Commit f166222a authored by Thong Kuah's avatar Thong Kuah

Merge branch '33596-package-ci-metadata' into 'master'

Provide access to job token as a helper

See merge request gitlab-org/gitlab!19793
parents 00b50a47 d8bafa92
---
title: Improve job tokens and provide access helper
merge_request: 19793
author:
type: other
...@@ -140,7 +140,13 @@ module EE ...@@ -140,7 +140,13 @@ module EE
end end
def job_token_authentication? def job_token_authentication?
initial_current_user && @job_token_authentication # rubocop:disable Gitlab/ModuleWithInstanceVariables initial_current_user && @current_authenticated_job.present? # rubocop:disable Gitlab/ModuleWithInstanceVariables
end
# Returns the job associated with the token provided for
# authentication, if any
def current_authenticated_job
@current_authenticated_job
end end
def warden def warden
......
...@@ -24,7 +24,7 @@ module EE ...@@ -24,7 +24,7 @@ module EE
job = ::Ci::Build.find_by_token(token) job = ::Ci::Build.find_by_token(token)
raise ::Gitlab::Auth::UnauthorizedError unless job raise ::Gitlab::Auth::UnauthorizedError unless job
@job_token_authentication = true # rubocop:disable Gitlab/ModuleWithInstanceVariables @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables
job.user job.user
end end
...@@ -39,7 +39,7 @@ module EE ...@@ -39,7 +39,7 @@ module EE
override :validate_access_token! override :validate_access_token!
def validate_access_token!(scopes: []) def validate_access_token!(scopes: [])
# return early if we've already authenticated via a job token # return early if we've already authenticated via a job token
@job_token_authentication.present? || super # rubocop:disable Gitlab/ModuleWithInstanceVariables @current_authenticated_job.present? || super # rubocop:disable Gitlab/ModuleWithInstanceVariables
end end
def scim_request? def scim_request?
...@@ -57,7 +57,7 @@ module EE ...@@ -57,7 +57,7 @@ module EE
job = ::Ci::Build.find_by_token(token) job = ::Ci::Build.find_by_token(token)
return unless job return unless job
@job_token_authentication = true # rubocop:disable Gitlab/ModuleWithInstanceVariables @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables
job.user job.user
end end
......
...@@ -32,6 +32,7 @@ describe Gitlab::Auth::UserAuthFinders do ...@@ -32,6 +32,7 @@ describe Gitlab::Auth::UserAuthFinders do
set_token(job.token) set_token(job.token)
expect(subject).to eq(user) expect(subject).to eq(user)
expect(@current_authenticated_job).to eq job
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment