diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-11-13 17:35:38 +0300 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-11-13 17:35:38 +0300 |
commit | 444062d9ee09fdcee03ef0f41611f355febb1158 (patch) | |
tree | a1fe05b34c522db3f867ab4c233b3da54049eacc /app/models/concerns/token_authenticatable_strategies | |
parent | 2dbc4175b773a6c79c2a2dbbba8b3f62363713fe (diff) |
Do not use cleartext approach for encrypted tokens
Diffstat (limited to 'app/models/concerns/token_authenticatable_strategies')
-rw-r--r-- | app/models/concerns/token_authenticatable_strategies/encrypted.rb | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/app/models/concerns/token_authenticatable_strategies/encrypted.rb b/app/models/concerns/token_authenticatable_strategies/encrypted.rb index 2b10d9dbd00..985631119ba 100644 --- a/app/models/concerns/token_authenticatable_strategies/encrypted.rb +++ b/app/models/concerns/token_authenticatable_strategies/encrypted.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true + @parallelizable.with_indifferent_access + module TokenAuthenticatableStrategies class Encrypted < Base def find_token_authenticatable(token, unscoped = false) @@ -16,25 +18,23 @@ module TokenAuthenticatableStrategies end def get_token(instance) - token = instance.cleartext_tokens.to_h[@token_field] + raw_token = instance.read_attribute(token_field_name) + token = Gitlab::CryptoHelper.aes256_gcm_decrypt(raw_token) token ||= fallback_strategy.get_token(instance) if @options[:fallback] - - token end def set_token(instance, token) - return unless token + raise ArgumentError unless token - instance.cleartext_tokens ||= {} - instance.cleartext_tokens[@token_field] = token instance[token_field_name] = Gitlab::CryptoHelper.aes256_gcm_encrypt(token) - instance[@token_field] = nil if @options[:fallback] # TODO this seems wrong + # instance[@token_field] = nil if @options[:fallback] # TODO this seems wrong end protected def fallback_strategy - @fallback_strategy ||= TokenAuthenticatableStrategies::Insecure.new(@klass, @token_field, @options) + @fallback_strategy ||= TokenAuthenticatableStrategies::Insecure + .new(@klass, @token_field, @options) end def token_set?(instance) |