diff options
| author | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-01 01:45:02 +0300 |
|---|---|---|
| committer | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-07 05:20:16 +0300 |
| commit | aaa6d80870d5215390a7cd919d91309e5a8795b7 (patch) | |
| tree | ddc2f5c4f52e0b280c85096784b70d8131f8da10 /app/controllers/jwt_controller.rb | |
| parent | 345ac03b7afb1dc9b941c53bc45cc3dfcf22e61c (diff) | |
Implement read_registry for DeployTokens
Diffstat (limited to 'app/controllers/jwt_controller.rb')
| -rw-r--r-- | app/controllers/jwt_controller.rb | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index 7d6fe6a0232..76e7473e92c 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -23,10 +23,11 @@ class JwtController < ApplicationController @authentication_result = Gitlab::Auth::Result.new(nil, nil, :none, Gitlab::Auth.read_authentication_abilities) authenticate_with_http_basic do |login, password| - @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip) + project = find_project_related(password) + @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: project, ip: request.ip) if @authentication_result.failed? || - (@authentication_result.actor.present? && !@authentication_result.actor.is_a?(User)) + (@authentication_result.actor.present? && !user_or_deploy_token) render_unauthorized end end @@ -57,4 +58,12 @@ class JwtController < ApplicationController def auth_params params.permit(:service, :scope, :account, :client_id) end + + def find_project_related(password) + DeployToken.active.find_by(token: password)&.project + end + + def user_or_deploy_token + @authentication_result.actor.is_a?(User) || @authentication_result.actor.is_a?(DeployToken) + end end |