From 571226f166f638f821ce84b90bce9cec1e5d5d06 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Tue, 13 Sep 2016 15:27:05 +0200
Subject: Make result to return project and capabilities granted

---
 app/controllers/jwt_controller.rb | 30 ++++++++++--------------------
 1 file changed, 10 insertions(+), 20 deletions(-)

(limited to 'app/controllers/jwt_controller.rb')

diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb
index ca02df28b91..1b075cc5e2d 100644
--- a/app/controllers/jwt_controller.rb
+++ b/app/controllers/jwt_controller.rb
@@ -11,7 +11,7 @@ class JwtController < ApplicationController
     service = SERVICES[params[:service]]
     return head :not_found unless service
 
-    result = service.new(@project, @user, auth_params).execute(access_type: @access_type)
+    result = service.new(@project, @user, auth_params).execute(capabilities: @capabilities)
 
     render json: result, status: result[:http_status]
   end
@@ -20,12 +20,16 @@ class JwtController < ApplicationController
 
   def authenticate_project_or_user
     authenticate_with_http_basic do |login, password|
-      # if it's possible we first try to authenticate project with login and password
-      @project, @user, @access_type = authenticate_build(login, password)
-      return if @project
+      @auth_result = Gitlab::Auth.find_for_git_client(login, password, ip: request.ip)
 
-      @user, @access_type = authenticate_user(login, password)
-      return if @user
+      @user = auth_result.user
+      @project = auth_result.project
+      @type = auth_result.type
+      @capabilities = auth_result.capabilities || []
+
+      if @user || @project
+        return # Allow access
+      end
 
       render_403
     end
@@ -34,18 +38,4 @@ class JwtController < ApplicationController
   def auth_params
     params.permit(:service, :scope, :account, :client_id)
   end
-
-  def authenticate_build(login, password)
-    return unless login == 'gitlab-ci-token'
-    return unless password
-
-    build = Ci::Build.running.find_by(token: password)
-    return build.project, build.user, :restricted if build
-  end
-
-  def authenticate_user(login, password)
-    user = Gitlab::Auth.find_with_user_password(login, password)
-    Gitlab::Auth.rate_limit!(request.ip, success: user.present?, login: login)
-    return user, :full
-  end
 end
-- 
cgit v1.2.3