Remove user OAuth tokens stored in database for Bitbucket, GitHub, and GitLab

and request them each session. Pass these tokens to the project import data. This prevents the need to encrypt these tokens and clear them in case they expire or get revoked. For example, if you deleted and re-created OAuth2 keys for Bitbucket, you would get an Error 500 with no way to recover: ``` Started GET "/import/bitbucket/status" for x.x.x.x at 2015-08-07 05:24:10 +0000 Processing by Import::BitbucketController#status as HTML Completed 500 Internal Server Error in 607ms (ActiveRecord: 2.3ms) NameError (uninitialized constant Import::BitbucketController::Unauthorized): app/controllers/import/bitbucket_controller.rb:77:in `rescue in go_to_bitbucket_for_permissions' app/controllers/import/bitbucket_controller.rb:74:in `go_to_bitbucket_for_permissions' app/controllers/import/bitbucket_controller.rb:86:in `bitbucket_unauthorized' ``` Closes #1871
author: Stan Hu <stanhu@gmail.com> 2015-08-07 10:06:20 +0300
committer: Stan Hu <stanhu@gmail.com> 2015-08-23 19:23:44 +0300
commit: ed1d4fa477789659f9343593bf06d50e70750561 (patch)
tree: c7d208bd6be17632a314eb090456f1a30f42f13b /app/controllers/import
parent: 97cc91d21d28a6482dc6ab040db31598a786f56c (diff)
3 files changed, 36 insertions, 19 deletions
diff --git a/app/controllers/import/bitbucket_controller.rb b/app/controllers/import/bitbucket_controller.rb
index 4e6c0b66634..f84f85a7df8 100644
--- a/app/controllers/import/bitbucket_controller.rb
+++ b/app/controllers/import/bitbucket_controller.rb
@@ -13,10 +13,9 @@ class Import::BitbucketController < Import::BaseController
 
     access_token = client.get_token(request_token, params[:oauth_verifier], callback_import_bitbucket_url)
 
-    current_user.bitbucket_access_token = access_token.token
-    current_user.bitbucket_access_token_secret = access_token.secret
+    session[:bitbucket_access_token] = access_token.token
+    session[:bitbucket_access_token_secret] = access_token.secret
 
-    current_user.save
     redirect_to status_import_bitbucket_url
   end
 
@@ -46,19 +45,20 @@ class Import::BitbucketController < Import::BaseController
 
     namespace = get_or_create_namespace || (render and return)
 
-    unless Gitlab::BitbucketImport::KeyAdder.new(repo, current_user).execute
+    unless Gitlab::BitbucketImport::KeyAdder.new(repo, current_user, access_params).execute
       @access_denied = true
       render
       return
     end
 
-    @project = Gitlab::BitbucketImport::ProjectCreator.new(repo, namespace, current_user).execute
+    @project = Gitlab::BitbucketImport::ProjectCreator.new(repo, namespace, current_user, access_params).execute
   end
 
   private
 
   def client
-    @client ||= Gitlab::BitbucketImport::Client.new(current_user.bitbucket_access_token, current_user.bitbucket_access_token_secret)
+    @client ||= Gitlab::BitbucketImport::Client.new(session[:bitbucket_access_token],
+                                                    session[:bitbucket_access_token_secret])
   end
 
   def verify_bitbucket_import_enabled
@@ -66,7 +66,7 @@ class Import::BitbucketController < Import::BaseController
   end
 
   def bitbucket_auth
-    if current_user.bitbucket_access_token.blank?
+    if session[:bitbucket_access_token].blank?
       go_to_bitbucket_for_permissions
     end
   end
@@ -81,4 +81,13 @@ class Import::BitbucketController < Import::BaseController
   def bitbucket_unauthorized
     go_to_bitbucket_for_permissions
   end
+
+  private
+
+  def access_params
+    {
+      bitbucket_access_token: session[:bitbucket_access_token],
+      bitbucket_access_token_secret: session[:bitbucket_access_token_secret]
+    }
+  end
 end
diff --git a/app/controllers/import/github_controller.rb b/app/controllers/import/github_controller.rb
index b9f99c1b88a..f21fbd9ecca 100644
--- a/app/controllers/import/github_controller.rb
+++ b/app/controllers/import/github_controller.rb
@@ -5,9 +5,7 @@ class Import::GithubController < Import::BaseController
   rescue_from Octokit::Unauthorized, with: :github_unauthorized
 
   def callback
-    token = client.get_token(params[:code])
-    current_user.github_access_token = token
-    current_user.save
+    session[:github_access_token] = client.get_token(params[:code])
     redirect_to status_import_github_url
   end
 
@@ -39,13 +37,13 @@ class Import::GithubController < Import::BaseController
 
     namespace = get_or_create_namespace || (render and return)
 
-    @project = Gitlab::GithubImport::ProjectCreator.new(repo, namespace, current_user).execute
+    @project = Gitlab::GithubImport::ProjectCreator.new(repo, namespace, current_user, access_params).execute
   end
 
   private
 
   def client
-    @client ||= Gitlab::GithubImport::Client.new(current_user.github_access_token)
+    @client ||= Gitlab::GithubImport::Client.new(session[:github_access_token])
   end
 
   def verify_github_import_enabled
@@ -53,7 +51,7 @@ class Import::GithubController < Import::BaseController
   end
 
   def github_auth
-    if current_user.github_access_token.blank?
+    if session[:github_access_token].blank?
       go_to_github_for_permissions
     end
   end
@@ -65,4 +63,10 @@ class Import::GithubController < Import::BaseController
   def github_unauthorized
     go_to_github_for_permissions
   end
+
+  private
+
+  def access_params
+    { github_access_token: session[:github_access_token] }
+  end
 end
diff --git a/app/controllers/import/gitlab_controller.rb b/app/controllers/import/gitlab_controller.rb
index 1b8962d8924..27af19f5f61 100644
--- a/app/controllers/import/gitlab_controller.rb
+++ b/app/controllers/import/gitlab_controller.rb
@@ -5,9 +5,7 @@ class Import::GitlabController < Import::BaseController
   rescue_from OAuth2::Error, with: :gitlab_unauthorized
 
   def callback
-    token = client.get_token(params[:code], callback_import_gitlab_url)
-    current_user.gitlab_access_token = token
-    current_user.save
+    session[:gitlab_access_token] = client.get_token(params[:code], callback_import_gitlab_url)
     redirect_to status_import_gitlab_url
   end
 
@@ -36,13 +34,13 @@ class Import::GitlabController < Import::BaseController
 
     namespace = get_or_create_namespace || (render and return)
 
-    @project = Gitlab::GitlabImport::ProjectCreator.new(repo, namespace, current_user).execute
+    @project = Gitlab::GitlabImport::ProjectCreator.new(repo, namespace, current_user, access_params).execute
   end
 
   private
 
   def client
-    @client ||= Gitlab::GitlabImport::Client.new(current_user.gitlab_access_token)
+    @client ||= Gitlab::GitlabImport::Client.new(session[:gitlab_access_token])
   end
 
   def verify_gitlab_import_enabled
@@ -50,7 +48,7 @@ class Import::GitlabController < Import::BaseController
   end
 
   def gitlab_auth
-    if current_user.gitlab_access_token.blank?
+    if session[:gitlab_access_token].blank?
       go_to_gitlab_for_permissions
     end
   end
@@ -62,4 +60,10 @@ class Import::GitlabController < Import::BaseController
   def gitlab_unauthorized
     go_to_gitlab_for_permissions
   end
+
+  private
+
+  def access_params
+    { gitlab_access_token: session[:gitlab_access_token] }
+  end
 end
author	Stan Hu <stanhu@gmail.com>	2015-08-07 10:06:20 +0300
committer	Stan Hu <stanhu@gmail.com>	2015-08-23 19:23:44 +0300
commit	ed1d4fa477789659f9343593bf06d50e70750561 (patch)
tree	c7d208bd6be17632a314eb090456f1a30f42f13b /app/controllers/import
parent	97cc91d21d28a6482dc6ab040db31598a786f56c (diff)