Class: Groups::AgnosticTokenRevocationService

Inherits:
BaseService show all
Defined in:
app/services/groups/agnostic_token_revocation_service.rb

Overview

rubocop:disable Gitlab/BoundedContexts – This service is strictly related to groups

Constant Summary collapse

AUDIT_SOURCE =
:group_token_revocation_service

Instance Attribute Summary

Attributes inherited from BaseService

#params

Attributes inherited from BaseService

#params, #project

Instance Method Summary collapse

Methods included from BaseServiceUtility

#deny_visibility_level, #event_service, #log_error, #log_info, #notification_service, #system_hook_service, #todo_service, #visibility_level

Methods included from Gitlab::Allowable

#can?, #can_all?, #can_any?

Constructor Details

#initialize(group, current_user, plaintext) ⇒ AgnosticTokenRevocationService

Returns a new instance of AgnosticTokenRevocationService.



22
23
24
25
26
# File 'app/services/groups/agnostic_token_revocation_service.rb', line 22

def initialize(group, current_user, plaintext)
  @group = group
  @current_user = current_user
  @plaintext = plaintext.to_s
end

Instance Method Details

#executeObject



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# File 'app/services/groups/agnostic_token_revocation_service.rb', line 28

def execute
  return error("Feature not enabled") unless Feature.enabled?(:group_agnostic_token_revocation, group)
  return error("Group cannot be a subgroup") if group.subgroup?
  return error("Unauthorized") unless can?(current_user, :admin_group, group)

  @token = ::Authn::AgnosticTokenIdentifier.token_for(plaintext, AUDIT_SOURCE)
  @revocable = token.revocable unless token.blank?

  # Perform checks based on token type and group scope:
  case token
  when ::Authn::Tokens::PersonalAccessToken
    handle_personal_access_token
  when ::Authn::Tokens::DeployToken
    handle_deploy_token
  when ::Authn::Tokens::FeedToken
    handle_feed_token
  else
    error('Unsupported token type')
  end
end