Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/api/helpers
diff options
context:
space:
mode:
Diffstat (limited to 'lib/api/helpers')
-rw-r--r--lib/api/helpers/authentication.rb73
-rw-r--r--lib/api/helpers/merge_requests_helpers.rb12
-rw-r--r--lib/api/helpers/packages/basic_auth_helpers.rb13
-rw-r--r--lib/api/helpers/pagination.rb4
-rw-r--r--lib/api/helpers/projects_helpers.rb4
-rw-r--r--lib/api/helpers/services_helpers.rb2
6 files changed, 103 insertions, 5 deletions
diff --git a/lib/api/helpers/authentication.rb b/lib/api/helpers/authentication.rb
new file mode 100644
index 00000000000..a6cfe930190
--- /dev/null
+++ b/lib/api/helpers/authentication.rb
@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+module API
+ module Helpers
+ module Authentication
+ extend ActiveSupport::Concern
+
+ class_methods do
+ def authenticate_with(&block)
+ strategies = ::Gitlab::APIAuthentication::Builder.new.build(&block)
+ namespace_inheritable :authentication, strategies
+ end
+ end
+
+ included do
+ helpers ::Gitlab::Utils::StrongMemoize
+
+ helpers do
+ def token_from_namespace_inheritable
+ strong_memoize(:token_from_namespace_inheritable) do
+ strategies = namespace_inheritable(:authentication)
+ next unless strategies&.any?
+
+ # Extract credentials from the request
+ found = strategies.to_h { |location, _| [location, ::Gitlab::APIAuthentication::TokenLocator.new(location).extract(current_request)] }
+ found.filter! { |location, raw| raw }
+ next unless found.any?
+
+ # Specifying multiple credentials is an error
+ # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38627#note_475984136
+ bad_request!('Found more than one set of credentials') if found.size > 1
+
+ location, raw = found.first
+ find_token_from_raw_credentials(strategies[location], raw)
+ end
+
+ rescue ::Gitlab::Auth::UnauthorizedError
+ # TODO: this should be rescued and converted by the exception handling middleware
+ # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/38627#note_475174516
+ unauthorized!
+ end
+
+ def access_token_from_namespace_inheritable
+ token = token_from_namespace_inheritable
+ token if token.is_a? PersonalAccessToken
+ end
+
+ def user_from_namespace_inheritable
+ token = token_from_namespace_inheritable
+ return token if token.is_a? DeployToken
+
+ token&.user
+ end
+
+ private
+
+ def find_token_from_raw_credentials(token_types, raw)
+ token_types.each do |token_type|
+ # Resolve a token from the raw credentials
+ token = ::Gitlab::APIAuthentication::TokenResolver.new(token_type).resolve(raw)
+ return token if token
+ end
+
+ # If a request provides credentials via an allowed transport, the
+ # credentials must be valid. If we reach this point, the credentials
+ # must not be valid credentials of an allowed type.
+ raise ::Gitlab::Auth::UnauthorizedError
+ end
+ end
+ end
+ end
+ end
+end
diff --git a/lib/api/helpers/merge_requests_helpers.rb b/lib/api/helpers/merge_requests_helpers.rb
index 9b38eeb1e72..f8fe40f7135 100644
--- a/lib/api/helpers/merge_requests_helpers.rb
+++ b/lib/api/helpers/merge_requests_helpers.rb
@@ -21,6 +21,9 @@ module API
coerce_with: Validations::Validators::CheckAssigneesCount.coerce,
desc: 'Return merge requests which are assigned to the user with the given username'
mutually_exclusive :assignee_id, :assignee_username
+ optional :reviewer_username,
+ type: String,
+ desc: 'Return merge requests which have the user as a reviewer with the given username'
optional :labels,
type: Array[String],
@@ -32,6 +35,11 @@ module API
params :merge_requests_base_params do
use :merge_requests_negatable_params
+ optional :reviewer_id,
+ types: [Integer, String],
+ integer_none_any: true,
+ desc: 'Return merge requests which have the user as a reviewer with the given ID'
+ mutually_exclusive :reviewer_id, :reviewer_username
optional :state,
type: String,
values: %w[opened closed locked merged all],
@@ -72,6 +80,10 @@ module API
optional :wip, type: String, values: %w[yes no], desc: 'Search merge requests for WIP in the title'
optional :not, type: Hash, desc: 'Parameters to negate' do
use :merge_requests_negatable_params
+ optional :reviewer_id,
+ types: Integer,
+ desc: 'Return merge requests which have the user as a reviewer with the given ID'
+ mutually_exclusive :reviewer_id, :reviewer_username
end
optional :deployed_before,
diff --git a/lib/api/helpers/packages/basic_auth_helpers.rb b/lib/api/helpers/packages/basic_auth_helpers.rb
index 0784efc11d6..c32ce199dd6 100644
--- a/lib/api/helpers/packages/basic_auth_helpers.rb
+++ b/lib/api/helpers/packages/basic_auth_helpers.rb
@@ -12,6 +12,7 @@ module API
end
include Constants
+ include Gitlab::Utils::StrongMemoize
def unauthorized_user_project
@unauthorized_user_project ||= find_project(params[:id])
@@ -35,6 +36,18 @@ module API
project
end
+ def find_authorized_group!
