Allow personal access tokens to be used for API authentication.

5fb44192 · Timothy Andrew · e8314ccc · 5fb44192
Commit 5fb44192 authored Apr 15, 2016 by Timothy Andrew
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 2 deletions

authentication.rb lib/api/helpers/authentication.rb +14 -2

No files found.
--- a/lib/api/helpers/authentication.rb
+++ b/lib/api/helpers/authentication.rb
@@ -5,10 +5,22 @@ module API
      PRIVATE_TOKEN_PARAM = :private_token
      SUDO_HEADER ="HTTP_SUDO"
      SUDO_PARAM = :sudo
+      PERSONAL_ACCESS_TOKEN_PARAM = :personal_access_token

-      def current_user
+      def find_user_by_private_token
        private_token = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s
-        @current_user ||= (User.find_by(authentication_token: private_token) || doorkeeper_guard)
+        User.find_by_authentication_token(private_token)
+      end
+
+      def find_user_by_personal_access_token
+        personal_access_token = PersonalAccessToken.find_by_token(params[PERSONAL_ACCESS_TOKEN_PARAM])
+        if personal_access_token
+          personal_access_token.user
+        end
+      end
+
+      def current_user
+        @current_user ||= (find_user_by_private_token || find_user_by_personal_access_token || doorkeeper_guard)

        unless @current_user && Gitlab::UserAccess.allowed?(@current_user)
          return nil