summaryrefslogtreecommitdiff
path: root/lib/api/helpers.rb
diff options
context:
space:
mode:
authorTimothy Andrew <mail@timothyandrew.net>2016-06-16 08:24:13 +0530
committerTimothy Andrew <mail@timothyandrew.net>2016-06-16 08:24:13 +0530
commit7ee0898a9ec4a03c9a55841b1cbea67add460c50 (patch)
tree02715669032caed346c063a1e56db826f167fca2 /lib/api/helpers.rb
parentfaa0e3f7580bc38d4d12916b4589c64d6c2678a7 (diff)
downloadgitlab-ce-7ee0898a9ec4a03c9a55841b1cbea67add460c50.tar.gz
Implement @DouweM's feedback.
- Extract a duplicated `redirect_to` - Fix a typo: "token", not "certificate" - Have the "Expires at" datepicker be attached to a text field, not inline - Have both private tokens and personal access tokens verified in a single "authenticate_from_private_token" method, both in the application and API. Move relevant logic to `User#find_by_personal_access_token` - Remove unnecessary constants relating to API auth. We don't need a separate constant for personal access tokens since the param is the same as for private tokens.
Diffstat (limited to 'lib/api/helpers.rb')
-rw-r--r--lib/api/helpers.rb14
1 files changed, 3 insertions, 11 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 8c4a707e7ee..77e407b54c5 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -4,26 +4,18 @@ module API
PRIVATE_TOKEN_PARAM = :private_token
SUDO_HEADER = "HTTP_SUDO"
SUDO_PARAM = :sudo
- PERSONAL_ACCESS_TOKEN_PARAM = PRIVATE_TOKEN_PARAM
- PERSONAL_ACCESS_TOKEN_HEADER = PRIVATE_TOKEN_HEADER
def parse_boolean(value)
[ true, 1, '1', 't', 'T', 'true', 'TRUE', 'on', 'ON' ].include?(value)
end
def find_user_by_private_token
- private_token = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s
- User.find_by_authentication_token(private_token)
- end
-
- def find_user_by_personal_access_token
- personal_access_token_string = (params[PERSONAL_ACCESS_TOKEN_PARAM] || env[PERSONAL_ACCESS_TOKEN_HEADER]).to_s
- personal_access_token = PersonalAccessToken.active.find_by_token(personal_access_token_string)
- personal_access_token.user if personal_access_token
+ token_string = (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER]).to_s
+ User.find_by_authentication_token(token_string) || User.find_by_personal_access_token(token_string)
end
def current_user
- @current_user ||= (find_user_by_private_token || find_user_by_personal_access_token || doorkeeper_guard)
+ @current_user ||= (find_user_by_private_token || doorkeeper_guard)
unless @current_user && Gitlab::UserAccess.allowed?(@current_user)
return nil