diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-18 12:11:01 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-18 12:11:01 +0300 |
commit | 7bbc9509dc0567d2a2d8314e99179aaad33ba361 (patch) | |
tree | baa7501af6efe7a0f2f6e20f683e9da39fa96607 /lib/api/helpers.rb | |
parent | f6d22c8ba7c3f900a3843b1336e2ade1d8d90c1f (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/api/helpers.rb')
-rw-r--r-- | lib/api/helpers.rb | 21 |
1 files changed, 5 insertions, 16 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index bf1da849cf1..0eb4fbb196c 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -287,22 +287,11 @@ module API end def authenticate_by_gitlab_shell_token! - if Feature.enabled?(:gitlab_shell_jwt_token) - begin - payload, _ = JSONWebToken::HMACToken.decode(headers[GITLAB_SHELL_API_HEADER], secret_token) - unauthorized! unless payload['iss'] == GITLAB_SHELL_JWT_ISSUER - rescue JWT::DecodeError, JWT::ExpiredSignature, JWT::ImmatureSignature => ex - Gitlab::ErrorTracking.track_exception(ex) - unauthorized! - end - else - input = params['secret_token'] - input ||= Base64.decode64(headers[GITLAB_SHARED_SECRET_HEADER]) if headers.key?(GITLAB_SHARED_SECRET_HEADER) - - input&.chomp! - - unauthorized! unless Devise.secure_compare(secret_token, input) - end + payload, _ = JSONWebToken::HMACToken.decode(headers[GITLAB_SHELL_API_HEADER], secret_token) + unauthorized! unless payload['iss'] == GITLAB_SHELL_JWT_ISSUER + rescue JWT::DecodeError, JWT::ExpiredSignature, JWT::ImmatureSignature => ex + Gitlab::ErrorTracking.track_exception(ex) + unauthorized! end def authenticated_with_can_read_all_resources! |