Add config to disable impersonation

Adds gitlab.impersonation_enabled config option defaulting to true to keep the current default behaviour. Only the act of impersonation is modified, impersonation token management is not affected.
author: Imre Farkas <ifarkas@gitlab.com> 2018-11-24 15:39:16 +0300
committer: Imre Farkas <ifarkas@gitlab.com> 2018-11-29 11:37:16 +0300
commit: bd3a4840329160a64c0cac25ed6c1d3b22f5bdb4 (patch)
tree: 66749539b5aa0544c156374de84671f54dcaa080 /app/services/access_token_validation_service.rb
parent: c07183f0d3ce24e8cfcb93e71ae950d7067a8ce1 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/app/services/access_token_validation_service.rb b/app/services/access_token_validation_service.rb
index 2a337918d21..40aa9250885 100644
--- a/app/services/access_token_validation_service.rb
+++ b/app/services/access_token_validation_service.rb
@@ -6,6 +6,7 @@ class AccessTokenValidationService
   EXPIRED = :expired
   REVOKED = :revoked
   INSUFFICIENT_SCOPE = :insufficient_scope
+  IMPERSONATION_DISABLED = :impersonation_disabled
 
   attr_reader :token, :request
 
@@ -24,6 +25,11 @@ class AccessTokenValidationService
     elsif !self.include_any_scope?(scopes)
       return INSUFFICIENT_SCOPE
 
+    elsif token.respond_to?(:impersonation) &&
+        token.impersonation &&
+        !Gitlab.config.gitlab.impersonation_enabled
+      return IMPERSONATION_DISABLED
+
     else
       return VALID
     end
author	Imre Farkas <ifarkas@gitlab.com>	2018-11-24 15:39:16 +0300
committer	Imre Farkas <ifarkas@gitlab.com>	2018-11-29 11:37:16 +0300
commit	bd3a4840329160a64c0cac25ed6c1d3b22f5bdb4 (patch)
tree	66749539b5aa0544c156374de84671f54dcaa080 /app/services/access_token_validation_service.rb
parent	c07183f0d3ce24e8cfcb93e71ae950d7067a8ce1 (diff)