diff options
author | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-04 00:34:56 +0300 |
---|---|---|
committer | Mayra Cabrera <mcabrera@gitlab.com> | 2018-04-07 05:20:16 +0300 |
commit | 7deab3172257bef7818ce834c1e0709432ddd5e0 (patch) | |
tree | f524ab35e59ac478572a444bea1f847accad410b /lib/gitlab/auth.rb | |
parent | 726f5bbf04b92357a11af34044a0720092797a71 (diff) |
Removes logic from Jwt and handle different scenarios on Gitlab::Auth
- When using 'read_repo' password and project are sent, so we used both
of them to fetch for the token
- When using 'read_registry' only the password is sent, so we only use
that for fetching the token
Diffstat (limited to 'lib/gitlab/auth.rb')
-rw-r--r-- | lib/gitlab/auth.rb | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 77fef7d8cac..3ef2f7f2967 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -164,7 +164,7 @@ module Gitlab def abilities_for_scopes(scopes) abilities_by_scope = { api: full_authentication_abilities, - read_registry: [:read_container_image], + read_registry: build_authentication_abilities - [:build_create_container_image], read_repo: read_authentication_abilities - [:read_container_image] } @@ -173,13 +173,21 @@ module Gitlab end.uniq end + # Project is always sent when using read_scope, + # but is not sent when using read_registry scope + # (since jwt is not context aware of the project) def deploy_token_check(project, password) - return unless project.present? && password.present? + return unless password.present? - token = DeployToken.active.find_by(project: project, token: password) + token = + if project.present? + DeployToken.active.find_by(project: project, token: password) + else + DeployToken.active.find_by(token: password) + end if token && valid_scoped_token?(token, available_scopes) - Gitlab::Auth::Result.new(token, project, :deploy_token, abilities_for_scopes(token.scopes)) + Gitlab::Auth::Result.new(token, token.project, :deploy_token, abilities_for_scopes(token.scopes)) end end @@ -234,7 +242,7 @@ module Gitlab [ :read_project, :build_download_code, - :build_read_container_image, + :project_read_container_image, :build_create_container_image ] end |