func()

in internal/auth/auth.go [440:486]

• 29 lines of code
• 6 McCabe index (conditional complexity)

func (a *Auth) checkTokenExists(session *hostSession, w http.ResponseWriter, r *http.Request, domain internal.Domain) bool {
	// If no access token redirect to OAuth login page
	if session.Values["access_token"] == nil {
		logRequest(r).Debug("No access token exists, redirecting user to OAuth2 login")

		// When the user tries to authenticate and reload the page concurrently,
		// gitlab pages might receive a authentication request with the state already set.
		// In these cases, we should re-use the state instead of creating a new one.
		if session.Values["state"] == nil {
			//Generate state hash and store requested address
			session.Values["state"] = base64.URLEncoding.EncodeToString(securecookie.GenerateRandomKey(16))
		}

		session.Values["uri"] = getRequestAddress(r)

		// Clear possible proxying
		delete(session.Values, "proxy_auth_domain")

		if feature.ProjectPrefixCookiePath.Enabled() {
			if prefix := domain.GetProjectPrefix(r); len(prefix) > 1 {
				session.Values[projectPrefix] = prefix
			}
			// After successful authentication, user is redirected to /auth url
			// To utilise same session, appended /auth in session path
			session.appendPath("/auth")
		}

		err := session.Save(r, w)
		if err != nil {
			logRequest(r).WithError(err).Error(saveSessionErrMsg)
			errortracking.CaptureErrWithReqAndStackTrace(err, r)

			httperrors.Serve500(w)
			return true
		}

		// Because the pages domain might be in public suffix list, we have to
		// redirect to pages domain to trigger authorization flow
		http.Redirect(w,
			r,
			a.getProxyAddress(r, session.Values["state"].(string), session.getNamespaceInPathFromSession()),
			http.StatusFound)

		return true
	}
	return false
}