Extract EE-specific lines to EE::Gitlab::Auth::UserAuthFinders

Signed-off-by: Rémy Coutable <remy@rymai.me>

ee/lib/ee/gitlab/auth/user_auth_finders.rb

+module EE
+  module Gitlab
+    module Auth
+      module UserAuthFinders
+        extend ActiveSupport::Concern
+
+        JOB_TOKEN_HEADER = "HTTP_JOB_TOKEN".freeze
+        JOB_TOKEN_PARAM = :job_token
+
+        def find_user_from_job_token
+          return unless route_authentication_setting[:job_token_allowed]
+
+          token = (params[JOB_TOKEN_PARAM] || env[JOB_TOKEN_HEADER]).to_s
+          return unless token.present?
+
+          job = ::Ci::Build.find_by(token: token)
+          raise ::Gitlab::Auth::UnauthorizedError unless job
+
+          @job_token_authentication = true # rubocop:disable Gitlab/ModuleWithInstanceVariables
+
+          job.user
+        end
+      end
+    end
+  end
+end

ee/spec/lib/gitlab/auth/user_auth_finders_spec.rb

+require 'spec_helper'
+
+describe Gitlab::Auth::UserAuthFinders do
+  include described_class
+
+  let(:user) { create(:user) }
+  let(:env) do
+    {
+      'rack.input' => ''
+    }
+  end
+  let(:request) { Rack::Request.new(env)}
+  let(:params) { request.params }
+
+  def set_param(key, value)
+    request.update_param(key, value)
+  end
+
+  describe '#find_user_from_job_token' do
+    let(:job) { create(:ci_build, user: user) }
+
+    shared_examples 'find user from job token' do
+      context 'when route is allowed to be authenticated' do
+        let(:route_authentication_setting) { { job_token_allowed: true } }
+
+        it "returns an Unauthorized exception for an invalid token" do
+          set_token('invalid token')
+
+          expect { find_user_from_job_token }.to raise_error(Gitlab::Auth::UnauthorizedError)
+        end
+
+        it "return user if token is valid" do
+          set_token(job.token)
+
+          expect(find_user_from_job_token).to eq(user)
+        end
+      end
+
+      context 'when route is not allowed to be authenticated' do
+        let(:route_authentication_setting) { { job_token_allowed: false } }
+
+        it "sets current_user to nil" do
+          set_token(job.token)
+          allow_any_instance_of(Gitlab::UserAccess).to receive(:allowed?).and_return(true)
+
+          expect(find_user_from_job_token).to be_nil
+        end
+      end
+    end
+
+    context 'when the job token is in the headers' do
+      def set_token(token)
+        env[Gitlab::Auth::UserAuthFinders::JOB_TOKEN_HEADER] = token
+      end
+
+      it_behaves_like 'find user from job token'
+    end
+
+    context 'when the job token is in the params' do
+      def set_token(token)
+        set_param(Gitlab::Auth::UserAuthFinders::JOB_TOKEN_PARAM, token)
+      end
+
+      it_behaves_like 'find user from job token'
+    end
+  end
+end

lib/gitlab/auth/user_auth_finders.rb

 module Gitlab
   module Auth
-    #
-    # Exceptions
-    #
-
     AuthenticationError = Class.new(StandardError)
     MissingTokenError = Class.new(AuthenticationError)
     TokenNotFoundError = Class.new(AuthenticationError)
@@ -19,12 +15,12 @@ module Gitlab
     end
 
     module UserAuthFinders
+      prepend ::EE::Gitlab::Auth::UserAuthFinders
+
       include Gitlab::Utils::StrongMemoize
 
       PRIVATE_TOKEN_HEADER = 'HTTP_PRIVATE_TOKEN'.freeze
       PRIVATE_TOKEN_PARAM = :private_token
-      JOB_TOKEN_HEADER = "HTTP_JOB_TOKEN".freeze
-      JOB_TOKEN_PARAM = :job_token
 
       # Check the Rails session for valid authentication details
       def find_user_from_warden
@@ -48,20 +44,6 @@ module Gitlab
         access_token.user || raise(UnauthorizedError)
       end
 
-      def find_user_from_job_token
-        return unless route_authentication_setting[:job_token_allowed]
-
-        token = (params[JOB_TOKEN_PARAM] || env[JOB_TOKEN_HEADER]).to_s
-        return unless token.present?
-
-        job = ::Ci::Build.find_by(token: token)
-        raise UnauthorizedError unless job
-
-        @job_token_authentication = true # rubocop:disable Gitlab/ModuleWithInstanceVariables
-
-        job.user
-      end
-
       def validate_access_token!(scopes: [])
         return unless access_token
 

spec/lib/gitlab/auth/user_auth_finders_spec.rb

@@ -10,7 +10,6 @@ describe Gitlab::Auth::UserAuthFinders do
     }
   end
   let(:request) { Rack::Request.new(env)}
-  let(:params) { request.params }
 
   def set_param(key, value)
     request.update_param(key, value)
@@ -112,55 +111,6 @@ describe Gitlab::Auth::UserAuthFinders do
     end
   end
 
-  describe '#find_user_from_job_token' do
-    let(:job) { create(:ci_build, user: user) }
-
-    shared_examples 'find user from job token' do
-      context 'when route is allowed to be authenticated' do
-        let(:route_authentication_setting) { { job_token_allowed: true } }
-
-        it "returns an Unauthorized exception for an invalid token" do
-          set_token('invalid token')
-
-          expect { find_user_from_job_token }.to raise_error(Gitlab::Auth::UnauthorizedError)
-        end
-
-        it "return user if token is valid" do
-          set_token(job.token)
-
-          expect(find_user_from_job_token).to eq(user)
-        end
-      end
-
-      context 'when route is not allowed to be authenticated' do
-        let(:route_authentication_setting) { { job_token_allowed: false } }
-
-        it "sets current_user to nil" do
-          set_token(job.token)
-          allow_any_instance_of(Gitlab::UserAccess).to receive(:allowed?).and_return(true)
-
-          expect(find_user_from_job_token).to be_nil
-        end
-      end
-    end
-
-    context 'when the job token is in the headers' do
-      def set_token(token)
-        env[Gitlab::Auth::UserAuthFinders::JOB_TOKEN_HEADER] = token
-      end
-
-      it_behaves_like 'find user from job token'
-    end
-
-    context 'when the job token is in the params' do
-      def set_token(token)
-        set_param(Gitlab::Auth::UserAuthFinders::JOB_TOKEN_PARAM, token)
-      end
-
-      it_behaves_like 'find user from job token'
-    end
-  end
-
   describe '#find_personal_access_token' do
     let(:personal_access_token) { create(:personal_access_token, user: user) }