diff options
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/auth_finders.rb | 6 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/adapter.rb | 16 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/config.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/auth/u2f_webauthn_converter.rb | 2 |
4 files changed, 22 insertions, 6 deletions
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb index 416e36c7ccb..0796f23fbfe 100644 --- a/lib/gitlab/auth/auth_finders.rb +++ b/lib/gitlab/auth/auth_finders.rb @@ -89,9 +89,11 @@ module Gitlab job.user end - # We only allow Private Access Tokens with `api` scope to be used by web + # We allow Private Access Tokens with `api` scope to be used by web # requests on RSS feeds or ICS files for backwards compatibility. # It is also used by GraphQL/API requests. + # And to allow accessing /archive programatically as it was a big pain point + # for users https://gitlab.com/gitlab-org/gitlab/-/issues/28978. def find_user_from_web_access_token(request_format, scopes: [:api]) return unless access_token && valid_web_access_format?(request_format) @@ -269,6 +271,8 @@ module Gitlab ics_request? when :api api_request? + when :archive + archive_request? if Feature.enabled?(:allow_archive_as_web_access_format, default_enabled: :yaml) end end diff --git a/lib/gitlab/auth/ldap/adapter.rb b/lib/gitlab/auth/ldap/adapter.rb index 3853709698b..47eca74aa5b 100644 --- a/lib/gitlab/auth/ldap/adapter.rb +++ b/lib/gitlab/auth/ldap/adapter.rb @@ -53,11 +53,7 @@ module Gitlab if results.nil? response = ldap.get_operation_result - - unless response.code == 0 - Gitlab::AppLogger.warn("LDAP search error: #{response.message}") - end - + check_empty_response_code(response) [] else results @@ -136,6 +132,16 @@ module Gitlab def renew_connection_adapter @ldap = Net::LDAP.new(config.adapter_options) end + + def check_empty_response_code(response) + if config.retry_empty_result_with_codes.include?(response.code) + raise Net::LDAP::Error, "Got empty results with response code: #{response.code}, message: #{response.message}" + end + + unless response.code == 0 + Gitlab::AppLogger.warn("LDAP search error: #{response.message}") + end + end end end end diff --git a/lib/gitlab/auth/ldap/config.rb b/lib/gitlab/auth/ldap/config.rb index 441f0d14b39..7bfe776fed0 100644 --- a/lib/gitlab/auth/ldap/config.rb +++ b/lib/gitlab/auth/ldap/config.rb @@ -163,6 +163,10 @@ module Gitlab options['timeout'].to_i end + def retry_empty_result_with_codes + options.fetch('retry_empty_result_with_codes', []) + end + def external_groups options['external_groups'] || [] end diff --git a/lib/gitlab/auth/u2f_webauthn_converter.rb b/lib/gitlab/auth/u2f_webauthn_converter.rb index f85b2248aeb..20b5d2ddc88 100644 --- a/lib/gitlab/auth/u2f_webauthn_converter.rb +++ b/lib/gitlab/auth/u2f_webauthn_converter.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +require 'webauthn/u2f_migrator' + module Gitlab module Auth class U2fWebauthnConverter |