Class: Gitlab::Kas::UserAccess

Inherits:

Object

• Object
• Gitlab::Kas::UserAccess

Defined in:

lib/gitlab/kas/user_access.rb

Class Method Summary

• .cookie_data(public_session_id) ⇒ Object
• .decrypt_public_session_id(data) ⇒ Object
• .enabled? ⇒ Boolean
• .encrypt_public_session_id(data) ⇒ Object
• .valid_authenticity_token?(session, masked_authenticity_token) ⇒ Boolean

Class Method Details

.cookie_data(public_session_id) ⇒ Object

# File 'lib/gitlab/kas/user_access.rb', line 30

def cookie_data(public_session_id)
  uri = URI(::Gitlab::Kas.tunnel_url)

  cookie = {
    value: encrypt_public_session_id(public_session_id),
    expires: 1.day,
    httponly: true,
    path: uri.path.presence || '/',
    secure: Gitlab.config.gitlab.https
  }
  # Only set domain attribute if KAS is on a subdomain.
  # When on the same domain, we can omit the attribute.
  gitlab_host = Gitlab.config.gitlab.host
  cookie[:domain] = gitlab_host if uri.host.end_with?(".#{gitlab_host}")

  cookie
end

.decrypt_public_session_id(data) ⇒ Object

# File 'lib/gitlab/kas/user_access.rb', line 19

def decrypt_public_session_id(data)
  decrypted = encryptor.decrypt_and_verify(data, purpose: public_session_id_purpose)
  ::Gitlab::Json.parse(decrypted)
end

.enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/kas/user_access.rb', line 11

def enabled?
  ::Gitlab::Kas.enabled?
end

.encrypt_public_session_id(data) ⇒ Object

# File 'lib/gitlab/kas/user_access.rb', line 15

def encrypt_public_session_id(data)
  encryptor.encrypt_and_sign(data.to_json, purpose: public_session_id_purpose)
end

.valid_authenticity_token?(session, masked_authenticity_token) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/kas/user_access.rb', line 24

def valid_authenticity_token?(session, masked_authenticity_token)
  # rubocop:disable GitlabSecurity/PublicSend
  ActionController::Base.new.send(:valid_authenticity_token?, session, masked_authenticity_token)
  # rubocop:enable GitlabSecurity/PublicSend
end