Use the authentication_token for finding the user

2016-05-20 17:38:08 -05:00 · 2016-05-20 17:38:08 -05:00 · c2bc15a766
commit c2bc15a766
parent a7f6b75e7f
2 changed files with 4 additions and 13 deletions
--- a/lib/gitlab/email/handler/create_issue.rb
+++ b/lib/gitlab/email/handler/create_issue.rb
@ -11,7 +11,6 @@ module Gitlab

        def execute
          validate_permission!(:create_issue)
-          validate_authentication_token!

          verify_record(
            create_issue,
@ -21,10 +20,7 @@ module Gitlab
        end

        def author
-          @author ||= mail.from.find do |email|
-            user = User.find_by_any_email(email)
-            break user if user
-          end
+          @author ||= User.find_by(authentication_token: authentication_token)
        end

        def project
@ -48,11 +44,6 @@ module Gitlab
            description: message
          ).execute
        end
-
-        def validate_authentication_token!
-          raise UserNotAuthorizedError unless author.authentication_token ==
-                                                authentication_token
-        end
      end
    end
  end
--- a/spec/lib/gitlab/email/receiver_spec.rb
+++ b/spec/lib/gitlab/email/receiver_spec.rb
@ -224,11 +224,11 @@ describe Gitlab::Email::Receiver, lib: true do
        end
      end

-      context "when the authentication_token token didn't match" do
+      context "when we can't find the authentication_token" do
        let!(:email_raw) { fixture_file("emails/wrong_authentication_token.eml") }

-        it "raises an UserNotAuthorizedError" do
-          expect { receiver.execute }.to raise_error(Gitlab::Email::UserNotAuthorizedError)
+        it "raises an UserNotFoundError" do
+          expect { receiver.execute }.to raise_error(Gitlab::Email::UserNotFoundError)
        end
      end