gitlab-org--gitlab-foss/lib/mattermost/session.rb

module Mattermost
  class NoSessionError < StandardError; end
  # This class' prime objective is to obtain a session token on a Mattermost
  # instance with SSO configured where this GitLab instance is the provider.
  #
  # The process depends on OAuth, but skips a step in the authentication cycle.
  # For example, usually a user would click the 'login in GitLab' button on
  # Mattermost, which would yield a 302 status code and redirects you to GitLab
  # to approve the use of your account on Mattermost. Which would trigger a
  # callback so Mattermost knows this request is approved and gets the required
  # data to create the user account etc.
  #
  # This class however skips the button click, and also the approval phase to
  # speed up the process and keep it without manual action and get a session
  # going.
  class Session
    include Doorkeeper::Helpers::Controller
    include HTTParty

    base_uri Settings.mattermost.host

    attr_accessor :current_resource_owner, :token

    def initialize(current_user)
      @current_resource_owner = current_user
    end

    def with_session
      raise NoSessionError unless create

      begin
        yield self
      ensure
        destroy
      end
    end

    # Next methods are needed for Doorkeeper
    def pre_auth
      @pre_auth ||= Doorkeeper::OAuth::PreAuthorization.new(
        Doorkeeper.configuration, server.client_via_uid, params)
    end

    def authorization
      @authorization ||= strategy.request
    end

    def strategy
      @strategy ||= server.authorization_request(pre_auth.response_type)
    end

    def request
      @request ||= OpenStruct.new(parameters: params)
    end

    def params
      Rack::Utils.parse_query(@oauth_uri.query).symbolize_keys
    end

    private

    def create
      return unless oauth_uri
      return unless token_uri

      self.token = request_token
      @headers = {
        "Authorization": "Bearer #{self.token}"
      }
      self.token
    end

    def destroy
      post('/api/v3/users/logout')
    end

    def oauth_uri
      response = get("/api/v3/oauth/gitlab/login", follow_redirects: false)
      return unless 300 <= response.code && response.code < 400

      redirect_uri = response.headers['location']
      return unless redirect_uri

      @oauth_uri ||= URI.parse(redirect_uri)
    end

    def token_uri
      @token_uri ||=
        if @oauth_uri
          authorization.authorize.redirect_uri if pre_auth.authorizable?
        end
    end

    def request_token
      response = get(@token_uri, follow_redirects: false)
      if 200 <= response.code && response.code < 400
        response.headers['token']
      end
    end

    def get(path, options = {})
      self.class.get(path, options.merge(headers: @headers))
    end

    def post(path, options = {})
      self.class.post(path, options.merge(headers: @headers))
    end
  end
end
Setup mattermost session 2016-12-12 08:31:48 +00:00			`module Mattermost`
			`class NoSessionError < StandardError; end`
			`# This class' prime objective is to obtain a session token on a Mattermost`
			`# instance with SSO configured where this GitLab instance is the provider.`
			`#`
			`# The process depends on OAuth, but skips a step in the authentication cycle.`
			`# For example, usually a user would click the 'login in GitLab' button on`
			`# Mattermost, which would yield a 302 status code and redirects you to GitLab`
			`# to approve the use of your account on Mattermost. Which would trigger a`
			`# callback so Mattermost knows this request is approved and gets the required`
			`# data to create the user account etc.`
			`#`
			`# This class however skips the button click, and also the approval phase to`
			`# speed up the process and keep it without manual action and get a session`
			`# going.`
Improve session tests 2016-12-15 13:32:50 +00:00			`class Session`
Setup mattermost session 2016-12-12 08:31:48 +00:00			`include Doorkeeper::Helpers::Controller`
			`include HTTParty`

Store mattermost_url in settings 2016-12-16 11:20:42 +00:00			`base_uri Settings.mattermost.host`
Setup mattermost session 2016-12-12 08:31:48 +00:00
Store mattermost_url in settings 2016-12-16 11:20:42 +00:00			`attr_accessor :current_resource_owner, :token`
Setup mattermost session 2016-12-12 08:31:48 +00:00
Store mattermost_url in settings 2016-12-16 11:20:42 +00:00			`def initialize(current_user)`
Setup mattermost session 2016-12-12 08:31:48 +00:00			`@current_resource_owner = current_user`
			`end`

			`def with_session`
			`raise NoSessionError unless create`
Improve session tests 2016-12-15 13:32:50 +00:00
Ensure the session is destroyed 2016-12-15 20:06:17 +00:00			`begin`
Store mattermost_url in settings 2016-12-16 11:20:42 +00:00			`yield self`
Ensure the session is destroyed 2016-12-15 20:06:17 +00:00			`ensure`
			`destroy`
			`end`
Setup mattermost session 2016-12-12 08:31:48 +00:00			`end`

			`# Next methods are needed for Doorkeeper`
			`def pre_auth`
			`@pre_auth \|\|= Doorkeeper::OAuth::PreAuthorization.new(`
			`Doorkeeper.configuration, server.client_via_uid, params)`
			`end`

			`def authorization`
			`@authorization \|\|= strategy.request`
			`end`

			`def strategy`
			`@strategy \|\|= server.authorization_request(pre_auth.response_type)`
			`end`

			`def request`
			`@request \|\|= OpenStruct.new(parameters: params)`
			`end`

			`def params`
			`Rack::Utils.parse_query(@oauth_uri.query).symbolize_keys`
			`end`

			`private`

			`def create`
			`return unless oauth_uri`
			`return unless token_uri`

Improve Mattermost Session specs 2016-12-16 10:31:26 +00:00			`self.token = request_token`
Store mattermost_url in settings 2016-12-16 11:20:42 +00:00			`@headers = {`
			`"Authorization": "Bearer #{self.token}"`
			`}`
Improve Mattermost Session specs 2016-12-16 10:31:26 +00:00			`self.token`
Setup mattermost session 2016-12-12 08:31:48 +00:00			`end`

			`def destroy`
			`post('/api/v3/users/logout')`
			`end`

			`def oauth_uri`
			`response = get("/api/v3/oauth/gitlab/login", follow_redirects: false)`
			`return unless 300 <= response.code && response.code < 400`

			`redirect_uri = response.headers['location']`
			`return unless redirect_uri`

			`@oauth_uri \|\|= URI.parse(redirect_uri)`
			`end`

			`def token_uri`
Improve Mattermost Session specs 2016-12-16 10:31:26 +00:00			`@token_uri \|\|=`
			`if @oauth_uri`
			`authorization.authorize.redirect_uri if pre_auth.authorizable?`
			`end`
Setup mattermost session 2016-12-12 08:31:48 +00:00			`end`

			`def request_token`
Improve Mattermost Session specs 2016-12-16 10:31:26 +00:00			`response = get(@token_uri, follow_redirects: false)`
			`if 200 <= response.code && response.code < 400`
			`response.headers['token']`
			`end`
Setup mattermost session 2016-12-12 08:31:48 +00:00			`end`

			`def get(path, options = {})`
Store mattermost_url in settings 2016-12-16 11:20:42 +00:00			`self.class.get(path, options.merge(headers: @headers))`
Setup mattermost session 2016-12-12 08:31:48 +00:00			`end`

			`def post(path, options = {})`
Store mattermost_url in settings 2016-12-16 11:20:42 +00:00			`self.class.post(path, options.merge(headers: @headers))`
Setup mattermost session 2016-12-12 08:31:48 +00:00			`end`
			`end`
			`end`