summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-07-27 22:40:43 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-07-27 22:40:43 +0000
commitbbe511b231b5de3fab4dc418601c89cc1ccc8063 (patch)
tree650453c3b64751df39fda6f33ca4b39318f41e0d /lib
parentad1c34c03de42ebc5279f338f6304e77930d34d4 (diff)
downloadgitlab-ce-bbe511b231b5de3fab4dc418601c89cc1ccc8063.tar.gz
Add latest changes from gitlab-org/gitlab@14-1-stable-ee
Diffstat (limited to 'lib')
-rw-r--r--lib/gitlab/auth/auth_finders.rb30
-rw-r--r--lib/gitlab/auth/request_authenticator.rb7
2 files changed, 35 insertions, 2 deletions
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb
index 0796f23fbfe..f54fa7504a3 100644
--- a/lib/gitlab/auth/auth_finders.rb
+++ b/lib/gitlab/auth/auth_finders.rb
@@ -89,6 +89,32 @@ module Gitlab
job.user
end
+ def find_user_from_basic_auth_password
+ return unless has_basic_credentials?(current_request)
+
+ login, password = user_name_and_password(current_request)
+ return if ::Gitlab::Auth::CI_JOB_USER == login
+
+ Gitlab::Auth.find_with_user_password(login, password)
+ end
+
+ def find_user_from_lfs_token
+ return unless has_basic_credentials?(current_request)
+
+ login, token = user_name_and_password(current_request)
+ user = User.by_login(login)
+
+ user if user && Gitlab::LfsToken.new(user).token_valid?(token)
+ end
+
+ def find_user_from_personal_access_token
+ return unless access_token
+
+ validate_access_token!
+
+ access_token&.user || raise(UnauthorizedError)
+ end
+
# We allow Private Access Tokens with `api` scope to be used by web
# requests on RSS feeds or ICS files for backwards compatibility.
# It is also used by GraphQL/API requests.
@@ -308,6 +334,10 @@ module Gitlab
current_request.path.starts_with?(Gitlab::Utils.append_path(Gitlab.config.gitlab.relative_url_root, '/api/'))
end
+ def git_request?
+ Gitlab::PathRegex.repository_git_route_regex.match?(current_request.path)
+ end
+
def archive_request?
current_request.path.include?('/-/archive/')
end
diff --git a/lib/gitlab/auth/request_authenticator.rb b/lib/gitlab/auth/request_authenticator.rb
index 504265a83ef..dfc682e8a5c 100644
--- a/lib/gitlab/auth/request_authenticator.rb
+++ b/lib/gitlab/auth/request_authenticator.rb
@@ -34,7 +34,10 @@ module Gitlab
find_user_from_feed_token(request_format) ||
find_user_from_static_object_token(request_format) ||
find_user_from_basic_auth_job ||
- find_user_from_job_token
+ find_user_from_job_token ||
+ find_user_from_lfs_token ||
+ find_user_from_personal_access_token ||
+ find_user_from_basic_auth_password
rescue Gitlab::Auth::AuthenticationError
nil
end
@@ -58,7 +61,7 @@ module Gitlab
def route_authentication_setting
@route_authentication_setting ||= {
job_token_allowed: api_request?,
- basic_auth_personal_access_token: api_request?
+ basic_auth_personal_access_token: api_request? || git_request?
}
end
end