Class: Auth::DependencyProxyAuthenticationService
- Inherits:
-
BaseService
- Object
- BaseService
- Auth::DependencyProxyAuthenticationService
- Extended by:
- Gitlab::Utils::StrongMemoize
- Defined in:
- app/services/auth/dependency_proxy_authentication_service.rb
Constant Summary collapse
- AUDIENCE =
'dependency_proxy'
- HMAC_KEY =
'gitlab-dependency-proxy'
- DEFAULT_EXPIRE_TIME =
1.minute
Instance Attribute Summary
Attributes inherited from BaseService
#current_user, #params, #project
Class Method Summary collapse
Instance Method Summary collapse
Methods inherited from BaseService
Methods included from BaseServiceUtility
#deny_visibility_level, #event_service, #log_error, #log_info, #notification_service, #system_hook_service, #todo_service, #visibility_level
Methods included from Gitlab::Allowable
Constructor Details
This class inherits a constructor from BaseService
Class Method Details
.secret ⇒ Object
19 20 21 22 23 24 25 26 27 |
# File 'app/services/auth/dependency_proxy_authentication_service.rb', line 19 def secret strong_memoize(:secret) do OpenSSL::HMAC.hexdigest( 'sha256', ::Settings.attr_encrypted_db_key_base, HMAC_KEY ) end end |
.token_expire_at ⇒ Object
29 30 31 |
# File 'app/services/auth/dependency_proxy_authentication_service.rb', line 29 def token_expire_at Time.current + Gitlab::CurrentSettings.container_registry_token_expire_delay.minutes end |
Instance Method Details
#execute(authentication_abilities:) ⇒ Object
9 10 11 12 13 14 |
# File 'app/services/auth/dependency_proxy_authentication_service.rb', line 9 def execute(authentication_abilities:) return error('dependency proxy not enabled', 404) unless ::Gitlab.config.dependency_proxy.enabled return error('access forbidden', 403) unless valid_user_actor? { token: .encoded } end |