diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2017-05-25 19:26:55 +0300 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2017-05-25 19:26:55 +0300 |
| commit | 10a914fbf31b465ac2190730b826f7752ece7da4 (patch) | |
| tree | 1c02aa995de8ed24bce41d6fcd461c7f92a8f83c /app/controllers/application_controller.rb | |
| parent | 5d5b97cdd692802fc38a12d958a67d73686b97ab (diff) | |
| parent | d70f7f5d25aa8753ee3fa26a7564b7d379e72c2d (diff) | |
| download | gitlab-ce-dz-codeclimate-compare.tar.gz | |
Merge remote-tracking branch 'origin/master' into dz-codeclimate-comparedz-codeclimate-compare
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8ce9150e4a9..ab5aed24917 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -11,6 +11,7 @@ class ApplicationController < ActionController::Base include EnforcesTwoFactorAuthentication before_action :authenticate_user_from_private_token! + before_action :authenticate_user_from_rss_token! before_action :authenticate_user! before_action :validate_user_service_ticket! before_action :check_password_expiration @@ -72,13 +73,20 @@ class ApplicationController < ActionController::Base user = User.find_by_authentication_token(token) || User.find_by_personal_access_token(token) - if user && can?(user, :log_in) - # Notice we are passing store false, so the user is not - # actually stored in the session and a token is needed - # for every request. If you want the token to work as a - # sign in token, you can simply remove store: false. - sign_in user, store: false - end + sessionless_sign_in(user) + end + + # This filter handles authentication for atom request with an rss_token + def authenticate_user_from_rss_token! + return unless request.format.atom? + + token = params[:rss_token].presence + + return unless token.present? + + user = User.find_by_rss_token(token) + + sessionless_sign_in(user) end def log_exception(exception) @@ -282,4 +290,14 @@ class ApplicationController < ActionController::Base ensure Gitlab::I18n.reset_locale end + + def sessionless_sign_in(user) + if user && can?(user, :log_in) + # Notice we are passing store false, so the user is not + # actually stored in the session and a token is needed + # for every request. If you want the token to work as a + # sign in token, you can simply remove store: false. + sign_in user, store: false + end + end end |