2018-03-19 12:11:12 -04:00
|
|
|
class DeployToken < ActiveRecord::Base
|
|
|
|
include Expirable
|
|
|
|
include TokenAuthenticatable
|
|
|
|
add_authentication_token_field :token
|
|
|
|
|
2018-04-05 13:22:34 -04:00
|
|
|
AVAILABLE_SCOPES = %i(read_repository read_registry).freeze
|
2018-04-18 13:25:57 -04:00
|
|
|
GITLAB_DEPLOY_TOKEN_NAME = 'gitlab-deploy-token'.freeze
|
2018-04-06 12:23:45 -04:00
|
|
|
|
2018-04-06 15:48:17 -04:00
|
|
|
default_value_for(:expires_at) { Forever.date }
|
2018-03-19 12:11:12 -04:00
|
|
|
|
2018-04-05 13:22:34 -04:00
|
|
|
has_many :project_deploy_tokens, inverse_of: :deploy_token
|
2018-04-18 09:41:42 -04:00
|
|
|
has_many :projects, through: :project_deploy_tokens
|
2018-03-19 12:11:12 -04:00
|
|
|
|
2018-04-05 13:22:34 -04:00
|
|
|
validate :ensure_at_least_one_scope
|
2018-03-19 12:11:12 -04:00
|
|
|
before_save :ensure_token
|
|
|
|
|
2018-04-05 13:22:34 -04:00
|
|
|
accepts_nested_attributes_for :project_deploy_tokens
|
|
|
|
|
2018-04-06 10:30:21 -04:00
|
|
|
scope :active, -> { where("revoked = false AND expires_at >= NOW()") }
|
2018-03-19 12:11:12 -04:00
|
|
|
|
2018-04-20 11:05:16 -04:00
|
|
|
def self.gitlab_deploy_token
|
|
|
|
active.find_by(name: GITLAB_DEPLOY_TOKEN_NAME)
|
|
|
|
end
|
|
|
|
|
2018-04-05 13:22:34 -04:00
|
|
|
def revoke!
|
|
|
|
update!(revoked: true)
|
2018-03-19 12:11:12 -04:00
|
|
|
end
|
2018-03-29 18:56:35 -04:00
|
|
|
|
|
|
|
def active?
|
2018-07-23 05:23:08 -04:00
|
|
|
!revoked && expires_at > Date.today
|
2018-03-29 18:56:35 -04:00
|
|
|
end
|
|
|
|
|
2018-04-05 13:22:34 -04:00
|
|
|
def scopes
|
2018-04-06 10:30:21 -04:00
|
|
|
AVAILABLE_SCOPES.select { |token_scope| read_attribute(token_scope) }
|
2018-04-05 13:22:34 -04:00
|
|
|
end
|
|
|
|
|
2018-03-29 18:56:35 -04:00
|
|
|
def username
|
2018-04-05 09:49:18 -04:00
|
|
|
"gitlab+deploy-token-#{id}"
|
|
|
|
end
|
|
|
|
|
2018-04-05 13:22:34 -04:00
|
|
|
def has_access_to?(requested_project)
|
2018-04-10 03:31:30 -04:00
|
|
|
active? && project == requested_project
|
2018-04-05 13:22:34 -04:00
|
|
|
end
|
|
|
|
|
2018-04-06 10:30:21 -04:00
|
|
|
# This is temporal. Currently we limit DeployToken
|
|
|
|
# to a single project, later we're going to extend
|
|
|
|
# that to be for multiple projects and namespaces.
|
2018-04-05 13:22:34 -04:00
|
|
|
def project
|
|
|
|
projects.first
|
|
|
|
end
|
|
|
|
|
2018-04-06 15:48:17 -04:00
|
|
|
def expires_at
|
|
|
|
expires_at = read_attribute(:expires_at)
|
|
|
|
expires_at != Forever.date ? expires_at : nil
|
|
|
|
end
|
|
|
|
|
|
|
|
def expires_at=(value)
|
|
|
|
write_attribute(:expires_at, value.presence || Forever.date)
|
|
|
|
end
|
|
|
|
|
2018-07-23 05:23:08 -04:00
|
|
|
def admin?
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
2018-04-05 13:22:34 -04:00
|
|
|
private
|
|
|
|
|
|
|
|
def ensure_at_least_one_scope
|
|
|
|
errors.add(:base, "Scopes can't be blank") unless read_repository || read_registry
|
2018-03-29 18:56:35 -04:00
|
|
|
end
|
2018-03-19 12:11:12 -04:00
|
|
|
end
|