diff options
-rw-r--r-- | app/controllers/google_api/authorizations_controller.rb | 10 | ||||
-rw-r--r-- | app/controllers/projects/clusters_controller.rb | 16 | ||||
-rw-r--r-- | lib/google_api/auth.rb | 3 | ||||
-rw-r--r-- | lib/google_api/cloud_platform/client.rb | 16 |
4 files changed, 36 insertions, 9 deletions
diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb index 00b0c128711..890b4ce60c8 100644 --- a/app/controllers/google_api/authorizations_controller.rb +++ b/app/controllers/google_api/authorizations_controller.rb @@ -1,9 +1,13 @@ module GoogleApi class AuthorizationsController < ApplicationController def callback - session[GoogleApi::CloudPlatform::Client.session_key_for_token] = - GoogleApi::CloudPlatform::Client.new(nil, callback_google_api_authorizations_url) - .get_token(params[:code]) + token, expires_at = GoogleApi::CloudPlatform::Client + .new(nil, callback_google_api_authorizations_url) + .get_token(params[:code]) + + session[GoogleApi::CloudPlatform::Client.session_key_for_token] = token + session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] = + expires_at.to_s if params[:state] redirect_to params[:state] diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index ebb17bca010..552cc48d84a 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -6,12 +6,11 @@ class Projects::ClustersController < Projects::ApplicationController def login begin @authorize_url = GoogleApi::CloudPlatform::Client.new( - nil, - callback_google_api_authorizations_url, + nil, callback_google_api_authorizations_url, state: namespace_project_clusters_url.to_s ).authorize_url rescue GoogleApi::Auth::ConfigMissingError - # Show an alert message that gitlab.yml is not configured properly + # no-op end end @@ -83,12 +82,19 @@ class Projects::ClustersController < Projects::ApplicationController end def authorize_google_api - unless token_in_session + unless GoogleApi::CloudPlatform::Client.new(token_in_session, nil) + .validate_token(expires_at_in_session) redirect_to action: 'login' end end def token_in_session - @token_in_session ||= session[GoogleApi::CloudPlatform::Client.session_key_for_token] + @token_in_session ||= + session[GoogleApi::CloudPlatform::Client.session_key_for_token] + end + + def expires_at_in_session + @expires_at_in_session ||= + session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] end end diff --git a/lib/google_api/auth.rb b/lib/google_api/auth.rb index 92787b87ac6..8c962af51d7 100644 --- a/lib/google_api/auth.rb +++ b/lib/google_api/auth.rb @@ -19,7 +19,8 @@ module GoogleApi end def get_token(code) - client.auth_code.get_token(code, redirect_uri: redirect_uri).token + ret = client.auth_code.get_token(code, redirect_uri: redirect_uri) + return ret.token, ret.expires_at end protected diff --git a/lib/google_api/cloud_platform/client.rb b/lib/google_api/cloud_platform/client.rb index a1abc5bf074..ec77e6bdd72 100644 --- a/lib/google_api/cloud_platform/client.rb +++ b/lib/google_api/cloud_platform/client.rb @@ -9,12 +9,28 @@ module GoogleApi def session_key_for_token :cloud_platform_access_token end + + def session_key_for_expires_at + :cloud_platform_expires_at + end end def scope 'https://www.googleapis.com/auth/cloud-platform' end + def validate_token(expires_at) + return false unless access_token + return false unless expires_at + + # Making sure that the token will have been still alive during the cluster creation. + unless DateTime.strptime(expires_at, '%s').to_time > Time.now + 10.minutes + return false + end + + true + end + def projects_zones_clusters_get(project_id, zone, cluster_id) service = Google::Apis::ContainerV1::ContainerService.new service.authorization = access_token |