debian-mirror-gitlab/app/services/resource_access_tokens/revoke_service.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

67 lines
1.9 KiB
Ruby
Raw Normal View History

2020-05-24 23:13:21 +05:30
# frozen_string_literal: true
module ResourceAccessTokens
class RevokeService < BaseService
include Gitlab::Utils::StrongMemoize
RevokeAccessTokenError = Class.new(RuntimeError)
def initialize(current_user, resource, access_token)
@current_user = current_user
@access_token = access_token
@bot_user = access_token.user
@resource = resource
end
def execute
2021-04-29 21:17:54 +05:30
return error("#{current_user.name} cannot delete #{bot_user.name}") unless can_destroy_token?
2020-05-24 23:13:21 +05:30
return error("Failed to find bot user") unless find_member
2021-01-03 14:25:43 +05:30
access_token.revoke!
2020-05-24 23:13:21 +05:30
2021-01-03 14:25:43 +05:30
destroy_bot_user
2020-05-24 23:13:21 +05:30
2021-03-11 19:13:27 +05:30
log_event
2021-01-03 14:25:43 +05:30
success("Access token #{access_token.name} has been revoked and the bot user has been scheduled for deletion.")
rescue StandardError => error
2020-05-24 23:13:21 +05:30
log_error("Failed to revoke access token for #{bot_user.name}: #{error.message}")
error(error.message)
end
private
attr_reader :current_user, :access_token, :bot_user, :resource
2021-01-03 14:25:43 +05:30
def destroy_bot_user
DeleteUserWorker.perform_async(current_user.id, bot_user.id, skip_authorization: true)
2020-05-24 23:13:21 +05:30
end
2021-04-29 21:17:54 +05:30
def can_destroy_token?
%w(project group).include?(resource.class.name.downcase) && can?(current_user, :destroy_resource_access_tokens, resource)
2020-05-24 23:13:21 +05:30
end
def find_member
strong_memoize(:member) do
2022-03-02 08:16:31 +05:30
next false unless resource.is_a?(Project) || resource.is_a?(Group)
resource.member(bot_user)
2020-05-24 23:13:21 +05:30
end
end
2021-03-11 19:13:27 +05:30
def log_event
::Gitlab::AppLogger.info "PROJECT ACCESS TOKEN REVOCATION: revoked_by: #{current_user.username}, project_id: #{resource.id}, token_user: #{access_token.user.name}, token_id: #{access_token.id}"
end
2020-05-24 23:13:21 +05:30
def error(message)
ServiceResponse.error(message: message)
end
def success(message)
ServiceResponse.success(message: message)
end
end
end
2021-03-11 19:13:27 +05:30
2021-06-08 01:23:25 +05:30
ResourceAccessTokens::RevokeService.prepend_mod_with('ResourceAccessTokens::RevokeService')