From d39b8e07714d13778d8872f7a4f0db02c5f35865 Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Fri, 26 Oct 2018 18:42:57 +0000 Subject: Merge branch 'fix_pat_auth-11-2' into 'security-11-2' [11.2] Fix Token lookup for Git over HTTP and registry authentication See merge request gitlab/gitlabhq!2579 --- app/finders/personal_access_tokens_finder.rb | 2 +- app/models/user.rb | 2 +- lib/gitlab/auth.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/finders/personal_access_tokens_finder.rb b/app/finders/personal_access_tokens_finder.rb index d975f354a88..5d5c633d634 100644 --- a/app/finders/personal_access_tokens_finder.rb +++ b/app/finders/personal_access_tokens_finder.rb @@ -1,7 +1,7 @@ class PersonalAccessTokensFinder attr_accessor :params - delegate :build, :find, :find_by, to: :execute + delegate :build, :find, :find_by, :find_by_token, to: :execute def initialize(params = {}) @params = params diff --git a/app/models/user.rb b/app/models/user.rb index 14f2c269ad1..2317b4e61bb 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -404,7 +404,7 @@ class User < ActiveRecord::Base def find_by_personal_access_token(token_string) return unless token_string - PersonalAccessTokensFinder.new(state: 'active').find_by(token: token_string)&.user + PersonalAccessTokensFinder.new(state: 'active').find_by_token(token_string)&.user end # Returns a user for the given SSH key. diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 111e18b2076..e09a03ecd45 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -150,7 +150,7 @@ module Gitlab def personal_access_token_check(password) return unless password.present? - token = PersonalAccessTokensFinder.new(state: 'active').find_by(token: password) + token = PersonalAccessTokensFinder.new(state: 'active').find_by_token(password) if token && valid_scoped_token?(token, available_scopes) Gitlab::Auth::Result.new(token.user, nil, :personal_access_token, abilities_for_scopes(token.scopes)) -- cgit v1.2.1