From 0ca8db25f008cd3bc4f2df0f58efd739718323d0 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Tue, 19 Apr 2016 10:55:10 -0400
Subject: Try to fix auth service

---
 lib/api/auth.rb | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

(limited to 'lib/api')

diff --git a/lib/api/auth.rb b/lib/api/auth.rb
index b992e497307..ec944b1dc8c 100644
--- a/lib/api/auth.rb
+++ b/lib/api/auth.rb
@@ -3,12 +3,12 @@ module API
   class Auth < Grape::API
     namespace 'auth' do
       get 'token' do
-        required_attributes! [:scope, :service]
-        keys = attributes_for_keys [:scope, :service]
+        required_attributes! [:service]
+        keys = attributes_for_keys [:offline_token, :scope, :service]
 
         case keys[:service]
         when 'docker'
-          docker_token_auth(keys[:scope])
+          docker_token_auth(keys[:scope], keys[:offline_token])
         else
           not_found!
         end
@@ -16,19 +16,23 @@ module API
     end
 
     helpers do
-      def docker_token_auth(scope)
-        @type, @path, actions = scope.split(':', 3)
-        bad_request!("invalid type: #{type}") unless type == 'repository'
+      def docker_token_auth(scope, offline_token)
+        auth!
 
-        @actions = actions.split(',')
-        bad_request!('missing actions') if @actions.empty?
+        if offline_token
+          forbidden! unless @user
+        elsif scope
+          @type, @path, actions = scope.split(':', 3)
+          bad_request!("invalid type: #{@type}") unless @type == 'repository'
 
-        @project = Project.find_with_namespace(path)
-        not_found!('Project') unless @project
+          @actions = actions.split(',')
+          bad_request!('missing actions') if @actions.empty?
 
-        auth!
+          @project = Project.find_with_namespace(@path)
+          not_found!('Project') unless @project
 
-        authorize_actions!(@actions)
+          authorize_actions!(@actions)
+        end
 
         { token: encode(docker_payload) }
       end
@@ -50,7 +54,7 @@ module API
         @user = authenticate_user(login, password)
 
         if @user
-          request.env['REMOTE_USER'] = @auth.username
+          request.env['REMOTE_USER'] = @user.username
         end
       end
 
@@ -71,10 +75,6 @@ module API
       def authenticate_user(login, password)
         user = Gitlab::Auth.new.find(login, password)
 
-        unless user
-          user = oauth_access_token_check(login, password)
-        end
-
         # If the user authenticated successfully, we reset the auth failure count
         # from Rack::Attack for that IP. A client may attempt to authenticate
         # with a username and blank password first, and only after it receives
-- 
cgit v1.2.1