Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
2cb1d617
Commit
2cb1d617
authored
Oct 02, 2017
by
Shinya Maeda
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use expires_in for access_token validation
parent
5663b480
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
36 additions
and
9 deletions
+36
-9
app/controllers/google_api/authorizations_controller.rb
app/controllers/google_api/authorizations_controller.rb
+7
-3
app/controllers/projects/clusters_controller.rb
app/controllers/projects/clusters_controller.rb
+11
-5
lib/google_api/auth.rb
lib/google_api/auth.rb
+2
-1
lib/google_api/cloud_platform/client.rb
lib/google_api/cloud_platform/client.rb
+16
-0
No files found.
app/controllers/google_api/authorizations_controller.rb
View file @
2cb1d617
module
GoogleApi
module
GoogleApi
class
AuthorizationsController
<
ApplicationController
class
AuthorizationsController
<
ApplicationController
def
callback
def
callback
session
[
GoogleApi
::
CloudPlatform
::
Client
.
session_key_for_token
]
=
token
,
expires_at
=
GoogleApi
::
CloudPlatform
::
Client
GoogleApi
::
CloudPlatform
::
Client
.
new
(
nil
,
callback_google_api_authorizations_url
)
.
new
(
nil
,
callback_google_api_authorizations_url
)
.
get_token
(
params
[
:code
])
.
get_token
(
params
[
:code
])
session
[
GoogleApi
::
CloudPlatform
::
Client
.
session_key_for_token
]
=
token
session
[
GoogleApi
::
CloudPlatform
::
Client
.
session_key_for_expires_at
]
=
expires_at
.
to_s
if
params
[
:state
]
if
params
[
:state
]
redirect_to
params
[
:state
]
redirect_to
params
[
:state
]
...
...
app/controllers/projects/clusters_controller.rb
View file @
2cb1d617
...
@@ -6,12 +6,11 @@ class Projects::ClustersController < Projects::ApplicationController
...
@@ -6,12 +6,11 @@ class Projects::ClustersController < Projects::ApplicationController
def
login
def
login
begin
begin
@authorize_url
=
GoogleApi
::
CloudPlatform
::
Client
.
new
(
@authorize_url
=
GoogleApi
::
CloudPlatform
::
Client
.
new
(
nil
,
nil
,
callback_google_api_authorizations_url
,
callback_google_api_authorizations_url
,
state:
namespace_project_clusters_url
.
to_s
state:
namespace_project_clusters_url
.
to_s
).
authorize_url
).
authorize_url
rescue
GoogleApi
::
Auth
::
ConfigMissingError
rescue
GoogleApi
::
Auth
::
ConfigMissingError
#
Show an alert message that gitlab.yml is not configured properly
#
no-op
end
end
end
end
...
@@ -83,12 +82,19 @@ class Projects::ClustersController < Projects::ApplicationController
...
@@ -83,12 +82,19 @@ class Projects::ClustersController < Projects::ApplicationController
end
end
def
authorize_google_api
def
authorize_google_api
unless
token_in_session
unless
GoogleApi
::
CloudPlatform
::
Client
.
new
(
token_in_session
,
nil
)
.
validate_token
(
expires_at_in_session
)
redirect_to
action:
'login'
redirect_to
action:
'login'
end
end
end
end
def
token_in_session
def
token_in_session
@token_in_session
||=
session
[
GoogleApi
::
CloudPlatform
::
Client
.
session_key_for_token
]
@token_in_session
||=
session
[
GoogleApi
::
CloudPlatform
::
Client
.
session_key_for_token
]
end
def
expires_at_in_session
@expires_at_in_session
||=
session
[
GoogleApi
::
CloudPlatform
::
Client
.
session_key_for_expires_at
]
end
end
end
end
lib/google_api/auth.rb
View file @
2cb1d617
...
@@ -19,7 +19,8 @@ module GoogleApi
...
@@ -19,7 +19,8 @@ module GoogleApi
end
end
def
get_token
(
code
)
def
get_token
(
code
)
client
.
auth_code
.
get_token
(
code
,
redirect_uri:
redirect_uri
).
token
ret
=
client
.
auth_code
.
get_token
(
code
,
redirect_uri:
redirect_uri
)
return
ret
.
token
,
ret
.
expires_at
end
end
protected
protected
...
...
lib/google_api/cloud_platform/client.rb
View file @
2cb1d617
...
@@ -9,12 +9,28 @@ module GoogleApi
...
@@ -9,12 +9,28 @@ module GoogleApi
def
session_key_for_token
def
session_key_for_token
:cloud_platform_access_token
:cloud_platform_access_token
end
end
def
session_key_for_expires_at
:cloud_platform_expires_at
end
end
end
def
scope
def
scope
'https://www.googleapis.com/auth/cloud-platform'
'https://www.googleapis.com/auth/cloud-platform'
end
end
def
validate_token
(
expires_at
)
return
false
unless
access_token
return
false
unless
expires_at
# Making sure that the token will have been still alive during the cluster creation.
unless
DateTime
.
strptime
(
expires_at
,
'%s'
).
to_time
>
Time
.
now
+
10
.
minutes
return
false
end
true
end
def
projects_zones_clusters_get
(
project_id
,
zone
,
cluster_id
)
def
projects_zones_clusters_get
(
project_id
,
zone
,
cluster_id
)
service
=
Google
::
Apis
::
ContainerV1
::
ContainerService
.
new
service
=
Google
::
Apis
::
ContainerV1
::
ContainerService
.
new
service
.
authorization
=
access_token
service
.
authorization
=
access_token
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment