Class: Gitlab::APIAuthentication::TokenResolver

Inherits:
Object
  • Object
show all
Includes:
ActiveModel::Validations
Defined in:
lib/gitlab/api_authentication/token_resolver.rb

Constant Summary collapse

UsernameAndPassword =
::Gitlab::APIAuthentication::TokenLocator::UsernameAndPassword

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(token_type) ⇒ TokenResolver

Returns a new instance of TokenResolver.


26
27
28
29
# File 'lib/gitlab/api_authentication/token_resolver.rb', line 26

def initialize(token_type)
  @token_type = token_type
  validate!
end

Instance Attribute Details

#token_typeObject (readonly)

Returns the value of attribute token_type.


8
9
10
# File 'lib/gitlab/api_authentication/token_resolver.rb', line 8

def token_type
  @token_type
end

Instance Method Details

#resolve(raw) ⇒ Object

Existing behavior is known to be inconsistent across authentication methods with regards to whether to silently ignore present but invalid credentials or to raise an error/respond with 401.

If a token can be located from the provided credentials, but the token or credentials are in some way invalid, this implementation opts to raise an error.

For example, if the raw credentials include a username and password, and a token is resolved from the password, but the username does not match the token, an error will be raised.

See gitlab.com/gitlab-org/gitlab/-/issues/246569


45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# File 'lib/gitlab/api_authentication/token_resolver.rb', line 45

def resolve(raw)
  case @token_type
  when :personal_access_token
    resolve_personal_access_token raw

  when :job_token
    resolve_job_token raw

  when :deploy_token
    resolve_deploy_token raw

  when :personal_access_token_with_username
    resolve_personal_access_token_with_username raw

  when :job_token_with_username
    resolve_job_token_with_username raw

  when :deploy_token_with_username
    resolve_deploy_token_with_username raw

  when :personal_access_token_from_jwt
    resolve_personal_access_token_from_jwt raw

  when :deploy_token_from_jwt
    resolve_deploy_token_from_jwt raw

  when :job_token_from_jwt
    resolve_job_token_from_jwt raw
  end
end