diff options
author | Steve Abrams <sabrams@gitlab.com> | 2019-07-19 09:19:48 -0600 |
---|---|---|
committer | Steve Abrams <sabrams@gitlab.com> | 2019-07-19 15:30:50 -0600 |
commit | 64550d8f5aba53931fa5ec253593641deda4d45b (patch) | |
tree | 02f9e134f26459192e8da7a0c263f1c7e334e30d | |
parent | 5a81e91cd1d0adc45facd979cbf3450a2e6aca33 (diff) | |
download | gitlab-ce-63438-oauth2-support-with-gitlab-personal-access-token.tar.gz |
Change OAuth compliant method to easier to understand name, add spec63438-oauth2-support-with-gitlab-personal-access-token
-rw-r--r-- | lib/gitlab/auth/user_auth_finders.rb | 5 | ||||
-rw-r--r-- | spec/lib/gitlab/auth/user_auth_finders_spec.rb | 8 |
2 files changed, 10 insertions, 3 deletions
diff --git a/lib/gitlab/auth/user_auth_finders.rb b/lib/gitlab/auth/user_auth_finders.rb index 69a5340e38d..bba7e2cbb3c 100644 --- a/lib/gitlab/auth/user_auth_finders.rb +++ b/lib/gitlab/auth/user_auth_finders.rb @@ -102,7 +102,8 @@ module Gitlab token = parsed_oauth_token return unless token - return if oauth_compliant_personal_access_token?(token) + # PATs with OAuth headers are not handled by OauthAccessToken + return if matches_personal_access_token_length?(token) # Expiration, revocation and scopes are verified in `validate_access_token!` oauth_token = OauthAccessToken.by_token(token) @@ -116,7 +117,7 @@ module Gitlab Doorkeeper::OAuth::Token.from_request(current_request, *Doorkeeper.configuration.access_token_methods) end - def oauth_compliant_personal_access_token?(token) + def matches_personal_access_token_length?(token) token.length == PersonalAccessToken::TOKEN_LENGTH end diff --git a/spec/lib/gitlab/auth/user_auth_finders_spec.rb b/spec/lib/gitlab/auth/user_auth_finders_spec.rb index 3636ecbd45c..4751f880cee 100644 --- a/spec/lib/gitlab/auth/user_auth_finders_spec.rb +++ b/spec/lib/gitlab/auth/user_auth_finders_spec.rb @@ -139,12 +139,18 @@ describe Gitlab::Auth::UserAuthFinders do end end - context 'when token is given in OAuth format' do + context 'with OAuth headers' do it 'returns user' do env['HTTP_AUTHORIZATION'] = "Bearer #{personal_access_token.token}" expect(find_user_from_access_token).to eq user end + + it 'returns exception if invalid personal_access_token' do + env['HTTP_AUTHORIZATION'] = 'Bearer invalid_20byte_token' + + expect { find_personal_access_token }.to raise_error(Gitlab::Auth::UnauthorizedError) + end end end |