2019-04-09 11:38:58 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
Excon.defaults[:ssl_verify_peer] = false
|
|
|
|
|
|
|
|
module Gitlab
|
|
|
|
module ExternalAuthorization
|
|
|
|
class Client
|
|
|
|
include ExternalAuthorization::Config
|
|
|
|
|
|
|
|
REQUEST_HEADERS = {
|
|
|
|
'Content-Type' => 'application/json',
|
|
|
|
'Accept' => 'application/json'
|
|
|
|
}.freeze
|
|
|
|
|
|
|
|
def initialize(user, label)
|
|
|
|
@user, @label = user, label
|
|
|
|
end
|
|
|
|
|
|
|
|
def request_access
|
2020-07-27 17:09:16 -04:00
|
|
|
response = Gitlab::HTTP.post(
|
2019-04-09 11:38:58 -04:00
|
|
|
service_url,
|
|
|
|
post_params
|
|
|
|
)
|
|
|
|
::Gitlab::ExternalAuthorization::Response.new(response)
|
2020-07-27 17:09:16 -04:00
|
|
|
rescue *Gitlab::HTTP::HTTP_ERRORS => e
|
2019-04-09 11:38:58 -04:00
|
|
|
raise ::Gitlab::ExternalAuthorization::RequestFailed.new(e)
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2020-07-27 17:09:16 -04:00
|
|
|
def allow_local_requests?
|
|
|
|
Gitlab::CurrentSettings.allow_local_requests_from_system_hooks?
|
|
|
|
end
|
|
|
|
|
2019-04-09 11:38:58 -04:00
|
|
|
def post_params
|
|
|
|
params = { headers: REQUEST_HEADERS,
|
|
|
|
body: body.to_json,
|
|
|
|
connect_timeout: timeout,
|
|
|
|
read_timeout: timeout,
|
2020-07-27 17:09:16 -04:00
|
|
|
write_timeout: timeout,
|
|
|
|
allow_local_requests: allow_local_requests? }
|
2019-04-09 11:38:58 -04:00
|
|
|
|
|
|
|
if has_tls?
|
|
|
|
params[:client_cert_data] = client_cert
|
|
|
|
params[:client_key_data] = client_key
|
|
|
|
params[:client_key_pass] = client_key_pass
|
|
|
|
end
|
|
|
|
|
|
|
|
params
|
|
|
|
end
|
|
|
|
|
|
|
|
def body
|
|
|
|
@body ||= begin
|
|
|
|
body = {
|
|
|
|
user_identifier: @user.email,
|
2019-06-19 02:04:33 -04:00
|
|
|
project_classification_label: @label,
|
|
|
|
identities: @user.identities.map { |identity| { provider: identity.provider, extern_uid: identity.extern_uid } }
|
2019-04-09 11:38:58 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
if @user.ldap_identity
|
|
|
|
body[:user_ldap_dn] = @user.ldap_identity.extern_uid
|
|
|
|
end
|
|
|
|
|
|
|
|
body
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|