From 3d82f20d1bae1ba4f67a87d66828d65c7cef651d Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Wed, 17 Oct 2018 13:02:40 -0700 Subject: [PATCH] Strip whitespace around GitHub personal access tokens Some browsers insert a trailing whitespace after pasting the token into the field. This should help reduce confusion. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/46588 --- app/controllers/import/github_controller.rb | 2 +- .../unreleased/sh-strip-github-pat-whitespace.yml | 5 +++++ .../githubish_import_controller_shared_examples.rb | 12 ++++++++++++ 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 changelogs/unreleased/sh-strip-github-pat-whitespace.yml diff --git a/app/controllers/import/github_controller.rb b/app/controllers/import/github_controller.rb index 1dfa814cdd5..e3eec5a020d 100644 --- a/app/controllers/import/github_controller.rb +++ b/app/controllers/import/github_controller.rb @@ -20,7 +20,7 @@ class Import::GithubController < Import::BaseController end def personal_access_token - session[access_token_key] = params[:personal_access_token] + session[access_token_key] = params[:personal_access_token]&.strip redirect_to status_import_url end diff --git a/changelogs/unreleased/sh-strip-github-pat-whitespace.yml b/changelogs/unreleased/sh-strip-github-pat-whitespace.yml new file mode 100644 index 00000000000..ea26f57e8f0 --- /dev/null +++ b/changelogs/unreleased/sh-strip-github-pat-whitespace.yml @@ -0,0 +1,5 @@ +--- +title: Strip whitespace around GitHub personal access tokens +merge_request: 22432 +author: +type: fixed diff --git a/spec/support/controllers/githubish_import_controller_shared_examples.rb b/spec/support/controllers/githubish_import_controller_shared_examples.rb index 1c1b68c12a2..140490f2dc2 100644 --- a/spec/support/controllers/githubish_import_controller_shared_examples.rb +++ b/spec/support/controllers/githubish_import_controller_shared_examples.rb @@ -22,6 +22,18 @@ shared_examples 'a GitHub-ish import controller: POST personal_access_token' do expect(session[:"#{provider}_access_token"]).to eq(token) expect(controller).to redirect_to(status_import_url) end + + it "strips access token with spaces" do + token = 'asdfasdf9876' + + allow_any_instance_of(Gitlab::LegacyGithubImport::Client) + .to receive(:user).and_return(true) + + post :personal_access_token, personal_access_token: " #{token} " + + expect(session[:"#{provider}_access_token"]).to eq(token) + expect(controller).to redirect_to(status_import_url) + end end shared_examples 'a GitHub-ish import controller: GET new' do