Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/gitlab/auth
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-05-20 17:34:42 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2020-05-20 17:34:42 +0300
commit9f46488805e86b1bc341ea1620b866016c2ce5ed (patch)
treef9748c7e287041e37d6da49e0a29c9511dc34768 /lib/gitlab/auth
parentdfc92d081ea0332d69c8aca2f0e745cb48ae5e6d (diff)
Add latest changes from gitlab-org/gitlab@13-0-stable-ee
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r--lib/gitlab/auth/auth_finders.rb27
-rw-r--r--lib/gitlab/auth/ldap/access.rb4
-rw-r--r--lib/gitlab/auth/ldap/adapter.rb4
-rw-r--r--lib/gitlab/auth/ldap/config.rb4
-rw-r--r--lib/gitlab/auth/ldap/person.rb4
-rw-r--r--lib/gitlab/auth/ldap/user.rb4
-rw-r--r--lib/gitlab/auth/o_auth/auth_hash.rb4
-rw-r--r--lib/gitlab/auth/o_auth/provider.rb14
-rw-r--r--lib/gitlab/auth/o_auth/user.rb4
-rw-r--r--lib/gitlab/auth/result.rb4
-rw-r--r--lib/gitlab/auth/saml/config.rb4
-rw-r--r--lib/gitlab/auth/saml/user.rb4
12 files changed, 58 insertions, 23 deletions
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb
index f0ca6491bd0..b7e78189d37 100644
--- a/lib/gitlab/auth/auth_finders.rb
+++ b/lib/gitlab/auth/auth_finders.rb
@@ -18,8 +18,6 @@ module Gitlab
end
module AuthFinders
- prepend_if_ee('::EE::Gitlab::Auth::AuthFinders') # rubocop: disable Cop/InjectEnterpriseEditionModule
-
include Gitlab::Utils::StrongMemoize
include ActionController::HttpAuthentication::Basic
@@ -27,6 +25,7 @@ module Gitlab
PRIVATE_TOKEN_PARAM = :private_token
JOB_TOKEN_HEADER = 'HTTP_JOB_TOKEN'.freeze
JOB_TOKEN_PARAM = :job_token
+ DEPLOY_TOKEN_HEADER = 'HTTP_DEPLOY_TOKEN'.freeze
RUNNER_TOKEN_PARAM = :token
RUNNER_JOB_TOKEN_PARAM = :token
@@ -103,6 +102,25 @@ module Gitlab
access_token.user || raise(UnauthorizedError)
end
+ # This returns a deploy token, not a user since a deploy token does not
+ # belong to a user.
+ #
+ # deploy tokens are accepted with deploy token headers and basic auth headers
+ def deploy_token_from_request
+ return unless route_authentication_setting[:deploy_token_allowed]
+
+ token = current_request.env[DEPLOY_TOKEN_HEADER].presence || parsed_oauth_token
+
+ if has_basic_credentials?(current_request)
+ _, token = user_name_and_password(current_request)
+ end
+
+ deploy_token = DeployToken.active.find_by_token(token)
+ @current_authenticated_deploy_token = deploy_token # rubocop:disable Gitlab/ModuleWithInstanceVariables
+
+ deploy_token
+ end
+
def find_runner_from_token
return unless api_request?
@@ -113,6 +131,9 @@ module Gitlab
end
def validate_access_token!(scopes: [])
+ # return early if we've already authenticated via a deploy token
+ return if @current_authenticated_deploy_token.present? # rubocop:disable Gitlab/ModuleWithInstanceVariables
+
return unless access_token
case AccessTokenValidationService.new(access_token, request: request).validate(scopes: scopes)
@@ -249,3 +270,5 @@ module Gitlab
end
end
end
+
+Gitlab::Auth::AuthFinders.prepend_if_ee('::EE::Gitlab::Auth::AuthFinders')
diff --git a/lib/gitlab/auth/ldap/access.rb b/lib/gitlab/auth/ldap/access.rb
index 98eec0e4a7b..66d20ee2b59 100644
--- a/lib/gitlab/auth/ldap/access.rb
+++ b/lib/gitlab/auth/ldap/access.rb
@@ -8,8 +8,6 @@ module Gitlab
module Auth
module Ldap
class Access
- prepend_if_ee('::EE::Gitlab::Auth::Ldap::Access') # rubocop: disable Cop/InjectEnterpriseEditionModule
-
attr_reader :provider, :user, :ldap_identity
def self.open(user, &block)
@@ -118,3 +116,5 @@ module Gitlab
end
end
end
+
+Gitlab::Auth::Ldap::Access.prepend_if_ee('::EE::Gitlab::Auth::Ldap::Access')
diff --git a/lib/gitlab/auth/ldap/adapter.rb b/lib/gitlab/auth/ldap/adapter.rb
index c5ec4e1981b..f64fcd822c6 100644
--- a/lib/gitlab/auth/ldap/adapter.rb
+++ b/lib/gitlab/auth/ldap/adapter.rb
@@ -4,8 +4,6 @@ module Gitlab
module Auth
module Ldap
class Adapter
- prepend_if_ee('::EE::Gitlab::Auth::Ldap::Adapter') # rubocop: disable Cop/InjectEnterpriseEditionModule
-
SEARCH_RETRY_FACTOR = [1, 1, 2, 3].freeze
MAX_SEARCH_RETRIES = Rails.env.test? ? 1 : SEARCH_RETRY_FACTOR.size.freeze
@@ -142,3 +140,5 @@ module Gitlab
end
end
end
+
+Gitlab::Auth::Ldap::Adapter.prepend_if_ee('::EE::Gitlab::Auth::Ldap::Adapter')
diff --git a/lib/gitlab/auth/ldap/config.rb b/lib/gitlab/auth/ldap/config.rb
index b8874e18a0b..7677189eb9f 100644
--- a/lib/gitlab/auth/ldap/config.rb
+++ b/lib/gitlab/auth/ldap/config.rb
@@ -5,8 +5,6 @@ module Gitlab
module Auth
module Ldap
class Config
- prepend_if_ee('::EE::Gitlab::Auth::Ldap::Config') # rubocop: disable Cop/InjectEnterpriseEditionModule
-
NET_LDAP_ENCRYPTION_METHOD = {
simple_tls: :simple_tls,
start_tls: :start_tls,
@@ -288,3 +286,5 @@ module Gitlab
end
end
end
+
+Gitlab::Auth::Ldap::Config.prepend_if_ee('::EE::Gitlab::Auth::Ldap::Config')
diff --git a/lib/gitlab/auth/ldap/person.rb b/lib/gitlab/auth/ldap/person.rb
index 430f94a9a28..e4a4900c37a 100644
--- a/lib/gitlab/auth/ldap/person.rb
+++ b/lib/gitlab/auth/ldap/person.rb
@@ -4,8 +4,6 @@ module Gitlab
module Auth
module Ldap
class Person
- prepend_if_ee('::EE::Gitlab::Auth::Ldap::Person') # rubocop: disable Cop/InjectEnterpriseEditionModule
-
# Active Directory-specific LDAP filter that checks if bit 2 of the
# userAccountControl attribute is set.
# Source: http://ctogonewild.com/2009/09/03/bitmask-searches-in-ldap/
@@ -122,3 +120,5 @@ module Gitlab
end
end
end
+
+Gitlab::Auth::Ldap::Person.prepend_if_ee('::EE::Gitlab::Auth::Ldap::Person')
diff --git a/lib/gitlab/auth/ldap/user.rb b/lib/gitlab/auth/ldap/user.rb
index df14e5fc3dc..1405fb4ab95 100644
--- a/lib/gitlab/auth/ldap/user.rb
+++ b/lib/gitlab/auth/ldap/user.rb
@@ -11,8 +11,6 @@ module Gitlab
module Ldap
class User < Gitlab::Auth::OAuth::User
extend ::Gitlab::Utils::Override
- prepend_if_ee('::EE::Gitlab::Auth::Ldap::User') # rubocop: disable Cop/InjectEnterpriseEditionModule
-
class << self
# rubocop: disable CodeReuse/ActiveRecord
def find_by_uid_and_provider(uid, provider)
@@ -64,3 +62,5 @@ module Gitlab
end
end
end
+
+Gitlab::Auth::Ldap::User.prepend_if_ee('::EE::Gitlab::Auth::Ldap::User')
diff --git a/lib/gitlab/auth/o_auth/auth_hash.rb b/lib/gitlab/auth/o_auth/auth_hash.rb
index b37a9225dd7..46ff6b2ccab 100644
--- a/lib/gitlab/auth/o_auth/auth_hash.rb
+++ b/lib/gitlab/auth/o_auth/auth_hash.rb
@@ -6,8 +6,6 @@ module Gitlab
module Auth
module OAuth
class AuthHash
- prepend_if_ee('::EE::Gitlab::Auth::OAuth::AuthHash') # rubocop: disable Cop/InjectEnterpriseEditionModule
-
attr_reader :auth_hash
def initialize(auth_hash)
@auth_hash = auth_hash
@@ -93,3 +91,5 @@ module Gitlab
end
end
end
+
+Gitlab::Auth::OAuth::AuthHash.prepend_if_ee('::EE::Gitlab::Auth::OAuth::AuthHash')
diff --git a/lib/gitlab/auth/o_auth/provider.rb b/lib/gitlab/auth/o_auth/provider.rb
index f0811098b15..6d699d37a8c 100644
--- a/lib/gitlab/auth/o_auth/provider.rb
+++ b/lib/gitlab/auth/o_auth/provider.rb
@@ -66,7 +66,10 @@ module Gitlab
nil
end
else
- Gitlab.config.omniauth.providers.find { |provider| provider.name == name }
+ provider = Gitlab.config.omniauth.providers.find { |provider| provider.name == name }
+ merge_provider_args_with_defaults!(provider)
+
+ provider
end
end
@@ -81,6 +84,15 @@ module Gitlab
config = config_for(name)
config && config['icon']
end
+
+ def self.merge_provider_args_with_defaults!(provider)
+ return unless provider
+
+ provider['args'] ||= {}
+
+ defaults = Gitlab::OmniauthInitializer.default_arguments_for(provider['name'])
+ provider['args'].deep_merge!(defaults.deep_stringify_keys)
+ end
end
end
end
diff --git a/lib/gitlab/auth/o_auth/user.rb b/lib/gitlab/auth/o_auth/user.rb
index df595da1536..8a60d6ef482 100644
--- a/lib/gitlab/auth/o_auth/user.rb
+++ b/lib/gitlab/auth/o_auth/user.rb
@@ -9,8 +9,6 @@ module Gitlab
module Auth
module OAuth
class User
- prepend_if_ee('::EE::Gitlab::Auth::OAuth::User') # rubocop: disable Cop/InjectEnterpriseEditionModule
-
SignupDisabledError = Class.new(StandardError)
SigninDisabledForProviderError = Class.new(StandardError)
@@ -275,3 +273,5 @@ module Gitlab
end
end
end
+
+Gitlab::Auth::OAuth::User.prepend_if_ee('::EE::Gitlab::Auth::OAuth::User')
diff --git a/lib/gitlab/auth/result.rb b/lib/gitlab/auth/result.rb
index 0fe91f9f3c8..757a0e671c3 100644
--- a/lib/gitlab/auth/result.rb
+++ b/lib/gitlab/auth/result.rb
@@ -3,8 +3,6 @@
module Gitlab
module Auth
Result = Struct.new(:actor, :project, :type, :authentication_abilities) do
- prepend_if_ee('::EE::Gitlab::Auth::Result') # rubocop: disable Cop/InjectEnterpriseEditionModule
-
def ci?(for_project)
type == :ci &&
project &&
@@ -26,3 +24,5 @@ module Gitlab
end
end
end
+
+Gitlab::Auth::Result.prepend_if_ee('::EE::Gitlab::Auth::Result')
diff --git a/lib/gitlab/auth/saml/config.rb b/lib/gitlab/auth/saml/config.rb
index ed2f3f158c1..67a53fa3205 100644
--- a/lib/gitlab/auth/saml/config.rb
+++ b/lib/gitlab/auth/saml/config.rb
@@ -4,8 +4,6 @@ module Gitlab
module Auth
module Saml
class Config
- prepend_if_ee('::EE::Gitlab::Auth::Saml::Config') # rubocop: disable Cop/InjectEnterpriseEditionModule
-
class << self
def options
Gitlab::Auth::OAuth::Provider.config_for('saml')
@@ -31,3 +29,5 @@ module Gitlab
end
end
end
+
+Gitlab::Auth::Saml::Config.prepend_if_ee('::EE::Gitlab::Auth::Saml::Config')
diff --git a/lib/gitlab/auth/saml/user.rb b/lib/gitlab/auth/saml/user.rb
index 1ba36ad95b4..37bc3f9bed0 100644
--- a/lib/gitlab/auth/saml/user.rb
+++ b/lib/gitlab/auth/saml/user.rb
@@ -9,8 +9,6 @@ module Gitlab
module Auth
module Saml
class User < Gitlab::Auth::OAuth::User
- prepend_if_ee('::EE::Gitlab::Auth::Saml::User') # rubocop: disable Cop/InjectEnterpriseEditionModule
-
extend ::Gitlab::Utils::Override
def save
@@ -63,3 +61,5 @@ module Gitlab
end
end
end
+
+Gitlab::Auth::Saml::User.prepend_if_ee('::EE::Gitlab::Auth::Saml::User')
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-09 13:02:38 +0300