diff options
Diffstat (limited to 'app/models/integrations/base_slash_commands.rb')
-rw-r--r-- | app/models/integrations/base_slash_commands.rb | 41 |
1 files changed, 28 insertions, 13 deletions
diff --git a/app/models/integrations/base_slash_commands.rb b/app/models/integrations/base_slash_commands.rb index 58821e5fb4e..f477263303f 100644 --- a/app/models/integrations/base_slash_commands.rb +++ b/app/models/integrations/base_slash_commands.rb @@ -4,6 +4,9 @@ # This class is not meant to be used directly, but only to inherrit from. module Integrations class BaseSlashCommands < Integration + CACHE_KEY = "slash-command-requests:%{secret}" + CACHE_EXPIRATION_TIME = 3.minutes + attribute :category, default: 'chat' def valid_token?(token) @@ -26,32 +29,44 @@ module Integrations chat_user = find_chat_user(params) user = chat_user&.user - if user - unless user.can?(:use_slash_commands) - return Gitlab::SlashCommands::Presenters::Access.new.deactivated if user.deactivated? + return unknown_user_message(params) unless user + + unless user.can?(:use_slash_commands) + return Gitlab::SlashCommands::Presenters::Access.new.deactivated if user.deactivated? - return Gitlab::SlashCommands::Presenters::Access.new.access_denied(project) - end + return Gitlab::SlashCommands::Presenters::Access.new.access_denied(project) + end + if Gitlab::SlashCommands::VerifyRequest.new(self, chat_user).valid? Gitlab::SlashCommands::Command.new(project, chat_user, params).execute else - url = authorize_chat_name_url(params) - Gitlab::SlashCommands::Presenters::Access.new(url).authorize + command_id = cache_slash_commands_request!(params) + Gitlab::SlashCommands::Presenters::Access.new.confirm(confirmation_url(command_id, params)) end end private - # rubocop: disable CodeReuse/ServiceClass def find_chat_user(params) - ChatNames::FindUserService.new(params[:team_id], params[:user_id]).execute + ChatNames::FindUserService.new(params[:team_id], params[:user_id]).execute # rubocop: disable CodeReuse/ServiceClass end - # rubocop: enable CodeReuse/ServiceClass - # rubocop: disable CodeReuse/ServiceClass def authorize_chat_name_url(params) - ChatNames::AuthorizeUserService.new(params).execute + ChatNames::AuthorizeUserService.new(params).execute # rubocop: disable CodeReuse/ServiceClass + end + + def unknown_user_message(params) + url = authorize_chat_name_url(params) + Gitlab::SlashCommands::Presenters::Access.new(url).authorize + end + + def cache_slash_commands_request!(params) + secret = SecureRandom.uuid + Kernel.format(CACHE_KEY, secret: secret).tap do |cache_key| + Rails.cache.write(cache_key, params, expires_in: CACHE_EXPIRATION_TIME) + end + + secret end - # rubocop: enable CodeReuse/ServiceClass end end |