2017-10-14 00:05:18 +00:00
|
|
|
# Use for authentication only, in particular for Rack::Attack.
|
|
|
|
# Does not perform authorization of scopes, etc.
|
|
|
|
module Gitlab
|
|
|
|
module Auth
|
|
|
|
class RequestAuthenticator
|
2017-11-07 09:52:05 +00:00
|
|
|
include UserAuthFinders
|
|
|
|
|
|
|
|
attr_reader :request
|
|
|
|
|
2017-10-14 00:05:18 +00:00
|
|
|
def initialize(request)
|
2017-11-08 18:41:07 +00:00
|
|
|
@request = request
|
2017-10-14 00:05:18 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def user
|
2017-11-07 18:17:41 +00:00
|
|
|
find_sessionless_user || find_user_from_warden
|
2017-10-14 00:05:18 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def find_sessionless_user
|
2017-11-08 18:41:07 +00:00
|
|
|
find_user_from_access_token || find_user_from_rss_token
|
2017-11-17 12:33:21 +00:00
|
|
|
rescue Gitlab::Auth::AuthenticationError
|
2017-11-08 18:41:07 +00:00
|
|
|
nil
|
2017-10-14 00:05:18 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|