diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index c425702fd756678e2d9e217b96c51eca0a70cd8b..c21afaa1551772585b672ddda513d71794b6c7bc 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -92,7 +92,7 @@ module Gitlab
       def oauth_access_token_check(login, password)
         if login == "oauth2" && password.present?
           token = Doorkeeper::AccessToken.by_token(password)
-          if token && token.accessible? && token_has_scope?(token)
+          if valid_oauth_token?(token)
             user = User.find_by(id: token.resource_owner_id)
             Gitlab::Auth::Result.new(user, nil, :oauth, read_authentication_abilities)
           end
@@ -104,12 +104,20 @@ module Gitlab
           token = PersonalAccessToken.active.find_by_token(password)
           validation = User.by_login(login)
 
-          if token && token.user == validation && token_has_scope?(token)
+          if valid_personal_access_token?(token, validation)
             Gitlab::Auth::Result.new(validation, nil, :personal_token, full_authentication_abilities)
           end
         end
       end
 
+      def valid_oauth_token?(token)
+        token && token.accessible? && token_has_scope?(token)
+      end
+
+      def valid_personal_access_token?(token, user)
+        token && token.user == user && token_has_scope?(token)
+      end
+
       def token_has_scope?(token)
         AccessTokenValidationService.sufficient_scope?(token, ['api'])
       end