Merge branch '33596-package-ci-metadata' into 'master'

Provide access to job token as a helper See merge request gitlab-org/gitlab!19793

Merge branch '33596-package-ci-metadata' into 'master'
Provide access to job token as a helper See merge request gitlab-org/gitlab!19793
f166222a · Thong Kuah · 00b50a47 · d8bafa92 · f166222a · f166222a
Commit f166222a authored Nov 21, 2019 by Thong Kuah
4 changed files
--- a/changelogs/unreleased/33596-package-ci-metadata.yml
+++ b/changelogs/unreleased/33596-package-ci-metadata.yml
+---
+title: Improve job tokens and provide access helper
+merge_request: 19793
+author:
+type: other
--- a/ee/lib/ee/api/helpers.rb
+++ b/ee/lib/ee/api/helpers.rb
@@ -140,7 +140,13 @@ module EE
      end

      def job_token_authentication?
-        initial_current_user && @job_token_authentication # rubocop:disable Gitlab/ModuleWithInstanceVariables
+        initial_current_user && @current_authenticated_job.present? # rubocop:disable Gitlab/ModuleWithInstanceVariables
+      end
+
+      # Returns the job associated with the token provided for
+      # authentication, if any
+      def current_authenticated_job
+        @current_authenticated_job
      end

      def warden

--- a/ee/lib/ee/gitlab/auth/user_auth_finders.rb
+++ b/ee/lib/ee/gitlab/auth/user_auth_finders.rb
@@ -24,7 +24,7 @@ module EE
          job = ::Ci::Build.find_by_token(token)
          raise ::Gitlab::Auth::UnauthorizedError unless job

-          @job_token_authentication = true # rubocop:disable Gitlab/ModuleWithInstanceVariables
+          @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables

          job.user
        end
@@ -39,7 +39,7 @@ module EE
        override :validate_access_token!
        def validate_access_token!(scopes: [])
          # return early if we've already authenticated via a job token
-          @job_token_authentication.present? || super # rubocop:disable Gitlab/ModuleWithInstanceVariables
+          @current_authenticated_job.present? || super # rubocop:disable Gitlab/ModuleWithInstanceVariables
        end

        def scim_request?
@@ -57,7 +57,7 @@ module EE
          job = ::Ci::Build.find_by_token(token)
          return unless job

-          @job_token_authentication = true # rubocop:disable Gitlab/ModuleWithInstanceVariables
+          @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables

          job.user
        end

--- a/ee/spec/lib/gitlab/auth/user_auth_finders_spec.rb
+++ b/ee/spec/lib/gitlab/auth/user_auth_finders_spec.rb
@@ -32,6 +32,7 @@ describe Gitlab::Auth::UserAuthFinders do
        set_token(job.token)

        expect(subject).to eq(user)
+        expect(@current_authenticated_job).to eq job
      end
    end
  end