diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-07-27 22:40:43 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-07-27 22:40:43 +0000 |
| commit | bbe511b231b5de3fab4dc418601c89cc1ccc8063 (patch) | |
| tree | 650453c3b64751df39fda6f33ca4b39318f41e0d /lib | |
| parent | ad1c34c03de42ebc5279f338f6304e77930d34d4 (diff) | |
| download | gitlab-ce-bbe511b231b5de3fab4dc418601c89cc1ccc8063.tar.gz | |
Add latest changes from gitlab-org/gitlab@14-1-stable-ee
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/auth/auth_finders.rb | 30 | ||||
| -rw-r--r-- | lib/gitlab/auth/request_authenticator.rb | 7 |
2 files changed, 35 insertions, 2 deletions
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb index 0796f23fbfe..f54fa7504a3 100644 --- a/lib/gitlab/auth/auth_finders.rb +++ b/lib/gitlab/auth/auth_finders.rb @@ -89,6 +89,32 @@ module Gitlab job.user end + def find_user_from_basic_auth_password + return unless has_basic_credentials?(current_request) + + login, password = user_name_and_password(current_request) + return if ::Gitlab::Auth::CI_JOB_USER == login + + Gitlab::Auth.find_with_user_password(login, password) + end + + def find_user_from_lfs_token + return unless has_basic_credentials?(current_request) + + login, token = user_name_and_password(current_request) + user = User.by_login(login) + + user if user && Gitlab::LfsToken.new(user).token_valid?(token) + end + + def find_user_from_personal_access_token + return unless access_token + + validate_access_token! + + access_token&.user || raise(UnauthorizedError) + end + # We allow Private Access Tokens with `api` scope to be used by web # requests on RSS feeds or ICS files for backwards compatibility. # It is also used by GraphQL/API requests. @@ -308,6 +334,10 @@ module Gitlab current_request.path.starts_with?(Gitlab::Utils.append_path(Gitlab.config.gitlab.relative_url_root, '/api/')) end + def git_request? + Gitlab::PathRegex.repository_git_route_regex.match?(current_request.path) + end + def archive_request? current_request.path.include?('/-/archive/') end diff --git a/lib/gitlab/auth/request_authenticator.rb b/lib/gitlab/auth/request_authenticator.rb index 504265a83ef..dfc682e8a5c 100644 --- a/lib/gitlab/auth/request_authenticator.rb +++ b/lib/gitlab/auth/request_authenticator.rb @@ -34,7 +34,10 @@ module Gitlab find_user_from_feed_token(request_format) || find_user_from_static_object_token(request_format) || find_user_from_basic_auth_job || - find_user_from_job_token + find_user_from_job_token || + find_user_from_lfs_token || + find_user_from_personal_access_token || + find_user_from_basic_auth_password rescue Gitlab::Auth::AuthenticationError nil end @@ -58,7 +61,7 @@ module Gitlab def route_authentication_setting @route_authentication_setting ||= { job_token_allowed: api_request?, - basic_auth_personal_access_token: api_request? + basic_auth_personal_access_token: api_request? || git_request? } end end |