diff options
| author | Stan Hu <stanhu@gmail.com> | 2015-08-07 00:06:20 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2015-08-23 09:23:44 -0700 |
| commit | ed1d4fa477789659f9343593bf06d50e70750561 (patch) | |
| tree | c7d208bd6be17632a314eb090456f1a30f42f13b /app/controllers/import/github_controller.rb | |
| parent | 97cc91d21d28a6482dc6ab040db31598a786f56c (diff) | |
| download | gitlab-ce-ed1d4fa477789659f9343593bf06d50e70750561.tar.gz | |
Remove user OAuth tokens stored in database for Bitbucket, GitHub, and GitLab
and request them each session. Pass these tokens to the project import data.
This prevents the need to encrypt these tokens and clear them in case they
expire or get revoked.
For example, if you deleted and re-created OAuth2 keys for Bitbucket, you would get
an Error 500 with no way to recover:
```
Started GET "/import/bitbucket/status" for x.x.x.x at 2015-08-07 05:24:10 +0000
Processing by Import::BitbucketController#status as HTML
Completed 500 Internal Server Error in 607ms (ActiveRecord: 2.3ms)
NameError (uninitialized constant Import::BitbucketController::Unauthorized):
app/controllers/import/bitbucket_controller.rb:77:in `rescue in go_to_bitbucket_for_permissions'
app/controllers/import/bitbucket_controller.rb:74:in `go_to_bitbucket_for_permissions'
app/controllers/import/bitbucket_controller.rb:86:in `bitbucket_unauthorized'
```
Closes #1871
Diffstat (limited to 'app/controllers/import/github_controller.rb')
| -rw-r--r-- | app/controllers/import/github_controller.rb | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/app/controllers/import/github_controller.rb b/app/controllers/import/github_controller.rb index b9f99c1b88a..f21fbd9ecca 100644 --- a/app/controllers/import/github_controller.rb +++ b/app/controllers/import/github_controller.rb @@ -5,9 +5,7 @@ class Import::GithubController < Import::BaseController rescue_from Octokit::Unauthorized, with: :github_unauthorized def callback - token = client.get_token(params[:code]) - current_user.github_access_token = token - current_user.save + session[:github_access_token] = client.get_token(params[:code]) redirect_to status_import_github_url end @@ -39,13 +37,13 @@ class Import::GithubController < Import::BaseController namespace = get_or_create_namespace || (render and return) - @project = Gitlab::GithubImport::ProjectCreator.new(repo, namespace, current_user).execute + @project = Gitlab::GithubImport::ProjectCreator.new(repo, namespace, current_user, access_params).execute end private def client - @client ||= Gitlab::GithubImport::Client.new(current_user.github_access_token) + @client ||= Gitlab::GithubImport::Client.new(session[:github_access_token]) end def verify_github_import_enabled @@ -53,7 +51,7 @@ class Import::GithubController < Import::BaseController end def github_auth - if current_user.github_access_token.blank? + if session[:github_access_token].blank? go_to_github_for_permissions end end @@ -65,4 +63,10 @@ class Import::GithubController < Import::BaseController def github_unauthorized go_to_github_for_permissions end + + private + + def access_params + { github_access_token: session[:github_access_token] } + end end |