gitlab-org--gitlab-foss/app/models/oauth_access_token.rb

# frozen_string_literal: true

class OauthAccessToken < Doorkeeper::AccessToken
  belongs_to :resource_owner, class_name: 'User'
  belongs_to :application, class_name: 'Doorkeeper::Application'

  alias_attribute :user, :resource_owner

  scope :latest_per_application, -> { select('distinct on(application_id) *').order(application_id: :desc, created_at: :desc) }
  scope :preload_application, -> { preload(:application) }

  def scopes=(value)
    if value.is_a?(Array)
      super(Doorkeeper::OAuth::Scopes.from_array(value).to_s)
    else
      super
    end
  end

  # this method overrides a shortcoming upstream, more context:
  # https://gitlab.com/gitlab-org/gitlab/-/issues/367888
  def self.find_by_fallback_token(attr, plain_secret)
    return unless fallback_secret_strategy && fallback_secret_strategy == Doorkeeper::SecretStoring::Plain
    # token is hashed, don't allow plaintext comparison
    return if plain_secret.starts_with?("$")

    super
  end

  # Override Doorkeeper::AccessToken.matching_token_for since we
  # have `reuse_access_tokens` disabled and we also hash tokens.
  # This ensures we don't accidentally return a hashed token value.
  def self.matching_token_for(application, resource_owner, scopes)
    return if Feature.enabled?(:hash_oauth_tokens)

    super
  end
end
Enable frozen string in app/models/*.rb Partially addresses #47424. 2018-07-25 05:30:33 -04:00			`# frozen_string_literal: true`

Implement OpenID Connect identity provider 2016-12-09 12:36:50 -05:00			`class OauthAccessToken < Doorkeeper::AccessToken`
Add spec for deletion of authorized OAuth2 application Closes #14370 Move gon function into its own helper 2016-04-13 01:39:18 -04:00			`belongs_to :resource_owner, class_name: 'User'`
			`belongs_to :application, class_name: 'Doorkeeper::Application'`
Move all API authentication code to APIGuard 2017-09-27 09:56:48 -04:00
Update specs for sudo behavior 2017-10-30 13:49:46 -04:00			`alias_attribute :user, :resource_owner`

Add latest changes from gitlab-org/gitlab@master 2022-07-01 14:08:33 -04:00			`scope :latest_per_application, -> { select('distinct on(application_id) *').order(application_id: :desc, created_at: :desc) }`
			`scope :preload_application, -> { preload(:application) }`
Optimize /admin/applications so that it does not timeout On our dev instance, /admin/applications as not loading because: 1. There was an unindexed query by `application_id`. 2. There was an expensive query that attempted to load 1 million unique entries via ActiveRecord just to find the unique count. We fix the first issue by adding an index for that column. We fix the second issue with a simple SELECT COUNT(DISTINCT resource_owner_id) SQL query. In addition, we add pagination to avoid loading more than 20 applications at once. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/67228 2019-09-09 20:05:55 -04:00
Update specs for sudo behavior 2017-10-30 13:49:46 -04:00			`def scopes=(value)`
			`if value.is_a?(Array)`
			`super(Doorkeeper::OAuth::Scopes.from_array(value).to_s)`
			`else`
			`super`
			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2022-08-12 17:11:43 -04:00
			`# this method overrides a shortcoming upstream, more context:`
			`# https://gitlab.com/gitlab-org/gitlab/-/issues/367888`
			`def self.find_by_fallback_token(attr, plain_secret)`
			`return unless fallback_secret_strategy && fallback_secret_strategy == Doorkeeper::SecretStoring::Plain`
			`# token is hashed, don't allow plaintext comparison`
			`return if plain_secret.starts_with?("$")`

			`super`
			`end`
Add latest changes from gitlab-org/gitlab@master 2022-08-19 17:11:26 -04:00
			`# Override Doorkeeper::AccessToken.matching_token_for since we`
			# have `reuse_access_tokens` disabled and we also hash tokens.
			`# This ensures we don't accidentally return a hashed token value.`
			`def self.matching_token_for(application, resource_owner, scopes)`
			`return if Feature.enabled?(:hash_oauth_tokens)`

			`super`
			`end`
Add spec for deletion of authorized OAuth2 application Closes #14370 Move gon function into its own helper 2016-04-13 01:39:18 -04:00			`end`