2018-11-18 11:00:15 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module TokenAuthenticatableStrategies
|
|
|
|
class Base
|
2019-02-15 15:39:39 +05:30
|
|
|
attr_reader :klass, :token_field, :options
|
|
|
|
|
2018-11-18 11:00:15 +05:30
|
|
|
def initialize(klass, token_field, options)
|
|
|
|
@klass = klass
|
|
|
|
@token_field = token_field
|
|
|
|
@options = options
|
|
|
|
end
|
|
|
|
|
|
|
|
def find_token_authenticatable(instance, unscoped = false)
|
|
|
|
raise NotImplementedError
|
|
|
|
end
|
|
|
|
|
|
|
|
def get_token(instance)
|
|
|
|
raise NotImplementedError
|
|
|
|
end
|
|
|
|
|
|
|
|
def set_token(instance)
|
|
|
|
raise NotImplementedError
|
|
|
|
end
|
|
|
|
|
|
|
|
def ensure_token(instance)
|
|
|
|
write_new_token(instance) unless token_set?(instance)
|
2019-02-15 15:39:39 +05:30
|
|
|
get_token(instance)
|
2018-11-18 11:00:15 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
# Returns a token, but only saves when the database is in read & write mode
|
|
|
|
def ensure_token!(instance)
|
|
|
|
reset_token!(instance) unless token_set?(instance)
|
|
|
|
get_token(instance)
|
|
|
|
end
|
|
|
|
|
|
|
|
# Resets the token, but only saves when the database is in read & write mode
|
|
|
|
def reset_token!(instance)
|
|
|
|
write_new_token(instance)
|
|
|
|
instance.save! if Gitlab::Database.read_write?
|
|
|
|
end
|
|
|
|
|
2019-05-30 16:15:17 +05:30
|
|
|
def fallback?
|
|
|
|
unless options[:fallback].in?([true, false, nil])
|
|
|
|
raise ArgumentError, 'fallback: needs to be a boolean value!'
|
|
|
|
end
|
|
|
|
|
|
|
|
options[:fallback] == true
|
|
|
|
end
|
|
|
|
|
|
|
|
def migrating?
|
|
|
|
unless options[:migrating].in?([true, false, nil])
|
|
|
|
raise ArgumentError, 'migrating: needs to be a boolean value!'
|
|
|
|
end
|
|
|
|
|
|
|
|
options[:migrating] == true
|
|
|
|
end
|
|
|
|
|
2019-02-15 15:39:39 +05:30
|
|
|
def self.fabricate(model, field, options)
|
|
|
|
if options[:digest] && options[:encrypted]
|
|
|
|
raise ArgumentError, 'Incompatible options set!'
|
|
|
|
end
|
|
|
|
|
|
|
|
if options[:digest]
|
|
|
|
TokenAuthenticatableStrategies::Digest.new(model, field, options)
|
|
|
|
elsif options[:encrypted]
|
|
|
|
TokenAuthenticatableStrategies::Encrypted.new(model, field, options)
|
|
|
|
else
|
|
|
|
TokenAuthenticatableStrategies::Insecure.new(model, field, options)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2018-11-18 11:00:15 +05:30
|
|
|
protected
|
|
|
|
|
|
|
|
def write_new_token(instance)
|
|
|
|
new_token = generate_available_token
|
|
|
|
set_token(instance, new_token)
|
|
|
|
end
|
|
|
|
|
2018-12-13 13:39:08 +05:30
|
|
|
def unique
|
|
|
|
@options.fetch(:unique, true)
|
|
|
|
end
|
|
|
|
|
2018-11-18 11:00:15 +05:30
|
|
|
def generate_available_token
|
|
|
|
loop do
|
|
|
|
token = generate_token
|
2018-12-13 13:39:08 +05:30
|
|
|
break token unless unique && find_token_authenticatable(token, true)
|
2018-11-18 11:00:15 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def generate_token
|
|
|
|
@options[:token_generator] ? @options[:token_generator].call : Devise.friendly_token
|
|
|
|
end
|
|
|
|
|
|
|
|
def relation(unscoped)
|
|
|
|
unscoped ? @klass.unscoped : @klass
|
|
|
|
end
|
|
|
|
|
|
|
|
def token_set?(instance)
|
|
|
|
raise NotImplementedError
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|