blob: fa1e1f505ebd92ef893ca872ab75961cb7359f9b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
# frozen_string_literal: true
class JiraConnect::EventsController < JiraConnect::ApplicationController
# See https://developer.atlassian.com/cloud/jira/software/app-descriptor/#lifecycle
skip_before_action :verify_atlassian_jwt!
before_action :verify_asymmetric_atlassian_jwt!
def installed
success = current_jira_installation ? update_installation : create_installation
if success
head :ok
else
head :unprocessable_entity
end
end
def uninstalled
if JiraConnectInstallations::DestroyService.execute(current_jira_installation, jira_connect_base_path, jira_connect_events_uninstalled_path)
head :ok
else
head :unprocessable_entity
end
end
private
def create_installation
JiraConnectInstallation.new(create_params).save
end
def update_installation
JiraConnectInstallations::UpdateService.execute(
current_jira_installation,
update_params
).success?
end
def create_params
transformed_params.permit(:client_key, :shared_secret, :base_url)
end
def update_params
transformed_params.permit(:shared_secret, :base_url)
end
def transformed_params
@transformed_params ||= params.transform_keys(&:underscore)
end
def verify_asymmetric_atlassian_jwt!
asymmetric_jwt = Atlassian::JiraConnect::Jwt::Asymmetric.new(auth_token, jwt_verification_claims)
return head :unauthorized unless asymmetric_jwt.valid?
@current_jira_installation = JiraConnectInstallation.find_by_client_key(asymmetric_jwt.iss_claim)
end
def jwt_verification_claims
{
aud: Gitlab.config.jira_connect.enforce_jira_base_url_https ? jira_connect_base_url(protocol: 'https') : jira_connect_base_url,
iss: transformed_params[:client_key],
qsh: Atlassian::Jwt.create_query_string_hash(request.url, request.method, jira_connect_base_url)
}
end
end
|
