debian-mirror-gitlab/app/services/access_token_validation_service.rb

class AccessTokenValidationService
  # Results:
  VALID = :valid
  EXPIRED = :expired
  REVOKED = :revoked
  INSUFFICIENT_SCOPE = :insufficient_scope

  attr_reader :token, :request

  def initialize(token, request: nil)
    @token = token
    @request = request
  end

  def validate(scopes: [])
    if token.expired?
      return EXPIRED

    elsif token.revoked?
      return REVOKED

    elsif !self.include_any_scope?(scopes)
      return INSUFFICIENT_SCOPE

    else
      return VALID
    end
  end

  # True if the token's scope contains any of the passed scopes.
  def include_any_scope?(required_scopes)
    if required_scopes.blank?
      true
    else
      # We're comparing each required_scope against all token scopes, which would
      # take quadratic time. This consideration is irrelevant here because of the
      # small number of records involved.
      # https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12300/#note_33689006
      token_scopes = token.scopes.map(&:to_sym)

      required_scopes.any? do |scope|
        if scope.respond_to?(:sufficient?)
          scope.sufficient?(token_scopes, request)
        else
          API::Scope.new(scope).sufficient?(token_scopes, request)
        end
      end
    end
  end
end
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`class AccessTokenValidationService`
			`# Results:`
			`VALID = :valid`
			`EXPIRED = :expired`
			`REVOKED = :revoked`
			`INSUFFICIENT_SCOPE = :insufficient_scope`

New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`attr_reader :token, :request`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`def initialize(token, request: nil)`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`@token = token`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`@request = request`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

			`def validate(scopes: [])`
			`if token.expired?`
			`return EXPIRED`

			`elsif token.revoked?`
			`return REVOKED`

			`elsif !self.include_any_scope?(scopes)`
			`return INSUFFICIENT_SCOPE`

			`else`
			`return VALID`
			`end`
			`end`

			`# True if the token's scope contains any of the passed scopes.`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`def include_any_scope?(required_scopes)`
			`if required_scopes.blank?`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`true`
			`else`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`# We're comparing each required_scope against all token scopes, which would`
			`# take quadratic time. This consideration is irrelevant here because of the`
			`# small number of records involved.`
			`# https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12300/#note_33689006`
			`token_scopes = token.scopes.map(&:to_sym)`

			`required_scopes.any? do \|scope\|`
			`if scope.respond_to?(:sufficient?)`
			`scope.sufficient?(token_scopes, request)`
			`else`
			`API::Scope.new(scope).sufficient?(token_scopes, request)`
			`end`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
			`end`
			`end`