kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Change the rss url guard clause

Browse source
This commit is contained in:
Francisco Lopez 2017-11-10 19:17:55 +01:00
parent f189657523
commit 29521a313a
2 changed files with 4 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/gitlab/auth/user_auth_finders.rb
View file

@ -10,7 +10,7 @@ module Gitlab
end end
def find_user_from_rss_token def find_user_from_rss_token
return unless current_request.format.atom? return unless current_request.path.ends_with?('.atom')
token = current_request.params[:rss_token].presence token = current_request.params[:rss_token].presence
return unless token return unless token

6
spec/requests/rack_attack_global_spec.rb
View file

@ -241,14 +241,12 @@ describe 'Rack Attack global throttles' do
let(:throttle_setting_prefix) { 'throttle_authenticated_web' } let(:throttle_setting_prefix) { 'throttle_authenticated_web' }
context 'with the token in the query string' do context 'with the token in the query string' do
context 'with the atom format in the Accept header' do let(:get_args) { [rss_url(user), nil] }
let(:get_args) { [rss_url(user), nil, { 'HTTP_ACCEPT' => 'application/atom+xml' }] } let(:other_user_get_args) { [rss_url(other_user), nil] }
let(:other_user_get_args) { [rss_url(other_user), nil, { 'HTTP_ACCEPT' => 'application/atom+xml' }] }
it_behaves_like 'rate-limited token-authenticated requests' it_behaves_like 'rate-limited token-authenticated requests'
end end
end end
end
describe 'web requests authenticated with regular login' do describe 'web requests authenticated with regular login' do
let(:user) { create(:user) } let(:user) { create(:user) }