diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-29 00:20:15 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-29 00:20:15 +0300 |
commit | 92d5172ad42ebc62eb78cac21b1e236ad6ace580 (patch) | |
tree | ca89437d4725caeb4e27682522061d3bab7e05b0 /lib/gitlab | |
parent | f4a969f7f495978a7e656c69c929c9fdac111cff (diff) |
Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee
Diffstat (limited to 'lib/gitlab')
-rw-r--r-- | lib/gitlab/auth/auth_finders.rb | 16 | ||||
-rw-r--r-- | lib/gitlab/regex.rb | 5 |
2 files changed, 9 insertions, 12 deletions
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb index f3d0c053880..ccf52bae9a5 100644 --- a/lib/gitlab/auth/auth_finders.rb +++ b/lib/gitlab/auth/auth_finders.rb @@ -69,9 +69,7 @@ module Gitlab current_request.env[JOB_TOKEN_HEADER].presence return unless token - job = ::Ci::Build.find_by_token(token) - raise UnauthorizedError unless job - + job = find_valid_running_job_by_token!(token) @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables job.user @@ -84,9 +82,7 @@ module Gitlab return unless login.present? && password.present? return unless ::Gitlab::Auth::CI_JOB_USER == login - job = ::Ci::Build.find_by_token(password) - raise UnauthorizedError unless job - + job = find_valid_running_job_by_token!(password) job.user end @@ -179,7 +175,7 @@ module Gitlab token = parsed_oauth_token return unless token - job = ::Ci::Build.find_by_token(token) + job = ::Ci::AuthJobFinder.new(token: token).execute return unless job @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables @@ -304,6 +300,12 @@ module Gitlab def blob_request? current_request.path.include?('/raw/') end + + def find_valid_running_job_by_token!(token) + ::Ci::AuthJobFinder.new(token: token).execute.tap do |job| + raise UnauthorizedError unless job + end + end end end end diff --git a/lib/gitlab/regex.rb b/lib/gitlab/regex.rb index 1e1e0d856b7..2d625737e05 100644 --- a/lib/gitlab/regex.rb +++ b/lib/gitlab/regex.rb @@ -6,11 +6,6 @@ module Gitlab CONAN_RECIPE_FILES = %w[conanfile.py conanmanifest.txt conan_sources.tgz conan_export.tgz].freeze CONAN_PACKAGE_FILES = %w[conaninfo.txt conanmanifest.txt conan_package.tgz].freeze - def conan_file_name_regex - @conan_file_name_regex ||= - %r{\A#{(CONAN_RECIPE_FILES + CONAN_PACKAGE_FILES).join("|")}\z}.freeze - end - def conan_package_reference_regex @conan_package_reference_regex ||= %r{\A[A-Za-z0-9]+\z}.freeze end |