Skip to content

WIP: TokenAuthenticable allows comparison and non-unique tokens (for saml discovery token)

James Edwards-Jones requested to merge jej/token-authenticable-changes-for-saml into master

What

  1. TokenAuthenticatable allows non-unique tokens
  2. TokenAuthenticatable provides comparison method
  3. TokenAuthenticatable supports configurable length

Why

  1. For https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/5782 we're adding saml_discovery_token but don't need it to be unique. Without this change it will scan the table for an existing token, which is not necessary and would require an index.
  2. That MR also needs to compare tokens, but the ensure_token method usually used for lookup could raise an error while attempting save.
  3. Allow for more friendly URLs, as customers are often configuring this on different machines and my have to type this token manually. Length is less of an issue here, because the discovery token only works combined with group name meaning token enumeration isn't a threat.

Related

Discussion thread at https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/5782#note_74527445.

Does this MR meet the acceptance criteria?

Merge request reports