diff options
| author | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-04-19 17:55:10 +0300 |
|---|---|---|
| committer | Kamil Trzcinski <ayufan@ayufan.eu> | 2016-04-29 17:45:00 +0300 |
| commit | 0ca8db25f008cd3bc4f2df0f58efd739718323d0 (patch) | |
| tree | 242ba1b63c8a0307f60ed6b589c362c0ad874547 /lib/api | |
| parent | 03b3fe13f6af67f8117cf4322b605630f55f3136 (diff) | |
Try to fix auth service
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/auth.rb | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/lib/api/auth.rb b/lib/api/auth.rb index b992e497307..ec944b1dc8c 100644 --- a/lib/api/auth.rb +++ b/lib/api/auth.rb @@ -3,12 +3,12 @@ module API class Auth < Grape::API namespace 'auth' do get 'token' do - required_attributes! [:scope, :service] - keys = attributes_for_keys [:scope, :service] + required_attributes! [:service] + keys = attributes_for_keys [:offline_token, :scope, :service] case keys[:service] when 'docker' - docker_token_auth(keys[:scope]) + docker_token_auth(keys[:scope], keys[:offline_token]) else not_found! end @@ -16,19 +16,23 @@ module API end helpers do - def docker_token_auth(scope) - @type, @path, actions = scope.split(':', 3) - bad_request!("invalid type: #{type}") unless type == 'repository' + def docker_token_auth(scope, offline_token) + auth! - @actions = actions.split(',') - bad_request!('missing actions') if @actions.empty? + if offline_token + forbidden! unless @user + elsif scope + @type, @path, actions = scope.split(':', 3) + bad_request!("invalid type: #{@type}") unless @type == 'repository' - @project = Project.find_with_namespace(path) - not_found!('Project') unless @project + @actions = actions.split(',') + bad_request!('missing actions') if @actions.empty? - auth! + @project = Project.find_with_namespace(@path) + not_found!('Project') unless @project - authorize_actions!(@actions) + authorize_actions!(@actions) + end { token: encode(docker_payload) } end @@ -50,7 +54,7 @@ module API @user = authenticate_user(login, password) if @user - request.env['REMOTE_USER'] = @auth.username + request.env['REMOTE_USER'] = @user.username end end @@ -71,10 +75,6 @@ module API def authenticate_user(login, password) user = Gitlab::Auth.new.find(login, password) - unless user - user = oauth_access_token_check(login, password) - end - # If the user authenticated successfully, we reset the auth failure count # from Rack::Attack for that IP. A client may attempt to authenticate # with a username and blank password first, and only after it receives |