Commit 4e5a97d4 authored by Michael Kozono's avatar Michael Kozono Committed by Francisco Lopez

Refactor with ActionDispatch::Request

parent 09b01c75
...@@ -4,7 +4,7 @@ module Gitlab ...@@ -4,7 +4,7 @@ module Gitlab
module Auth module Auth
class RequestAuthenticator class RequestAuthenticator
def initialize(request) def initialize(request)
@request = request @request = ensure_action_dispatch_request(request)
end end
def user def user
...@@ -21,21 +21,17 @@ module Gitlab ...@@ -21,21 +21,17 @@ module Gitlab
@request.env['warden']&.authenticate if verified_request? @request.env['warden']&.authenticate if verified_request?
end end
# request may be Rack::Attack::Request which is just a Rack::Request, so
# we cannot use ActionDispatch::Request methods.
def find_user_by_private_token def find_user_by_private_token
token = @request.params['private_token'].presence || @request.env['HTTP_PRIVATE_TOKEN'].presence token = @request.params[:private_token].presence || @request.headers['PRIVATE-TOKEN'].presence
return unless token.present? return unless token.present?
User.find_by_authentication_token(token) || User.find_by_personal_access_token(token) User.find_by_authentication_token(token) || User.find_by_personal_access_token(token)
end end
# request may be Rack::Attack::Request which is just a Rack::Request, so
# we cannot use ActionDispatch::Request methods.
def find_user_by_rss_token def find_user_by_rss_token
return unless @request.path.ends_with?('atom') || @request.env['HTTP_ACCEPT'] == 'application/atom+xml' return unless @request.path.ends_with?('atom') || @request.format == 'atom'
token = @request.params['rss_token'].presence token = @request.params[:rss_token].presence
return unless token.present? return unless token.present?
User.find_by_rss_token(token) User.find_by_rss_token(token)
...@@ -47,18 +43,20 @@ module Gitlab ...@@ -47,18 +43,20 @@ module Gitlab
end end
def find_oauth_access_token def find_oauth_access_token
token = Doorkeeper::OAuth::Token.from_request(doorkeeper_request, *Doorkeeper.configuration.access_token_methods) token = Doorkeeper::OAuth::Token.from_request(@request, *Doorkeeper.configuration.access_token_methods)
OauthAccessToken.by_token(token) if token OauthAccessToken.by_token(token) if token
end end
def doorkeeper_request
ActionDispatch::Request.new(@request.env)
end
# Check if the request is GET/HEAD, or if CSRF token is valid. # Check if the request is GET/HEAD, or if CSRF token is valid.
def verified_request? def verified_request?
Gitlab::RequestForgeryProtection.verified?(@request.env) Gitlab::RequestForgeryProtection.verified?(@request.env)
end end
def ensure_action_dispatch_request(request)
return request if request.is_a?(ActionDispatch::Request)
ActionDispatch::Request.new(request.env)
end
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment