diff options
| author | Simon Knox <psimyn@gmail.com> | 2017-10-03 08:41:33 +1100 |
|---|---|---|
| committer | Simon Knox <psimyn@gmail.com> | 2017-10-03 08:41:33 +1100 |
| commit | d54983885bee00ff7b49c4352639beca4a082f46 (patch) | |
| tree | 24c684554dfbfcc1a1fb3aa70b51f1ffdf041a48 /lib/api/helpers.rb | |
| parent | 06b31461f34bac86d31d898e4f0e5b573d6b0345 (diff) | |
| parent | 0781e956e4a4174494aa28b62b8dfc92a92e8e84 (diff) | |
| download | gitlab-ce-d54983885bee00ff7b49c4352639beca4a082f46.tar.gz | |
Merge remote-tracking branch 'origin' into 37229-mr-widget-status-icon
Diffstat (limited to 'lib/api/helpers.rb')
| -rw-r--r-- | lib/api/helpers.rb | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 00dbc2aee7a..1e8475ba3ec 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -3,6 +3,8 @@ module API include Gitlab::Utils include Helpers::Pagination + UnauthorizedError = Class.new(StandardError) + SUDO_HEADER = "HTTP_SUDO".freeze SUDO_PARAM = :sudo @@ -139,7 +141,7 @@ module API end def authenticate! - unauthorized! unless current_user && can?(initial_current_user, :access_api) + unauthorized! unless current_user end def authenticate_non_get! @@ -397,19 +399,27 @@ module API def initial_current_user return @initial_current_user if defined?(@initial_current_user) - Gitlab::Auth::UniqueIpsLimiter.limit_user! do - @initial_current_user ||= find_user_by_private_token(scopes: scopes_registered_for_endpoint) - @initial_current_user ||= doorkeeper_guard(scopes: scopes_registered_for_endpoint) - @initial_current_user ||= find_user_from_warden - - unless @initial_current_user && Gitlab::UserAccess.new(@initial_current_user).allowed? - @initial_current_user = nil - end - @initial_current_user + begin + @initial_current_user = Gitlab::Auth::UniqueIpsLimiter.limit_user! { find_current_user } + rescue APIGuard::UnauthorizedError, UnauthorizedError + unauthorized! end end + def find_current_user + user = + find_user_by_private_token(scopes: scopes_registered_for_endpoint) || + doorkeeper_guard(scopes: scopes_registered_for_endpoint) || + find_user_from_warden + + return nil unless user + + raise UnauthorizedError unless Gitlab::UserAccess.new(user).allowed? && user.can?(:access_api) + + user + end + def sudo! return unless sudo_identifier return unless initial_current_user |