diff options
author | Douwe Maan <douwe@selenight.nl> | 2017-03-07 09:29:55 -0600 |
---|---|---|
committer | Douwe Maan <douwe@selenight.nl> | 2017-03-07 09:29:55 -0600 |
commit | 6a52cda31da4becc3e342530a2bdf0868d8921cc (patch) | |
tree | c1dda64455fb29597100513596ae02f1d1946089 /lib/gitlab/auth.rb | |
parent | 61cfe6dea6f2d6725771a0f341e70975cf91c7f7 (diff) | |
parent | 005749a616c19b90d6ec0415df9ae5e35151e33c (diff) | |
download | gitlab-ce-6a52cda31da4becc3e342530a2bdf0868d8921cc.tar.gz |
Merge remote-tracking branch 'origin/personal_access_token_api_and_impersonation_token'
Diffstat (limited to 'lib/gitlab/auth.rb')
-rw-r--r-- | lib/gitlab/auth.rb | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 0a0bd0e781c..6d69efb0bf6 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -18,8 +18,8 @@ module Gitlab build_access_token_check(login, password) || lfs_token_check(login, password) || oauth_access_token_check(login, password) || - personal_access_token_check(login, password) || user_with_password_for_git(login, password) || + personal_access_token_check(password) || Gitlab::Auth::Result.new rate_limit!(ip, success: result.success?, login: login) @@ -105,14 +105,13 @@ module Gitlab end end - def personal_access_token_check(login, password) - if login && password - token = PersonalAccessToken.active.find_by_token(password) - validation = User.by_login(login) + def personal_access_token_check(password) + return unless password.present? - if valid_personal_access_token?(token, validation) - Gitlab::Auth::Result.new(validation, nil, :personal_token, full_authentication_abilities) - end + token = PersonalAccessTokensFinder.new(state: 'active').find_by(token: password) + + if token && valid_api_token?(token) + Gitlab::Auth::Result.new(token.user, nil, :personal_token, full_authentication_abilities) end end @@ -120,10 +119,6 @@ module Gitlab token && token.accessible? && valid_api_token?(token) end - def valid_personal_access_token?(token, user) - token && token.user == user && valid_api_token?(token) - end - def valid_api_token?(token) AccessTokenValidationService.new(token).include_any_scope?(['api']) end |