blob: b9c5e87c69c353eebabdcbcdc9d8b8e621f7342c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# frozen_string_literal: true
module GoogleApi
class AuthorizationsController < ApplicationController
include Gitlab::Utils::StrongMemoize
before_action :validate_session_key!
feature_category :kubernetes_management
##
# handle the response from google after the user
# goes through authentication and authorization process
def callback
redirect_uri = redirect_uri_from_session
##
# when the user declines authorizations
# `error` param is returned
if params[:error]
flash[:alert] = _('Google Cloud authorizations required')
redirect_uri = session[:error_uri]
##
# on success, the `code` param is returned
elsif params[:code]
token, expires_at = GoogleApi::CloudPlatform::Client
.new(nil, callback_google_api_auth_url)
.get_token(params[:code])
session[GoogleApi::CloudPlatform::Client.session_key_for_token] = token
session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] = expires_at.to_s
redirect_uri = redirect_uri_from_session
end
##
# or google may just timeout
rescue ::Faraday::TimeoutError, ::Faraday::ConnectionFailed
flash[:alert] = _('Timeout connecting to the Google API. Please try again.')
##
# regardless, we redirect the user appropriately
ensure
redirect_to redirect_uri
end
private
def validate_session_key!
access_denied! unless redirect_uri_from_session.present?
end
def redirect_uri_from_session
strong_memoize(:redirect_uri_from_session) do
if params[:state].present?
session[session_key_for_redirect_uri(params[:state])]
else
nil
end
end
end
def session_key_for_redirect_uri(state)
GoogleApi::CloudPlatform::Client.session_key_for_redirect_uri(state)
end
end
end
|