Refactor `API::Helpers` into `API::Helpers::Core` and `API::Helpers::Authentication`

e8314ccc · Timothy Andrew · 3a609038 · e8314ccc · e8314ccc · e8314ccc
Commit e8314ccc authored Apr 15, 2016 by Timothy Andrew
Showing with 48 additions and 3 deletions

api.rb lib/api/api.rb +3 -1

authentication.rb lib/api/helpers/authentication.rb +42 -0

core.rb lib/api/helpers/core.rb +0 -0

api.rb lib/ci/api/api.rb +2 -1

users_spec.rb spec/requests/api/users_spec.rb +1 -1

No files found.
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
 Dir["#{Rails.root}/lib/api/*.rb"].each {|file| require file}
+Dir["#{Rails.root}/lib/api/helpers/*.rb"].each {|file| require file}

 module API
  class API < Grape::API
@@ -25,7 +26,8 @@ module API
    format :json
    content_type :txt, "text/plain"

-    helpers Helpers
+    helpers Helpers::Core
+    helpers Helpers::Authentication

    mount Groups
    mount GroupMembers

--- a/lib/api/helpers/authentication.rb
+++ b/lib/api/helpers/authentication.rb
+module API
+  module Helpers
+    module Authentication
+      PRIVATE_TOKEN_HEADER = "HTTP_PRIVATE_TOKEN"
+      PRIVATE_TOKEN_PARAM = :private_token
+      SUDO_HEADER ="HTTP_SUDO"
+      SUDO_PARAM = :sudo
+
+      def current_user
+        private_token = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s
+        @current_user ||= (User.find_by(authentication_token: private_token) || doorkeeper_guard)
+
+        unless @current_user && Gitlab::UserAccess.allowed?(@current_user)
+          return nil
+        end
+
+        identifier = sudo_identifier()
+
+        # If the sudo is the current user do nothing
+        if identifier && !(@current_user.id == identifier || @current_user.username == identifier)
+          render_api_error!('403 Forbidden: Must be admin to use sudo', 403) unless @current_user.is_admin?
+          @current_user = User.by_username_or_id(identifier)
+          not_found!("No user id or username for: #{identifier}") if @current_user.nil?
+        end
+
+        @current_user
+      end
+
+      def sudo_identifier()
+        identifier ||= params[SUDO_PARAM] || env[SUDO_HEADER]
+
+        # Regex for integers
+        if !!(identifier =~ /^[0-9]+$/)
+          identifier.to_i
+        else
+          identifier
+        end
+      end
+    end
+  end
+end
\ No newline at end of file
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
--- a/lib/ci/api/api.rb
+++ b/lib/ci/api/api.rb
@@ -28,7 +28,8 @@ module Ci
      format :json

      helpers ::Ci::API::Helpers
-      helpers ::API::Helpers
+      helpers ::API::Helpers::Core
+      helpers ::API::Helpers::Authentication
      helpers Gitlab::CurrentSettings

      mount Builds

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -24,7 +24,7 @@ describe API::API, api: true  do
      context "when public level is restricted" do
        before do
          stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
-          allow_any_instance_of(API::Helpers).to receive(:authenticate!).and_return(true)
+          allow_any_instance_of(API::Helpers::Authentication).to receive(:authenticate!).and_return(true)
        end

        it "renders 403" do