Jacopo
ff76adb547
Unnecessary "include WaitForAjax" and "include ApiHelpers"
...
Removed all the unnecessary include of `WaitForAjax` and `ApiHelpers` in the specs.
Removed unnecessary usage of `api:true`
2017-04-21 22:32:02 +02:00
blackst0ne
11aff97d88
Remove the User#is_admin? method
2017-04-09 13:20:57 +11:00
Markus Koller
93daeee164
Don't allow blocked users to authenticate through other means
...
Gitlab::Auth.find_with_user_password is currently used in these places:
- resource_owner_from_credentials in config/initializers/doorkeeper.rb,
which is used for the OAuth Resource Owner Password Credentials flow
- the /session API call in lib/api/session.rb, which is used to reveal
the user's current authentication_token
In both cases users should only be authenticated if they're in the
active state.
2017-03-07 15:00:29 +01:00
Livier
eb4f15571d
Changed API spec files to describe the correct class
...
Restore changes for api spec files
Fix error in rspec Users
Delete extra space Repositories-spec
2016-11-28 10:55:27 -07:00
Robert Schilling
603ebe55f0
Grapify the session API
2016-11-09 17:36:35 +01:00
Patricio Cano
a4137411c6
Small refactor and syntax fixes.
2016-08-18 16:47:26 -05:00
Patricio Cano
e2f9c87600
Added checks for 2FA to the API `/sessions` endpoint and the Resource Owner Password Credentials flow.
2016-08-18 16:47:26 -05:00
tiagonbotelho
1d268a89de
adds second batch of tests changed to active tense
2016-08-09 15:11:39 +01:00
Z.J. van de Weg
abca19da8b
Use HTTP matchers if possible
2016-06-27 20:10:42 +02:00
Jeroen van Baarsen
0c4a70a306
Updated rspec to rspec 3.x syntax
...
Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
2015-02-12 19:17:35 +01:00
Andrey Krivko
bafd30f92c
Session API: Use case-insensitive authentication like in UI
2014-10-30 18:29:18 +02:00
Jeroen van Baarsen
5dd2f36ae1
Added API testing group
2014-04-11 21:45:56 +02:00
Dmitriy Zaporozhets
02d8c00323
Fix session spec because of password length
...
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2013-11-25 22:33:04 +02:00
Dmitriy Zaporozhets
51f9c05fb7
Fix Api session spec
2013-09-30 09:55:48 +03:00
Dmitriy Zaporozhets
634cbd7138
Refactor API classes. So api classes like Gitlab::Issues become API::Issues
2013-05-14 15:33:31 +03:00
Alex Denisov
28e7d1a8bf
Abilities added to /user and /sign_in requests
2013-03-18 20:11:28 +00:00
Sebastian Ziebell
dffc2b8a8b
API: session documentation updated and test added
2013-02-27 12:58:06 +01:00
Vincent Bonmalais
80fb38de7a
Remove backward compatibility of factories.
2012-11-13 22:27:45 +11:00
Nihad Abbasov
b08d33f6a9
API: return 401 for invalid session
2012-09-20 08:38:08 -07:00
Dmitriy Zaporozhets
9aafe77e70
I want be able to get token via api. Used for mobile applications
2012-09-20 17:45:07 +03:00