Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee

1 files changed, 9 insertions, 7 deletions

diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb
index f3d0c053880..ccf52bae9a5 100644
--- a/lib/gitlab/auth/auth_finders.rb
+++ b/lib/gitlab/auth/auth_finders.rb
@@ -69,9 +69,7 @@ module Gitlab
           current_request.env[JOB_TOKEN_HEADER].presence
         return unless token
 
-        job = ::Ci::Build.find_by_token(token)
-        raise UnauthorizedError unless job
-
+        job = find_valid_running_job_by_token!(token)
         @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables
 
         job.user
@@ -84,9 +82,7 @@ module Gitlab
         return unless login.present? && password.present?
         return unless ::Gitlab::Auth::CI_JOB_USER == login
 
-        job = ::Ci::Build.find_by_token(password)
-        raise UnauthorizedError unless job
-
+        job = find_valid_running_job_by_token!(password)
         job.user
       end
 
@@ -179,7 +175,7 @@ module Gitlab
         token = parsed_oauth_token
         return unless token
 
-        job = ::Ci::Build.find_by_token(token)
+        job = ::Ci::AuthJobFinder.new(token: token).execute
         return unless job
 
         @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables
@@ -304,6 +300,12 @@ module Gitlab
       def blob_request?
         current_request.path.include?('/raw/')
       end
+
+      def find_valid_running_job_by_token!(token)
+        ::Ci::AuthJobFinder.new(token: token).execute.tap do |job|
+          raise UnauthorizedError unless job
+        end
+      end
     end
   end
 end