diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-20 12:26:25 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-20 12:26:25 +0000 |
| commit | a09983ae35713f5a2bbb100981116d31ce99826e (patch) | |
| tree | 2ee2af7bd104d57086db360a7e6d8c9d5d43667a /lib/gitlab/auth | |
| parent | 18c5ab32b738c0b6ecb4d0df3994000482f34bd8 (diff) | |
| download | gitlab-ce-a09983ae35713f5a2bbb100981116d31ce99826e.tar.gz | |
Add latest changes from gitlab-org/gitlab@13-2-stable-ee
Diffstat (limited to 'lib/gitlab/auth')
| -rw-r--r-- | lib/gitlab/auth/auth_finders.rb | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb index 93342fbad51..bd5aed0d964 100644 --- a/lib/gitlab/auth/auth_finders.rb +++ b/lib/gitlab/auth/auth_finders.rb @@ -54,6 +54,11 @@ module Gitlab User.find_by_feed_token(token) || raise(UnauthorizedError) end + def find_user_from_bearer_token + find_user_from_job_bearer_token || + find_user_from_access_token + end + def find_user_from_job_token return unless route_authentication_setting[:job_token_allowed] return find_user_from_basic_auth_job if route_authentication_setting[:job_token_allowed] == :basic_auth @@ -92,6 +97,8 @@ module Gitlab validate_access_token!(scopes: [:api]) + ::PersonalAccessTokens::LastUsedService.new(access_token).execute + access_token.user || raise(UnauthorizedError) end @@ -100,6 +107,8 @@ module Gitlab validate_access_token! + ::PersonalAccessTokens::LastUsedService.new(access_token).execute + access_token.user || raise(UnauthorizedError) end @@ -132,6 +141,9 @@ module Gitlab end def validate_access_token!(scopes: []) + # return early if we've already authenticated via a job token + return if @current_authenticated_job.present? # rubocop:disable Gitlab/ModuleWithInstanceVariables + # return early if we've already authenticated via a deploy token return if @current_authenticated_deploy_token.present? # rubocop:disable Gitlab/ModuleWithInstanceVariables @@ -151,6 +163,20 @@ module Gitlab private + def find_user_from_job_bearer_token + return unless route_authentication_setting[:job_token_allowed] + + token = parsed_oauth_token + return unless token + + job = ::Ci::Build.find_by_token(token) + return unless job + + @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables + + job.user + end + def route_authentication_setting return {} unless respond_to?(:route_setting) |