Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
d1db7b1b
Commit
d1db7b1b
authored
8 years ago
by
Gabriel Mazetto
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Adds support for authenticating in Geo secondary node using OAuth
parent
b44c7df8
Changes
8
Show whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
97 additions
and
4 deletions
+97
-4
app/controllers/application_controller.rb
app/controllers/application_controller.rb
+1
-1
app/controllers/sessions_controller.rb
app/controllers/sessions_controller.rb
+4
-3
app/models/geo/oauth_session.rb
app/models/geo/oauth_session.rb
+72
-0
app/models/geo_node.rb
app/models/geo_node.rb
+1
-0
config/routes.rb
config/routes.rb
+5
-0
db/migrate/20160229034258_add_doorkeeper_application_to_geo_node.rb
.../20160229034258_add_doorkeeper_application_to_geo_node.rb
+7
-0
db/schema.rb
db/schema.rb
+1
-0
lib/gitlab/geo.rb
lib/gitlab/geo.rb
+6
-0
No files found.
app/controllers/application_controller.rb
View file @
d1db7b1b
...
...
@@ -102,7 +102,7 @@ class ApplicationController < ActionController::Base
flash
[
:alert
]
=
"Your account is blocked. Retry when an admin has unblocked it."
new_user_session_path
else
stored_location_for
(
:
geo_node
)
||
stored_location_for
(
:
redirect
)
||
stored_location_for
(
resource
)
||
root_path
stored_location_for
(
:redirect
)
||
stored_location_for
(
resource
)
||
root_path
end
end
...
...
This diff is collapsed.
Click to expand it.
app/controllers/sessions_controller.rb
View file @
d1db7b1b
...
...
@@ -109,12 +109,13 @@ class SessionsController < Devise::SessionsController
def
gitlab_geo_login
if
!
signed_in?
&&
Gitlab
::
Geo
.
enabled?
&&
Gitlab
::
Geo
.
secondary?
oauth
=
Geo
::
OauthSession
.
new
# share full url with primary node by shared session
user_return_to
=
URI
.
join
(
root_url
,
session
[
:user_return_to
]).
to_s
session
[
:geo_node_return_to
]
=
@redirect_to
||
user_return_to
oauth
.
return_to
=
@redirect_to
||
user_return_to
login_uri
=
URI
.
join
(
Gitlab
::
Geo
.
primary_node
.
url
,
new_session_path
(
:user
)).
to_s
redirect_to
login_uri
redirect_to
oauth_geo_auth_url
(
state:
oauth
.
generate_oauth_state
)
end
end
...
...
This diff is collapsed.
Click to expand it.
app/models/geo/oauth_session.rb
0 → 100644
View file @
d1db7b1b
class
Geo::OauthSession
include
ActiveModel
::
Model
include
HTTParty
attr_accessor
:state
attr_accessor
:return_to
API_PREFIX
=
'/api/v3/'
def
is_oauth_state_valid?
return
true
unless
state
salt
,
hmac
,
return_to
=
state
.
split
(
':'
,
3
)
return
false
unless
return_to
hmac
==
self
.
generate_oauth_hmac
(
salt
)
end
def
generate_oauth_state
return
unless
return_to
salt
=
generate_oauth_salt
hmac
=
generate_oauth_hmac
(
salt
)
"
#{
salt
}
:
#{
hmac
}
:
#{
return_to
}
"
end
def
get_oauth_state_return_to
state
.
split
(
':'
,
3
)[
2
]
if
state
end
def
authenticate
(
access_token
)
opts
=
{
query:
access_token
}
endpoint
=
File
.
join
(
primary_node_url
,
API_PREFIX
,
'user'
)
response
=
self
.
class
.
get
(
endpoint
,
default_opts
.
merge
(
opts
))
build_response
(
response
)
end
private
def
generate_oauth_salt
SecureRandom
.
hex
(
16
)
end
def
generate_oauth_hmac
(
salt
)
return
unless
return_to
digest
=
OpenSSL
::
Digest
.
new
(
'sha256'
)
key
=
GitlabCi
::
Application
.
secrets
.
secret_key_base
+
salt
OpenSSL
::
HMAC
.
hexdigest
(
digest
,
key
,
return_to
)
end
def
primary_node_url
Gitlab
::
Geo
.
primary_node
.
url
end
def
default_opts
{
headers:
{
'Content-Type'
=>
'application/json'
},
}
end
def
build_response
(
response
)
case
response
.
code
when
200
response
.
parsed_response
when
401
raise
UnauthorizedError
else
nil
end
end
end
This diff is collapsed.
Click to expand it.
app/models/geo_node.rb
View file @
d1db7b1b
...
...
@@ -12,6 +12,7 @@
class
GeoNode
<
ActiveRecord
::
Base
belongs_to
:geo_node_key
,
dependent: :destroy
belongs_to
:oauth_application
,
class_name:
'Doorkeeper::Application'
default_values
schema:
'http'
,
host:
lambda
{
Gitlab
.
config
.
gitlab
.
host
},
...
...
This diff is collapsed.
Click to expand it.
config/routes.rb
View file @
d1db7b1b
...
...
@@ -39,6 +39,11 @@ Rails.application.routes.draw do
authorizations:
'oauth/authorizations'
end
namespace
:oauth
do
get
'geo/auth'
=>
'geo_auth#auth'
get
'geo/callback'
=>
'geo_auth#callback'
end
# Autocomplete
get
'/autocomplete/users'
=>
'autocomplete#users'
get
'/autocomplete/users/:id'
=>
'autocomplete#user'
...
...
This diff is collapsed.
Click to expand it.
db/migrate/20160229034258_add_doorkeeper_application_to_geo_node.rb
0 → 100644
View file @
d1db7b1b
class
AddDoorkeeperApplicationToGeoNode
<
ActiveRecord
::
Migration
def
change
change_table
:geo_nodes
do
|
t
|
t
.
belongs_to
:oauth_application
end
end
end
This diff is collapsed.
Click to expand it.
db/schema.rb
View file @
d1db7b1b
...
...
@@ -414,6 +414,7 @@ ActiveRecord::Schema.define(version: 20160309140734) do
t
.
string
"relative_url_root"
t
.
boolean
"primary"
t
.
integer
"geo_node_key_id"
t
.
integer
"oauth_application_id"
end
add_index
"geo_nodes"
,
[
"geo_node_key_id"
],
name:
"index_geo_nodes_on_geo_node_key_id"
,
using: :btree
...
...
This diff is collapsed.
Click to expand it.
lib/gitlab/geo.rb
View file @
d1db7b1b
...
...
@@ -39,5 +39,11 @@ module Gitlab
def
self
.
bulk_notify_job
Sidekiq
::
Cron
::
Job
.
find
(
'geo_bulk_notify_worker'
)
end
def
self
.
oauth_authentication
return
false
unless
self
.
readonly?
Gitlab
::
Geo
.
current_node
.
oauth_application
end
end
end
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment