Updates tests to reflect sign_out route change

- Also remove sign_out DELETE route from read-only whitelist routes
2017-11-07 11:42:25 -06:00 · 2017-11-07 11:42:25 -06:00 · 4dea7944c4
parent dfeb60daa6
commit 4dea7944c4
3 changed files with 5 additions and 14 deletions
--- a/lib/gitlab/middleware/read_only.rb
+++ b/lib/gitlab/middleware/read_only.rb
@ -66,11 +66,7 @@ module Gitlab
      end

      def whitelisted_routes
-        logout_route || grack_route || @whitelisted.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route
-      end
-
-      def logout_route
-        route_hash[:controller] == 'sessions' && route_hash[:action] == 'destroy'
+        grack_route || @whitelisted.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route
      end

      def sidekiq_route
--- a/spec/lib/gitlab/middleware/read_only_spec.rb
+++ b/spec/lib/gitlab/middleware/read_only_spec.rb
@ -91,13 +91,6 @@ describe Gitlab::Middleware::ReadOnly do
    end

    context 'whitelisted requests' do
-      it 'expects DELETE request to logout to be allowed' do
-        response = request.delete('/users/sign_out')
-
-        expect(response).not_to be_a_redirect
-        expect(subject).not_to disallow_request
-      end
-
      it 'expects a POST internal request to be allowed' do
        response = request.post("/api/#{API::API.version}/internal")

--- a/spec/routing/routing_spec.rb
+++ b/spec/routing/routing_spec.rb
@ -257,8 +257,10 @@ describe "Authentication", "routing" do
    expect(post("/users/sign_in")).to route_to('sessions#create')
  end

-  it "DELETE /users/sign_out" do
-    expect(delete("/users/sign_out")).to route_to('sessions#destroy')
+  # sign_out with GET instead of DELETE facilitates ad-hoc single-sign-out processes
+  # (https://gitlab.com/gitlab-org/gitlab-ce/issues/39708)
+  it "GET /users/sign_out" do
+    expect(get("/users/sign_out")).to route_to('sessions#destroy')
  end

  it "POST /users/password" do