diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-09 15:08:03 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-09 15:08:03 +0300 |
commit | cddaddb86bf6d4d277d206c42a9138a2d660ea56 (patch) | |
tree | 92da110e04602b7ea62835e41327e552150279f5 /lib/gitlab/auth | |
parent | 5afd8575506372dd64c238203bd05b4826f3ae2e (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/auth')
-rw-r--r-- | lib/gitlab/auth/auth_finders.rb | 11 | ||||
-rw-r--r-- | lib/gitlab/auth/request_authenticator.rb | 11 |
2 files changed, 17 insertions, 5 deletions
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb index 33cbb070c2f..fe61d9fe8ca 100644 --- a/lib/gitlab/auth/auth_finders.rb +++ b/lib/gitlab/auth/auth_finders.rb @@ -25,9 +25,10 @@ module Gitlab PRIVATE_TOKEN_HEADER = 'HTTP_PRIVATE_TOKEN' PRIVATE_TOKEN_PARAM = :private_token - JOB_TOKEN_HEADER = "HTTP_JOB_TOKEN".freeze + JOB_TOKEN_HEADER = 'HTTP_JOB_TOKEN'.freeze JOB_TOKEN_PARAM = :job_token RUNNER_TOKEN_PARAM = :token + RUNNER_JOB_TOKEN_PARAM = :token # Check the Rails session for valid authentication details def find_user_from_warden @@ -57,11 +58,13 @@ module Gitlab def find_user_from_job_token return unless route_authentication_setting[:job_token_allowed] - token = (params[JOB_TOKEN_PARAM] || env[JOB_TOKEN_HEADER]).to_s - return unless token.present? + token = current_request.params[JOB_TOKEN_PARAM].presence || + current_request.params[RUNNER_JOB_TOKEN_PARAM].presence || + current_request.env[JOB_TOKEN_HEADER].presence + return unless token job = ::Ci::Build.find_by_token(token) - raise ::Gitlab::Auth::UnauthorizedError unless job + raise UnauthorizedError unless job @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables diff --git a/lib/gitlab/auth/request_authenticator.rb b/lib/gitlab/auth/request_authenticator.rb index 34ccff588f4..c6216fa9cad 100644 --- a/lib/gitlab/auth/request_authenticator.rb +++ b/lib/gitlab/auth/request_authenticator.rb @@ -33,7 +33,8 @@ module Gitlab find_user_from_web_access_token(request_format) || find_user_from_feed_token(request_format) || find_user_from_static_object_token(request_format) || - find_user_from_basic_auth_job + find_user_from_basic_auth_job || + find_user_from_job_token rescue Gitlab::Auth::AuthenticationError nil end @@ -45,6 +46,14 @@ module Gitlab rescue Gitlab::Auth::AuthenticationError false end + + private + + def route_authentication_setting + @route_authentication_setting ||= { + job_token_allowed: api_request? + } + end end end end |