1 files changed, 25 insertions, 0 deletions

diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 0a0f1c3b17b..4458112ed44 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -11,6 +11,7 @@ module Gitlab
           build_access_token_check(login, password) ||
           user_with_password_for_git(login, password) ||
           oauth_access_token_check(login, password) ||
+          lfs_token_check(login, password) ||
           personal_access_token_check(login, password) ||
           Gitlab::Auth::Result.new
 
@@ -102,6 +103,30 @@ module Gitlab
         end
       end
 
+      def lfs_token_check(login, password)
+        deploy_key_matches = login.match(/\Alfs\+deploy-key-(\d+)\z/)
+
+        actor =
+          if deploy_key_matches
+            DeployKey.find(deploy_key_matches[1])
+          else
+            User.by_login(login)
+          end
+
+        if actor
+          token_handler = Gitlab::LfsToken.new(actor)
+
+          authentication_abilities =
+            if token_handler.user?
+              full_authentication_abilities
+            else
+              read_authentication_abilities
+            end
+
+          Result.new(actor, nil, token_handler.type, authentication_abilities) if Devise.secure_compare(token_handler.value, password)
+        end
+      end
+
       def build_access_token_check(login, password)
         return unless login == 'gitlab-ci-token'
         return unless password