diff options
| author | Francisco Lopez <fjlopez@gitlab.com> | 2017-11-07 12:52:05 +0300 |
|---|---|---|
| committer | Francisco Lopez <fjlopez@gitlab.com> | 2017-11-17 12:00:08 +0300 |
| commit | d948e6791300b14d18b95881290ccfcba7928ea0 (patch) | |
| tree | e752174260df3d61daad098b8dd21acc29643c58 /lib/gitlab/auth | |
| parent | 987e7b774403e0ebd7ebe2faed4f2ed276504a69 (diff) | |
First refactor
Diffstat (limited to 'lib/gitlab/auth')
| -rw-r--r-- | lib/gitlab/auth/request_authenticator.rb | 47 | ||||
| -rw-r--r-- | lib/gitlab/auth/user_auth_finders.rb | 92 |
2 files changed, 96 insertions, 43 deletions
diff --git a/lib/gitlab/auth/request_authenticator.rb b/lib/gitlab/auth/request_authenticator.rb index 999104f91f5..123a39dea75 100644 --- a/lib/gitlab/auth/request_authenticator.rb +++ b/lib/gitlab/auth/request_authenticator.rb @@ -3,6 +3,10 @@ module Gitlab module Auth class RequestAuthenticator + include UserAuthFinders + + attr_reader :request + def initialize(request) @request = ensure_action_dispatch_request(request) end @@ -14,49 +18,6 @@ module Gitlab def find_sessionless_user find_user_by_private_token || find_user_by_rss_token || find_user_by_oauth_token end - - private - - def find_session_user - @request.env['warden']&.authenticate if verified_request? - end - - def find_user_by_private_token - token = @request.params[:private_token].presence || @request.headers['PRIVATE-TOKEN'].presence - return unless token.present? - - User.find_by_authentication_token(token) || User.find_by_personal_access_token(token) - end - - def find_user_by_rss_token - return unless @request.path.ends_with?('atom') || @request.format == 'atom' - - token = @request.params[:rss_token].presence - return unless token.present? - - User.find_by_rss_token(token) - end - - def find_user_by_oauth_token - access_token = find_oauth_access_token - access_token&.user - end - - def find_oauth_access_token - token = Doorkeeper::OAuth::Token.from_request(@request, *Doorkeeper.configuration.access_token_methods) - OauthAccessToken.by_token(token) if token - end - - # Check if the request is GET/HEAD, or if CSRF token is valid. - def verified_request? - Gitlab::RequestForgeryProtection.verified?(@request.env) - end - - def ensure_action_dispatch_request(request) - return request if request.is_a?(ActionDispatch::Request) - - ActionDispatch::Request.new(request.env) - end end end end diff --git a/lib/gitlab/auth/user_auth_finders.rb b/lib/gitlab/auth/user_auth_finders.rb new file mode 100644 index 00000000000..2f4aeff14ac --- /dev/null +++ b/lib/gitlab/auth/user_auth_finders.rb @@ -0,0 +1,92 @@ +module Gitlab + module Auth + module UserAuthFinders + # Check the Rails session for valid authentication details + def find_session_user + request.env['warden']&.authenticate if verified_request? + end + + def find_user_by_private_token + token = private_token + return unless token.present? + + user = + find_user_by_authentication_token(token) || + find_user_by_personal_access_token(token) + + raise_unauthorized_error! unless user + + user + end + + def private_token + request.params[:private_token].presence || + request.headers['PRIVATE-TOKEN'].presence + end + + def find_user_by_authentication_token(token_string) + User.find_by_authentication_token(token_string) + end + + def find_user_by_personal_access_token(token_string) + access_token = PersonalAccessToken.find_by_token(token_string) + return unless access_token + + find_user_by_access_token(access_token) + end + + def find_user_by_rss_token + return unless request.path.ends_with?('atom') || request.format.atom? + + token = request.params[:rss_token].presence + return unless token.present? + + user = User.find_by_rss_token(token) + raise_unauthorized_error! unless user + + user + end + + def find_user_by_oauth_token + access_token = find_oauth_access_token + + return unless access_token + + find_user_by_access_token(access_token) + end + + def find_oauth_access_token + return @oauth_access_token if defined?(@oauth_access_token) + + current_request = ensure_action_dispatch_request(request) + token = Doorkeeper::OAuth::Token.from_request(current_request, *Doorkeeper.configuration.access_token_methods) + return @oauth_access_token = nil unless token + + @oauth_access_token = OauthAccessToken.by_token(token) + raise_unauthorized_error! unless @oauth_access_token + + @oauth_access_token.revoke_previous_refresh_token! + @oauth_access_token + end + + def find_user_by_access_token(access_token) + access_token&.user + end + + # Check if the request is GET/HEAD, or if CSRF token is valid. + def verified_request? + Gitlab::RequestForgeryProtection.verified?(request.env) + end + + def ensure_action_dispatch_request(request) + return request if request.is_a?(ActionDispatch::Request) + + ActionDispatch::Request.new(request.env) + end + + def raise_unauthorized_error! + return nil + end + end + end +end |