From aaa6d80870d5215390a7cd919d91309e5a8795b7 Mon Sep 17 00:00:00 2001
From: Mayra Cabrera <mcabrera@gitlab.com>
Date: Sat, 31 Mar 2018 16:45:02 -0600
Subject: Implement read_registry for DeployTokens

---
 app/controllers/jwt_controller.rb | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb
index 7d6fe6a0232..76e7473e92c 100644
--- a/app/controllers/jwt_controller.rb
+++ b/app/controllers/jwt_controller.rb
@@ -23,10 +23,11 @@ class JwtController < ApplicationController
     @authentication_result = Gitlab::Auth::Result.new(nil, nil, :none, Gitlab::Auth.read_authentication_abilities)
 
     authenticate_with_http_basic do |login, password|
-      @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip)
+      project = find_project_related(password)
+      @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: project, ip: request.ip)
 
       if @authentication_result.failed? ||
-          (@authentication_result.actor.present? && !@authentication_result.actor.is_a?(User))
+          (@authentication_result.actor.present? && !user_or_deploy_token)
         render_unauthorized
       end
     end
@@ -57,4 +58,12 @@ class JwtController < ApplicationController
   def auth_params
     params.permit(:service, :scope, :account, :client_id)
   end
+
+  def find_project_related(password)
+    DeployToken.active.find_by(token: password)&.project
+  end
+
+  def user_or_deploy_token
+    @authentication_result.actor.is_a?(User) || @authentication_result.actor.is_a?(DeployToken)
+  end
 end
-- 
cgit v1.2.3