debian-mirror-gitlab/app/controllers/jira_connect/events_controller.rb

51 lines
1.4 KiB
Ruby
Raw Normal View History

2020-11-24 15:15:51 +05:30
# frozen_string_literal: true
class JiraConnect::EventsController < JiraConnect::ApplicationController
2021-01-03 14:25:43 +05:30
# See https://developer.atlassian.com/cloud/jira/software/app-descriptor/#lifecycle
2021-11-18 22:05:49 +05:30
skip_before_action :verify_atlassian_jwt!
2021-12-11 22:18:48 +05:30
before_action :verify_asymmetric_atlassian_jwt!
2020-11-24 15:15:51 +05:30
def installed
2021-11-18 22:05:49 +05:30
return head :ok if current_jira_installation
2021-01-03 14:25:43 +05:30
2021-11-18 22:05:49 +05:30
installation = JiraConnectInstallation.new(event_params)
2020-11-24 15:15:51 +05:30
if installation.save
head :ok
else
head :unprocessable_entity
end
end
def uninstalled
2021-09-30 23:02:18 +05:30
if JiraConnectInstallations::DestroyService.execute(current_jira_installation, jira_connect_base_path, jira_connect_events_uninstalled_path)
2020-11-24 15:15:51 +05:30
head :ok
else
head :unprocessable_entity
end
end
private
2021-11-18 22:05:49 +05:30
def event_params
2020-11-24 15:15:51 +05:30
params.permit(:clientKey, :sharedSecret, :baseUrl).transform_keys(&:underscore)
end
2021-11-18 22:05:49 +05:30
def verify_asymmetric_atlassian_jwt!
asymmetric_jwt = Atlassian::JiraConnect::AsymmetricJwt.new(auth_token, jwt_verification_claims)
return head :unauthorized unless asymmetric_jwt.valid?
@current_jira_installation = JiraConnectInstallation.find_by_client_key(asymmetric_jwt.iss_claim)
end
def jwt_verification_claims
{
aud: jira_connect_base_url(protocol: 'https'),
iss: event_params[:client_key],
qsh: Atlassian::Jwt.create_query_string_hash(request.url, request.method, jira_connect_base_url)
}
end
2020-11-24 15:15:51 +05:30
end