diff options
| -rw-r--r-- | lib/api/api_guard.rb | 15 | ||||
| -rw-r--r-- | lib/gitlab/auth/request_authenticator.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/auth/user_auth_finders.rb | 10 | ||||
| -rw-r--r-- | spec/lib/gitlab/auth/request_authenticator_spec.rb | 2 |
4 files changed, 14 insertions, 15 deletions
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb index e2a1a51b300..0caf2aa25bc 100644 --- a/lib/api/api_guard.rb +++ b/lib/api/api_guard.rb @@ -139,13 +139,14 @@ module API # Exceptions # - MissingTokenError = Class.new(StandardError) - TokenNotFoundError = Class.new(StandardError) - ExpiredError = Class.new(StandardError) - RevokedError = Class.new(StandardError) - UnauthorizedError = Class.new(StandardError) - - class InsufficientScopeError < StandardError + AuthenticationException = Class.new(StandardError) + MissingTokenError = Class.new(AuthenticationException) + TokenNotFoundError = Class.new(AuthenticationException) + ExpiredError = Class.new(AuthenticationException) + RevokedError = Class.new(AuthenticationException) + UnauthorizedError = Class.new(AuthenticationException) + + class InsufficientScopeError < AuthenticationException attr_reader :scopes def initialize(scopes) @scopes = scopes.map { |s| s.try(:name) || s } diff --git a/lib/gitlab/auth/request_authenticator.rb b/lib/gitlab/auth/request_authenticator.rb index f500609d1a3..8316d0f40d5 100644 --- a/lib/gitlab/auth/request_authenticator.rb +++ b/lib/gitlab/auth/request_authenticator.rb @@ -17,7 +17,7 @@ module Gitlab def find_sessionless_user find_user_from_access_token || find_user_from_rss_token - rescue StandardError + rescue API::APIGuard::AuthenticationException nil end end diff --git a/lib/gitlab/auth/user_auth_finders.rb b/lib/gitlab/auth/user_auth_finders.rb index dc688637107..0b4ea3aaf5f 100644 --- a/lib/gitlab/auth/user_auth_finders.rb +++ b/lib/gitlab/auth/user_auth_finders.rb @@ -47,13 +47,11 @@ module Gitlab @access_token = find_oauth_access_token || find_personal_access_token end - def private_token - current_request.params[PRIVATE_TOKEN_PARAM].presence || + def find_personal_access_token + token = + current_request.params[PRIVATE_TOKEN_PARAM].presence || current_request.env[PRIVATE_TOKEN_HEADER].presence - end - def find_personal_access_token - token = private_token return unless token # Expiration, revocation and scopes are verified in `validate_access_token!` @@ -66,7 +64,7 @@ module Gitlab # Expiration, revocation and scopes are verified in `validate_access_token!` oauth_token = OauthAccessToken.by_token(token) - raise(API::APIGuard::UnauthorizedError) unless oauth_token + raise API::APIGuard::UnauthorizedError unless oauth_token oauth_token.revoke_previous_refresh_token! oauth_token diff --git a/spec/lib/gitlab/auth/request_authenticator_spec.rb b/spec/lib/gitlab/auth/request_authenticator_spec.rb index 2f01c6ef4de..4ddebed119f 100644 --- a/spec/lib/gitlab/auth/request_authenticator_spec.rb +++ b/spec/lib/gitlab/auth/request_authenticator_spec.rb @@ -58,7 +58,7 @@ describe Gitlab::Auth::RequestAuthenticator do expect(subject.find_sessionless_user).to be_blank end - it 'rescue StandardError exceptions' do + it 'rescue API::APIGuard::AuthenticationException exceptions' do allow_any_instance_of(described_class).to receive(:find_user_from_access_token).and_raise(API::APIGuard::UnauthorizedError) expect(subject.find_sessionless_user).to be_blank |