Use expires_in for access_token validation
This commit is contained in:
parent
5663b4808d
commit
2cb1d617d9
|
@ -1,9 +1,13 @@
|
|||
module GoogleApi
|
||||
class AuthorizationsController < ApplicationController
|
||||
def callback
|
||||
session[GoogleApi::CloudPlatform::Client.session_key_for_token] =
|
||||
GoogleApi::CloudPlatform::Client.new(nil, callback_google_api_authorizations_url)
|
||||
.get_token(params[:code])
|
||||
token, expires_at = GoogleApi::CloudPlatform::Client
|
||||
.new(nil, callback_google_api_authorizations_url)
|
||||
.get_token(params[:code])
|
||||
|
||||
session[GoogleApi::CloudPlatform::Client.session_key_for_token] = token
|
||||
session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at] =
|
||||
expires_at.to_s
|
||||
|
||||
if params[:state]
|
||||
redirect_to params[:state]
|
||||
|
|
|
@ -6,12 +6,11 @@ class Projects::ClustersController < Projects::ApplicationController
|
|||
def login
|
||||
begin
|
||||
@authorize_url = GoogleApi::CloudPlatform::Client.new(
|
||||
nil,
|
||||
callback_google_api_authorizations_url,
|
||||
nil, callback_google_api_authorizations_url,
|
||||
state: namespace_project_clusters_url.to_s
|
||||
).authorize_url
|
||||
rescue GoogleApi::Auth::ConfigMissingError
|
||||
# Show an alert message that gitlab.yml is not configured properly
|
||||
# no-op
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -83,12 +82,19 @@ class Projects::ClustersController < Projects::ApplicationController
|
|||
end
|
||||
|
||||
def authorize_google_api
|
||||
unless token_in_session
|
||||
unless GoogleApi::CloudPlatform::Client.new(token_in_session, nil)
|
||||
.validate_token(expires_at_in_session)
|
||||
redirect_to action: 'login'
|
||||
end
|
||||
end
|
||||
|
||||
def token_in_session
|
||||
@token_in_session ||= session[GoogleApi::CloudPlatform::Client.session_key_for_token]
|
||||
@token_in_session ||=
|
||||
session[GoogleApi::CloudPlatform::Client.session_key_for_token]
|
||||
end
|
||||
|
||||
def expires_at_in_session
|
||||
@expires_at_in_session ||=
|
||||
session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at]
|
||||
end
|
||||
end
|
||||
|
|
|
@ -19,7 +19,8 @@ module GoogleApi
|
|||
end
|
||||
|
||||
def get_token(code)
|
||||
client.auth_code.get_token(code, redirect_uri: redirect_uri).token
|
||||
ret = client.auth_code.get_token(code, redirect_uri: redirect_uri)
|
||||
return ret.token, ret.expires_at
|
||||
end
|
||||
|
||||
protected
|
||||
|
|
|
@ -9,12 +9,28 @@ module GoogleApi
|
|||
def session_key_for_token
|
||||
:cloud_platform_access_token
|
||||
end
|
||||
|
||||
def session_key_for_expires_at
|
||||
:cloud_platform_expires_at
|
||||
end
|
||||
end
|
||||
|
||||
def scope
|
||||
'https://www.googleapis.com/auth/cloud-platform'
|
||||
end
|
||||
|
||||
def validate_token(expires_at)
|
||||
return false unless access_token
|
||||
return false unless expires_at
|
||||
|
||||
# Making sure that the token will have been still alive during the cluster creation.
|
||||
unless DateTime.strptime(expires_at, '%s').to_time > Time.now + 10.minutes
|
||||
return false
|
||||
end
|
||||
|
||||
true
|
||||
end
|
||||
|
||||
def projects_zones_clusters_get(project_id, zone, cluster_id)
|
||||
service = Google::Apis::ContainerV1::ContainerService.new
|
||||
service.authorization = access_token
|
||||
|
|
Loading…
Reference in New Issue