Support multiple scopes when using authing container registry scopes

author: Kamil Trzciński <ayufan@ayufan.eu> 2018-07-13 19:45:07 +0200
committer: Kamil Trzciński <ayufan@ayufan.eu> 2018-08-01 13:03:16 +0200
commit: 34ec29b9566900308989e15865e6df1059bd9b46 (patch)
tree: f743f6d9f1b637ab6bad9463e1fe08abb7c7676f /app/services/auth
parent: 3d2dad449da2915b2c431bf32548e03b08fcbe40 (diff)
download: gitlab-ce-34ec29b9566900308989e15865e6df1059bd9b46.tar.gz
1 files changed, 7 insertions, 5 deletions
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index 81857d0cb4c..893b37b831a 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -9,11 +9,11 @@ module Auth
 
       return error('UNAVAILABLE', status: 404, message: 'registry not enabled') unless registry.enabled
 
-      unless scope || current_user || project
+      unless scopes.any? || current_user || project
         return error('DENIED', status: 403, message: 'access forbidden')
       end
 
-      { token: authorized_token(scope).encoded }
+      { token: authorized_token(*scopes).encoded }
     end
 
     def self.full_access_token(*names)
@@ -47,10 +47,12 @@ module Auth
       end
     end
 
-    def scope
-      return unless params[:scope]
+    def scopes
+      return [] unless params[:scopes]
 
-      @scope ||= process_scope(params[:scope])
+      @scopes ||= params[:scopes].map do |scope|
+        process_scope(scope)
+      end.compact
     end
 
     def process_scope(scope)
author	Kamil Trzciński <ayufan@ayufan.eu>	2018-07-13 19:45:07 +0200
committer	Kamil Trzciński <ayufan@ayufan.eu>	2018-08-01 13:03:16 +0200
commit	34ec29b9566900308989e15865e6df1059bd9b46 (patch)
tree	f743f6d9f1b637ab6bad9463e1fe08abb7c7676f /app/services/auth
parent	3d2dad449da2915b2c431bf32548e03b08fcbe40 (diff)
download	gitlab-ce-34ec29b9566900308989e15865e6df1059bd9b46.tar.gz