From f4f9184a01bc7442411bbcffd9b6a86784fa5f53 Mon Sep 17 00:00:00 2001
From: Kamil Trzcinski <ayufan@ayufan.eu>
Date: Sat, 14 May 2016 18:23:31 -0500
Subject: [PATCH] Rename JWT to JSONWebToken

---
 app/controllers/jwt_controller.rb             |  2 +-
 app/models/ability.rb                         | 12 ++++-----
 ...ntainer_registry_authentication_service.rb | 27 ++++++++-----------
 lib/{jwt => json_web_token}/rsa_token.rb      |  2 +-
 lib/{jwt => json_web_token}/token.rb          |  2 +-
 .../{jwt => json_web_token}/rsa_token_spec.rb |  2 +-
 .../lib/{jwt => json_web_token}/token_spec.rb |  2 +-
 ...er_registry_authentication_service_spec.rb |  2 +-
 8 files changed, 23 insertions(+), 28 deletions(-)
 rename lib/{jwt => json_web_token}/rsa_token.rb (97%)
 rename lib/{jwt => json_web_token}/token.rb (97%)
 rename spec/lib/{jwt => json_web_token}/rsa_token_spec.rb (95%)
 rename spec/lib/{jwt => json_web_token}/token_spec.rb (92%)

diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb
index bd9d7e4425d..0edf084e9e4 100644
--- a/app/controllers/jwt_controller.rb
+++ b/app/controllers/jwt_controller.rb
@@ -4,7 +4,7 @@ class JwtController < ApplicationController
   before_action :authenticate_project_or_user
 
   SERVICES = {
-    'container_registry' => Auth::ContainerRegistryAuthenticationService,
+    Auth::ContainerRegistryAuthenticationService::AUDIENCE => Auth::ContainerRegistryAuthenticationService,
   }
 
   def auth
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 74321240468..f70268d3138 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -61,7 +61,7 @@ class Ability
           :read_merge_request,
           :read_note,
           :read_commit_status,
-          :read_container_registry,
+          :read_container_image,
           :download_code
         ]
 
@@ -204,7 +204,7 @@ class Ability
         :admin_label,
         :read_commit_status,
         :read_build,
-        :read_container_registry,
+        :read_container_image,
       ]
     end
 
@@ -219,8 +219,8 @@ class Ability
         :create_merge_request,
         :create_wiki,
         :push_code,
-        :create_container_registry,
-        :update_container_registry,
+        :create_container_image,
+        :update_container_image,
       ]
     end
 
@@ -247,7 +247,7 @@ class Ability
         :admin_project,
         :admin_commit_status,
         :admin_build,
-        :admin_container_registry,
+        :admin_container_image,
       ]
     end
 
@@ -293,7 +293,7 @@ class Ability
       end
 
       unless project.container_registry_enabled
-        rules += named_abilities('container_registry')
+        rules += named_abilities('container_image')
       end
 
       rules
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
index a63e7046fcc..bbbc84475c8 100644
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -9,39 +9,34 @@ module Auth
         return error('forbidden', 403) unless current_user
       end
 
-      return error('forbidden', 401) if scopes.blank?
+      return error('forbidden', 401) unless scope
 
-      { token: authorized_token(scopes).encoded }
+      { token: authorized_token(scope).encoded }
     end
 
     private
 
-    def authorized_token(access)
-      token = ::JWT::RSAToken.new(registry.key)
+    def authorized_token(*accesses)
+      token = JSONWebToken::RSAToken.new(registry.key)
       token.issuer = registry.issuer
       token.audience = params[:service]
       token.subject = current_user.try(:username)
-      token[:access] = access
+      token[:access] = accesses
       token
     end
 
-    def scopes
+    def scope
       return unless params[:scope]
 
-      @scopes ||= begin
-        scope = process_scope(params[:scope])
-        [scope].compact
-      end
+      @scope ||= process_scope(params[:scope])
     end
 
     def process_scope(scope)
       type, name, actions = scope.split(':', 3)
       actions = actions.split(',')
+      return unless type == 'repository'
 
-      case type
-      when 'repository'
-        process_repository_access(type, name, actions)
-      end
+      process_repository_access(type, name, actions)
     end
 
     def process_repository_access(type, name, actions)
@@ -60,9 +55,9 @@ module Auth
 
       case requested_action
       when 'pull'
-        requested_project == project || can?(current_user, :read_container_registry, requested_project)
+        requested_project == project || can?(current_user, :read_container_image, requested_project)
       when 'push'
-        requested_project == project || can?(current_user, :create_container_registry, requested_project)
+        requested_project == project || can?(current_user, :create_container_image, requested_project)
       else
         false
       end
diff --git a/lib/jwt/rsa_token.rb b/lib/json_web_token/rsa_token.rb
similarity index 97%
rename from lib/jwt/rsa_token.rb
rename to lib/json_web_token/rsa_token.rb
index d7df9269e1e..d6d6af7089c 100644
--- a/lib/jwt/rsa_token.rb
+++ b/lib/json_web_token/rsa_token.rb
@@ -1,4 +1,4 @@
-module JWT
+module JSONWebToken
   class RSAToken < Token
     attr_reader :key_file
 
diff --git a/lib/jwt/token.rb b/lib/json_web_token/token.rb
similarity index 97%
rename from lib/jwt/token.rb
rename to lib/json_web_token/token.rb
index f13abf2b71f..5b67715b0b2 100644
--- a/lib/jwt/token.rb
+++ b/lib/json_web_token/token.rb
@@ -1,4 +1,4 @@
-module JWT
+module JSONWebToken
   class Token
     attr_accessor :issuer, :subject, :audience, :id
     attr_accessor :issued_at, :not_before, :expire_time
diff --git a/spec/lib/jwt/rsa_token_spec.rb b/spec/lib/json_web_token/rsa_token_spec.rb
similarity index 95%
rename from spec/lib/jwt/rsa_token_spec.rb
rename to spec/lib/json_web_token/rsa_token_spec.rb
index a5b1d3a67dc..4462cdde9a3 100644
--- a/spec/lib/jwt/rsa_token_spec.rb
+++ b/spec/lib/json_web_token/rsa_token_spec.rb
@@ -1,4 +1,4 @@
-describe JWT::RSAToken do
+describe JSONWebToken::RSAToken do
   let(:rsa_key) { generate_key }
   let(:rsa_token) { described_class.new(nil) }
   let(:rsa_encoded) { rsa_token.encoded }
diff --git a/spec/lib/jwt/token_spec.rb b/spec/lib/json_web_token/token_spec.rb
similarity index 92%
rename from spec/lib/jwt/token_spec.rb
rename to spec/lib/json_web_token/token_spec.rb
index 92fdc3f1b7c..3d955e4d774 100644
--- a/spec/lib/jwt/token_spec.rb
+++ b/spec/lib/json_web_token/token_spec.rb
@@ -1,4 +1,4 @@
-describe JWT::Token do
+describe JSONWebToken::Token do
   let(:token) { described_class.new }
 
   context 'custom parameters' do
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
index 6e86a3dcf56..a2937368136 100644
--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -18,7 +18,7 @@ describe Auth::ContainerRegistryAuthenticationService, services: true do
 
   before do
     allow(Gitlab.config.registry).to receive_messages(registry_settings)
-    allow_any_instance_of(JWT::RSAToken).to receive(:key).and_return(rsa_key)
+    allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key)
   end
 
   shared_examples 'an authenticated' do
-- 
GitLab