From 571226f166f638f821ce84b90bce9cec1e5d5d06 Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Tue, 13 Sep 2016 15:27:05 +0200 Subject: Make result to return project and capabilities granted --- app/controllers/jwt_controller.rb | 30 ++++++++++-------------------- 1 file changed, 10 insertions(+), 20 deletions(-) (limited to 'app/controllers/jwt_controller.rb') diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index ca02df28b91..1b075cc5e2d 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -11,7 +11,7 @@ class JwtController < ApplicationController service = SERVICES[params[:service]] return head :not_found unless service - result = service.new(@project, @user, auth_params).execute(access_type: @access_type) + result = service.new(@project, @user, auth_params).execute(capabilities: @capabilities) render json: result, status: result[:http_status] end @@ -20,12 +20,16 @@ class JwtController < ApplicationController def authenticate_project_or_user authenticate_with_http_basic do |login, password| - # if it's possible we first try to authenticate project with login and password - @project, @user, @access_type = authenticate_build(login, password) - return if @project + @auth_result = Gitlab::Auth.find_for_git_client(login, password, ip: request.ip) - @user, @access_type = authenticate_user(login, password) - return if @user + @user = auth_result.user + @project = auth_result.project + @type = auth_result.type + @capabilities = auth_result.capabilities || [] + + if @user || @project + return # Allow access + end render_403 end @@ -34,18 +38,4 @@ class JwtController < ApplicationController def auth_params params.permit(:service, :scope, :account, :client_id) end - - def authenticate_build(login, password) - return unless login == 'gitlab-ci-token' - return unless password - - build = Ci::Build.running.find_by(token: password) - return build.project, build.user, :restricted if build - end - - def authenticate_user(login, password) - user = Gitlab::Auth.find_with_user_password(login, password) - Gitlab::Auth.rate_limit!(request.ip, success: user.present?, login: login) - return user, :full - end end -- cgit v1.2.1