summaryrefslogtreecommitdiff
path: root/lib/gitlab/auth/user_auth_finders.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/gitlab/auth/user_auth_finders.rb')
-rw-r--r--lib/gitlab/auth/user_auth_finders.rb78
1 files changed, 32 insertions, 46 deletions
diff --git a/lib/gitlab/auth/user_auth_finders.rb b/lib/gitlab/auth/user_auth_finders.rb
index d1f5bf84873..93f3cae0a95 100644
--- a/lib/gitlab/auth/user_auth_finders.rb
+++ b/lib/gitlab/auth/user_auth_finders.rb
@@ -2,77 +2,67 @@ module Gitlab
module Auth
module UserAuthFinders
# Check the Rails session for valid authentication details
- def find_session_user
+ def find_user_from_warden
request.env['warden']&.authenticate if verified_request?
end
- def find_user_by_private_token
- token = private_token
- return unless token.present?
-
- user =
- find_user_by_authentication_token(token) ||
- find_user_by_personal_access_token(token)
+ def find_user_by_rss_token
+ return unless request.format.atom?
- raise_unauthorized_error! unless user
+ token = request.params[:rss_token].presence
+ return unless token.present?
- user
+ handle_return_value!(User.find_by_rss_token(token))
end
- def find_user_by_rss_token
- return unless request.path.ends_with?('atom') || request.format.atom?
+ def find_user_from_access_token
+ return unless access_token
- token = request.params[:rss_token].presence
- return unless token.present?
+ validate_access_token!
- user = User.find_by_rss_token(token)
- raise_unauthorized_error! unless user
+ handle_return_value!(access_token&.user)
+ end
- user
+ def validate_access_token!(scopes: [])
end
- def find_user_by_oauth_token
- access_token = find_oauth_access_token
+ private
- return unless access_token
+ def handle_return_value!(value, &block)
+ return unless value
- find_user_by_access_token(access_token)
+ block_given? ? yield(value) : value
end
- private
+ def access_token
+ return @access_token if defined?(@access_token)
+
+ @access_token = find_oauth_access_token || find_personal_access_token
+ end
def private_token
request.params[:private_token].presence ||
request.headers['PRIVATE-TOKEN'].presence
end
- def find_user_by_authentication_token(token_string)
- User.find_by_authentication_token(token_string)
- end
-
- def find_user_by_personal_access_token(token_string)
- access_token = PersonalAccessToken.find_by_token(token_string)
- return unless access_token
+ def find_personal_access_token
+ token = private_token.to_s
+ return unless token.present?
- find_user_by_access_token(access_token)
+ # Expiration, revocation and scopes are verified in `validate_access_token!`
+ handle_return_value!(PersonalAccessToken.find_by(token: token))
end
def find_oauth_access_token
- return @oauth_access_token if defined?(@oauth_access_token)
-
current_request = ensure_action_dispatch_request(request)
token = Doorkeeper::OAuth::Token.from_request(current_request, *Doorkeeper.configuration.access_token_methods)
- return @oauth_access_token = nil unless token
-
- @oauth_access_token = OauthAccessToken.by_token(token)
- raise_unauthorized_error! unless @oauth_access_token
-
- @oauth_access_token.revoke_previous_refresh_token!
- @oauth_access_token
- end
+ return unless token
- def find_user_by_access_token(access_token)
- access_token&.user
+ # Expiration, revocation and scopes are verified in `validate_access_token!`
+ handle_return_value!(OauthAccessToken.by_token(token)) do |oauth_token|
+ oauth_token.revoke_previous_refresh_token!
+ oauth_token
+ end
end
# Check if the request is GET/HEAD, or if CSRF token is valid.
@@ -85,10 +75,6 @@ module Gitlab
ActionDispatch::Request.new(request.env)
end
-
- def raise_unauthorized_error!
- return nil
- end
end
end
end
View Lorry Controller Status