diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-12 03:08:51 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-12 03:08:51 +0300 |
commit | 98a00b024553a603e16380b93fc3f89a169bf438 (patch) | |
tree | 4a6dade546a6857bffc21df2126b113528d746d9 /app/controllers/projects | |
parent | c53e365d68ee800702befb15adfdfac708d5de6f (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers/projects')
-rw-r--r-- | app/controllers/projects/integrations/slash_commands_controller.rb | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/app/controllers/projects/integrations/slash_commands_controller.rb b/app/controllers/projects/integrations/slash_commands_controller.rb new file mode 100644 index 00000000000..891a7c1a749 --- /dev/null +++ b/app/controllers/projects/integrations/slash_commands_controller.rb @@ -0,0 +1,81 @@ +# frozen_string_literal: true + +module Projects + module Integrations + class SlashCommandsController < Projects::ApplicationController + before_action :authenticate_user! + + feature_category :integrations + + def show + @redirect_url = integration_redirect_url + + unless valid_request? + @error = s_("Integrations|The slash command verification request has expired. Please run the command again.") + return + end + + return if valid_user? || @redirect_url.blank? + + @error = s_("Integrations|The slash command request is invalid.") + end + + def confirm + if valid_request? && valid_user? + Gitlab::SlashCommands::VerifyRequest.new(integration, chat_user, request_params[:response_url]).approve! + redirect_to request_params[:redirect_url] + else + @error = s_("Integrations|The slash command request is invalid.") + render :show + end + end + + private + + def request_params + params.permit(:integration, :team, :channel, :response_url, :command_id, :redirect_url) + end + + def cached_params + @cached_params ||= Rails.cache.fetch(cache_key) + end + + def cache_key + @cache_key ||= Kernel.format(::Integrations::BaseSlashCommands::CACHE_KEY, secret: request_params[:command_id]) + end + + def integration + integration = request_params[:integration] + + case integration + when 'slack_slash_commands' + project.slack_slash_commands_integration + when 'mattermost_slash_commands' + project.mattermost_slash_commands_integration + end + end + + def integration_redirect_url + return unless integration + + team, channel, url = request_params.values_at(:team, :channel, :response_url) + + integration.redirect_url(team, channel, url) + end + + def valid_request? + cached_params.present? + end + + def valid_user? + return false unless chat_user + + current_user == chat_user.user + end + + def chat_user + @chat_user ||= ChatNames::FindUserService.new(cached_params[:team_id], cached_params[:user_id]).execute + end + end + end +end |