Class: DependencyProxy::AuthTokenService

Inherits:
BaseService show all
Defined in:
app/services/dependency_proxy/auth_token_service.rb

Constant Summary

Constants inherited from BaseService

BaseService::UnauthorizedError

Instance Attribute Summary collapse

Attributes inherited from BaseService

#current_user, #params, #project

Class Method Summary collapse

Instance Method Summary collapse

Methods included from BaseServiceUtility

#deny_visibility_level, #event_service, #log_error, #log_info, #notification_service, #system_hook_service, #todo_service, #visibility_level

Methods included from Gitlab::Allowable

#can?, #can_all?, #can_any?

Constructor Details

#initialize(token) ⇒ AuthTokenService

Returns a new instance of AuthTokenService.



7
8
9
 
# File 'app/services/dependency_proxy/auth_token_service.rb', line 7

def initialize(token)
  @token = token
end

Instance Attribute Details

#tokenObject (readonly)

Returns the value of attribute token.



5
6
7
 
# File 'app/services/dependency_proxy/auth_token_service.rb', line 5

def token
  @token
end

Class Method Details

.get_deploy_token(raw_token) ⇒ Object 



56
57
58
 
# File 'app/services/dependency_proxy/auth_token_service.rb', line 56

def self.get_deploy_token(raw_token)
  DeployToken.active.find_by_token(raw_token)
end

.get_personal_access_token(raw_token) ⇒ Object 



52
53
54
 
# File 'app/services/dependency_proxy/auth_token_service.rb', line 52

def self.get_personal_access_token(raw_token)
  PersonalAccessTokensFinder.new(state: 'active').find_by_token(raw_token)
end

.get_user(user_id) ⇒ Object 



48
49
50
 
# File 'app/services/dependency_proxy/auth_token_service.rb', line 48

def self.get_user(user_id)
  User.find(user_id)
end

.user_or_deploy_token_from_jwt(raw_jwt) ⇒ Object

TODO: Rename to make it obvious how it’s used in Gitlab::Auth::RequestAuthenticator which is to return an <object>.<id> that is used as a rack-attack discriminator that way it cannot be confused with .user_or_token_from_jwt gitlab.com/gitlab-org/gitlab/-/issues/454518



19
20
21
22
23
24
25
26
27
28
29
 
# File 'app/services/dependency_proxy/auth_token_service.rb', line 19

def self.user_or_deploy_token_from_jwt(raw_jwt)
  token_payload = self.new(raw_jwt).execute

  if token_payload['user_id']
    User.find(token_payload['user_id'])
  elsif token_payload['deploy_token']
    DeployToken.active.find_by_token(token_payload['deploy_token'])
  end
rescue JWT::DecodeError, JWT::ExpiredSignature, JWT::ImmatureSignature
  nil
end

.user_or_token_from_jwt(raw_jwt) ⇒ Object 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'app/services/dependency_proxy/auth_token_service.rb', line 31

def self.user_or_token_from_jwt(raw_jwt)
  token_payload = self.new(raw_jwt).execute

  if token_payload['personal_access_token']
    get_personal_access_token(token_payload['personal_access_token'])
  elsif token_payload['group_access_token']
    # a group access token is a personal access token in disguise
    get_personal_access_token(token_payload['group_access_token'])
  elsif token_payload['user_id']
    get_user(token_payload['user_id'])
  elsif token_payload['deploy_token']
    get_deploy_token(token_payload['deploy_token'])
  end
rescue JWT::DecodeError, JWT::ExpiredSignature, JWT::ImmatureSignature
  nil
end

Instance Method Details

#executeObject 



11
12
13
 
# File 'app/services/dependency_proxy/auth_token_service.rb', line 11

def execute
  JSONWebToken::HMACToken.decode(token, ::Auth::DependencyProxyAuthenticationService.secret).first
end