diff options
author | Imre Farkas <ifarkas@gitlab.com> | 2018-11-24 15:39:16 +0300 |
---|---|---|
committer | Imre Farkas <ifarkas@gitlab.com> | 2018-11-29 11:37:16 +0300 |
commit | bd3a4840329160a64c0cac25ed6c1d3b22f5bdb4 (patch) | |
tree | 66749539b5aa0544c156374de84671f54dcaa080 /app/services/access_token_validation_service.rb | |
parent | c07183f0d3ce24e8cfcb93e71ae950d7067a8ce1 (diff) |
Add config to disable impersonation
Adds gitlab.impersonation_enabled config option defaulting to true to
keep the current default behaviour.
Only the act of impersonation is modified, impersonation token
management is not affected.
Diffstat (limited to 'app/services/access_token_validation_service.rb')
-rw-r--r-- | app/services/access_token_validation_service.rb | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/app/services/access_token_validation_service.rb b/app/services/access_token_validation_service.rb index 2a337918d21..40aa9250885 100644 --- a/app/services/access_token_validation_service.rb +++ b/app/services/access_token_validation_service.rb @@ -6,6 +6,7 @@ class AccessTokenValidationService EXPIRED = :expired REVOKED = :revoked INSUFFICIENT_SCOPE = :insufficient_scope + IMPERSONATION_DISABLED = :impersonation_disabled attr_reader :token, :request @@ -24,6 +25,11 @@ class AccessTokenValidationService elsif !self.include_any_scope?(scopes) return INSUFFICIENT_SCOPE + elsif token.respond_to?(:impersonation) && + token.impersonation && + !Gitlab.config.gitlab.impersonation_enabled + return IMPERSONATION_DISABLED + else return VALID end |