gitlab-org--gitlab-foss/app/controllers/google_api/authorizations_controller.rb

module GoogleApi
  class AuthorizationsController < ApplicationController
    def callback
      token, expires_at = GoogleApi::CloudPlatform::Client
        .new(nil, callback_google_api_auth_url)
        .get_token(params[:code])

      session[GoogleApi::CloudPlatform::Client.session_key_for_token] = token
      session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] =
        expires_at.to_s

      state_redirect_uri = redirect_uri_from_session_key(params[:state])

      if state_redirect_uri
        redirect_to state_redirect_uri
      else
        redirect_to root_path
      end
    end

    private

    def redirect_uri_from_session_key(state)
      key = GoogleApi::CloudPlatform::Client
        .session_key_for_redirect_uri(params[:state])
      session[key] if key
    end
  end
end
Create Kubernetes cluster on GKE from k8s service 2017-09-25 03:10:25 -04:00			`module GoogleApi`
			`class AuthorizationsController < ApplicationController`
			`def callback`
Use expires_in for access_token validation 2017-10-02 04:13:46 -04:00			`token, expires_at = GoogleApi::CloudPlatform::Client`
Change `/google_api/authorizations/` to `/google_api/auth/`. 2017-10-05 11:41:36 -04:00			`.new(nil, callback_google_api_auth_url)`
Use expires_in for access_token validation 2017-10-02 04:13:46 -04:00			`.get_token(params[:code])`

			`session[GoogleApi::CloudPlatform::Client.session_key_for_token] = token`
			`session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] =`
			`expires_at.to_s`
Create Kubernetes cluster on GKE from k8s service 2017-09-25 03:10:25 -04:00
Improve redirect uri state and fix all remaining tests 2017-10-06 10:14:14 -04:00			`state_redirect_uri = redirect_uri_from_session_key(params[:state])`
Security fix: redirection in google_api/authorizations_controller 2017-10-06 08:28:40 -04:00
Improve redirect uri state and fix all remaining tests 2017-10-06 10:14:14 -04:00			`if state_redirect_uri`
			`redirect_to state_redirect_uri`
Create Kubernetes cluster on GKE from k8s service 2017-09-25 03:10:25 -04:00			`else`
authorizations_controller_spec. cluster_policy_spec. 2017-10-05 08:29:22 -04:00			`redirect_to root_path`
Create Kubernetes cluster on GKE from k8s service 2017-09-25 03:10:25 -04:00			`end`
			`end`
Improve redirect uri state and fix all remaining tests 2017-10-06 10:14:14 -04:00
			`private`

			`def redirect_uri_from_session_key(state)`
			`key = GoogleApi::CloudPlatform::Client`
			`.session_key_for_redirect_uri(params[:state])`
			`session[key] if key`
			`end`
Create Kubernetes cluster on GKE from k8s service 2017-09-25 03:10:25 -04:00			`end`
			`end`