Consistently use PersonalAccessToken instead of PersonalToken
This commit is contained in:
parent
668183d479
commit
a1781a4941
4 changed files with 15 additions and 15 deletions
|
@ -30,11 +30,11 @@ class JwtController < ApplicationController
|
|||
render_unauthorized
|
||||
end
|
||||
end
|
||||
rescue Gitlab::Auth::MissingPersonalTokenError
|
||||
render_missing_personal_token
|
||||
rescue Gitlab::Auth::MissingPersonalAccessTokenError
|
||||
render_missing_personal_access_token
|
||||
end
|
||||
|
||||
def render_missing_personal_token
|
||||
def render_missing_personal_access_token
|
||||
render json: {
|
||||
errors: [
|
||||
{ code: 'UNAUTHORIZED',
|
||||
|
|
|
@ -53,8 +53,8 @@ class Projects::GitHttpClientController < Projects::ApplicationController
|
|||
|
||||
send_challenges
|
||||
render plain: "HTTP Basic: Access denied\n", status: 401
|
||||
rescue Gitlab::Auth::MissingPersonalTokenError
|
||||
render_missing_personal_token
|
||||
rescue Gitlab::Auth::MissingPersonalAccessTokenError
|
||||
render_missing_personal_access_token
|
||||
end
|
||||
|
||||
def basic_auth_provided?
|
||||
|
@ -78,7 +78,7 @@ class Projects::GitHttpClientController < Projects::ApplicationController
|
|||
@project, @wiki, @redirected_path = Gitlab::RepoPath.parse("#{params[:namespace_id]}/#{params[:project_id]}")
|
||||
end
|
||||
|
||||
def render_missing_personal_token
|
||||
def render_missing_personal_access_token
|
||||
render plain: "HTTP Basic: Access denied\n" \
|
||||
"You must use a personal access token with 'api' scope for Git over HTTP.\n" \
|
||||
"You can generate one at #{profile_personal_access_tokens_url}",
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
module Gitlab
|
||||
module Auth
|
||||
MissingPersonalTokenError = Class.new(StandardError)
|
||||
MissingPersonalAccessTokenError = Class.new(StandardError)
|
||||
|
||||
REGISTRY_SCOPES = [:read_registry].freeze
|
||||
|
||||
|
@ -38,7 +38,7 @@ module Gitlab
|
|||
|
||||
# If sign-in is disabled and LDAP is not configured, recommend a
|
||||
# personal access token on failed auth attempts
|
||||
raise Gitlab::Auth::MissingPersonalTokenError
|
||||
raise Gitlab::Auth::MissingPersonalAccessTokenError
|
||||
end
|
||||
|
||||
def find_with_user_password(login, password)
|
||||
|
@ -106,7 +106,7 @@ module Gitlab
|
|||
user = find_with_user_password(login, password)
|
||||
return unless user
|
||||
|
||||
raise Gitlab::Auth::MissingPersonalTokenError if user.two_factor_enabled?
|
||||
raise Gitlab::Auth::MissingPersonalAccessTokenError if user.two_factor_enabled?
|
||||
|
||||
Gitlab::Auth::Result.new(user, nil, :gitlab_or_ldap, full_authentication_abilities)
|
||||
end
|
||||
|
@ -128,7 +128,7 @@ module Gitlab
|
|||
token = PersonalAccessTokensFinder.new(state: 'active').find_by(token: password)
|
||||
|
||||
if token && valid_scoped_token?(token, available_scopes)
|
||||
Gitlab::Auth::Result.new(token.user, nil, :personal_token, abilities_for_scope(token.scopes))
|
||||
Gitlab::Auth::Result.new(token.user, nil, :personal_access_token, abilities_for_scope(token.scopes))
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -164,7 +164,7 @@ describe Gitlab::Auth do
|
|||
personal_access_token = create(:personal_access_token, scopes: ['api'])
|
||||
|
||||
expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: '')
|
||||
expect(gl_auth.find_for_git_client('', personal_access_token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(personal_access_token.user, nil, :personal_token, full_authentication_abilities))
|
||||
expect(gl_auth.find_for_git_client('', personal_access_token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(personal_access_token.user, nil, :personal_access_token, full_authentication_abilities))
|
||||
end
|
||||
|
||||
context 'when registry is enabled' do
|
||||
|
@ -176,7 +176,7 @@ describe Gitlab::Auth do
|
|||
personal_access_token = create(:personal_access_token, scopes: ['read_registry'])
|
||||
|
||||
expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: '')
|
||||
expect(gl_auth.find_for_git_client('', personal_access_token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(personal_access_token.user, nil, :personal_token, [:read_container_image]))
|
||||
expect(gl_auth.find_for_git_client('', personal_access_token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(personal_access_token.user, nil, :personal_access_token, [:read_container_image]))
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -184,14 +184,14 @@ describe Gitlab::Auth do
|
|||
impersonation_token = create(:personal_access_token, :impersonation, scopes: ['api'])
|
||||
|
||||
expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: '')
|
||||
expect(gl_auth.find_for_git_client('', impersonation_token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(impersonation_token.user, nil, :personal_token, full_authentication_abilities))
|
||||
expect(gl_auth.find_for_git_client('', impersonation_token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(impersonation_token.user, nil, :personal_access_token, full_authentication_abilities))
|
||||
end
|
||||
|
||||
it 'limits abilities based on scope' do
|
||||
personal_access_token = create(:personal_access_token, scopes: ['read_user'])
|
||||
|
||||
expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: '')
|
||||
expect(gl_auth.find_for_git_client('', personal_access_token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(personal_access_token.user, nil, :personal_token, []))
|
||||
expect(gl_auth.find_for_git_client('', personal_access_token.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(personal_access_token.user, nil, :personal_access_token, []))
|
||||
end
|
||||
|
||||
it 'fails if password is nil' do
|
||||
|
@ -234,7 +234,7 @@ describe Gitlab::Auth do
|
|||
it 'throws an error suggesting user create a PAT when internal auth is disabled' do
|
||||
allow_any_instance_of(ApplicationSetting).to receive(:password_authentication_enabled?) { false }
|
||||
|
||||
expect { gl_auth.find_for_git_client('foo', 'bar', project: nil, ip: 'ip') }.to raise_error(Gitlab::Auth::MissingPersonalTokenError)
|
||||
expect { gl_auth.find_for_git_client('foo', 'bar', project: nil, ip: 'ip') }.to raise_error(Gitlab::Auth::MissingPersonalAccessTokenError)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue