From aaa6d80870d5215390a7cd919d91309e5a8795b7 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Sat, 31 Mar 2018 16:45:02 -0600 Subject: Implement read_registry for DeployTokens --- app/controllers/jwt_controller.rb | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'app/controllers/jwt_controller.rb') diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index 7d6fe6a0232..76e7473e92c 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -23,10 +23,11 @@ class JwtController < ApplicationController @authentication_result = Gitlab::Auth::Result.new(nil, nil, :none, Gitlab::Auth.read_authentication_abilities) authenticate_with_http_basic do |login, password| - @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip) + project = find_project_related(password) + @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: project, ip: request.ip) if @authentication_result.failed? || - (@authentication_result.actor.present? && !@authentication_result.actor.is_a?(User)) + (@authentication_result.actor.present? && !user_or_deploy_token) render_unauthorized end end @@ -57,4 +58,12 @@ class JwtController < ApplicationController def auth_params params.permit(:service, :scope, :account, :client_id) end + + def find_project_related(password) + DeployToken.active.find_by(token: password)&.project + end + + def user_or_deploy_token + @authentication_result.actor.is_a?(User) || @authentication_result.actor.is_a?(DeployToken) + end end -- cgit v1.2.1 From 7deab3172257bef7818ce834c1e0709432ddd5e0 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Tue, 3 Apr 2018 16:34:56 -0500 Subject: Removes logic from Jwt and handle different scenarios on Gitlab::Auth - When using 'read_repo' password and project are sent, so we used both of them to fetch for the token - When using 'read_registry' only the password is sent, so we only use that for fetching the token --- app/controllers/jwt_controller.rb | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'app/controllers/jwt_controller.rb') diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index 76e7473e92c..0caa5f4f439 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -23,8 +23,7 @@ class JwtController < ApplicationController @authentication_result = Gitlab::Auth::Result.new(nil, nil, :none, Gitlab::Auth.read_authentication_abilities) authenticate_with_http_basic do |login, password| - project = find_project_related(password) - @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: project, ip: request.ip) + @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip) if @authentication_result.failed? || (@authentication_result.actor.present? && !user_or_deploy_token) @@ -59,10 +58,6 @@ class JwtController < ApplicationController params.permit(:service, :scope, :account, :client_id) end - def find_project_related(password) - DeployToken.active.find_by(token: password)&.project - end - def user_or_deploy_token @authentication_result.actor.is_a?(User) || @authentication_result.actor.is_a?(DeployToken) end -- cgit v1.2.1 From 5bc58bac2678aed9c8b2318f9f4d4825baa2b110 Mon Sep 17 00:00:00 2001 From: Mayra Cabrera Date: Fri, 6 Apr 2018 14:48:17 -0500 Subject: Handle limit for datetime attributes on MySQL The TIMESTAMP data type is used for values that contain both date and time parts. TIMESTAMP has a range of '1970-01-01 00:00:01' UTC to '2038-01-19 03:14:07' UTC. A Forever lib class was included to handle future dates for PostgreSQL and MySQL, also changes were made to DeployToken to enforce Forever.date Also removes extra conditional from JwtController --- app/controllers/jwt_controller.rb | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'app/controllers/jwt_controller.rb') diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb index 0caa5f4f439..67057b5b126 100644 --- a/app/controllers/jwt_controller.rb +++ b/app/controllers/jwt_controller.rb @@ -25,8 +25,7 @@ class JwtController < ApplicationController authenticate_with_http_basic do |login, password| @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip) - if @authentication_result.failed? || - (@authentication_result.actor.present? && !user_or_deploy_token) + if @authentication_result.failed? render_unauthorized end end @@ -57,8 +56,4 @@ class JwtController < ApplicationController def auth_params params.permit(:service, :scope, :account, :client_id) end - - def user_or_deploy_token - @authentication_result.actor.is_a?(User) || @authentication_result.actor.is_a?(DeployToken) - end end -- cgit v1.2.1