blob: f477263303f8b19db1fb5ae269d4b64976ce9306 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
# frozen_string_literal: true
# Base class for ChatOps integrations
# This class is not meant to be used directly, but only to inherrit from.
module Integrations
class BaseSlashCommands < Integration
CACHE_KEY = "slash-command-requests:%{secret}"
CACHE_EXPIRATION_TIME = 3.minutes
attribute :category, default: 'chat'
def valid_token?(token)
self.respond_to?(:token) &&
self.token.present? &&
ActiveSupport::SecurityUtils.secure_compare(token, self.token)
end
def self.supported_events
%w[]
end
def testable?
false
end
def trigger(params)
return unless valid_token?(params[:token])
chat_user = find_chat_user(params)
user = chat_user&.user
return unknown_user_message(params) unless user
unless user.can?(:use_slash_commands)
return Gitlab::SlashCommands::Presenters::Access.new.deactivated if user.deactivated?
return Gitlab::SlashCommands::Presenters::Access.new.access_denied(project)
end
if Gitlab::SlashCommands::VerifyRequest.new(self, chat_user).valid?
Gitlab::SlashCommands::Command.new(project, chat_user, params).execute
else
command_id = cache_slash_commands_request!(params)
Gitlab::SlashCommands::Presenters::Access.new.confirm(confirmation_url(command_id, params))
end
end
private
def find_chat_user(params)
ChatNames::FindUserService.new(params[:team_id], params[:user_id]).execute # rubocop: disable CodeReuse/ServiceClass
end
def authorize_chat_name_url(params)
ChatNames::AuthorizeUserService.new(params).execute # rubocop: disable CodeReuse/ServiceClass
end
def unknown_user_message(params)
url = authorize_chat_name_url(params)
Gitlab::SlashCommands::Presenters::Access.new(url).authorize
end
def cache_slash_commands_request!(params)
secret = SecureRandom.uuid
Kernel.format(CACHE_KEY, secret: secret).tap do |cache_key|
Rails.cache.write(cache_key, params, expires_in: CACHE_EXPIRATION_TIME)
end
secret
end
end
end
|