Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
eefbc837
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
eefbc837
编写于
1月 31, 2017
作者:
M
Markus Koller
提交者:
Alexis Reigel
3月 07, 2017
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Only use API scopes for personal access tokens
上级
93daeee1
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
64 addition
and
3 deletion
+64
-3
app/controllers/profiles/personal_access_tokens_controller.rb
...controllers/profiles/personal_access_tokens_controller.rb
+1
-1
app/models/personal_access_token.rb
app/models/personal_access_token.rb
+10
-0
lib/gitlab/auth.rb
lib/gitlab/auth.rb
+7
-2
spec/initializers/doorkeeper_spec.rb
spec/initializers/doorkeeper_spec.rb
+12
-0
spec/lib/gitlab/auth_spec.rb
spec/lib/gitlab/auth_spec.rb
+18
-0
spec/models/personal_access_token_spec.rb
spec/models/personal_access_token_spec.rb
+16
-0
未找到文件。
app/controllers/profiles/personal_access_tokens_controller.rb
浏览文件 @
eefbc837
...
...
@@ -35,7 +35,7 @@ class Profiles::PersonalAccessTokensController < Profiles::ApplicationController
def
set_index_vars
@personal_access_token
||=
current_user
.
personal_access_tokens
.
build
@scopes
=
Gitlab
::
Auth
::
SCOPES
@scopes
=
Gitlab
::
Auth
::
API_
SCOPES
@active_personal_access_tokens
=
current_user
.
personal_access_tokens
.
active
.
order
(
:expires_at
)
@inactive_personal_access_tokens
=
current_user
.
personal_access_tokens
.
inactive
end
...
...
app/models/personal_access_token.rb
浏览文件 @
eefbc837
...
...
@@ -9,6 +9,8 @@ class PersonalAccessToken < ActiveRecord::Base
scope
:active
,
->
{
where
(
revoked:
false
).
where
(
"expires_at >= NOW() OR expires_at IS NULL"
)
}
scope
:inactive
,
->
{
where
(
"revoked = true OR expires_at < NOW()"
)
}
validate
:validate_scopes
def
self
.
generate
(
params
)
personal_access_token
=
self
.
new
(
params
)
personal_access_token
.
ensure_token
...
...
@@ -19,4 +21,12 @@ class PersonalAccessToken < ActiveRecord::Base
self
.
revoked
=
true
self
.
save
end
protected
def
validate_scopes
unless
Set
.
new
(
scopes
.
map
(
&
:to_sym
)).
subset?
(
Set
.
new
(
Gitlab
::
Auth
::
API_SCOPES
))
errors
.
add
:scopes
,
"can only contain API scopes"
end
end
end
lib/gitlab/auth.rb
浏览文件 @
eefbc837
...
...
@@ -2,9 +2,14 @@ module Gitlab
module
Auth
MissingPersonalTokenError
=
Class
.
new
(
StandardError
)
SCOPES
=
[
:api
,
:read_user
,
:openid
,
:profile
,
:email
].
freeze
# Scopes used for GitLab API access
API_SCOPES
=
[
:api
,
:read_user
].
freeze
# Scopes used by doorkeeper-openid_connect
OPENID_SCOPES
=
[
:openid
].
freeze
DEFAULT_SCOPES
=
[
:api
].
freeze
OPTIONAL_SCOPES
=
SCOPES
-
DEFAULT_SCOPES
OPTIONAL_SCOPES
=
(
API_SCOPES
+
OPENID_SCOPES
-
DEFAULT_SCOPES
).
freeze
class
<<
self
def
find_for_git_client
(
login
,
password
,
project
:,
ip
:)
...
...
spec/initializers/doorkeeper_spec.rb
0 → 100644
浏览文件 @
eefbc837
require
'spec_helper'
require_relative
'../../config/initializers/doorkeeper'
describe
Doorkeeper
.
configuration
do
it
'default_scopes matches Gitlab::Auth::DEFAULT_SCOPES'
do
expect
(
subject
.
default_scopes
).
to
eq
Gitlab
::
Auth
::
DEFAULT_SCOPES
end
it
'optional_scopes matches Gitlab::Auth::OPTIONAL_SCOPES'
do
expect
(
subject
.
optional_scopes
).
to
eq
Gitlab
::
Auth
::
OPTIONAL_SCOPES
end
end
spec/lib/gitlab/auth_spec.rb
浏览文件 @
eefbc837
...
...
@@ -3,6 +3,24 @@ require 'spec_helper'
describe
Gitlab
::
Auth
,
lib:
true
do
let
(
:gl_auth
)
{
described_class
}
describe
'constants'
do
it
'API_SCOPES contains all scopes for API access'
do
expect
(
subject
::
API_SCOPES
).
to
eq
[
:api
,
:read_user
]
end
it
'OPENID_SCOPES contains all scopes for OpenID Connect'
do
expect
(
subject
::
OPENID_SCOPES
).
to
eq
[
:openid
]
end
it
'DEFAULT_SCOPES contains all default scopes'
do
expect
(
subject
::
DEFAULT_SCOPES
).
to
eq
[
:api
]
end
it
'OPTIONAL_SCOPES contains all non-default scopes'
do
expect
(
subject
::
OPTIONAL_SCOPES
).
to
eq
[
:read_user
,
:openid
]
end
end
describe
'find_for_git_client'
do
context
'build token'
do
subject
{
gl_auth
.
find_for_git_client
(
'gitlab-ci-token'
,
build
.
token
,
project:
project
,
ip:
'ip'
)
}
...
...
spec/models/personal_access_token_spec.rb
浏览文件 @
eefbc837
...
...
@@ -12,4 +12,20 @@ describe PersonalAccessToken, models: true do
expect
(
personal_access_token
).
not_to
be_persisted
end
end
describe
'validate_scopes'
do
it
"allows creating a token with API scopes"
do
personal_access_token
=
build
(
:personal_access_token
)
personal_access_token
.
scopes
=
[
:api
,
:read_user
]
expect
(
personal_access_token
).
to
be_valid
end
it
"rejects creating a token with non-API scopes"
do
personal_access_token
=
build
(
:personal_access_token
)
personal_access_token
.
scopes
=
[
:openid
,
:api
]
expect
(
personal_access_token
).
not_to
be_valid
end
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录