diff options
| author | Patricio Cano <suprnova32@gmail.com> | 2016-09-15 19:54:24 +0300 |
|---|---|---|
| committer | Patricio Cano <suprnova32@gmail.com> | 2016-09-15 20:21:00 +0300 |
| commit | be09bcf074e6048aa9ba5f8dfb99754e6afbe156 (patch) | |
| tree | 005f87b80bfe5e3f2320398252b18eb7601cbb8f /lib | |
| parent | de24075ea5960bd7c6290c05496915e8f0ca23f2 (diff) | |
Refactored authentication code to make it a bit clearer, added test for wrong SSH key.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/auth.rb | 43 | ||||
| -rw-r--r-- | lib/gitlab/lfs_token.rb | 2 |
2 files changed, 21 insertions, 24 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 391b8f2f5de..6be9bf7de44 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -1,6 +1,10 @@ module Gitlab module Auth - Result = Struct.new(:actor, :type) + Result = Struct.new(:actor, :type) do + def success? + actor.present? || type == :ci + end + end class MissingPersonalTokenError < StandardError; end @@ -8,7 +12,16 @@ module Gitlab def find_for_git_client(login, password, project:, ip:) raise "Must provide an IP for rate limiting" if ip.nil? - populate_result(login, password, project, ip) + result = + ci_request_check(login, password, project) || + user_with_password_for_git(login, password) || + oauth_access_token_check(login, password) || + lfs_token_check(login, password) || + personal_access_token_check(login, password) + + rate_limit!(ip, success: result && result.success?, login: login) + + result || Result.new end def find_with_user_password(login, password) @@ -49,24 +62,6 @@ module Gitlab private - def populate_result(login, password, project, ip) - result = - ci_request_check(login, password, project) || - user_with_password_for_git(login, password) || - oauth_access_token_check(login, password) || - lfs_token_check(login, password) || - personal_access_token_check(login, password) - - if result && result.type != :ci - result.type = nil unless result.actor - end - - success = result ? result.actor.present? || result.type == :ci : false - rate_limit!(ip, success: success, login: login) - - result || Result.new - end - def valid_ci_request?(login, password, project) matched_login = /(?<service>^[a-zA-Z]*-ci)-token$/.match(login) @@ -110,7 +105,7 @@ module Gitlab if login && password user = User.find_by_personal_access_token(password) validation = User.by_login(login) - Result.new(user, :personal_token) if user == validation + Result.new(user, :personal_token) if user.present? && user == validation end end @@ -124,9 +119,11 @@ module Gitlab User.by_login(login) end - token_handler = Gitlab::LfsToken.new(actor) + if actor + token_handler = Gitlab::LfsToken.new(actor) - Result.new(actor, token_handler.type) if actor && Devise.secure_compare(token_handler.value, password) + Result.new(actor, token_handler.type) if Devise.secure_compare(token_handler.value, password) + end end end end diff --git a/lib/gitlab/lfs_token.rb b/lib/gitlab/lfs_token.rb index 224e4516074..f492754b1c8 100644 --- a/lib/gitlab/lfs_token.rb +++ b/lib/gitlab/lfs_token.rb @@ -13,7 +13,7 @@ module Gitlab when Key actor.user else - # + raise 'Bad Actor' end end |