Refactor access token validation in `Gitlab::Auth`

- Based on @dbalexandre's review - Extract token validity conditions into two separate methods, for personal access tokens and OAuth tokens.

Refactor access token validation in `Gitlab::Auth`
- Based on @dbalexandre's review - Extract token validity conditions into two separate methods, for personal access tokens and OAuth tokens.
dc95bcbb · Timothy Andrew · 990ae6b8 · dc95bcbb
Commit dc95bcbb authored Nov 24, 2016 by Timothy Andrew
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 2 deletions

lib/gitlab/auth.rb lib/gitlab/auth.rb +10 -2

No files found.
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -92,7 +92,7 @@ module Gitlab
      def oauth_access_token_check(login, password)
        if login == "oauth2" && password.present?
          token = Doorkeeper::AccessToken.by_token(password)
-          if token && token.accessible? && token_has_scope?(token)
+          if valid_oauth_token?(token)
            user = User.find_by(id: token.resource_owner_id)
            Gitlab::Auth::Result.new(user, nil, :oauth, read_authentication_abilities)
          end
@@ -104,12 +104,20 @@ module Gitlab
          token = PersonalAccessToken.active.find_by_token(password)
          validation = User.by_login(login)

-          if token && token.user == validation && token_has_scope?(token)
+          if valid_personal_access_token?(token, validation)
            Gitlab::Auth::Result.new(validation, nil, :personal_token, full_authentication_abilities)
          end
        end
      end

+      def valid_oauth_token?(token)
+        token && token.accessible? && token_has_scope?(token)
+      end
+
+      def valid_personal_access_token?(token, user)
+        token && token.user == user && token_has_scope?(token)
+      end
+
      def token_has_scope?(token)
        AccessTokenValidationService.sufficient_scope?(token, ['api'])
      end