summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorMarkus Koller <markus-koller@gmx.ch>2017-02-06 16:39:35 +0100
committerAlexis Reigel <mail@koffeinfrei.org>2017-03-07 15:00:29 +0100
commit8699c8338f21404aa08c9a141768201ed02b2c93 (patch)
tree168b3277c3c23a49268ec11dc38ed284ee610825 /lib
parenteefbc837301acc49a33617063faafa97adee307e (diff)
downloadgitlab-ce-8699c8338f21404aa08c9a141768201ed02b2c93.tar.gz
Require explicit scopes on personal access tokens
Gitlab::Auth and API::APIGuard already check for at least one valid scope on personal access tokens, so if the scopes are empty the token will always fail validation.
Diffstat (limited to 'lib')
-rw-r--r--lib/gitlab/auth.rb5
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 92fe770728b..53edc0a9e2c 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -5,10 +5,13 @@ module Gitlab
# Scopes used for GitLab API access
API_SCOPES = [:api, :read_user].freeze
- # Scopes used by doorkeeper-openid_connect
+ # Scopes used for OpenID Connect
OPENID_SCOPES = [:openid].freeze
+ # Default scopes for OAuth applications that don't define their own
DEFAULT_SCOPES = [:api].freeze
+
+ # Other available scopes
OPTIONAL_SCOPES = (API_SCOPES + OPENID_SCOPES - DEFAULT_SCOPES).freeze
class << self