Refactor with ActionDispatch::Request
This commit is contained in:
parent
09b01c7560
commit
4e5a97d4f3
|
@ -4,7 +4,7 @@ module Gitlab
|
||||||
module Auth
|
module Auth
|
||||||
class RequestAuthenticator
|
class RequestAuthenticator
|
||||||
def initialize(request)
|
def initialize(request)
|
||||||
@request = request
|
@request = ensure_action_dispatch_request(request)
|
||||||
end
|
end
|
||||||
|
|
||||||
def user
|
def user
|
||||||
|
@ -21,21 +21,17 @@ module Gitlab
|
||||||
@request.env['warden']&.authenticate if verified_request?
|
@request.env['warden']&.authenticate if verified_request?
|
||||||
end
|
end
|
||||||
|
|
||||||
# request may be Rack::Attack::Request which is just a Rack::Request, so
|
|
||||||
# we cannot use ActionDispatch::Request methods.
|
|
||||||
def find_user_by_private_token
|
def find_user_by_private_token
|
||||||
token = @request.params['private_token'].presence || @request.env['HTTP_PRIVATE_TOKEN'].presence
|
token = @request.params[:private_token].presence || @request.headers['PRIVATE-TOKEN'].presence
|
||||||
return unless token.present?
|
return unless token.present?
|
||||||
|
|
||||||
User.find_by_authentication_token(token) || User.find_by_personal_access_token(token)
|
User.find_by_authentication_token(token) || User.find_by_personal_access_token(token)
|
||||||
end
|
end
|
||||||
|
|
||||||
# request may be Rack::Attack::Request which is just a Rack::Request, so
|
|
||||||
# we cannot use ActionDispatch::Request methods.
|
|
||||||
def find_user_by_rss_token
|
def find_user_by_rss_token
|
||||||
return unless @request.path.ends_with?('atom') || @request.env['HTTP_ACCEPT'] == 'application/atom+xml'
|
return unless @request.path.ends_with?('atom') || @request.format == 'atom'
|
||||||
|
|
||||||
token = @request.params['rss_token'].presence
|
token = @request.params[:rss_token].presence
|
||||||
return unless token.present?
|
return unless token.present?
|
||||||
|
|
||||||
User.find_by_rss_token(token)
|
User.find_by_rss_token(token)
|
||||||
|
@ -47,18 +43,20 @@ module Gitlab
|
||||||
end
|
end
|
||||||
|
|
||||||
def find_oauth_access_token
|
def find_oauth_access_token
|
||||||
token = Doorkeeper::OAuth::Token.from_request(doorkeeper_request, *Doorkeeper.configuration.access_token_methods)
|
token = Doorkeeper::OAuth::Token.from_request(@request, *Doorkeeper.configuration.access_token_methods)
|
||||||
OauthAccessToken.by_token(token) if token
|
OauthAccessToken.by_token(token) if token
|
||||||
end
|
end
|
||||||
|
|
||||||
def doorkeeper_request
|
|
||||||
ActionDispatch::Request.new(@request.env)
|
|
||||||
end
|
|
||||||
|
|
||||||
# Check if the request is GET/HEAD, or if CSRF token is valid.
|
# Check if the request is GET/HEAD, or if CSRF token is valid.
|
||||||
def verified_request?
|
def verified_request?
|
||||||
Gitlab::RequestForgeryProtection.verified?(@request.env)
|
Gitlab::RequestForgeryProtection.verified?(@request.env)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def ensure_action_dispatch_request(request)
|
||||||
|
return request if request.is_a?(ActionDispatch::Request)
|
||||||
|
|
||||||
|
ActionDispatch::Request.new(request.env)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue