Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-01-09 15:08:03 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-01-09 15:08:03 +0300
commit: cddaddb86bf6d4d277d206c42a9138a2d660ea56 (patch)
tree: 92da110e04602b7ea62835e41327e552150279f5 /lib/gitlab/auth
parent: 5afd8575506372dd64c238203bd05b4826f3ae2e (diff)
2 files changed, 17 insertions, 5 deletions
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb
index 33cbb070c2f..fe61d9fe8ca 100644
--- a/lib/gitlab/auth/auth_finders.rb
+++ b/lib/gitlab/auth/auth_finders.rb
@@ -25,9 +25,10 @@ module Gitlab
 
       PRIVATE_TOKEN_HEADER = 'HTTP_PRIVATE_TOKEN'
       PRIVATE_TOKEN_PARAM = :private_token
-      JOB_TOKEN_HEADER = "HTTP_JOB_TOKEN".freeze
+      JOB_TOKEN_HEADER = 'HTTP_JOB_TOKEN'.freeze
       JOB_TOKEN_PARAM = :job_token
       RUNNER_TOKEN_PARAM = :token
+      RUNNER_JOB_TOKEN_PARAM = :token
 
       # Check the Rails session for valid authentication details
       def find_user_from_warden
@@ -57,11 +58,13 @@ module Gitlab
       def find_user_from_job_token
         return unless route_authentication_setting[:job_token_allowed]
 
-        token = (params[JOB_TOKEN_PARAM] || env[JOB_TOKEN_HEADER]).to_s
-        return unless token.present?
+        token = current_request.params[JOB_TOKEN_PARAM].presence ||
+          current_request.params[RUNNER_JOB_TOKEN_PARAM].presence ||
+          current_request.env[JOB_TOKEN_HEADER].presence
+        return unless token
 
         job = ::Ci::Build.find_by_token(token)
-        raise ::Gitlab::Auth::UnauthorizedError unless job
+        raise UnauthorizedError unless job
 
         @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables
 
diff --git a/lib/gitlab/auth/request_authenticator.rb b/lib/gitlab/auth/request_authenticator.rb
index 34ccff588f4..c6216fa9cad 100644
--- a/lib/gitlab/auth/request_authenticator.rb
+++ b/lib/gitlab/auth/request_authenticator.rb
@@ -33,7 +33,8 @@ module Gitlab
         find_user_from_web_access_token(request_format) ||
           find_user_from_feed_token(request_format) ||
           find_user_from_static_object_token(request_format) ||
-          find_user_from_basic_auth_job
+          find_user_from_basic_auth_job ||
+          find_user_from_job_token
       rescue Gitlab::Auth::AuthenticationError
         nil
       end
@@ -45,6 +46,14 @@ module Gitlab
       rescue Gitlab::Auth::AuthenticationError
         false
       end
+
+      private
+
+      def route_authentication_setting
+        @route_authentication_setting ||= {
+          job_token_allowed: api_request?
+        }
+      end
     end
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-01-09 15:08:03 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-01-09 15:08:03 +0300
commit	cddaddb86bf6d4d277d206c42a9138a2d660ea56 (patch)
tree	92da110e04602b7ea62835e41327e552150279f5 /lib/gitlab/auth
parent	5afd8575506372dd64c238203bd05b4826f3ae2e (diff)