BigW Consortium Gitlab

  1. 16 Dec, 2016 6 commits
    • Rename the `token_has_scope?` method. · 5becbe24
      Timothy Andrew authored
      `valid_api_token?` is a better name. Scopes are just (potentially) one facet of
      a "valid" token.
    • Convert AccessTokenValidationService into a class. · b303948f
      Timothy Andrew authored
      - Previously, AccessTokenValidationService was a module, and all its  public
      methods accepted a token. It makes sense to convert it to a class which accepts
      a token during initialization.
      
      - Also rename the `sufficient_scope?` method to `include_any_scope?`
      
      - Based on feedback from @rymai
    • Refactor access token validation in `Gitlab::Auth` · dc95bcbb
      Timothy Andrew authored
      - Based on @dbalexandre's review
      - Extract token validity conditions into two separate methods, for
        personal access tokens and OAuth tokens.
    • Implement minor changes from @dbalexandre's review. · 4d6da770
      Timothy Andrew authored
      - Mainly whitespace changes.
      
      - Require the migration adding the `scope` column to the
        `personal_access_tokens` table to have downtime, since API calls will
        fail if the new code is in place, but the migration hasn't run.
      
      - Minor refactoring - load `@scopes` in a `before_action`, since we're
        doing it in three different places.
    • Validate access token scopes in `Gitlab::Auth` · 36b3210b
      Timothy Andrew authored
      - This module is used for git-over-http, as well as JWT.
      
      - The only valid scope here is `api`, currently.
    • Calls to the API are checked for scope. · 7fa06ed5
      Timothy Andrew authored
      - Move the `Oauth2::AccessTokenValidationService` class to
        `AccessTokenValidationService`, since it is now being used for
        personal access token validation as well.
      
      - Each API endpoint declares the scopes it accepts (if any). Currently,
        the top level API module declares the `api` scope, and the `Users` API
        module declares the `read_user` scope (for GET requests).
      
      - Move the `find_user_by_private_token` from the API `Helpers` module to
        the `APIGuard` module, to avoid littering `Helpers` with more
        auth-related methods to support `find_user_by_private_token`
  2. 28 Sep, 2016 1 commit
  3. 20 Sep, 2016 1 commit
  4. 19 Sep, 2016 6 commits
  5. 16 Sep, 2016 2 commits
  6. 15 Sep, 2016 14 commits
  7. 14 Sep, 2016 1 commit
  8. 13 Sep, 2016 3 commits
  9. 18 Aug, 2016 1 commit
  10. 17 Aug, 2016 1 commit
  11. 16 Aug, 2016 2 commits
  12. 16 Jun, 2016 2 commits