# frozen_string_literal: true Excon.defaults[:ssl_verify_peer] = false module Gitlab module ExternalAuthorization class Client include ExternalAuthorization::Config REQUEST_HEADERS = { 'Content-Type' => 'application/json', 'Accept' => 'application/json' }.freeze def initialize(user, label) @user = user @label = label end def request_access response = Gitlab::HTTP.post( service_url, post_params ) ::Gitlab::ExternalAuthorization::Response.new(response) rescue *Gitlab::HTTP::HTTP_ERRORS => e raise ::Gitlab::ExternalAuthorization::RequestFailed.new(e) end private def allow_local_requests? Gitlab::CurrentSettings.allow_local_requests_from_system_hooks? end def post_params params = { headers: REQUEST_HEADERS, body: body.to_json, connect_timeout: timeout, read_timeout: timeout, write_timeout: timeout, allow_local_requests: allow_local_requests? } if has_tls? params[:client_cert_data] = client_cert params[:client_key_data] = client_key params[:client_key_pass] = client_key_pass end params end def body @body ||= begin body = { user_identifier: @user.email, project_classification_label: @label, identities: @user.identities.map { |identity| { provider: identity.provider, extern_uid: identity.extern_uid } } } if @user.ldap_identity body[:user_ldap_dn] = @user.ldap_identity.extern_uid end body end end end end end