Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
authenticate(user: string, password: string, cb: Callback) {
this.logger.trace(`[gitlab] authenticate called for user: ${user}`);
// Try to find the user groups in the cache
const cachedUserGroups = this._getCachedUserGroups(user, password);
if (cachedUserGroups) {
// @ts-ignore
this.logger.debug(`[gitlab] user: ${user} found in cache, authenticated with groups:`, cachedUserGroups);
return cb(null, cachedUserGroups.publish);
}
// Not found in cache, query gitlab
this.logger.trace(`[gitlab] user: ${user} not found in cache`);
const GitlabAPI = new Gitlab({
url: this.config.url,
token: password,
});
GitlabAPI.Users.current()
.then(response => {
if (user.toLowerCase() !== response.username.toLowerCase()) {
return cb(getUnauthorized('wrong gitlab username'));
}
const publishLevelId = ACCESS_LEVEL_MAPPING[this.publishLevel];
// Set the groups of an authenticated user, in normal mode:
// - for access, depending on the package settings in verdaccio
// - for publish, the logged in user id and all the groups they can reach as configured with access level `$auth.gitlab.publish`
const gitlabPublishQueryParams = { min_access_level: publishLevelId };