Move JWT to Gitlab::JWT

author: Kamil Trzcinski <ayufan@ayufan.eu> 2016-05-13 16:22:50 -0500
committer: Kamil Trzcinski <ayufan@ayufan.eu> 2016-05-13 16:22:50 -0500
commit: 9ef9e008feb99aaf0c4edc85bb76039eb46f0794 (patch)
tree: 435e4f57b7fc24e4ac2d2a49be301297cf352444 /app
parent: fc2d985bfaa156ad052858cd2025b0300327ff95 (diff)
download: gitlab-ce-9ef9e008feb99aaf0c4edc85bb76039eb46f0794.tar.gz
2 files changed, 53 insertions, 51 deletions
diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb
index 599f62bd121..c203c50d1fb 100644
--- a/app/controllers/jwt_controller.rb
+++ b/app/controllers/jwt_controller.rb
@@ -3,7 +3,7 @@ class JwtController < ApplicationController
   skip_before_action :verify_authenticity_token
 
   SERVICES = {
-    'container_registry' => JWT::ContainerRegistryAuthenticationService,
+    'container_registry' => ::Gitlab::JWT::ContainerRegistryAuthenticationService,
   }
 
   def auth
diff --git a/app/services/jwt/container_registry_authentication_service.rb b/app/services/jwt/container_registry_authentication_service.rb
index 0ab3e6d02ba..dd0f2954784 100644
--- a/app/services/jwt/container_registry_authentication_service.rb
+++ b/app/services/jwt/container_registry_authentication_service.rb
@@ -1,69 +1,71 @@
-module JWT
-  class ContainerRegistryAuthenticationService < BaseService
-    def execute
-      if params[:offline_token]
-        return error('forbidden', 403) unless current_user
-      end
+module Gitlab
+  module JWT
+    class ContainerRegistryAuthenticationService < BaseService
+      def execute
+        if params[:offline_token]
+          return error('forbidden', 403) unless current_user
+        end
 
-      return error('forbidden', 401) if scopes.blank?
+        return error('forbidden', 401) if scopes.blank?
 
-      { token: authorized_token(scopes).encoded }
-    end
+        { token: authorized_token(scopes).encoded }
+      end
 
-    private
+      private
 
-    def authorized_token(access)
-      token = ::JWT::RSAToken.new(registry.key)
-      token.issuer = registry.issuer
-      token.audience = params[:service]
-      token.subject = current_user.try(:username)
-      token[:access] = access
-      token
-    end
+      def authorized_token(access)
+        token = ::JWT::RSAToken.new(registry.key)
+        token.issuer = registry.issuer
+        token.audience = params[:service]
+        token.subject = current_user.try(:username)
+        token[:access] = access
+        token
+      end
 
-    def scopes
-      return unless params[:scope]
+      def scopes
+        return unless params[:scope]
 
-      @scopes ||= begin
-        scope = process_scope(params[:scope])
-        [scope].compact
+        @scopes ||= begin
+          scope = process_scope(params[:scope])
+          [scope].compact
+        end
       end
-    end
 
-    def process_scope(scope)
-      type, name, actions = scope.split(':', 3)
-      actions = actions.split(',')
+      def process_scope(scope)
+        type, name, actions = scope.split(':', 3)
+        actions = actions.split(',')
 
-      case type
-      when 'repository'
-        process_repository_access(type, name, actions)
+        case type
+        when 'repository'
+          process_repository_access(type, name, actions)
+        end
       end
-    end
 
-    def process_repository_access(type, name, actions)
-      requested_project = Project.find_with_namespace(name)
-      return unless requested_project
+      def process_repository_access(type, name, actions)
+        requested_project = Project.find_with_namespace(name)
+        return unless requested_project
 
-      actions = actions.select do |action|
-        can_access?(requested_project, action)
-      end
+        actions = actions.select do |action|
+          can_access?(requested_project, action)
+        end
 
-      { type: type, name: name, actions: actions } if actions.present?
-    end
+        { type: type, name: name, actions: actions } if actions.present?
+      end
 
-    def can_access?(requested_project, requested_action)
-      case requested_action
-      when 'pull'
-        requested_project.public? || requested_project == project || can?(current_user, :read_container_registry, requested_project)
-      when 'push'
-        requested_project == project || can?(current_user, :create_container_registry, requested_project)
-      else
-        false
+      def can_access?(requested_project, requested_action)
+        case requested_action
+        when 'pull'
+          requested_project.public? || requested_project == project || can?(current_user, :read_container_registry, requested_project)
+        when 'push'
+          requested_project == project || can?(current_user, :create_container_registry, requested_project)
+        else
+          false
+        end
       end
-    end
 
-    def registry
-      Gitlab.config.registry
+      def registry
+        Gitlab.config.registry
+      end
     end
   end
 end
author	Kamil Trzcinski <ayufan@ayufan.eu>	2016-05-13 16:22:50 -0500
committer	Kamil Trzcinski <ayufan@ayufan.eu>	2016-05-13 16:22:50 -0500
commit	9ef9e008feb99aaf0c4edc85bb76039eb46f0794 (patch)
tree	435e4f57b7fc24e4ac2d2a49be301297cf352444 /app
parent	fc2d985bfaa156ad052858cd2025b0300327ff95 (diff)
download	gitlab-ce-9ef9e008feb99aaf0c4edc85bb76039eb46f0794.tar.gz