Class: AccessTokenValidationService
- Inherits:
-
Object
- Object
- AccessTokenValidationService
- Defined in:
- app/services/access_token_validation_service.rb
Constant Summary collapse
- VALID =
Results:
:valid
- EXPIRED =
:expired
- REVOKED =
:revoked
- INSUFFICIENT_SCOPE =
:insufficient_scope
- IMPERSONATION_DISABLED =
:impersonation_disabled
Instance Attribute Summary collapse
-
#request ⇒ Object
readonly
Returns the value of attribute request.
-
#token ⇒ Object
readonly
Returns the value of attribute token.
Instance Method Summary collapse
-
#include_any_scope?(required_scopes) ⇒ Boolean
True if the token’s scope contains any of the passed scopes.
-
#initialize(token, request: nil) ⇒ AccessTokenValidationService
constructor
A new instance of AccessTokenValidationService.
- #validate(scopes: []) ⇒ Object
Constructor Details
#initialize(token, request: nil) ⇒ AccessTokenValidationService
Returns a new instance of AccessTokenValidationService.
13 14 15 16 |
# File 'app/services/access_token_validation_service.rb', line 13 def initialize(token, request: nil) @token = token @request = request end |
Instance Attribute Details
#request ⇒ Object (readonly)
Returns the value of attribute request.
11 12 13 |
# File 'app/services/access_token_validation_service.rb', line 11 def request @request end |
#token ⇒ Object (readonly)
Returns the value of attribute token.
11 12 13 |
# File 'app/services/access_token_validation_service.rb', line 11 def token @token end |
Instance Method Details
#include_any_scope?(required_scopes) ⇒ Boolean
True if the token’s scope contains any of the passed scopes.
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
# File 'app/services/access_token_validation_service.rb', line 39 def include_any_scope?(required_scopes) if required_scopes.blank? true else # We're comparing each required_scope against all token scopes, which would # take quadratic time. This consideration is irrelevant here because of the # small number of records involved. # https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/12300/#note_33689006 token_scopes = token.scopes.map(&:to_sym) required_scopes.any? do |scope| scope = API::Scope.new(scope) unless scope.is_a?(API::Scope) scope.sufficient?(token_scopes, request) end end end |
#validate(scopes: []) ⇒ Object
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
# File 'app/services/access_token_validation_service.rb', line 18 def validate(scopes: []) if token.expired? EXPIRED elsif token.revoked? REVOKED elsif !self.include_any_scope?(scopes) INSUFFICIENT_SCOPE elsif token.respond_to?(:impersonation) && token.impersonation && !Gitlab.config.gitlab.impersonation_enabled IMPERSONATION_DISABLED else VALID end end |