diff options
author | Timothy Andrew <mail@timothyandrew.net> | 2016-06-16 08:24:13 +0530 |
---|---|---|
committer | Timothy Andrew <mail@timothyandrew.net> | 2016-06-16 08:24:13 +0530 |
commit | 7ee0898a9ec4a03c9a55841b1cbea67add460c50 (patch) | |
tree | 02715669032caed346c063a1e56db826f167fca2 /app/controllers/application_controller.rb | |
parent | faa0e3f7580bc38d4d12916b4589c64d6c2678a7 (diff) | |
download | gitlab-ce-7ee0898a9ec4a03c9a55841b1cbea67add460c50.tar.gz |
Implement @DouweM's feedback.
- Extract a duplicated `redirect_to`
- Fix a typo: "token", not "certificate"
- Have the "Expires at" datepicker be attached to a text field, not inline
- Have both private tokens and personal access tokens verified in a
single "authenticate_from_private_token" method, both in the
application and API. Move relevant logic to
`User#find_by_personal_access_token`
- Remove unnecessary constants relating to API auth. We don't need a
separate constant for personal access tokens since the param is the
same as for private tokens.
Diffstat (limited to 'app/controllers/application_controller.rb')
-rw-r--r-- | app/controllers/application_controller.rb | 22 |
1 files changed, 6 insertions, 16 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index a5b358f10f1..72d1b97bf56 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -8,7 +8,7 @@ class ApplicationController < ActionController::Base include PageLayoutHelper include WorkhorseHelper - before_action :authenticate_user_from_token! + before_action :authenticate_user_from_private_token! before_action :authenticate_user! before_action :validate_user_service_ticket! before_action :reject_blocked! @@ -64,8 +64,11 @@ class ApplicationController < ActionController::Base end end - def authenticate_user_from_token! - user = get_user_from_private_token || get_user_from_personal_access_token + # This filter handles both private tokens and personal access tokens + def authenticate_user_from_private_token! + token_string = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence + user = User.find_by_authentication_token(token_string) || User.find_by_personal_access_token(token_string) + if user # Notice we are passing store false, so the user is not # actually stored in the session and a token is needed @@ -376,17 +379,4 @@ class ApplicationController < ActionController::Base (controller_name == 'groups' && action_name == page_type) || (controller_name == 'dashboard' && action_name == page_type) end - - # From https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example - # https://gist.github.com/josevalim/fb706b1e933ef01e4fb6 - def get_user_from_private_token - user_token = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence - User.find_by_authentication_token(user_token.to_s) if user_token - end - - def get_user_from_personal_access_token - token_string = params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence - personal_access_token = PersonalAccessToken.active.find_by_token(token_string) if token_string - personal_access_token.user if personal_access_token - end end |