From c847f172d25efc211045c363f4e55402ad250c09 Mon Sep 17 00:00:00 2001
From: Robert Speicher <robert@gitlab.com>
Date: Fri, 26 Oct 2018 18:42:57 +0000
Subject: Merge branch 'fix_pat_auth-11-4' into 'security-11-4'

[11.4] Fix Token lookup for Git over HTTP and registry authentication

See merge request gitlab/gitlabhq!2577
---
 app/finders/personal_access_tokens_finder.rb | 2 +-
 app/models/user.rb                           | 2 +-
 lib/gitlab/auth.rb                           | 4 +---
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/app/finders/personal_access_tokens_finder.rb b/app/finders/personal_access_tokens_finder.rb
index 5beea92689f..81fd3b7a547 100644
--- a/app/finders/personal_access_tokens_finder.rb
+++ b/app/finders/personal_access_tokens_finder.rb
@@ -3,7 +3,7 @@
 class PersonalAccessTokensFinder
   attr_accessor :params
 
-  delegate :build, :find, :find_by, to: :execute
+  delegate :build, :find, :find_by, :find_by_token, to: :execute
 
   def initialize(params = {})
     @params = params
diff --git a/app/models/user.rb b/app/models/user.rb
index 2b918ce5bd1..986603dec96 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -463,7 +463,7 @@ class User < ActiveRecord::Base
     def find_by_personal_access_token(token_string)
       return unless token_string
 
-      PersonalAccessTokensFinder.new(state: 'active').find_by(token: token_string)&.user # rubocop: disable CodeReuse/Finder
+      PersonalAccessTokensFinder.new(state: 'active').find_by_token(token_string)&.user # rubocop: disable CodeReuse/Finder
     end
 
     # Returns a user for the given SSH key.
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index d2029a141e7..6eb5f9e2300 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -151,17 +151,15 @@ module Gitlab
       end
       # rubocop: enable CodeReuse/ActiveRecord
 
-      # rubocop: disable CodeReuse/ActiveRecord
       def personal_access_token_check(password)
         return unless password.present?
 
-        token = PersonalAccessTokensFinder.new(state: 'active').find_by(token: password)
+        token = PersonalAccessTokensFinder.new(state: 'active').find_by_token(password)
 
         if token && valid_scoped_token?(token, available_scopes)
           Gitlab::Auth::Result.new(token.user, nil, :personal_access_token, abilities_for_scopes(token.scopes))
         end
       end
-      # rubocop: enable CodeReuse/ActiveRecord
 
       def valid_oauth_token?(token)
         token && token.accessible? && valid_scoped_token?(token, [:api])
-- 
cgit v1.2.1