Updates tests to reflect sign_out route change
- Also remove sign_out DELETE route from read-only whitelist routes
This commit is contained in:
parent
dfeb60daa6
commit
4dea7944c4
|
@ -66,11 +66,7 @@ module Gitlab
|
||||||
end
|
end
|
||||||
|
|
||||||
def whitelisted_routes
|
def whitelisted_routes
|
||||||
logout_route || grack_route || @whitelisted.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route
|
grack_route || @whitelisted.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route
|
||||||
end
|
|
||||||
|
|
||||||
def logout_route
|
|
||||||
route_hash[:controller] == 'sessions' && route_hash[:action] == 'destroy'
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def sidekiq_route
|
def sidekiq_route
|
||||||
|
|
|
@ -91,13 +91,6 @@ describe Gitlab::Middleware::ReadOnly do
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'whitelisted requests' do
|
context 'whitelisted requests' do
|
||||||
it 'expects DELETE request to logout to be allowed' do
|
|
||||||
response = request.delete('/users/sign_out')
|
|
||||||
|
|
||||||
expect(response).not_to be_a_redirect
|
|
||||||
expect(subject).not_to disallow_request
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'expects a POST internal request to be allowed' do
|
it 'expects a POST internal request to be allowed' do
|
||||||
response = request.post("/api/#{API::API.version}/internal")
|
response = request.post("/api/#{API::API.version}/internal")
|
||||||
|
|
||||||
|
|
|
@ -257,8 +257,10 @@ describe "Authentication", "routing" do
|
||||||
expect(post("/users/sign_in")).to route_to('sessions#create')
|
expect(post("/users/sign_in")).to route_to('sessions#create')
|
||||||
end
|
end
|
||||||
|
|
||||||
it "DELETE /users/sign_out" do
|
# sign_out with GET instead of DELETE facilitates ad-hoc single-sign-out processes
|
||||||
expect(delete("/users/sign_out")).to route_to('sessions#destroy')
|
# (https://gitlab.com/gitlab-org/gitlab-ce/issues/39708)
|
||||||
|
it "GET /users/sign_out" do
|
||||||
|
expect(get("/users/sign_out")).to route_to('sessions#destroy')
|
||||||
end
|
end
|
||||||
|
|
||||||
it "POST /users/password" do
|
it "POST /users/password" do
|
||||||
|
|
Loading…
Reference in New Issue