gitlab-org--gitlab-foss/lib/gitlab/external_authorization/client.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

71 lines
1.8 KiB
Ruby
Raw Permalink Normal View History

# frozen_string_literal: true
Excon.defaults[:ssl_verify_peer] = false
module Gitlab
module ExternalAuthorization
class Client
include ExternalAuthorization::Config
REQUEST_HEADERS = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}.freeze
def initialize(user, label)
@user = user
@label = label
end
def request_access
response = Gitlab::HTTP.post(
service_url,
post_params
)
::Gitlab::ExternalAuthorization::Response.new(response)
rescue *Gitlab::HTTP::HTTP_ERRORS => e
raise ::Gitlab::ExternalAuthorization::RequestFailed, e
end
private
def allow_local_requests?
Gitlab::CurrentSettings.allow_local_requests_from_system_hooks?
end
def post_params
params = { headers: REQUEST_HEADERS,
body: body.to_json,
connect_timeout: timeout,
read_timeout: timeout,
write_timeout: timeout,
allow_local_requests: allow_local_requests? }
if has_tls?
params[:client_cert_data] = client_cert
params[:client_key_data] = client_key
params[:client_key_pass] = client_key_pass
end
params
end
def body
@body ||= begin
body = {
user_identifier: @user.email,
project_classification_label: @label,
identities: @user.identities.map { |identity| { provider: identity.provider, extern_uid: identity.extern_uid } }
}
if @user.ldap_identity
body[:user_ldap_dn] = @user.ldap_identity.extern_uid
end
body
end
end
end
end
end