Refactor with ActionDispatch::Request

2017-10-21 22:10:03 +03:00 · 2017-10-21 22:10:03 +03:00 · 4e5a97d4f3
parent 09b01c7560
commit 4e5a97d4f3
1 changed files with 11 additions and 13 deletions
--- a/lib/gitlab/auth/request_authenticator.rb
+++ b/lib/gitlab/auth/request_authenticator.rb
@ -4,7 +4,7 @@ module Gitlab
  module Auth
    class RequestAuthenticator
      def initialize(request)
-        @request = request
+        @request = ensure_action_dispatch_request(request)
      end

      def user
@ -21,21 +21,17 @@ module Gitlab
        @request.env['warden']&.authenticate if verified_request?
      end

-      # request may be Rack::Attack::Request which is just a Rack::Request, so
-      # we cannot use ActionDispatch::Request methods.
      def find_user_by_private_token
-        token = @request.params['private_token'].presence || @request.env['HTTP_PRIVATE_TOKEN'].presence
+        token = @request.params[:private_token].presence || @request.headers['PRIVATE-TOKEN'].presence
        return unless token.present?

        User.find_by_authentication_token(token) || User.find_by_personal_access_token(token)
      end

-      # request may be Rack::Attack::Request which is just a Rack::Request, so
-      # we cannot use ActionDispatch::Request methods.
      def find_user_by_rss_token
-        return unless @request.path.ends_with?('atom') || @request.env['HTTP_ACCEPT'] == 'application/atom+xml'
+        return unless @request.path.ends_with?('atom') || @request.format == 'atom'

-        token = @request.params['rss_token'].presence
+        token = @request.params[:rss_token].presence
        return unless token.present?

        User.find_by_rss_token(token)
@ -47,18 +43,20 @@ module Gitlab
      end

      def find_oauth_access_token
-        token = Doorkeeper::OAuth::Token.from_request(doorkeeper_request, *Doorkeeper.configuration.access_token_methods)
+        token = Doorkeeper::OAuth::Token.from_request(@request, *Doorkeeper.configuration.access_token_methods)
        OauthAccessToken.by_token(token) if token
      end

-      def doorkeeper_request
-        ActionDispatch::Request.new(@request.env)
-      end
-
      # Check if the request is GET/HEAD, or if CSRF token is valid.
      def verified_request?
        Gitlab::RequestForgeryProtection.verified?(@request.env)
      end
+
+      def ensure_action_dispatch_request(request)
+        return request if request.is_a?(ActionDispatch::Request)
+
+        ActionDispatch::Request.new(request.env)
+      end
    end
  end
 end