diff options
| author | Michael Kozono <mkozono@gmail.com> | 2017-10-21 22:10:03 +0300 |
|---|---|---|
| committer | Francisco Lopez <fjlopez@gitlab.com> | 2017-11-17 09:58:18 +0100 |
| commit | 4e5a97d4f3cc8b17728fe116fc24c043a03f38c6 (patch) | |
| tree | 04874fd7a5adf5bd2f3cdea050f615167a42b1de | |
| parent | 09b01c756069058e02ba4fc9f5f53a534aef3fe3 (diff) | |
| download | gitlab-ce-4e5a97d4f3cc8b17728fe116fc24c043a03f38c6.tar.gz | |
Refactor with ActionDispatch::Request
| -rw-r--r-- | lib/gitlab/auth/request_authenticator.rb | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/lib/gitlab/auth/request_authenticator.rb b/lib/gitlab/auth/request_authenticator.rb index d3da4cc2d2b..999104f91f5 100644 --- a/lib/gitlab/auth/request_authenticator.rb +++ b/lib/gitlab/auth/request_authenticator.rb @@ -4,7 +4,7 @@ module Gitlab module Auth class RequestAuthenticator def initialize(request) - @request = request + @request = ensure_action_dispatch_request(request) end def user @@ -21,21 +21,17 @@ module Gitlab @request.env['warden']&.authenticate if verified_request? end - # request may be Rack::Attack::Request which is just a Rack::Request, so - # we cannot use ActionDispatch::Request methods. def find_user_by_private_token - token = @request.params['private_token'].presence || @request.env['HTTP_PRIVATE_TOKEN'].presence + token = @request.params[:private_token].presence || @request.headers['PRIVATE-TOKEN'].presence return unless token.present? User.find_by_authentication_token(token) || User.find_by_personal_access_token(token) end - # request may be Rack::Attack::Request which is just a Rack::Request, so - # we cannot use ActionDispatch::Request methods. def find_user_by_rss_token - return unless @request.path.ends_with?('atom') || @request.env['HTTP_ACCEPT'] == 'application/atom+xml' + return unless @request.path.ends_with?('atom') || @request.format == 'atom' - token = @request.params['rss_token'].presence + token = @request.params[:rss_token].presence return unless token.present? User.find_by_rss_token(token) @@ -47,18 +43,20 @@ module Gitlab end def find_oauth_access_token - token = Doorkeeper::OAuth::Token.from_request(doorkeeper_request, *Doorkeeper.configuration.access_token_methods) + token = Doorkeeper::OAuth::Token.from_request(@request, *Doorkeeper.configuration.access_token_methods) OauthAccessToken.by_token(token) if token end - def doorkeeper_request - ActionDispatch::Request.new(@request.env) - end - # Check if the request is GET/HEAD, or if CSRF token is valid. def verified_request? Gitlab::RequestForgeryProtection.verified?(@request.env) end + + def ensure_action_dispatch_request(request) + return request if request.is_a?(ActionDispatch::Request) + + ActionDispatch::Request.new(request.env) + end end end end |