Commit 10b8fd71 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Refactor token authenticatable encrypted strategy

parent 10ea7539
# frozen_string_literal: true # frozen_string_literal: true
module TokenAuthenticatableStrategies module TokenAuthenticatableStrategies
attr_reader :klass, :token_field, :options
class Base class Base
def initialize(klass, token_field, options) def initialize(klass, token_field, options)
@klass = klass @klass = klass
...@@ -36,6 +38,10 @@ module TokenAuthenticatableStrategies ...@@ -36,6 +38,10 @@ module TokenAuthenticatableStrategies
instance.save! if Gitlab::Database.read_write? instance.save! if Gitlab::Database.read_write?
end end
def fallback?
options[:fallback] == true
end
protected protected
def write_new_token(instance) def write_new_token(instance)
......
...@@ -7,45 +7,46 @@ module TokenAuthenticatableStrategies ...@@ -7,45 +7,46 @@ module TokenAuthenticatableStrategies
def find_token_authenticatable(token, unscoped = false) def find_token_authenticatable(token, unscoped = false)
return unless token return unless token
encrypted_value = Gitlab::CryptoHelper.aes256_gcm_encrypt(token)
token_authenticatable = relation(unscoped) token_authenticatable = relation(unscoped)
.find_by(token_field_name => Gitlab::CryptoHelper.aes256_gcm_encrypt(token)) .find_by(encrypted_field => encrypted_value)
if @options[:fallback] if fallback?
token_authenticatable ||= fallback_strategy.find_token_authenticatable(token) token_authenticatable ||= fallback_strategy
.find_token_authenticatable(token)
end end
token_authenticatable token_authenticatable
end end
def get_token(instance) def get_token(instance)
raw_token = instance.read_attribute(token_field_name) raw_token = instance.read_attribute(encrypted_field)
token = Gitlab::CryptoHelper.aes256_gcm_decrypt(raw_token) token = Gitlab::CryptoHelper.aes256_gcm_decrypt(raw_token)
token ||= fallback_strategy.get_token(instance) if @options[:fallback] token ||= fallback_strategy.get_token(instance) if fallback?
end end
def set_token(instance, token) def set_token(instance, token)
raise ArgumentError unless token raise ArgumentError unless token.present?
instance[token_field_name] = Gitlab::CryptoHelper.aes256_gcm_encrypt(token) instance[encrypted_field] = Gitlab::CryptoHelper.aes256_gcm_encrypt(token)
# instance[@token_field] = nil if @options[:fallback] # TODO this seems wrong
end end
protected protected
def fallback_strategy def fallback_strategy
@fallback_strategy ||= TokenAuthenticatableStrategies::Insecure @fallback_strategy ||= TokenAuthenticatableStrategies::Insecure
.new(@klass, @token_field, @options) .new(klass, token_field, options)
end end
def token_set?(instance) def token_set?(instance)
raw_token = instance.read_attribute(token_field_name) raw_token = instance.read_attribute(encrypted_field)
raw_token ||= instance.read_attribute(@token_field) if @options[:fallback] raw_token ||= instance.read_attribute(token_field) if fallback?
raw_token.present? raw_token.present?
end end
def token_field_name def encrypted_field
"#{@token_field}_encrypted" @encrypted_field ||= "#{@token_field}_encrypted"
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment