Skip to content
Snippets Groups Projects

Deploy token access for the dependency proxy

Merged Steve Abrams requested to merge 280586-dependency-proxy-deploy-tokens into master
Compare and Show latest version
1 file
+ 5
1
Compare changes
  • Side-by-side
  • Inline
@@ -5,6 +5,7 @@ class DependencyProxyAuthenticationService < BaseService
AUDIENCE = 'dependency_proxy'
HMAC_KEY = 'gitlab-dependency-proxy'
DEFAULT_EXPIRE_TIME = 1.minute
REQUIRED_DEPLOY_TOKEN_SCOPES = %i[read_registry write_registry].freeze
def execute(authentication_abilities:)
return error('dependency proxy not enabled', 404) unless ::Gitlab.config.dependency_proxy.enabled
@@ -38,7 +39,10 @@ def valid_user_actor?
end
def valid_deploy_token?
current_user.is_a?(DeployToken) && current_user&.group_type? && current_user&.active?
current_user.is_a?(DeployToken) &&
current_user&.group_type? &&
current_user&.active? &&
(current_user.scopes & REQUIRED_DEPLOY_TOKEN_SCOPES).many? # rubocop:disable CodeReuse/ActiveRecord
end
def authorized_token
Loading