+ strong_memoize(:authorized_group) do
+ group = find_group(params[:id])
+
+ unless group && can?(current_user, :read_group, group)
+ next unauthorized_or! { not_found! }
+ end
+
+ group
+ end
+ end
+
def authorize!(action, subject = :global, reason = nil)
return if can?(current_user, action, subject)
diff --git a/lib/api/helpers/pagination.rb b/lib/api/helpers/pagination.rb
index 227aec224e5..48618e7d26d 100644
--- a/lib/api/helpers/pagination.rb
+++ b/lib/api/helpers/pagination.rb
@@ -3,8 +3,8 @@
module API
module Helpers
module Pagination
- def paginate(*args)
- Gitlab::Pagination::OffsetPagination.new(self).paginate(*args)
+ def paginate(*args, **kwargs)
+ Gitlab::Pagination::OffsetPagination.new(self).paginate(*args, **kwargs)
end
end
end
diff --git a/lib/api/helpers/projects_helpers.rb b/lib/api/helpers/projects_helpers.rb
index f5f45cf7351..cf2bcace33b 100644
--- a/lib/api/helpers/projects_helpers.rb
+++ b/lib/api/helpers/projects_helpers.rb
@@ -87,6 +87,7 @@ module API
params :optional_update_params_ce do
optional :ci_forward_deployment_enabled, type: Boolean, desc: 'Skip older deployment jobs that are still pending'
+ optional :restrict_user_defined_variables, type: Boolean, desc: 'Restrict use of user-defined variables when triggering a pipeline'
end
params :optional_update_params_ee do
@@ -99,7 +100,7 @@ module API
params :optional_container_expiration_policy_params do
optional :cadence, type: String, desc: 'Container expiration policy cadence for recurring job'
- optional :keep_n, type: String, desc: 'Container expiration policy number of images to keep'
+ optional :keep_n, type: Integer, desc: 'Container expiration policy number of images to keep'
optional :older_than, type: String, desc: 'Container expiration policy remove images older than value'
optional :name_regex, type: String, desc: 'Container expiration policy regex for image removal'
optional :name_regex_keep, type: String, desc: 'Container expiration policy regex for image retention'
@@ -141,6 +142,7 @@ module API
:repository_access_level,
:request_access_enabled,
:resolve_outdated_diff_discussions,
+ :restrict_user_defined_variables,
:shared_runners_enabled,
:snippets_access_level,
:tag_list,
diff --git a/lib/api/helpers/services_helpers.rb b/lib/api/helpers/services_helpers.rb
index 9d2fd9978d9..6101a8d307e 100644
--- a/lib/api/helpers/services_helpers.rb
+++ b/lib/api/helpers/services_helpers.rb
@@ -161,7 +161,6 @@ module API
def self.services
{
- 'alerts' => [],
'asana' => [
{
required: true,
@@ -807,7 +806,6 @@ module API
def self.service_classes
[
- ::AlertsService,
::AsanaService,
::AssemblaService,
::BambooService,
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-16 11:34:41 +0300