diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-16 21:25:58 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-16 21:25:58 +0300 |
commit | a5f4bba440d7f9ea47046a0a561d49adf0a1e6d4 (patch) | |
tree | fb69158581673816a8cd895f9d352dcb3c678b1e /lib/gitlab/auth.rb | |
parent | d16b2e8639e99961de6ddc93909f3bb5c1445ba1 (diff) |
Add latest changes from gitlab-org/gitlab@14-0-stable-eev14.0.0-rc42
Diffstat (limited to 'lib/gitlab/auth.rb')
-rw-r--r-- | lib/gitlab/auth.rb | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 4489fc9f3b2..36f58d43a77 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -156,15 +156,16 @@ module Gitlab underscored_service = matched_login['service'].underscore - if Integration.available_services_names.include?(underscored_service) - # We treat underscored_service as a trusted input because it is included - # in the Integration.available_services_names allowlist. - service = project.public_send("#{underscored_service}_service") # rubocop:disable GitlabSecurity/PublicSend + return unless Integration.available_services_names.include?(underscored_service) - if service && service.activated? && service.valid_token?(password) - Gitlab::Auth::Result.new(nil, project, :ci, build_authentication_abilities) - end - end + # We treat underscored_service as a trusted input because it is included + # in the Integration.available_services_names allowlist. + accessor = Project.integration_association_name(underscored_service) + service = project.public_send(accessor) # rubocop:disable GitlabSecurity/PublicSend + + return unless service && service.activated? && service.valid_token?(password) + + Gitlab::Auth::Result.new(nil, project, :ci, build_authentication_abilities) end def user_with_password_for_git(login, password) @@ -371,7 +372,9 @@ module Gitlab end def find_build_by_token(token) - ::Ci::AuthJobFinder.new(token: token).execute + ::Gitlab::Database::LoadBalancing::Session.current.use_primary do + ::Ci::AuthJobFinder.new(token: token).execute + end end def user_auth_attempt!(user, success:) |