Commit graph

13 commits

Author SHA1 Message Date
Sean McGivern
5069682d8e Enable RSpec/FilePath cop
- Ignore JS fixtures
- Ignore qa directory
- Rewrite concern specs to put concern name first
2017-04-26 12:50:32 +01:00
Jacopo
ff76adb547 Unnecessary "include WaitForAjax" and "include ApiHelpers"
Removed all the unnecessary include of `WaitForAjax` and `ApiHelpers` in the specs.
Removed unnecessary usage of `api:true`
2017-04-21 22:32:02 +02:00
Markus Koller
93daeee164 Don't allow blocked users to authenticate through other means
Gitlab::Auth.find_with_user_password is currently used in these places:

- resource_owner_from_credentials in config/initializers/doorkeeper.rb,
  which is used for the OAuth Resource Owner Password Credentials flow

- the /session API call in lib/api/session.rb, which is used to reveal
  the user's current authentication_token

In both cases users should only be authenticated if they're in the
active state.
2017-03-07 15:00:29 +01:00
Pawel Chojnacki
2ff139ddee Make Warden set_user hook validate user ip uniquness
+ rename shared context
2017-03-06 15:41:25 +01:00
Pawel Chojnacki
9cc0ff8f46 Cleanup common code in Unique Ips tests 2017-03-06 15:41:25 +01:00
Pawel Chojnacki
b1da4f7de3 Cleanup RSpec tests 2017-03-06 15:41:25 +01:00
Pawel Chojnacki
8993801f0c Test various login scenarios if the limit gets enforced 2017-03-06 15:41:25 +01:00
Timothy Andrew
7fa06ed55d Calls to the API are checked for scope.
- Move the `Oauth2::AccessTokenValidationService` class to
  `AccessTokenValidationService`, since it is now being used for
  personal access token validation as well.

- Each API endpoint declares the scopes it accepts (if any). Currently,
  the top level API module declares the `api` scope, and the `Users` API
  module declares the `read_user` scope (for GET requests).

- Move the `find_user_by_private_token` from the API `Helpers` module to
  the `APIGuard` module, to avoid littering `Helpers` with more
  auth-related methods to support `find_user_by_private_token`
2016-12-16 16:29:31 +05:30
Grzegorz Bizon
9e211091a8 Enable Style/EmptyLines cop, remove redundant ones 2016-07-01 21:56:17 +02:00
Z.J. van de Weg
abca19da8b Use HTTP matchers if possible 2016-06-27 20:10:42 +02:00
Dmitriy Zaporozhets
7b9b3c5aab
Fix part of api specs for rubocop
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2015-06-22 15:05:19 +02:00
Jeroen van Baarsen
0c4a70a306 Updated rspec to rspec 3.x syntax
Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
2015-02-12 19:17:35 +01:00
Valery Sizov
e41dadcb33 Doorkeeper integration 2014-12-24 15:38:07 +02:00