13 files changed, 43 insertions, 50 deletions
diff --git a/CHANGELOG b/CHANGELOG
index ac100a7..cf5f02c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,6 +7,7 @@ v7.13.0
   - Enhance YAML validation
   - Redirect back after authorization
   - Change favicon
+  - Refactoring: Get rid of private_token usage in the frontend.
 
 v7.12.1
   - Runner without tag should pick builds without tag only
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 9852736..8700317 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -12,6 +12,12 @@ class ApplicationController < ActionController::Base
 
   def current_user
     @current_user ||= session[:current_user]
+
+    # Backward compatibility. Until 7.13 user session doesn't contain access_token
+    # Users with old session should be logged out
+    return nil if @current_user && @current_user.access_token.nil?
+
+    @current_user
   end
 
   def sign_in(user)
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 5916df4..f228870 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -79,7 +79,7 @@ class ProjectsController < ApplicationController
 
   def destroy
     project.destroy
-    Network.new.disable_ci(project.gitlab_id, current_user.private_token)
+    Network.new.disable_ci(project.gitlab_id, current_user.access_token)
 
     EventService.new.remove_project(current_user, project)
 
diff --git a/app/models/network.rb b/app/models/network.rb
index 8431f75..8ba467d 100644
--- a/app/models/network.rb
+++ b/app/models/network.rb
@@ -16,18 +16,6 @@ class Network
     build_response(response)
   end
 
-  def authenticate_by_token(api_opts)
-    opts = {
-      query: api_opts
-    }
-
-    endpoint = File.join(url, API_PREFIX, 'user.json')
-    response = self.class.get(endpoint, default_opts.merge(opts))
-
-    build_response(response)
-  end
-
-
   def projects(api_opts, scope = :owned)
     # Dont load archived projects
     api_opts.merge!(archived: false)
@@ -74,12 +62,13 @@ class Network
     build_response(response)
   end
 
-  def enable_ci(project_id, api_opts, token)
+  def enable_ci(project_id, data, api_opts)
     opts = {
-      body: api_opts.to_json
+      body: data.to_json,
+      query: api_opts
     }
 
-    query = "projects/#{project_id}/services/gitlab-ci.json?private_token=#{token}"
+    query = "projects/#{project_id}/services/gitlab-ci.json"
     endpoint = File.join(url, API_PREFIX, query)
     response = self.class.put(endpoint, default_opts.merge(opts))
 
@@ -93,8 +82,8 @@ class Network
     end
   end
 
-  def disable_ci(project_id, token)
-    query = "projects/#{project_id}/services/gitlab-ci.json?private_token=#{token}"
+  def disable_ci(project_id, access_token)
+    query = "projects/#{project_id}/services/gitlab-ci.json?access_token=#{access_token}"
 
     endpoint = File.join(url, API_PREFIX, query)
     response = self.class.delete(endpoint, default_opts)
diff --git a/app/models/project.rb b/app/models/project.rb
index f103a88..4ec9495 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -84,7 +84,12 @@ ls -la
     end
 
     def from_gitlab(user, scope = :owned, options)
-      opts = { private_token: user.private_token }
+      opts = if user.access_token
+               { access_token: user.access_token }
+             else
+               { private_token: user.private_token }
+             end
+      
       opts.merge! options
 
       projects = Network.new.projects(opts.compact, scope)
diff --git a/app/models/user.rb b/app/models/user.rb
index 471e124..138e5e4 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -57,7 +57,7 @@ class User
 
   def can_manage_project?(project_gitlab_id)
     opts = {
-      private_token: self.private_token,
+      access_token: self.access_token,
     }
 
     Rails.cache.fetch(cache_key('manage', project_gitlab_id, sync_at)) do
@@ -78,7 +78,7 @@ class User
 
   def project_info(project_gitlab_id)
     opts = {
-      private_token: self.private_token,
+      access_token: self.access_token,
     }
 
     Rails.cache.fetch(cache_key("project_info", project_gitlab_id, sync_at)) do
diff --git a/app/models/user_session.rb b/app/models/user_session.rb
index d1c0711..90592d1 100644
--- a/app/models/user_session.rb
+++ b/app/models/user_session.rb
@@ -4,29 +4,17 @@ class UserSession
   extend ActiveModel::Naming
 
   def authenticate(auth_opts)
-    authenticate_via(auth_opts) do |network, options|
-      network.authenticate(options)
-    end
-  end
-
-  def authenticate_by_token(auth_opts)
-    result = authenticate_via(auth_opts) do |network, options|
-      network.authenticate_by_token(options)
-    end
-
-    result
-  end
-
-  private
-
-  def authenticate_via(options, &block)
-    user = block.call(Network.new, options)
+    network = Network.new
+    user = network.authenticate(auth_opts)
 
     if user
+      user["access_token"] = auth_opts[:access_token]
       return User.new(user)
     else
       nil
     end
+
+    user
   rescue
     nil
   end
diff --git a/app/services/create_project_service.rb b/app/services/create_project_service.rb
index 0ffa059..652d7bd 100644
--- a/app/services/create_project_service.rb
+++ b/app/services/create_project_service.rb
@@ -7,12 +7,18 @@ class CreateProjectService
     Project.transaction do
       @project.save!
 
-      opts = {
+      data = {
         token: @project.token,
         project_url: project_route.gsub(":project_id", @project.id.to_s),
       }
 
-      unless Network.new.enable_ci(@project.gitlab_id, opts, current_user.private_token)
+      auth_opts = if current_user.access_token
+                    { access_token: current_user.access_token }
+                  else
+                    { private_token: current_user.private_token }
+                  end
+
+      unless Network.new.enable_ci(@project.gitlab_id, data, auth_opts)
         raise ActiveRecord::Rollback
       end
     end
diff --git a/lib/api/forks.rb b/lib/api/forks.rb
index c1807f0..cb53d68 100644
--- a/lib/api/forks.rb
+++ b/lib/api/forks.rb
@@ -18,7 +18,7 @@ module API
         authenticate_project_token!(project)
 
         user_session = UserSession.new
-        user = user_session.authenticate_by_token(private_token: params[:private_token])
+        user = user_session.authenticate(private_token: params[:private_token])
 
         fork = CreateProjectService.new.execute(
           user,
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index d768624..cff5920 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -9,7 +9,7 @@ module API
         options = {
           private_token: (params[PRIVATE_TOKEN_PARAM] || env[PRIVATE_TOKEN_HEADER])
         }
-        UserSession.new.authenticate_by_token(options)
+        UserSession.new.authenticate(options)
       end
     end
 
diff --git a/spec/support/gitlab_stubs/session.json b/spec/support/gitlab_stubs/session.json
index cc66044..ce8dfe5 100644
--- a/spec/support/gitlab_stubs/session.json
+++ b/spec/support/gitlab_stubs/session.json
@@ -15,5 +15,6 @@
   "is_admin":false,
   "can_create_group":false,
   "can_create_project":false,
-  "private_token":"Wvjy2Krpb7y8xi93owUz"
+  "private_token":"Wvjy2Krpb7y8xi93owUz",
+  "access_token":"Wvjy2Krpb7y8xi93owUz"
 }
 \ No newline at end of file
diff --git a/spec/support/gitlab_stubs/user.json b/spec/support/gitlab_stubs/user.json
index cc66044..ce8dfe5 100644
--- a/spec/support/gitlab_stubs/user.json
+++ b/spec/support/gitlab_stubs/user.json
@@ -15,5 +15,6 @@
   "is_admin":false,
   "can_create_group":false,
   "can_create_project":false,
-  "private_token":"Wvjy2Krpb7y8xi93owUz"
+  "private_token":"Wvjy2Krpb7y8xi93owUz",
+  "access_token":"Wvjy2Krpb7y8xi93owUz"
 }
 \ No newline at end of file
diff --git a/spec/support/stub_gitlab_calls.rb b/spec/support/stub_gitlab_calls.rb
index f378219..9efdab0 100644
--- a/spec/support/stub_gitlab_calls.rb
+++ b/spec/support/stub_gitlab_calls.rb
@@ -2,7 +2,6 @@ module StubGitlabCalls
   def stub_gitlab_calls
     stub_session
     stub_user
-    stub_oauth_user
     stub_project_8
     stub_project_8_hooks
     stub_projects
@@ -32,13 +31,9 @@ module StubGitlabCalls
   def stub_user
     f = File.read(Rails.root.join('spec/support/gitlab_stubs/user.json'))
 
-    stub_request(:get, "#{gitlab_url}api/v3/user.json?private_token=Wvjy2Krpb7y8xi93owUz").
+    stub_request(:get, "#{gitlab_url}api/v3/user?private_token=Wvjy2Krpb7y8xi93owUz").
       with(:headers => {'Content-Type'=>'application/json'}).
       to_return(:status => 200, :body => f, :headers => {'Content-Type'=>'application/json'})
-  end
-
-  def stub_oauth_user
-    f = File.read(Rails.root.join('spec/support/gitlab_stubs/user.json'))
 
     stub_request(:get, "#{gitlab_url}api/v3/user?access_token=some_token").
       with(:headers => {'Content-Type'=>'application/json'}).
@@ -57,6 +52,7 @@ module StubGitlabCalls
 
   def stub_projects
     f = File.read(Rails.root.join('spec/support/gitlab_stubs/projects.json'))
+   
     stub_request(:get, "#{gitlab_url}api/v3/projects.json?archived=false&private_token=Wvjy2Krpb7y8xi93owUz").
       with(:headers => {'Content-Type'=>'application/json'}).
       to_return(:status => 200, :body => f, :headers => {'Content-Type'=>'application/json'})