prevent decrypt error and recover access_token correctly

29cfb411 · Gabriel Mazetto · e2079bf3 · 29cfb411 · 29cfb411
Commit 29cfb411 authored May 05, 2016 by Gabriel Mazetto
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 2 deletions

app/controllers/oauth/geo_auth_controller.rb app/controllers/oauth/geo_auth_controller.rb +4 -1

lib/gitlab/geo/oauth_session.rb lib/gitlab/geo/oauth_session.rb +2 -1

No files found.
--- a/app/controllers/oauth/geo_auth_controller.rb
+++ b/app/controllers/oauth/geo_auth_controller.rb
@@ -35,7 +35,10 @@ class Oauth::GeoAuthController < ActionController::Base

  def logout
    oauth = Gitlab::Geo::OauthSession.new(state: params[:state])
-    access_token = oauth.extract_logout_token
+    token_string = oauth.extract_logout_token
+
+    access_token_error('invalid') unless token_string.is_utf8?
+    access_token = Doorkeeper::AccessToken.by_token(token_string)
    access_token_status = Oauth2::AccessTokenValidationService.validate(access_token)

    if access_token_status == Oauth2::AccessTokenValidationService::VALID

--- a/lib/gitlab/geo/oauth_session.rb
+++ b/lib/gitlab/geo/oauth_session.rb
@@ -66,7 +66,8 @@ module Gitlab
        cipher = OpenSSL::Cipher::AES.new(128, :CBC)
        cipher.send(operation)
        cipher.iv = salt
-        cipher.key = Gitlab::Application.secrets.secret_key_base
+        cipher.key = Gitlab::Application.secrets.db_key_base
+        cipher.auth_data = ''
        cipher
      end