Class: Gitlab::MailRoom::Authenticator

Inherits:
Object
  • Object
show all
Includes:
JwtAuthenticatable
Defined in:
lib/gitlab/mail_room/authenticator.rb

Constant Summary collapse

SecretConfigurationError = 
Class.new(StandardError)
EXPIRATION =

Only allow token generated within the last 5 minutes

5.minutes

Constants included from JwtAuthenticatable

JwtAuthenticatable::SECRET_LENGTH

Class Method Summary collapse

Methods included from JwtAuthenticatable

included

Class Method Details

.enabled_configsObject 



43
44
45
 
# File 'lib/gitlab/mail_room/authenticator.rb', line 43

def enabled_configs
  Gitlab::MailRoom.enabled_configs
end

.secret(mailbox_type) ⇒ Object 



30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/gitlab/mail_room/authenticator.rb', line 30

def secret(mailbox_type)
  strong_memoize(:"jwt_secret_#{mailbox_type}") do
    secret_path = enabled_configs[mailbox_type][:secret_file]
    raise SecretConfigurationError, "#{mailbox_type}'s secret_file configuration is missing" if secret_path.blank?

    begin
      read_secret(secret_path)
    rescue StandardError => e
      raise SecretConfigurationError, "Fail to read #{mailbox_type}'s secret: #{e.message}"
    end
  end
end

.verify_api_request(request_headers, mailbox_type) ⇒ Object 



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/gitlab/mail_room/authenticator.rb', line 14

def verify_api_request(request_headers, mailbox_type)
  mailbox_type = mailbox_type.to_sym
  return false if enabled_configs[mailbox_type].blank?

  decode_jwt(
    request_headers[Gitlab::MailRoom::INTERNAL_API_REQUEST_HEADER],
    secret(mailbox_type),
    issuer: Gitlab::MailRoom::INTERNAL_API_REQUEST_JWT_ISSUER,
    iat_after: Time.current - EXPIRATION
  )
rescue JWT::DecodeError => e
  ::Gitlab::AppLogger.warn("Fail to decode MailRoom JWT token: #{e.message}") if Rails.env.development?

  false
end