Module: API::APIGuard::HelperMethods

Includes:
Gitlab::Auth::AuthFinders
Defined in:
lib/api/api_guard.rb

Overview

Helper Methods for Grape Endpoint

Constant Summary

Constants included from Gitlab::Auth::AuthFinders

Gitlab::Auth::AuthFinders::DEPLOY_TOKEN_HEADER, Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER, Gitlab::Auth::AuthFinders::JOB_TOKEN_PARAM, Gitlab::Auth::AuthFinders::PRIVATE_TOKEN_HEADER, Gitlab::Auth::AuthFinders::PRIVATE_TOKEN_PARAM, Gitlab::Auth::AuthFinders::RUNNER_JOB_TOKEN_PARAM, Gitlab::Auth::AuthFinders::RUNNER_TOKEN_PARAM

Instance Method Summary collapse

Methods included from Gitlab::Auth::AuthFinders

#cluster_agent_token_from_authorization_token, #deploy_token_from_request, #find_runner_from_token, #find_user_from_access_token, #find_user_from_basic_auth_job, #find_user_from_bearer_token, #find_user_from_feed_token, #find_user_from_job_token, #find_user_from_static_object_token, #find_user_from_warden, #find_user_from_web_access_token, #validate_access_token!

Methods included from Gitlab::Utils::StrongMemoize

#clear_memoization, #strong_memoize, #strong_memoized?

Instance Method Details

#access_tokenObject


50
51
52
# File 'lib/api/api_guard.rb', line 50

def access_token
  super || find_personal_access_token_from_http_basic_auth
end

#find_current_user!Object


54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# File 'lib/api/api_guard.rb', line 54

def find_current_user!
  user = find_user_from_sources
  return unless user

  if user.is_a?(User) && Feature.enabled?(:user_mode_in_session)
    # Sessions are enforced to be unavailable for API calls, so ignore them for admin mode
    Gitlab::Auth::CurrentUserMode.bypass_session!(user.id)
  end

  unless api_access_allowed?(user)
    forbidden!(api_access_denied_message(user))
  end

  user
end

#find_user_from_sourcesObject


70
71
72
73
74
75
76
77
# File 'lib/api/api_guard.rb', line 70

def find_user_from_sources
  strong_memoize(:find_user_from_sources) do
    deploy_token_from_request ||
      find_user_from_bearer_token ||
      find_user_from_job_token ||
      user_from_warden
  end
end