From 8d900ade3832b3e2812f067ace19bad7fd286d54 Mon Sep 17 00:00:00 2001 From: Imre Farkas Date: Fri, 26 Oct 2018 16:47:03 +0200 Subject: [PATCH] Remove PersonalAccessTokensFinder#find_by method find_by_token is overriden by TokenAuthenticatable which can be easily missed or confused with #find_by(:token) defined by ActiveRecord. First step for safer usage is to remove #find_by. --- app/finders/personal_access_tokens_finder.rb | 2 +- app/models/user.rb | 6 ------ ...emove_personal_access_tokens_finder_find_by_method.yml | 5 +++++ lib/api/users.rb | 4 +--- spec/finders/personal_access_tokens_finder_spec.rb | 8 ++++---- 5 files changed, 11 insertions(+), 14 deletions(-) create mode 100644 changelogs/unreleased/53230-remove_personal_access_tokens_finder_find_by_method.yml diff --git a/app/finders/personal_access_tokens_finder.rb b/app/finders/personal_access_tokens_finder.rb index 81fd3b7a547..bd95dcd323f 100644 --- a/app/finders/personal_access_tokens_finder.rb +++ b/app/finders/personal_access_tokens_finder.rb @@ -3,7 +3,7 @@ class PersonalAccessTokensFinder attr_accessor :params - delegate :build, :find, :find_by, :find_by_token, to: :execute + delegate :build, :find, :find_by_id, :find_by_token, to: :execute def initialize(params = {}) @params = params diff --git a/app/models/user.rb b/app/models/user.rb index cc2cd1b7723..728ed7c0ef7 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -460,12 +460,6 @@ class User < ActiveRecord::Base by_username(username).take! end - def find_by_personal_access_token(token_string) - return unless token_string - - PersonalAccessTokensFinder.new(state: 'active').find_by_token(token_string)&.user # rubocop: disable CodeReuse/Finder - end - # Returns a user for the given SSH key. def find_by_ssh_key_id(key_id) Key.find_by(id: key_id)&.user diff --git a/changelogs/unreleased/53230-remove_personal_access_tokens_finder_find_by_method.yml b/changelogs/unreleased/53230-remove_personal_access_tokens_finder_find_by_method.yml new file mode 100644 index 00000000000..d4d78a2fd06 --- /dev/null +++ b/changelogs/unreleased/53230-remove_personal_access_tokens_finder_find_by_method.yml @@ -0,0 +1,5 @@ +--- +title: Remove PersonalAccessTokensFinder#find_by method +merge_request: 22617 +author: +type: fixed diff --git a/lib/api/users.rb b/lib/api/users.rb index 47382b09207..2a56506f3a5 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -512,11 +512,9 @@ module API PersonalAccessTokensFinder.new({ user: user, impersonation: true }.merge(options)) end - # rubocop: disable CodeReuse/ActiveRecord def find_impersonation_token - finder.find_by(id: declared_params[:impersonation_token_id]) || not_found!('Impersonation Token') + finder.find_by_id(declared_params[:impersonation_token_id]) || not_found!('Impersonation Token') end - # rubocop: enable CodeReuse/ActiveRecord end before { authenticated_as_admin! } diff --git a/spec/finders/personal_access_tokens_finder_spec.rb b/spec/finders/personal_access_tokens_finder_spec.rb index 3f22b3a253d..3e849c9a644 100644 --- a/spec/finders/personal_access_tokens_finder_spec.rb +++ b/spec/finders/personal_access_tokens_finder_spec.rb @@ -92,7 +92,7 @@ describe PersonalAccessTokensFinder do end describe 'with id' do - subject { finder(params).find_by(id: active_personal_access_token.id) } + subject { finder(params).find_by_id(active_personal_access_token.id) } it { is_expected.to eq(active_personal_access_token) } @@ -106,7 +106,7 @@ describe PersonalAccessTokensFinder do end describe 'with token' do - subject { finder(params).find_by(token: active_personal_access_token.token) } + subject { finder(params).find_by_token(active_personal_access_token.token) } it { is_expected.to eq(active_personal_access_token) } @@ -207,7 +207,7 @@ describe PersonalAccessTokensFinder do end describe 'with id' do - subject { finder(params).find_by(id: active_personal_access_token.id) } + subject { finder(params).find_by_id(active_personal_access_token.id) } it { is_expected.to eq(active_personal_access_token) } @@ -221,7 +221,7 @@ describe PersonalAccessTokensFinder do end describe 'with token' do - subject { finder(params).find_by(token: active_personal_access_token.token) } + subject { finder(params).find_by_token(active_personal_access_token.token) } it { is_expected.to eq(active_personal_access_token) }