Refactor access token validation in `Gitlab::Auth`
- Based on @dbalexandre's review - Extract token validity conditions into two separate methods, for personal access tokens and OAuth tokens.
This commit is contained in:
parent
990ae6b8e5
commit
dc95bcbb16
|
@ -92,7 +92,7 @@ module Gitlab
|
|||
def oauth_access_token_check(login, password)
|
||||
if login == "oauth2" && password.present?
|
||||
token = Doorkeeper::AccessToken.by_token(password)
|
||||
if token && token.accessible? && token_has_scope?(token)
|
||||
if valid_oauth_token?(token)
|
||||
user = User.find_by(id: token.resource_owner_id)
|
||||
Gitlab::Auth::Result.new(user, nil, :oauth, read_authentication_abilities)
|
||||
end
|
||||
|
@ -104,12 +104,20 @@ module Gitlab
|
|||
token = PersonalAccessToken.active.find_by_token(password)
|
||||
validation = User.by_login(login)
|
||||
|
||||
if token && token.user == validation && token_has_scope?(token)
|
||||
if valid_personal_access_token?(token, validation)
|
||||
Gitlab::Auth::Result.new(validation, nil, :personal_token, full_authentication_abilities)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def valid_oauth_token?(token)
|
||||
token && token.accessible? && token_has_scope?(token)
|
||||
end
|
||||
|
||||
def valid_personal_access_token?(token, user)
|
||||
token && token.user == user && token_has_scope?(token)
|
||||
end
|
||||
|
||||
def token_has_scope?(token)
|
||||
AccessTokenValidationService.sufficient_scope?(token, ['api'])
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue