Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Tatuya Kamada
gitlab-ce
Commits
daca2144
Commit
daca2144
authored
May 09, 2016
by
Kamil Trzcinski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Make code more clear in what is done
parent
9f679ac2
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
14 additions
and
13 deletions
+14
-13
app/controllers/jwt_controller.rb
app/controllers/jwt_controller.rb
+5
-4
app/services/jwt/docker_authentication_service.rb
app/services/jwt/docker_authentication_service.rb
+9
-9
No files found.
app/controllers/jwt_controller.rb
View file @
daca2144
...
@@ -8,8 +8,9 @@ class JwtController < ApplicationController
...
@@ -8,8 +8,9 @@ class JwtController < ApplicationController
def
auth
def
auth
@authenticated
=
authenticate_with_http_basic
do
|
login
,
password
|
@authenticated
=
authenticate_with_http_basic
do
|
login
,
password
|
@ci_project
=
ci_project
(
login
,
password
)
# if it's possible we first try to authenticate project with login and password
@user
=
authenticate_user
(
login
,
password
)
unless
@ci_project
@project
=
authenticate_project
(
login
,
password
)
@user
=
authenticate_user
(
login
,
password
)
unless
@project
end
end
unless
@authenticated
unless
@authenticated
...
@@ -19,7 +20,7 @@ class JwtController < ApplicationController
...
@@ -19,7 +20,7 @@ class JwtController < ApplicationController
service
=
SERVICES
[
params
[
:service
]]
service
=
SERVICES
[
params
[
:service
]]
head
:not_found
unless
service
head
:not_found
unless
service
result
=
service
.
new
(
@
ci_
project
,
@user
,
auth_params
).
execute
result
=
service
.
new
(
@project
,
@user
,
auth_params
).
execute
return
head
result
[
:http_status
]
if
result
[
:http_status
]
return
head
result
[
:http_status
]
if
result
[
:http_status
]
render
json:
result
render
json:
result
...
@@ -31,7 +32,7 @@ class JwtController < ApplicationController
...
@@ -31,7 +32,7 @@ class JwtController < ApplicationController
params
.
permit
(
:service
,
:scope
,
:offline_token
,
:account
,
:client_id
)
params
.
permit
(
:service
,
:scope
,
:offline_token
,
:account
,
:client_id
)
end
end
def
ci
_project
(
login
,
password
)
def
authenticate
_project
(
login
,
password
)
matched_login
=
/(?<s>^[a-zA-Z]*-ci)-token$/
.
match
(
login
)
matched_login
=
/(?<s>^[a-zA-Z]*-ci)-token$/
.
match
(
login
)
if
matched_login
.
present?
if
matched_login
.
present?
...
...
app/services/jwt/docker_authentication_service.rb
View file @
daca2144
...
@@ -5,12 +5,12 @@ module Jwt
...
@@ -5,12 +5,12 @@ module Jwt
return
error
(
'forbidden'
,
403
)
unless
current_user
return
error
(
'forbidden'
,
403
)
unless
current_user
end
end
{
token:
token
.
encoded
}
{
token:
authorized_
token
.
encoded
}
end
end
private
private
def
token
def
authorized_
token
token
=
::
Jwt
::
RSAToken
.
new
(
registry
.
key
)
token
=
::
Jwt
::
RSAToken
.
new
(
registry
.
key
)
token
.
issuer
=
registry
.
issuer
token
.
issuer
=
registry
.
issuer
token
.
audience
=
params
[
:service
]
token
.
audience
=
params
[
:service
]
...
@@ -37,22 +37,22 @@ module Jwt
...
@@ -37,22 +37,22 @@ module Jwt
end
end
def
process_repository_access
(
type
,
name
,
actions
)
def
process_repository_access
(
type
,
name
,
actions
)
current
_project
=
Project
.
find_with_namespace
(
name
)
requested
_project
=
Project
.
find_with_namespace
(
name
)
return
unless
current
_project
return
unless
requested
_project
actions
=
actions
.
select
do
|
action
|
actions
=
actions
.
select
do
|
action
|
can_access?
(
current
_project
,
action
)
can_access?
(
requested
_project
,
action
)
end
end
{
type:
type
,
name:
name
,
actions:
actions
}
if
actions
{
type:
type
,
name:
name
,
actions:
actions
}
if
actions
end
end
def
can_access?
(
current_project
,
action
)
def
can_access?
(
requested_project
,
requested_
action
)
case
action
case
requested_
action
when
'pull'
when
'pull'
current_project
==
project
||
can?
(
current_user
,
:download_code
,
current
_project
)
requested_project
.
public?
||
requested_project
==
project
||
can?
(
current_user
,
:download_code
,
requested
_project
)
when
'push'
when
'push'
current_project
==
project
||
can?
(
current_user
,
:push_code
,
current
_project
)
requested_project
==
project
||
can?
(
current_user
,
:push_code
,
requested
_project
)
else
else
false
false
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment