summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/api/entities.rb9
-rw-r--r--lib/api/personal_access_tokens.rb37
-rw-r--r--lib/api/users.rb62
-rw-r--r--lib/gitlab/auth.rb4
4 files changed, 45 insertions, 67 deletions
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 4e8d2410496..54bcca25834 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -697,7 +697,7 @@ module API
expose :active?, as: :active
end
- class BasicPersonalAccessToken < Grape::Entity
+ class PersonalAccessToken < Grape::Entity
expose :id, :name, :revoked, :created_at, :scopes
expose :active?, as: :active
expose :expires_at do |personal_access_token|
@@ -705,9 +705,12 @@ module API
end
end
- class PersonalAccessToken < BasicPersonalAccessToken
- expose :impersonation
+ class PersonalAccessTokenWithToken < PersonalAccessToken
expose :token
end
+
+ class ImpersonationToken < PersonalAccessTokenWithToken
+ expose :impersonation
+ end
end
end
diff --git a/lib/api/personal_access_tokens.rb b/lib/api/personal_access_tokens.rb
index 7afb8eec14c..763888bb57e 100644
--- a/lib/api/personal_access_tokens.rb
+++ b/lib/api/personal_access_tokens.rb
@@ -5,41 +5,30 @@ module API
resource :personal_access_tokens do
desc 'Retrieve personal access tokens' do
detail 'This feature was introduced in GitLab 9.0'
- success Entities::BasicPersonalAccessToken
+ success Entities::PersonalAccessToken
end
params do
optional :state, type: String, default: 'all', values: %w[all active inactive], desc: 'Filters (all|active|inactive) personal_access_tokens'
end
- get do
- personal_access_tokens = current_user.personal_access_tokens
-
- case params[:state]
- when "active"
- personal_access_tokens = personal_access_tokens.active
- when "inactive"
- personal_access_tokens = personal_access_tokens.inactive
- end
-
- present personal_access_tokens, with: Entities::BasicPersonalAccessToken
- end
+ get { present PersonalAccessTokensFinder.new(current_user, params).execute, with: Entities::PersonalAccessToken }
desc 'Retrieve personal access token' do
detail 'This feature was introduced in GitLab 9.0'
- success Entities::BasicPersonalAccessToken
+ success Entities::PersonalAccessToken
end
params do
requires :personal_access_token_id, type: Integer, desc: 'The ID of the personal access token'
end
get ':personal_access_token_id' do
- personal_access_token = PersonalAccessToken.find_by(id: params[:personal_access_token_id], user_id: current_user.id)
- not_found!('PersonalAccessToken') unless personal_access_token
+ personal_access_token = PersonalAccessTokensFinder.new(current_user, declared_params(include_missing: false)).execute
+ not_found!('Personal Access Token') unless personal_access_token
- present personal_access_token, with: Entities::BasicPersonalAccessToken
+ present personal_access_token, with: Entities::PersonalAccessToken
end
desc 'Create a personal access token' do
detail 'This feature was introduced in GitLab 9.0'
- success Entities::BasicPersonalAccessToken
+ success Entities::PersonalAccessTokenWithToken
end
params do
requires :name, type: String, desc: 'The name of the personal access token'
@@ -47,13 +36,10 @@ module API
optional :scopes, type: Array, desc: 'The array of scopes of the personal access token'
end
post do
- parameters = declared_params(include_missing: false)
- parameters[:user_id] = current_user.id
-
- personal_access_token = PersonalAccessToken.generate(parameters)
+ personal_access_token = current_user.personal_access_tokens.build(declared_params(include_missing: false))
if personal_access_token.save
- present personal_access_token, with: Entities::PersonalAccessToken
+ present personal_access_token, with: Entities::PersonalAccessTokenWithToken
else
render_validation_error!(personal_access_token)
end
@@ -61,14 +47,13 @@ module API
desc 'Revoke a personal access token' do
detail 'This feature was introduced in GitLab 9.0'
- success Entities::BasicPersonalAccessToken
end
params do
requires :personal_access_token_id, type: Integer, desc: 'The ID of the personal access token'
end
delete ':personal_access_token_id' do
- personal_access_token = PersonalAccessToken.find_by(id: params[:personal_access_token_id], user_id: current_user.id)
- not_found!('PersonalAccessToken') unless personal_access_token
+ personal_access_token = PersonalAccessTokensFinder.new(current_user, declared_params(include_missing: false)).execute
+ not_found!('Personal Access Token') unless personal_access_token
personal_access_token.revoke!
diff --git a/lib/api/users.rb b/lib/api/users.rb
index c302a6dd690..d29f6dde210 100644
--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -9,6 +9,11 @@ module API
resource :users, requirements: { uid: /[0-9]*/, id: /[0-9]*/ } do
helpers do
+ def find_user(params)
+ user = User.find_by(id: params[:id])
+ user ? user : not_found!('User')
+ end
+
params :optional_attributes do
optional :skype, type: String, desc: 'The Skype username'
optional :linkedin, type: String, desc: 'The LinkedIn username'
@@ -364,40 +369,28 @@ module API
end
params do
- requires :user_id, type: Integer, desc: 'The ID of the user'
+ requires :id, type: Integer, desc: 'The ID of the user'
end
- segment ':user_id' do
+ segment ':id' do
resource :personal_access_tokens do
before { authenticated_as_admin! }
desc 'Retrieve personal access tokens. Available only for admins.' do
detail 'This feature was introduced in GitLab 9.0'
- success Entities::PersonalAccessToken
+ success Entities::ImpersonationToken
end
params do
optional :state, type: String, default: 'all', values: %w[all active inactive], desc: 'Filters (all|active|inactive) personal_access_tokens'
optional :impersonation, type: Boolean, default: false, desc: 'Filters only impersonation personal_access_tokens'
end
get do
- user = User.find_by(id: params[:user_id])
- not_found!('User') unless user
-
- personal_access_tokens = PersonalAccessToken.and_impersonation_tokens.where(user_id: user.id)
- personal_access_tokens = personal_access_tokens.impersonation if params[:impersonation]
-
- case params[:state]
- when "active"
- personal_access_tokens = personal_access_tokens.active
- when "inactive"
- personal_access_tokens = personal_access_tokens.inactive
- end
-
- present personal_access_tokens, with: Entities::PersonalAccessToken
+ user = find_user(params)
+ present PersonalAccessTokensFinder.new(user, params).execute, with: Entities::ImpersonationToken
end
desc 'Create a personal access token. Available only for admins.' do
detail 'This feature was introduced in GitLab 9.0'
- success Entities::PersonalAccessToken
+ success Entities::ImpersonationToken
end
params do
requires :name, type: String, desc: 'The name of the personal access token'
@@ -406,13 +399,11 @@ module API
optional :impersonation, type: Boolean, default: false, desc: 'The impersonation flag of the personal access token'
end
post do
- user = User.find_by(id: params[:user_id])
- not_found!('User') unless user
-
- personal_access_token = PersonalAccessToken.generate(declared_params(include_missing: false, include_parent_namespaces: true))
+ user = find_user(params)
+ personal_access_token = PersonalAccessTokensFinder.new(user).execute.build(declared_params(include_missing: false))
if personal_access_token.save
- present personal_access_token, with: Entities::PersonalAccessToken
+ present personal_access_token, with: Entities::ImpersonationToken
else
render_validation_error!(personal_access_token)
end
@@ -420,34 +411,33 @@ module API
desc 'Retrieve personal access token. Available only for admins.' do
detail 'This feature was introduced in GitLab 9.0'
- success Entities::PersonalAccessToken
+ success Entities::ImpersonationToken
end
params do
requires :personal_access_token_id, type: Integer, desc: 'The ID of the personal access token'
+ optional :impersonation, type: Boolean, default: false, desc: 'The impersonation flag of the personal access token'
end
- get '/:personal_access_token_id' do
- user = User.find_by(id: params[:user_id])
- not_found!('User') unless user
+ get ':personal_access_token_id' do
+ user = find_user(params)
- personal_access_token = PersonalAccessToken.and_impersonation_tokens.find_by(user_id: user.id, id: params[:personal_access_token_id])
- not_found!('PersonalAccessToken') unless personal_access_token
+ personal_access_token = PersonalAccessTokensFinder.new(user, declared_params(include_missing: false)).execute
+ not_found!('Personal Access Token') unless personal_access_token
- present personal_access_token, with: Entities::PersonalAccessToken
+ present personal_access_token, with: Entities::ImpersonationToken
end
desc 'Revoke a personal access token. Available only for admins.' do
detail 'This feature was introduced in GitLab 9.0'
- success Entities::PersonalAccessToken
end
params do
requires :personal_access_token_id, type: Integer, desc: 'The ID of the personal access token'
+ optional :impersonation, type: Boolean, default: false, desc: 'The impersonation flag of the personal access token'
end
- delete '/:personal_access_token_id' do
- user = User.find_by(id: params[:user_id])
- not_found!('User') unless user
+ delete ':personal_access_token_id' do
+ user = find_user(params)
- personal_access_token = PersonalAccessToken.and_impersonation_tokens.find_by(user_id: user.id, id: params[:personal_access_token_id])
- not_found!('PersonalAccessToken') unless personal_access_token
+ personal_access_token = PersonalAccessTokensFinder.new(user, declared_params(include_missing: false)).execute
+ not_found!('Personal Access Token') unless personal_access_token
personal_access_token.revoke!
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index e48462a4bd6..ef261d08b1d 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -105,9 +105,9 @@ module Gitlab
def personal_access_token_check(password)
return unless password.present?
- token = PersonalAccessToken.and_impersonation_tokens.active.find_by_token(password)
+ token = PersonalAccessToken.with_impersonation_tokens.active.find_by_token(password)
- if token && (valid_api_token?(token) || token.impersonation)
+ if token && valid_api_token?(token)
Gitlab::Auth::Result.new(token.user, nil, :personal_token, full_authentication_abilities)
end
end
View Lorry Controller Status