diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-17 06:07:45 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-17 06:07:45 +0300 |
commit | 9763c081708e4c2e08de1f4e9ca9abdef5cffe3c (patch) | |
tree | b27794ba1a039cdc42cdf5d90bcb7b7503437324 /lib/gitlab/auth | |
parent | 7480d774dfca97ea905321d52c70fd19496f0084 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/auth_finders.rb | 14 | ||||
-rw-r--r-- | lib/gitlab/auth/request_authenticator.rb | 3 |
2 files changed, 16 insertions, 1 deletions
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb index 6210aca739a..33cbb070c2f 100644 --- a/lib/gitlab/auth/auth_finders.rb +++ b/lib/gitlab/auth/auth_finders.rb @@ -21,6 +21,7 @@ module Gitlab prepend_if_ee('::EE::Gitlab::Auth::AuthFinders') # rubocop: disable Cop/InjectEnterpriseEditionModule include Gitlab::Utils::StrongMemoize + include ActionController::HttpAuthentication::Basic PRIVATE_TOKEN_HEADER = 'HTTP_PRIVATE_TOKEN' PRIVATE_TOKEN_PARAM = :private_token @@ -67,6 +68,19 @@ module Gitlab job.user end + def find_user_from_basic_auth_job + return unless has_basic_credentials?(current_request) + + login, password = user_name_and_password(current_request) + return unless login.present? && password.present? + return unless ::Ci::Build::CI_REGISTRY_USER == login + + job = ::Ci::Build.find_by_token(password) + raise UnauthorizedError unless job + + job.user + end + # We only allow Private Access Tokens with `api` scope to be used by web # requests on RSS feeds or ICS files for backwards compatibility. # It is also used by GraphQL/API requests. diff --git a/lib/gitlab/auth/request_authenticator.rb b/lib/gitlab/auth/request_authenticator.rb index 9b1b7b8e879..34ccff588f4 100644 --- a/lib/gitlab/auth/request_authenticator.rb +++ b/lib/gitlab/auth/request_authenticator.rb @@ -32,7 +32,8 @@ module Gitlab def find_sessionless_user(request_format) find_user_from_web_access_token(request_format) || find_user_from_feed_token(request_format) || - find_user_from_static_object_token(request_format) + find_user_from_static_object_token(request_format) || + find_user_from_basic_auth_job rescue Gitlab::Auth::AuthenticationError nil end |