Improve JwtController implementation

app/controllers/jwt_controller.rb

@@ -11,10 +11,8 @@ class JwtController < ApplicationController
     service = SERVICES[params[:service]]
     return head :not_found unless service
 
-    @authentication_result ||= Gitlab::Auth::Result.new
-
     result = service.new(@authentication_result.project, @authentication_result.actor, auth_params).
-      execute(authentication_abilities: @authentication_result.authentication_abilities)
+      execute(authentication_abilities: @authentication_result.authentication_abilities || [])
 
     render json: result, status: result[:http_status]
   end
@@ -22,6 +20,8 @@ class JwtController < ApplicationController
   private
 
   def authenticate_project_or_user
+    @authentication_result = Gitlab::Auth::Result.new
+
     authenticate_with_http_basic do |login, password|
       @authentication_result = Gitlab::Auth.find_for_git_client(login, password, project: nil, ip: request.ip)
 

app/services/auth/container_registry_authentication_service.rb

@@ -5,7 +5,7 @@ module Auth
     AUDIENCE = 'container_registry'
 
     def execute(authentication_abilities:)
-      @authentication_abilities = authentication_abilities || []
+      @authentication_abilities = authentication_abilities
 
       return error('not found', 404) unless registry.enabled
 

lib/ci/mask_secret.rb

 module Ci::MaskSecret
   class << self
     def mask!(value, token)
-      return unless value.present? && token.present?
+      return value unless value.present? && token.present?
 
       value.gsub!(token, 'x' * token.length)
+      value
     end
   end
 end

spec/lib/ci/mask_secret_spec.rb

@@ -16,10 +16,12 @@ describe Ci::MaskSecret, lib: true do
       expect(mask('token', 'not')).to eq('token')
     end
 
+    it 'does support null token' do
+      expect(mask('token', nil)).to eq('token')
+    end
+
     def mask(value, token)
-      value = value.dup
-      subject.mask!(value, token)
-      value
+      subject.mask!(value.dup, token)
     end
   end
 end