Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
aecc3eb0
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
aecc3eb0
编写于
11月 08, 2017
作者:
F
Francisco Lopez
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Applied some code review comments
上级
374179a9
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
29 addition
and
32 deletion
+29
-32
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+1
-2
lib/api/api_guard.rb
lib/api/api_guard.rb
+0
-5
lib/gitlab/auth/request_authenticator.rb
lib/gitlab/auth/request_authenticator.rb
+6
-2
lib/gitlab/auth/user_auth_finders.rb
lib/gitlab/auth/user_auth_finders.rb
+22
-23
未找到文件。
app/controllers/application_controller.rb
浏览文件 @
aecc3eb0
...
...
@@ -99,8 +99,7 @@ class ApplicationController < ActionController::Base
return
try
(
:authenticated_user
)
end
# This filter handles private tokens, personal access tokens, and atom
# requests with rss tokens
# This filter handles personal access tokens, and atom requests with rss tokens
def
authenticate_sessionless_user!
user
=
Gitlab
::
Auth
::
RequestAuthenticator
.
new
(
request
).
find_sessionless_user
...
...
lib/api/api_guard.rb
浏览文件 @
aecc3eb0
...
...
@@ -45,7 +45,6 @@ module API
include
Gitlab
::
Utils
::
StrongMemoize
def
find_current_user!
set_raise_unauthorized_error
user
=
find_user_from_access_token
||
find_user_from_warden
return
unless
user
...
...
@@ -75,10 +74,6 @@ module API
private
def
private_token
params
[
PRIVATE_TOKEN_PARAM
].
presence
||
env
[
PRIVATE_TOKEN_HEADER
].
presence
end
# An array of scopes that were registered (using `allow_access_with_scope`)
# for the current endpoint class. It also returns scopes registered on
# `API::API`, since these are meant to apply to all API routes.
...
...
lib/gitlab/auth/request_authenticator.rb
浏览文件 @
aecc3eb0
...
...
@@ -7,8 +7,10 @@ module Gitlab
attr_reader
:request
delegate
:params
,
:env
,
to: :request
def
initialize
(
request
)
@request
=
ensure_action_dispatch_request
(
request
)
@request
=
request
end
def
user
...
...
@@ -16,7 +18,9 @@ module Gitlab
end
def
find_sessionless_user
find_user_from_access_token
||
find_user_by_rss_token
find_user_from_access_token
||
find_user_from_rss_token
rescue
StandardError
nil
end
end
end
...
...
lib/gitlab/auth/user_auth_finders.rb
浏览文件 @
aecc3eb0
module
Gitlab
module
Auth
module
UserAuthFinders
PRIVATE_TOKEN_HEADER
=
'HTTP_PRIVATE_TOKEN'
.
freeze
PRIVATE_TOKEN_PARAM
=
:private_token
# Check the Rails session for valid authentication details
def
find_user_from_warden
request
.
env
[
'warden'
]
&
.
authenticate
if
verified_request?
env
[
'warden'
]
&
.
authenticate
if
verified_request?
end
def
find_user_
by
_rss_token
def
find_user_
from
_rss_token
return
unless
request
.
format
.
atom?
token
=
request
.
params
[
:rss_token
].
presence
return
unless
token
.
present?
token
=
params
[
:rss_token
].
presence
return
unless
token
handle_return_value!
(
User
.
find_by_rss_token
(
token
))
end
...
...
@@ -24,14 +27,22 @@ module Gitlab
end
def
validate_access_token!
(
scopes:
[])
return
unless
access_token
case
AccessTokenValidationService
.
new
(
access_token
,
request:
request
).
validate
(
scopes:
scopes
)
when
AccessTokenValidationService
::
INSUFFICIENT_SCOPE
raise
API
::
APIGuard
::
InsufficientScopeError
.
new
(
scopes
)
when
AccessTokenValidationService
::
EXPIRED
raise
API
::
APIGuard
::
ExpiredError
when
AccessTokenValidationService
::
REVOKED
raise
API
::
APIGuard
::
RevokedError
end
end
private
def
handle_return_value!
(
value
,
&
block
)
unless
value
raise_unauthorized_error?
?
raise_unauthorized_error!
:
return
end
raise
API
::
APIGuard
::
UnauthorizedError
unless
value
block_given?
?
yield
(
value
)
:
value
end
...
...
@@ -43,13 +54,13 @@ module Gitlab
end
def
private_token
request
.
params
[
:private_token
].
presence
||
request
.
headers
[
'PRIVATE-TOKEN'
].
presence
params
[
PRIVATE_TOKEN_PARAM
].
presence
||
env
[
PRIVATE_TOKEN_HEADER
].
presence
end
def
find_personal_access_token
token
=
private_token
.
to_s
return
unless
token
.
present?
token
=
private_token
return
unless
token
# Expiration, revocation and scopes are verified in `validate_access_token!`
handle_return_value!
(
PersonalAccessToken
.
find_by
(
token:
token
))
...
...
@@ -77,18 +88,6 @@ module Gitlab
ActionDispatch
::
Request
.
new
(
request
.
env
)
end
def
raise_unauthorized_error?
defined?
(
@raise_unauthorized_error
)
?
@raise_unauthorized_error
:
false
end
def
set_raise_unauthorized_error
@raise_unauthorized_error
=
true
end
def
raise_unauthorized_error!
raise
API
::
APIGuard
::
UnauthorizedError
end
end
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录