diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-10 18:08:04 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-10 18:08:04 +0000 |
commit | 115c8ea7af7ef69ca3f09c333314546e9b5712f9 (patch) | |
tree | c3b6798c11e502f7d2785649f95d2255beac3c91 /lib/gitlab/auth | |
parent | 27d91a629918e417a9e87825e838209b9ace79c1 (diff) | |
download | gitlab-ce-115c8ea7af7ef69ca3f09c333314546e9b5712f9.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/user_auth_finders.rb | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/gitlab/auth/user_auth_finders.rb b/lib/gitlab/auth/user_auth_finders.rb index a8869f907e6..983682baab1 100644 --- a/lib/gitlab/auth/user_auth_finders.rb +++ b/lib/gitlab/auth/user_auth_finders.rb @@ -24,6 +24,8 @@ module Gitlab PRIVATE_TOKEN_HEADER = 'HTTP_PRIVATE_TOKEN' PRIVATE_TOKEN_PARAM = :private_token + JOB_TOKEN_HEADER = "HTTP_JOB_TOKEN".freeze + JOB_TOKEN_PARAM = :job_token # Check the Rails session for valid authentication details def find_user_from_warden @@ -50,6 +52,20 @@ module Gitlab User.find_by_feed_token(token) || raise(UnauthorizedError) end + def find_user_from_job_token + return unless route_authentication_setting[:job_token_allowed] + + token = (params[JOB_TOKEN_PARAM] || env[JOB_TOKEN_HEADER]).to_s + return unless token.present? + + job = ::Ci::Build.find_by_token(token) + raise ::Gitlab::Auth::UnauthorizedError unless job + + @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables + + job.user + end + # We only allow Private Access Tokens with `api` scope to be used by web # requests on RSS feeds or ICS files for backwards compatibility. # It is also used by GraphQL/API requests. |