Fix specs and improve code style

862e70ea · Gabriel Mazetto · 29cfb411 · 862e70ea · 862e70ea · 862e70ea
Commit 862e70ea authored May 05, 2016 by Gabriel Mazetto
3 changed files
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -112,18 +112,19 @@ class SessionsController < Devise::SessionsController
  end

  def gitlab_geo_login
-    if !signed_in? && Gitlab::Geo.enabled? && Gitlab::Geo.secondary?
-      oauth = Gitlab::Geo::OauthSession.new
+    return if signed_in? || !Gitlab::Geo.secondary?
+    oauth = Gitlab::Geo::OauthSession.new

-      # share full url with primary node by shared session
-      user_return_to = URI.join(root_url, session[:user_return_to].to_s).to_s
-      oauth.return_to = @redirect_to || user_return_to
+    # share full url with primary node by shared session
+    user_return_to = URI.join(root_url, session[:user_return_to].to_s).to_s
+    oauth.return_to = @redirect_to || user_return_to

-      redirect_to oauth_geo_auth_url(state: oauth.generate_oauth_state)
-    end
+    redirect_to oauth_geo_auth_url(state: oauth.generate_oauth_state)
  end

  def gitlab_geo_logout
+    return unless Gitlab::Geo.secondary?
+
    oauth = Gitlab::Geo::OauthSession.new(access_token: session[:access_token])
    @geo_logout_state = oauth.generate_logout_state
  end

--- a/lib/gitlab/geo/oauth_session.rb
+++ b/lib/gitlab/geo/oauth_session.rb
@@ -17,11 +17,14 @@ module Gitlab

      def generate_oauth_state
        return unless return_to
+
        hmac = generate_oauth_hmac(oauth_salt, return_to)
        "#{oauth_salt}:#{hmac}:#{return_to}"
      end

      def generate_logout_state
+        return unless access_token
+
        cipher = logout_token_cipher(oauth_salt, :encrypt)
        encrypted = cipher.update(access_token) + cipher.final
        "#{oauth_salt}:#{Base64.urlsafe_encode64(encrypted)}"
@@ -29,6 +32,7 @@ module Gitlab

      def extract_logout_token
        return unless state
+
        salt, encrypted = state.split(':', 2)
        decipher = logout_token_cipher(salt, :decrypt)
        decipher.update(Base64.urlsafe_decode64(encrypted)) + decipher.final
@@ -57,6 +61,7 @@ module Gitlab

      def generate_oauth_hmac(salt, return_to)
        return false unless return_to
+        
        digest = OpenSSL::Digest.new('sha256')
        key = Gitlab::Application.secrets.secret_key_base + salt
        OpenSSL::HMAC.hexdigest(digest, key, return_to)

--- a/spec/lib/gitlab/geo/oauth_session_spec.rb
+++ b/spec/lib/gitlab/geo/oauth_session_spec.rb
@@ -64,6 +64,10 @@ describe Gitlab::Geo::OauthSession do
  describe '#generate_logout_state' do
    subject { described_class.new(access_token: access_token) }

+    it 'returns nil when access_token is not defined' do
+      expect(described_class.new.generate_logout_state).to be_nil
+    end
+
    it 'returns a string with salt and encrypted access token colon separated' do
      state = subject.generate_logout_state
      expect(state).to be_a String