diff options
author | Douwe Maan <douwe@selenight.nl> | 2017-09-27 15:56:48 +0200 |
---|---|---|
committer | Douwe Maan <douwe@selenight.nl> | 2017-10-12 11:13:37 +0200 |
commit | 025c6eeaa1e02dce31cb836c39ee4a5f312f202f (patch) | |
tree | 14c6de5fb8ab55694413a22cc0ba668ae3773f9d /lib/api/helpers.rb | |
parent | ad5b96952e9eb90dc72d640f01aca01b5d0a2a12 (diff) | |
download | gitlab-ce-025c6eeaa1e02dce31cb836c39ee4a5f312f202f.tar.gz |
Move all API authentication code to APIGuard
Diffstat (limited to 'lib/api/helpers.rb')
-rw-r--r-- | lib/api/helpers.rb | 52 |
1 files changed, 1 insertions, 51 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index a87297a604c..2b316b58ed9 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -3,8 +3,6 @@ module API include Gitlab::Utils include Helpers::Pagination - UnauthorizedError = Class.new(StandardError) - SUDO_HEADER = "HTTP_SUDO".freeze SUDO_PARAM = :sudo @@ -379,47 +377,16 @@ module API private - def private_token - params[APIGuard::PRIVATE_TOKEN_PARAM] || env[APIGuard::PRIVATE_TOKEN_HEADER] - end - - def warden - env['warden'] - end - - # Check if the request is GET/HEAD, or if CSRF token is valid. - def verified_request? - Gitlab::RequestForgeryProtection.verified?(env) - end - - # Check the Rails session for valid authentication details - def find_user_from_warden - warden.try(:authenticate) if verified_request? - end - def initial_current_user return @initial_current_user if defined?(@initial_current_user) begin @initial_current_user = Gitlab::Auth::UniqueIpsLimiter.limit_user! { find_current_user } - rescue APIGuard::UnauthorizedError, UnauthorizedError + rescue APIGuard::UnauthorizedError unauthorized! end end - def find_current_user - user = - find_user_by_private_token(scopes: scopes_registered_for_endpoint) || - doorkeeper_guard(scopes: scopes_registered_for_endpoint) || - find_user_from_warden - - return nil unless user - - raise UnauthorizedError unless Gitlab::UserAccess.new(user).allowed? && user.can?(:access_api) - - user - end - def sudo! return unless sudo_identifier return unless initial_current_user @@ -479,22 +446,5 @@ module API exception.status == 500 end - - # An array of scopes that were registered (using `allow_access_with_scope`) - # for the current endpoint class. It also returns scopes registered on - # `API::API`, since these are meant to apply to all API routes. - def scopes_registered_for_endpoint - @scopes_registered_for_endpoint ||= - begin - endpoint_classes = [options[:for].presence, ::API::API].compact - endpoint_classes.reduce([]) do |memo, endpoint| - if endpoint.respond_to?(:allowed_scopes) - memo.concat(endpoint.allowed_scopes) - else - memo - end - end - end - end end end |