diff options
author | Robert Speicher <robert@gitlab.com> | 2018-10-26 21:42:57 +0300 |
---|---|---|
committer | Jan Provaznik <jprovaznik@gitlab.com> | 2018-10-29 19:20:53 +0300 |
commit | c847f172d25efc211045c363f4e55402ad250c09 (patch) | |
tree | fb4f64f6f09476d7e937f4bc13c032ea9b7fad86 /lib/gitlab/auth.rb | |
parent | 5091cc4f778facdbf53dc84349a1e6d9bc684220 (diff) |
Merge branch 'fix_pat_auth-11-4' into 'security-11-4'
[11.4] Fix Token lookup for Git over HTTP and registry authentication
See merge request gitlab/gitlabhq!2577
Diffstat (limited to 'lib/gitlab/auth.rb')
-rw-r--r-- | lib/gitlab/auth.rb | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index d2029a141e7..6eb5f9e2300 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -151,17 +151,15 @@ module Gitlab end # rubocop: enable CodeReuse/ActiveRecord - # rubocop: disable CodeReuse/ActiveRecord def personal_access_token_check(password) return unless password.present? - token = PersonalAccessTokensFinder.new(state: 'active').find_by(token: password) + token = PersonalAccessTokensFinder.new(state: 'active').find_by_token(password) if token && valid_scoped_token?(token, available_scopes) Gitlab::Auth::Result.new(token.user, nil, :personal_access_token, abilities_for_scopes(token.scopes)) end end - # rubocop: enable CodeReuse/ActiveRecord def valid_oauth_token?(token) token && token.accessible? && valid_scoped_token?(token, [:api]) |