diff options
author | Z.J. van de Weg <git@zjvandeweg.nl> | 2016-12-15 14:32:50 +0100 |
---|---|---|
committer | Z.J. van de Weg <git@zjvandeweg.nl> | 2016-12-15 20:21:35 +0100 |
commit | 4b23764da7622ae6bc40697c7c623df901cae01b (patch) | |
tree | f5d11a2a67e65692997bbcc3de45460731b08e3c /lib/mattermost/session.rb | |
parent | 429c9220f0ce49fa54ea640cbfc78e3591202138 (diff) | |
download | gitlab-ce-4b23764da7622ae6bc40697c7c623df901cae01b.tar.gz |
Improve session tests
Diffstat (limited to 'lib/mattermost/session.rb')
-rw-r--r-- | lib/mattermost/session.rb | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/lib/mattermost/session.rb b/lib/mattermost/session.rb new file mode 100644 index 00000000000..d14121c91a0 --- /dev/null +++ b/lib/mattermost/session.rb @@ -0,0 +1,105 @@ +module Mattermost + class NoSessionError < StandardError; end + # This class' prime objective is to obtain a session token on a Mattermost + # instance with SSO configured where this GitLab instance is the provider. + # + # The process depends on OAuth, but skips a step in the authentication cycle. + # For example, usually a user would click the 'login in GitLab' button on + # Mattermost, which would yield a 302 status code and redirects you to GitLab + # to approve the use of your account on Mattermost. Which would trigger a + # callback so Mattermost knows this request is approved and gets the required + # data to create the user account etc. + # + # This class however skips the button click, and also the approval phase to + # speed up the process and keep it without manual action and get a session + # going. + class Session + include Doorkeeper::Helpers::Controller + include HTTParty + + attr_accessor :current_resource_owner + + def initialize(uri, current_user) + # Sets the base uri for HTTParty, so we can use paths + self.class.base_uri(uri) + + @current_resource_owner = current_user + end + + def with_session + raise NoSessionError unless create + result = yield + destroy + + result + end + + # Next methods are needed for Doorkeeper + def pre_auth + @pre_auth ||= Doorkeeper::OAuth::PreAuthorization.new( + Doorkeeper.configuration, server.client_via_uid, params) + end + + def authorization + @authorization ||= strategy.request + end + + def strategy + @strategy ||= server.authorization_request(pre_auth.response_type) + end + + def request + @request ||= OpenStruct.new(parameters: params) + end + + def params + Rack::Utils.parse_query(@oauth_uri.query).symbolize_keys + end + + private + + def create + return unless oauth_uri + return unless token_uri + + self.class.headers("Cookie" => "MMAUTHTOKEN=#{request_token}") + + request_token + end + + def destroy + post('/api/v3/users/logout') + end + + def oauth_uri + response = get("/api/v3/oauth/gitlab/login", follow_redirects: false) + return unless 300 <= response.code && response.code < 400 + + redirect_uri = response.headers['location'] + return unless redirect_uri + + @oauth_uri ||= URI.parse(redirect_uri) + end + + def token_uri + @token_uri ||= if @oauth_uri + authorization.authorize.redirect_uri if pre_auth.authorizable? + end + end + + def request_token + @request_token ||= begin + response = get(@token_uri, follow_redirects: false) + response.headers['token'] if 200 <= response.code && response.code < 400 + end + end + + def get(path, options = {}) + self.class.get(path, options) + end + + def post(path, options = {}) + self.class.post(path, options) + end + end +end |