summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Trzcinski <ayufan@ayufan.eu>2016-05-13 16:23:02 -0500
committerKamil Trzcinski <ayufan@ayufan.eu>2016-05-13 16:23:02 -0500
commite900ff972a4a6133a499adcc1263d3634863f410 (patch)
tree787eee6fdff79984b97751641909ae90b6971edf
parent9ef9e008feb99aaf0c4edc85bb76039eb46f0794 (diff)
downloadgitlab-ce-e900ff972a4a6133a499adcc1263d3634863f410.tar.gz
Improve JwtController code
-rw-r--r--app/controllers/jwt_controller.rb37
1 files changed, 19 insertions, 18 deletions
diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb
index c203c50d1fb..e067f59808a 100644
--- a/app/controllers/jwt_controller.rb
+++ b/app/controllers/jwt_controller.rb
@@ -1,22 +1,13 @@
class JwtController < ApplicationController
skip_before_action :authenticate_user!
skip_before_action :verify_authenticity_token
+ before_action :authenticate_project_or_user
SERVICES = {
'container_registry' => ::Gitlab::JWT::ContainerRegistryAuthenticationService,
}
def auth
- @authenticated = authenticate_with_http_basic do |login, password|
- # if it's possible we first try to authenticate project with login and password
- @project = authenticate_project(login, password)
- @user = authenticate_user(login, password) unless @project
- end
-
- unless @authenticated
- head :forbidden if ActionController::HttpAuthentication::Basic.has_basic_credentials?(request)
- end
-
service = SERVICES[params[:service]]
head :not_found unless service
@@ -28,19 +19,28 @@ class JwtController < ApplicationController
private
+ def authenticate_project_or_user
+ authenticate_with_http_basic do |login, password|
+ # if it's possible we first try to authenticate project with login and password
+ @project = authenticate_project(login, password)
+ return if @project
+
+ @user = authenticate_user(login, password)
+ return if @user
+ end
+
+ if ActionController::HttpAuthentication::Basic.has_basic_credentials?(request)
+ head :forbidden
+ end
+ end
+
def auth_params
params.permit(:service, :scope, :offline_token, :account, :client_id)
end
def authenticate_project(login, password)
- matched_login = /(?<s>^[a-zA-Z]*-ci)-token$/.match(login)
-
- if matched_login.present?
- underscored_service = matched_login['s'].underscore
-
- if underscored_service == 'gitlab_ci'
- Project.find_by(builds_enabled: true, runners_token: password)
- end
+ if login == 'gitlab_ci_token'
+ Project.find_by(builds_enabled: true, runners_token: password)
end
end
@@ -77,6 +77,7 @@ class JwtController < ApplicationController
if banned
Rails.logger.info "IP #{request.ip} failed to login " \
"as #{login} but has been temporarily banned from Git auth"
+ return
end
end
end