diff options
| author | Z.J. van de Weg <git@zjvandeweg.nl> | 2017-05-31 16:55:12 +0300 |
|---|---|---|
| committer | Z.J. van de Weg <git@zjvandeweg.nl> | 2017-06-05 13:26:49 +0300 |
| commit | 0b81b5ace0dd7c5ba3362238d8be41ce178e1ecc (patch) | |
| tree | f087313e31a0065cd54da5b74df965af04b390c7 /app/controllers | |
| parent | a8901ce63dd302d008459321bd4a8007c7c8f7c7 (diff) | |
Create read_registry scope with JWT auth
This is the first commit doing mainly 3 things:
1. create a new scope and allow users to use it
2. Have the JWTController respond correctly on this
3. Updates documentation to suggest usage of PATs
There is one gotcha, there will be no support for impersonation tokens, as this
seems not needed.
Fixes gitlab-org/gitlab-ce#19219
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/jwt_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/profiles/personal_access_tokens_controller.rb | 2 |
2 files changed, 6 insertions, 4 deletions
diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index 1c01be06451..2648b901f01 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -20,13 +20,15 @@ class JwtController < ApplicationController private def authenticate_project_or_user - @authentication_result = Gitlab::Auth::Result.new(nil, nil, :none, Gitlab::Auth.read_authentication_abilities) + @authentication_result = Gitlab::Auth::Result.new(nil, nil, :none, Gitlab::Auth.read_api_abilities) authenticate_with_http_basic do |login, password| @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip) - render_unauthorized unless @authentication_result.success? && - (@authentication_result.actor.nil? || @authentication_result.actor.is_a?(User)) + if @authentication_result.failed? || + (@authentication_result.actor.present? && !@authentication_result.actor.is_a?(User)) + render_unauthorized + end end rescue Gitlab::Auth::MissingPersonalTokenError render_missing_personal_token diff --git a/app/controllers/profiles/personal_access_tokens_controller.rb b/app/controllers/profiles/personal_access_tokens_controller.rb index 0abe7ea3c9b..f748d191ef4 100644 --- a/app/controllers/profiles/personal_access_tokens_controller.rb +++ b/app/controllers/profiles/personal_access_tokens_controller.rb @@ -38,7 +38,7 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController end def set_index_vars - @scopes = Gitlab::Auth::API_SCOPES + @scopes = Gitlab::Auth::AVAILABLE_SCOPES @personal_access_token = finder.build @inactive_personal_access_tokens = finder(state: 'inactive').execute |