diff options
Diffstat (limited to 'lib/gitlab/auth/user_auth_finders.rb')
-rw-r--r-- | lib/gitlab/auth/user_auth_finders.rb | 78 |
1 files changed, 32 insertions, 46 deletions
diff --git a/lib/gitlab/auth/user_auth_finders.rb b/lib/gitlab/auth/user_auth_finders.rb index d1f5bf84873..93f3cae0a95 100644 --- a/lib/gitlab/auth/user_auth_finders.rb +++ b/lib/gitlab/auth/user_auth_finders.rb @@ -2,77 +2,67 @@ module Gitlab module Auth module UserAuthFinders # Check the Rails session for valid authentication details - def find_session_user + def find_user_from_warden request.env['warden']&.authenticate if verified_request? end - def find_user_by_private_token - token = private_token - return unless token.present? - - user = - find_user_by_authentication_token(token) || - find_user_by_personal_access_token(token) + def find_user_by_rss_token + return unless request.format.atom? - raise_unauthorized_error! unless user + token = request.params[:rss_token].presence + return unless token.present? - user + handle_return_value!(User.find_by_rss_token(token)) end - def find_user_by_rss_token - return unless request.path.ends_with?('atom') || request.format.atom? + def find_user_from_access_token + return unless access_token - token = request.params[:rss_token].presence - return unless token.present? + validate_access_token! - user = User.find_by_rss_token(token) - raise_unauthorized_error! unless user + handle_return_value!(access_token&.user) + end - user + def validate_access_token!(scopes: []) end - def find_user_by_oauth_token - access_token = find_oauth_access_token + private - return unless access_token + def handle_return_value!(value, &block) + return unless value - find_user_by_access_token(access_token) + block_given? ? yield(value) : value end - private + def access_token + return @access_token if defined?(@access_token) + + @access_token = find_oauth_access_token || find_personal_access_token + end def private_token request.params[:private_token].presence || request.headers['PRIVATE-TOKEN'].presence end - def find_user_by_authentication_token(token_string) - User.find_by_authentication_token(token_string) - end - - def find_user_by_personal_access_token(token_string) - access_token = PersonalAccessToken.find_by_token(token_string) - return unless access_token + def find_personal_access_token + token = private_token.to_s + return unless token.present? - find_user_by_access_token(access_token) + # Expiration, revocation and scopes are verified in `validate_access_token!` + handle_return_value!(PersonalAccessToken.find_by(token: token)) end def find_oauth_access_token - return @oauth_access_token if defined?(@oauth_access_token) - current_request = ensure_action_dispatch_request(request) token = Doorkeeper::OAuth::Token.from_request(current_request, *Doorkeeper.configuration.access_token_methods) - return @oauth_access_token = nil unless token - - @oauth_access_token = OauthAccessToken.by_token(token) - raise_unauthorized_error! unless @oauth_access_token - - @oauth_access_token.revoke_previous_refresh_token! - @oauth_access_token - end + return unless token - def find_user_by_access_token(access_token) - access_token&.user + # Expiration, revocation and scopes are verified in `validate_access_token!` + handle_return_value!(OauthAccessToken.by_token(token)) do |oauth_token| + oauth_token.revoke_previous_refresh_token! + oauth_token + end end # Check if the request is GET/HEAD, or if CSRF token is valid. @@ -85,10 +75,6 @@ module Gitlab ActionDispatch::Request.new(request.env) end - - def raise_unauthorized_error! - return nil - end end end end |