diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-13 15:27:05 +0200 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-09-13 15:27:05 +0200 |
| commit | 571226f166f638f821ce84b90bce9cec1e5d5d06 (patch) | |
| tree | 27cefbdc529510f757df251f125e344c7deeaf7c /app/controllers/jwt_controller.rb | |
| parent | 505dc808b3c0dc98413506446d368b91b56ff682 (diff) | |
| download | gitlab-ce-571226f166f638f821ce84b90bce9cec1e5d5d06.tar.gz | |
Make result to return project and capabilities granted
Diffstat (limited to 'app/controllers/jwt_controller.rb')
| -rw-r--r-- | app/controllers/jwt_controller.rb | 30 |
1 files changed, 10 insertions, 20 deletions
diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index ca02df28b91..1b075cc5e2d 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -11,7 +11,7 @@ class JwtController < ApplicationController service = SERVICES[params[:service]] return head :not_found unless service - result = service.new(@project, @user, auth_params).execute(access_type: @access_type) + result = service.new(@project, @user, auth_params).execute(capabilities: @capabilities) render json: result, status: result[:http_status] end @@ -20,12 +20,16 @@ class JwtController < ApplicationController def authenticate_project_or_user authenticate_with_http_basic do |login, password| - # if it's possible we first try to authenticate project with login and password - @project, @user, @access_type = authenticate_build(login, password) - return if @project + @auth_result = Gitlab::Auth.find_for_git_client(login, password, ip: request.ip) - @user, @access_type = authenticate_user(login, password) - return if @user + @user = auth_result.user + @project = auth_result.project + @type = auth_result.type + @capabilities = auth_result.capabilities || [] + + if @user || @project + return # Allow access + end render_403 end @@ -34,18 +38,4 @@ class JwtController < ApplicationController def auth_params params.permit(:service, :scope, :account, :client_id) end - - def authenticate_build(login, password) - return unless login == 'gitlab-ci-token' - return unless password - - build = Ci::Build.running.find_by(token: password) - return build.project, build.user, :restricted if build - end - - def authenticate_user(login, password) - user = Gitlab::Auth.find_with_user_password(login, password) - Gitlab::Auth.rate_limit!(request.ip, success: user.present?, login: login) - return user, :full - end end |