diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 17:34:42 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 17:34:42 +0300 |
commit | 9f46488805e86b1bc341ea1620b866016c2ce5ed (patch) | |
tree | f9748c7e287041e37d6da49e0a29c9511dc34768 /lib/gitlab/auth | |
parent | dfc92d081ea0332d69c8aca2f0e745cb48ae5e6d (diff) |
Add latest changes from gitlab-org/gitlab@13-0-stable-ee
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/auth_finders.rb | 27 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/access.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/adapter.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/config.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/person.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/auth/ldap/user.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/auth/o_auth/auth_hash.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/auth/o_auth/provider.rb | 14 | ||||
-rw-r--r-- | lib/gitlab/auth/o_auth/user.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/auth/result.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/auth/saml/config.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/auth/saml/user.rb | 4 |
12 files changed, 58 insertions, 23 deletions
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb index f0ca6491bd0..b7e78189d37 100644 --- a/lib/gitlab/auth/auth_finders.rb +++ b/lib/gitlab/auth/auth_finders.rb @@ -18,8 +18,6 @@ module Gitlab end module AuthFinders - prepend_if_ee('::EE::Gitlab::Auth::AuthFinders') # rubocop: disable Cop/InjectEnterpriseEditionModule - include Gitlab::Utils::StrongMemoize include ActionController::HttpAuthentication::Basic @@ -27,6 +25,7 @@ module Gitlab PRIVATE_TOKEN_PARAM = :private_token JOB_TOKEN_HEADER = 'HTTP_JOB_TOKEN'.freeze JOB_TOKEN_PARAM = :job_token + DEPLOY_TOKEN_HEADER = 'HTTP_DEPLOY_TOKEN'.freeze RUNNER_TOKEN_PARAM = :token RUNNER_JOB_TOKEN_PARAM = :token @@ -103,6 +102,25 @@ module Gitlab access_token.user || raise(UnauthorizedError) end + # This returns a deploy token, not a user since a deploy token does not + # belong to a user. + # + # deploy tokens are accepted with deploy token headers and basic auth headers + def deploy_token_from_request + return unless route_authentication_setting[:deploy_token_allowed] + + token = current_request.env[DEPLOY_TOKEN_HEADER].presence || parsed_oauth_token + + if has_basic_credentials?(current_request) + _, token = user_name_and_password(current_request) + end + + deploy_token = DeployToken.active.find_by_token(token) + @current_authenticated_deploy_token = deploy_token # rubocop:disable Gitlab/ModuleWithInstanceVariables + + deploy_token + end + def find_runner_from_token return unless api_request? @@ -113,6 +131,9 @@ module Gitlab end def validate_access_token!(scopes: []) + # return early if we've already authenticated via a deploy token + return if @current_authenticated_deploy_token.present? # rubocop:disable Gitlab/ModuleWithInstanceVariables + return unless access_token case AccessTokenValidationService.new(access_token, request: request).validate(scopes: scopes) @@ -249,3 +270,5 @@ module Gitlab end end end + +Gitlab::Auth::AuthFinders.prepend_if_ee('::EE::Gitlab::Auth::AuthFinders') diff --git a/lib/gitlab/auth/ldap/access.rb b/lib/gitlab/auth/ldap/access.rb index 98eec0e4a7b..66d20ee2b59 100644 --- a/lib/gitlab/auth/ldap/access.rb +++ b/lib/gitlab/auth/ldap/access.rb @@ -8,8 +8,6 @@ module Gitlab module Auth module Ldap class Access - prepend_if_ee('::EE::Gitlab::Auth::Ldap::Access') # rubocop: disable Cop/InjectEnterpriseEditionModule - attr_reader :provider, :user, :ldap_identity def self.open(user, &block) @@ -118,3 +116,5 @@ module Gitlab end end end + +Gitlab::Auth::Ldap::Access.prepend_if_ee('::EE::Gitlab::Auth::Ldap::Access') diff --git a/lib/gitlab/auth/ldap/adapter.rb b/lib/gitlab/auth/ldap/adapter.rb index c5ec4e1981b..f64fcd822c6 100644 --- a/lib/gitlab/auth/ldap/adapter.rb +++ b/lib/gitlab/auth/ldap/adapter.rb @@ -4,8 +4,6 @@ module Gitlab module Auth module Ldap class Adapter - prepend_if_ee('::EE::Gitlab::Auth::Ldap::Adapter') # rubocop: disable Cop/InjectEnterpriseEditionModule - SEARCH_RETRY_FACTOR = [1, 1, 2, 3].freeze MAX_SEARCH_RETRIES = Rails.env.test? ? 1 : SEARCH_RETRY_FACTOR.size.freeze @@ -142,3 +140,5 @@ module Gitlab end end end + +Gitlab::Auth::Ldap::Adapter.prepend_if_ee('::EE::Gitlab::Auth::Ldap::Adapter') diff --git a/lib/gitlab/auth/ldap/config.rb b/lib/gitlab/auth/ldap/config.rb index b8874e18a0b..7677189eb9f 100644 --- a/lib/gitlab/auth/ldap/config.rb +++ b/lib/gitlab/auth/ldap/config.rb @@ -5,8 +5,6 @@ module Gitlab module Auth module Ldap class Config - prepend_if_ee('::EE::Gitlab::Auth::Ldap::Config') # rubocop: disable Cop/InjectEnterpriseEditionModule - NET_LDAP_ENCRYPTION_METHOD = { simple_tls: :simple_tls, start_tls: :start_tls, @@ -288,3 +286,5 @@ module Gitlab end end end + +Gitlab::Auth::Ldap::Config.prepend_if_ee('::EE::Gitlab::Auth::Ldap::Config') diff --git a/lib/gitlab/auth/ldap/person.rb b/lib/gitlab/auth/ldap/person.rb index 430f94a9a28..e4a4900c37a 100644 --- a/lib/gitlab/auth/ldap/person.rb +++ b/lib/gitlab/auth/ldap/person.rb @@ -4,8 +4,6 @@ module Gitlab module Auth module Ldap class Person - prepend_if_ee('::EE::Gitlab::Auth::Ldap::Person') # rubocop: disable Cop/InjectEnterpriseEditionModule - # Active Directory-specific LDAP filter that checks if bit 2 of the # userAccountControl attribute is set. # Source: http://ctogonewild.com/2009/09/03/bitmask-searches-in-ldap/ @@ -122,3 +120,5 @@ module Gitlab end end end + +Gitlab::Auth::Ldap::Person.prepend_if_ee('::EE::Gitlab::Auth::Ldap::Person') diff --git a/lib/gitlab/auth/ldap/user.rb b/lib/gitlab/auth/ldap/user.rb index df14e5fc3dc..1405fb4ab95 100644 --- a/lib/gitlab/auth/ldap/user.rb +++ b/lib/gitlab/auth/ldap/user.rb @@ -11,8 +11,6 @@ module Gitlab module Ldap class User < Gitlab::Auth::OAuth::User extend ::Gitlab::Utils::Override - prepend_if_ee('::EE::Gitlab::Auth::Ldap::User') # rubocop: disable Cop/InjectEnterpriseEditionModule - class << self # rubocop: disable CodeReuse/ActiveRecord def find_by_uid_and_provider(uid, provider) @@ -64,3 +62,5 @@ module Gitlab end end end + +Gitlab::Auth::Ldap::User.prepend_if_ee('::EE::Gitlab::Auth::Ldap::User') diff --git a/lib/gitlab/auth/o_auth/auth_hash.rb b/lib/gitlab/auth/o_auth/auth_hash.rb index b37a9225dd7..46ff6b2ccab 100644 --- a/lib/gitlab/auth/o_auth/auth_hash.rb +++ b/lib/gitlab/auth/o_auth/auth_hash.rb @@ -6,8 +6,6 @@ module Gitlab module Auth module OAuth class AuthHash - prepend_if_ee('::EE::Gitlab::Auth::OAuth::AuthHash') # rubocop: disable