Add `token`pages-host-api

author: Kamil Trzciński <ayufan@ayufan.eu> 2019-04-24 13:54:46 +0200
committer: Kamil Trzciński <ayufan@ayufan.eu> 2019-04-24 14:48:52 +0200
commit: 5fc045114c9b6faf0e7f506f0af06b8ca3a2996b (patch)
tree: 69e8118885a933ab513ee207ee884cac088b4d35 /lib/api/helpers.rb
parent: 2a00858533f1dcae71e97ba52386bfb2bfc1f752 (diff)
download: gitlab-ce-pages-host-api.tar.gz
1 files changed, 9 insertions, 4 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 8a21d44b4bf..5c93021688b 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -212,13 +212,18 @@ module API
       authenticate! unless %w[GET HEAD].include?(route.request_method)
     end
 
-    def authenticate_by_gitlab_shell_token!
+    def secret_token_param
       input = params['secret_token']
       input ||= Base64.decode64(headers[GITLAB_SHARED_SECRET_HEADER]) if headers.key?(GITLAB_SHARED_SECRET_HEADER)
-
       input&.chomp!
+    end
+
+    def authenticate_by_gitlab_shell_token!
+      unauthorized! unless Devise.secure_compare(shell_secret_token, secret_token_param)
+    end
 
-      unauthorized! unless Devise.secure_compare(secret_token, input)
+    def authenticate_by_gitlab_pages_token!
+      unauthorized! unless Devise.secure_compare(Gitlab.pages.token, secret_token_param)
     end
 
     def authenticated_with_full_private_access!
@@ -501,7 +506,7 @@ module API
       @sudo_identifier ||= params[SUDO_PARAM] || env[SUDO_HEADER]
     end
 
-    def secret_token
+    def shell_secret_token
       Gitlab::Shell.secret_token
     end
author	Kamil Trzciński <ayufan@ayufan.eu>	2019-04-24 13:54:46 +0200
committer	Kamil Trzciński <ayufan@ayufan.eu>	2019-04-24 14:48:52 +0200
commit	5fc045114c9b6faf0e7f506f0af06b8ca3a2996b (patch)
tree	69e8118885a933ab513ee207ee884cac088b4d35 /lib/api/helpers.rb
parent	2a00858533f1dcae71e97ba52386bfb2bfc1f752 (diff)
download	gitlab-ce-pages-host-api.tar.gz