end
end
end
...
...
lib/gitlab/auth/user_auth_finders.rb
View file @
41ebd06d
...
@@ -2,77 +2,67 @@ module Gitlab
...
@@ -2,77 +2,67 @@ module Gitlab
module
Auth
module
Auth
module
UserAuthFinders
module
UserAuthFinders
# Check the Rails session for valid authentication details
# Check the Rails session for valid authentication details
def
find_
session_user
def
find_
user_from_warden
request
.
env
[
'warden'
]
&
.
authenticate
if
verified_request?
request
.
env
[
'warden'
]
&
.
authenticate
if
verified_request?
end
end
def
find_user_by_private_token
def
find_user_by_rss_token
token
=
private_token
return
unless
request
.
format
.
atom?
return
unless
token
.
present?
user
=
find_user_by_authentication_token
(
token
)
||
find_user_by_personal_access_token
(
token
)
raise_unauthorized_error!
unless
user
token
=
request
.
params
[
:rss_token
].
presence
return
unless
token
.
present?
user
handle_return_value!
(
User
.
find_by_rss_token
(
token
))
end
end
def
find_user_
by_r
ss_token
def
find_user_
from_acce
ss_token
return
unless
request
.
path
.
ends_with?
(
'atom'
)
||
request
.
format
.
atom?
return
unless
access_token
token
=
request
.
params
[
:rss_token
].
presence
validate_access_token!
return
unless
token
.
present?
user
=
User
.
find_by_rss_token
(
token
)
handle_return_value!
(
access_token
&
.
user
)
raise_unauthorized_error!
unless
user
end
user
def
validate_access_token!
(
scopes:
[])
end
end
def
find_user_by_oauth_token
private
access_token
=
find_oauth_access_token
return
unless
access_token
def
handle_return_value!
(
value
,
&
block
)
return
unless
value
find_user_by_access_token
(
access_token
)
block_given?
?
yield
(
value
)
:
value
end
end
private
def
access_token
return
@access_token
if
defined?
(
@access_token
)
@access_token
=
find_oauth_access_token
||
find_personal_access_token
end
def
private_token
def
private_token
request
.
params
[
:private_token
].
presence
||
request
.
params
[
:private_token
].
presence
||
request
.
headers
[
'PRIVATE-TOKEN'
].
presence
request
.
headers
[
'PRIVATE-TOKEN'
].
presence
end
end
def
find_user_by_authentication_token
(
token_string
)
def
find_personal_access_token
User
.
find_by_authentication_token
(
token_string
)
token
=
private_token
.
to_s
end
return
unless
token
.
present?
def
find_user_by_personal_access_token
(
token_string
)
access_token
=
PersonalAccessToken
.
find_by_token
(
token_string
)
return
unless
access_token
find_user_by_access_token
(
access_token
)
# Expiration, revocation and scopes are verified in `validate_access_token!`
handle_return_value!
(
PersonalAccessToken
.
find_by
(
token:
token
))
end
end
def
find_oauth_access_token
def
find_oauth_access_token
return
@oauth_access_token
if
defined?
(
@oauth_access_token
)
current_request
=
ensure_action_dispatch_request
(
request
)
current_request
=
ensure_action_dispatch_request
(
request
)
token
=
Doorkeeper
::
OAuth
::
Token
.
from_request
(
current_request
,
*
Doorkeeper
.
configuration
.
access_token_methods
)
token
=
Doorkeeper
::
OAuth
::
Token
.
from_request
(
current_request
,
*
Doorkeeper
.
configuration
.
access_token_methods
)
return
@oauth_access_token
=
nil
unless
token
return
unless
token
@oauth_access_token
=
OauthAccessToken
.
by_token
(
token
)
raise_unauthorized_error!
unless
@oauth_access_token
@oauth_access_token
.
revoke_previous_refresh_token!
@oauth_access_token
end
def
find_user_by_access_token
(
access_token
)
# Expiration, revocation and scopes are verified in `validate_access_token!`
access_token
&
.
user
handle_return_value!
(
OauthAccessToken
.
by_token
(
token
))
do
|
oauth_token
|
oauth_token
.
revoke_previous_refresh_token!
oauth_token
end
end
end
# Check if the request is GET/HEAD, or if CSRF token is valid.
# Check if the request is GET/HEAD, or if CSRF token is valid.
...
@@ -85,10 +75,6 @@ module Gitlab
...
@@ -85,10 +75,6 @@ module Gitlab
ActionDispatch
::
Request
.
new
(
request
.
env
)
ActionDispatch
::
Request
.
new
(
request
.
env
)
end
end
def
raise_unauthorized_error!
return
nil
end
end
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment