diff options
author | Douwe Maan <douwe@gitlab.com> | 2018-02-23 10:33:46 +0000 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2018-02-23 10:33:46 +0000 |
commit | 7a6c7bd66bae678640c98ad426cd0153f638b163 (patch) | |
tree | 51dd1b18673e8f695ef2252b86c90b02148c269e /lib/gitlab/middleware | |
parent | 981b5905a02ac89ca9f33ad7c91d8c1a576ed9af (diff) | |
download | gitlab-ce-7a6c7bd66bae678640c98ad426cd0153f638b163.tar.gz |
Allow token authentication on go-get request
Diffstat (limited to 'lib/gitlab/middleware')
-rw-r--r-- | lib/gitlab/middleware/go.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/gitlab/middleware/go.rb b/lib/gitlab/middleware/go.rb index 1a570f480c6..1fd8f147b44 100644 --- a/lib/gitlab/middleware/go.rb +++ b/lib/gitlab/middleware/go.rb @@ -114,7 +114,15 @@ module Gitlab end def current_user(request) - request.env['warden']&.authenticate + authenticator = Gitlab::Auth::RequestAuthenticator.new(request) + user = authenticator.find_user_from_access_token || authenticator.find_user_from_warden + + return unless user&.can?(:access_api) + + # Right now, the `api` scope is the only one that should be able to determine private project existence. + return unless authenticator.valid_access_token?(scopes: [:api]) + + user end end end |