lib/gitlab/slash_commands/verify_request.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

# frozen_string_literal: true

module Gitlab
  module SlashCommands
    class VerifyRequest
      attr_accessor :integration, :chat_name, :response_url

      def initialize(integration, chat_name, response_url = nil)
        @integration = integration
        @chat_name = chat_name
        @response_url = response_url
      end

      def approve!
        update_token!
        update_source_message
      end

      def valid?
        return false if integration.token.nil? || chat_name.token.nil?

        ActiveSupport::SecurityUtils.secure_compare(integration.token, chat_name.token)
      end

      private

      def update_token!
        chat_name.update!(token: integration.token)
      end

      def update_source_message
        request_body = Gitlab::Json.dump(verified_request_body)

        Gitlab::HTTP.post(response_url, body: request_body, headers: headers)
      end

      def verified_request_body
        {
          'replace_original' => 'true',
          'text' => _("You've successfully verified! You now have access to slash commands. " \
                      "Thanks for helping ensure security!")
        }
      end

      def headers
        { 'Content-Type' => 'application/json' }
      end
    end
  end
end