Cop/InjectEnterpriseEditionModule - attr_reader :auth_hash def initialize(auth_hash) @auth_hash = auth_hash @@ -93,3 +91,5 @@ module Gitlab end end end + +Gitlab::Auth::OAuth::AuthHash.prepend_if_ee('::EE::Gitlab::Auth::OAuth::AuthHash') diff --git a/lib/gitlab/auth/o_auth/provider.rb b/lib/gitlab/auth/o_auth/provider.rb index f0811098b15..6d699d37a8c 100644 --- a/lib/gitlab/auth/o_auth/provider.rb +++ b/lib/gitlab/auth/o_auth/provider.rb @@ -66,7 +66,10 @@ module Gitlab nil end else - Gitlab.config.omniauth.providers.find { |provider| provider.name == name } + provider = Gitlab.config.omniauth.providers.find { |provider| provider.name == name } + merge_provider_args_with_defaults!(provider) + + provider end end @@ -81,6 +84,15 @@ module Gitlab config = config_for(name) config && config['icon'] end + + def self.merge_provider_args_with_defaults!(provider) + return unless provider + + provider['args'] ||= {} + + defaults = Gitlab::OmniauthInitializer.default_arguments_for(provider['name']) + provider['args'].deep_merge!(defaults.deep_stringify_keys) + end end end end diff --git a/lib/gitlab/auth/o_auth/user.rb b/lib/gitlab/auth/o_auth/user.rb index df595da1536..8a60d6ef482 100644 --- a/lib/gitlab/auth/o_auth/user.rb +++ b/lib/gitlab/auth/o_auth/user.rb @@ -9,8 +9,6 @@ module Gitlab module Auth module OAuth class User - prepend_if_ee('::EE::Gitlab::Auth::OAuth::User') # rubocop: disable Cop/InjectEnterpriseEditionModule - SignupDisabledError = Class.new(StandardError) SigninDisabledForProviderError = Class.new(StandardError) @@ -275,3 +273,5 @@ module Gitlab end end end + +Gitlab::Auth::OAuth::User.prepend_if_ee('::EE::Gitlab::Auth::OAuth::User') diff --git a/lib/gitlab/auth/result.rb b/lib/gitlab/auth/result.rb index 0fe91f9f3c8..757a0e671c3 100644 --- a/lib/gitlab/auth/result.rb +++ b/lib/gitlab/auth/result.rb @@ -3,8 +3,6 @@ module Gitlab module Auth Result = Struct.new(:actor, :project, :type, :authentication_abilities) do - prepend_if_ee('::EE::Gitlab::Auth::Result') # rubocop: disable Cop/InjectEnterpriseEditionModule - def ci?(for_project) type == :ci && project && @@ -26,3 +24,5 @@ module Gitlab end end end + +Gitlab::Auth::Result.prepend_if_ee('::EE::Gitlab::Auth::Result') diff --git a/lib/gitlab/auth/saml/config.rb b/lib/gitlab/auth/saml/config.rb index ed2f3f158c1..67a53fa3205 100644 --- a/lib/gitlab/auth/saml/config.rb +++ b/lib/gitlab/auth/saml/config.rb @@ -4,8 +4,6 @@ module Gitlab module Auth module Saml class Config - prepend_if_ee('::EE::Gitlab::Auth::Saml::Config') # rubocop: disable Cop/InjectEnterpriseEditionModule - class << self def options Gitlab::Auth::OAuth::Provider.config_for('saml') @@ -31,3 +29,5 @@ module Gitlab end end end + +Gitlab::Auth::Saml::Config.prepend_if_ee('::EE::Gitlab::Auth::Saml::Config') diff --git a/lib/gitlab/auth/saml/user.rb b/lib/gitlab/auth/saml/user.rb index 1ba36ad95b4..37bc3f9bed0 100644 --- a/lib/gitlab/auth/saml/user.rb +++ b/lib/gitlab/auth/saml/user.rb @@ -9,8 +9,6 @@ module Gitlab module Auth module Saml class User < Gitlab::Auth::OAuth::User - prepend_if_ee('::EE::Gitlab::Auth::Saml::User') # rubocop: disable Cop/InjectEnterpriseEditionModule - extend ::Gitlab::Utils::Override def save @@ -63,3 +61,5 @@ module Gitlab end end end + +Gitlab::Auth::Saml::User.prepend_if_ee('::EE::Gitlab::Auth::Saml::User') |