diff options
author | Shinya Maeda <shinya@gitlab.com> | 2017-10-02 11:13:46 +0300 |
---|---|---|
committer | Shinya Maeda <shinya@gitlab.com> | 2017-10-02 11:13:46 +0300 |
commit | 2cb1d617d90b4a9311e3a35434bec958f266d22a (patch) | |
tree | cd235e875814d8032ed74f18a10eb8a6a4e3d12b /app/controllers | |
parent | 5663b4808df787b1bcbf32ba54eccbb4c7537e25 (diff) |
Use expires_in for access_token validation
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/google_api/authorizations_controller.rb | 10 | ||||
-rw-r--r-- | app/controllers/projects/clusters_controller.rb | 16 |
2 files changed, 18 insertions, 8 deletions
diff --git a/app/controllers/google_api/authorizations_controller.rb b/app/controllers/google_api/authorizations_controller.rb index 00b0c128711..890b4ce60c8 100644 --- a/app/controllers/google_api/authorizations_controller.rb +++ b/app/controllers/google_api/authorizations_controller.rb @@ -1,9 +1,13 @@ module GoogleApi class AuthorizationsController < ApplicationController def callback - session[GoogleApi::CloudPlatform::Client.session_key_for_token] = - GoogleApi::CloudPlatform::Client.new(nil, callback_google_api_authorizations_url) - .get_token(params[:code]) + token, expires_at = GoogleApi::CloudPlatform::Client + .new(nil, callback_google_api_authorizations_url) + .get_token(params[:code]) + + session[GoogleApi::CloudPlatform::Client.session_key_for_token] = token + session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] = + expires_at.to_s if params[:state] redirect_to params[:state] diff --git a/app/controllers/projects/clusters_controller.rb b/app/controllers/projects/clusters_controller.rb index ebb17bca010..552cc48d84a 100644 --- a/app/controllers/projects/clusters_controller.rb +++ b/app/controllers/projects/clusters_controller.rb @@ -6,12 +6,11 @@ class Projects::ClustersController < Projects::ApplicationController def login begin @authorize_url = GoogleApi::CloudPlatform::Client.new( - nil, - callback_google_api_authorizations_url, + nil, callback_google_api_authorizations_url, state: namespace_project_clusters_url.to_s ).authorize_url rescue GoogleApi::Auth::ConfigMissingError - # Show an alert message that gitlab.yml is not configured properly + # no-op end end @@ -83,12 +82,19 @@ class Projects::ClustersController < Projects::ApplicationController end def authorize_google_api - unless token_in_session + unless GoogleApi::CloudPlatform::Client.new(token_in_session, nil) + .validate_token(expires_at_in_session) redirect_to action: 'login' end end def token_in_session - @token_in_session ||= session[GoogleApi::CloudPlatform::Client.session_key_for_token] + @token_in_session ||= + session[GoogleApi::CloudPlatform::Client.session_key_for_token] + end + + def expires_at_in_session + @expires_at_in_session ||= + session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] end end |