Class: Gitlab::Kas::UserAccess

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/kas/user_access.rb

Class Method Summary collapse

Class Method Details



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/gitlab/kas/user_access.rb', line 39

def cookie_data(public_session_id)
  uri = URI(::Gitlab::Kas.tunnel_url)
  value = session_cookie_token_prefix + encrypt_public_session_id(public_session_id)

  cookie = {
    value: value,
    expires: 1.day,
    httponly: true,
    path: uri.path.presence || '/',
    secure: Gitlab.config.gitlab.https
  }
  # Only set domain attribute if KAS is on a subdomain.
  # When on the same domain, we can omit the attribute.
  gitlab_host = Gitlab.config.gitlab.host
  cookie[:domain] = gitlab_host if uri.host.end_with?(".#{gitlab_host}")

  cookie
end

.decrypt_public_session_id(data) ⇒ Object 



19
20
21
22
23
 
# File 'lib/gitlab/kas/user_access.rb', line 19

def decrypt_public_session_id(data)
  encrypted_data = data.delete_prefix(session_cookie_token_prefix)
  decrypted = encryptor.decrypt_and_verify(encrypted_data, purpose: public_session_id_purpose)
  ::Gitlab::Json.parse(decrypted)
end

.enabled?Boolean

Returns:

  • (Boolean) 


11
12
13
 
# File 'lib/gitlab/kas/user_access.rb', line 11

def enabled?
  ::Gitlab::Kas.enabled?
end

.encrypt_public_session_id(data) ⇒ Object 



15
16
17
 
# File 'lib/gitlab/kas/user_access.rb', line 15

def encrypt_public_session_id(data)
  encryptor.encrypt_and_sign(data.to_json, purpose: public_session_id_purpose)
end

.valid_authenticity_token?(request, session, masked_authenticity_token) ⇒ Boolean

Returns:

  • (Boolean) 


25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'lib/gitlab/kas/user_access.rb', line 25

def valid_authenticity_token?(request, session, masked_authenticity_token)
  # rubocop:disable GitlabSecurity/PublicSend
  if ::Gitlab.next_rails?
    controller = ActionController::Base.new
    controller.set_request!(ActionDispatch::Request.new(request.env).dup)
    controller.send(:valid_authenticity_token?, session, masked_authenticity_token)
  else
    ActionController::Base.new.send(
      :valid_authenticity_token?, session, masked_authenticity_token
    )
  end
  # rubocop:enable GitlabSecurity/PublicSend
end