Removing private token
This commit is contained in:
Francisco Lopez
parent
41ebd06ddc
commit
374179a970
|
|
@ -45,6 +45,7 @@ module API
|
|||
include Gitlab::Utils::StrongMemoize
|
||||
|
||||
def find_current_user!
|
||||
set_raise_unauthorized_error
|
||||
user = find_user_from_access_token || find_user_from_warden
|
||||
return unless user
|
||||
|
||||
|
|
@ -74,12 +75,6 @@ module API
|
|||
|
||||
private
|
||||
|
||||
def handle_return_value!(value, &block)
|
||||
raise UnauthorizedError unless value
|
||||
|
||||
block_given? ? yield(value) : value
|
||||
end
|
||||
|
||||
def private_token
|
||||
params[PRIVATE_TOKEN_PARAM].presence || env[PRIVATE_TOKEN_HEADER].presence
|
||||
end
|
||||
|
|
|
|||
|
|
@ -29,7 +29,9 @@ module Gitlab
|
|||
private
|
||||
|
||||
def handle_return_value!(value, &block)
|
||||
return unless value
|
||||
unless value
|
||||
raise_unauthorized_error? ? raise_unauthorized_error! : return
|
||||
end
|
||||
|
||||
block_given? ? yield(value) : value
|
||||
end
|
||||
|
|
@ -75,6 +77,18 @@ module Gitlab
|
|||
|
||||
ActionDispatch::Request.new(request.env)
|
||||
end
|
||||
|
||||
def raise_unauthorized_error?
|
||||
defined?(@raise_unauthorized_error) ? @raise_unauthorized_error : false
|
||||
end
|
||||
|
||||
def set_raise_unauthorized_error
|
||||
@raise_unauthorized_error = true
|
||||
end
|
||||
|
||||
def raise_unauthorized_error!
|
||||
raise API::APIGuard::UnauthorizedError
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -189,26 +189,6 @@ describe 'Rack Attack global throttles' do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'API requests authenticated with private token', :api do
|
||||
let(:user) { create(:user) }
|
||||
let(:other_user) { create(:user) }
|
||||
let(:throttle_setting_prefix) { 'throttle_authenticated_api' }
|
||||
|
||||
context 'with the token in the query string' do
|
||||
let(:get_args) { [api(api_partial_url, user)] }
|
||||
let(:other_user_get_args) { [api(api_partial_url, other_user)] }
|
||||
|
||||
it_behaves_like 'rate-limited token-authenticated requests'
|
||||
end
|
||||
|
||||
context 'with the token in the headers' do
|
||||
let(:get_args) { api_get_args_with_token_headers(api_partial_url, private_token_headers(user)) }
|
||||
let(:other_user_get_args) { api_get_args_with_token_headers(api_partial_url, private_token_headers(other_user)) }
|
||||
|
||||
it_behaves_like 'rate-limited token-authenticated requests'
|
||||
end
|
||||
end
|
||||
|
||||
describe 'API requests authenticated with personal access token', :api do
|
||||
let(:user) { create(:user) }
|
||||
let(:token) { create(:personal_access_token, user: user) }
|
||||
|
|
@ -261,13 +241,6 @@ describe 'Rack Attack global throttles' do
|
|||
let(:throttle_setting_prefix) { 'throttle_authenticated_web' }
|
||||
|
||||
context 'with the token in the query string' do
|
||||
context 'with the atom extension' do
|
||||
let(:get_args) { [rss_url(user)] }
|
||||
let(:other_user_get_args) { [rss_url(other_user)] }
|
||||
|
||||
it_behaves_like 'rate-limited token-authenticated requests'
|
||||
end
|
||||
|
||||
context 'with the atom format in the Accept header' do
|
||||
let(:get_args) { [rss_url(user), nil, { 'HTTP_ACCEPT' => 'application/atom+xml' }] }
|
||||
let(:other_user_get_args) { [rss_url(other_user), nil, { 'HTTP_ACCEPT' => 'application/atom+xml' }] }
|
||||
|
|
|
|||
Loading…
Reference in New Issue