diff options
| author | Shinya Maeda <shinya@gitlab.com> | 2017-10-02 17:13:46 +0900 | 
|---|---|---|
| committer | Shinya Maeda <shinya@gitlab.com> | 2017-10-02 17:13:46 +0900 | 
| commit | 2cb1d617d90b4a9311e3a35434bec958f266d22a (patch) | |
| tree | cd235e875814d8032ed74f18a10eb8a6a4e3d12b /lib/google_api | |
| parent | 5663b4808df787b1bcbf32ba54eccbb4c7537e25 (diff) | |
| download | gitlab-ce-2cb1d617d90b4a9311e3a35434bec958f266d22a.tar.gz | |
Use expires_in for access_token validation
Diffstat (limited to 'lib/google_api')
| -rw-r--r-- | lib/google_api/auth.rb | 3 | ||||
| -rw-r--r-- | lib/google_api/cloud_platform/client.rb | 16 | 
2 files changed, 18 insertions, 1 deletions
| diff --git a/lib/google_api/auth.rb b/lib/google_api/auth.rb index 92787b87ac6..8c962af51d7 100644 --- a/lib/google_api/auth.rb +++ b/lib/google_api/auth.rb @@ -19,7 +19,8 @@ module GoogleApi      end      def get_token(code) -      client.auth_code.get_token(code, redirect_uri: redirect_uri).token +      ret = client.auth_code.get_token(code, redirect_uri: redirect_uri) +      return ret.token, ret.expires_at      end      protected diff --git a/lib/google_api/cloud_platform/client.rb b/lib/google_api/cloud_platform/client.rb index a1abc5bf074..ec77e6bdd72 100644 --- a/lib/google_api/cloud_platform/client.rb +++ b/lib/google_api/cloud_platform/client.rb @@ -9,12 +9,28 @@ module GoogleApi          def session_key_for_token            :cloud_platform_access_token          end + +        def session_key_for_expires_at +          :cloud_platform_expires_at +        end        end        def scope          'https://www.googleapis.com/auth/cloud-platform'        end +      def validate_token(expires_at) +        return false unless access_token +        return false unless expires_at + +        # Making sure that the token will have been still alive during the cluster creation. +        unless DateTime.strptime(expires_at, '%s').to_time > Time.now + 10.minutes +          return false +        end + +        true +      end +        def projects_zones_clusters_get(project_id, zone, cluster_id)          service = Google::Apis::ContainerV1::ContainerService.new          service.authorization = access_token | 
