Commit 374179a9 authored by Francisco Lopez's avatar Francisco Lopez

Removing private token

parent 41ebd06d
...@@ -45,6 +45,7 @@ module API ...@@ -45,6 +45,7 @@ module API
include Gitlab::Utils::StrongMemoize include Gitlab::Utils::StrongMemoize
def find_current_user! def find_current_user!
set_raise_unauthorized_error
user = find_user_from_access_token || find_user_from_warden user = find_user_from_access_token || find_user_from_warden
return unless user return unless user
...@@ -74,12 +75,6 @@ module API ...@@ -74,12 +75,6 @@ module API
private private
def handle_return_value!(value, &block)
raise UnauthorizedError unless value
block_given? ? yield(value) : value
end
def private_token def private_token
params[PRIVATE_TOKEN_PARAM].presence || env[PRIVATE_TOKEN_HEADER].presence params[PRIVATE_TOKEN_PARAM].presence || env[PRIVATE_TOKEN_HEADER].presence
end end
......
...@@ -29,7 +29,9 @@ module Gitlab ...@@ -29,7 +29,9 @@ module Gitlab
private private
def handle_return_value!(value, &block) def handle_return_value!(value, &block)
return unless value unless value
raise_unauthorized_error? ? raise_unauthorized_error! : return
end
block_given? ? yield(value) : value block_given? ? yield(value) : value
end end
...@@ -75,6 +77,18 @@ module Gitlab ...@@ -75,6 +77,18 @@ module Gitlab
ActionDispatch::Request.new(request.env) ActionDispatch::Request.new(request.env)
end end
def raise_unauthorized_error?
defined?(@raise_unauthorized_error) ? @raise_unauthorized_error : false
end
def set_raise_unauthorized_error
@raise_unauthorized_error = true
end
def raise_unauthorized_error!
raise API::APIGuard::UnauthorizedError
end
end end
end end
end end
...@@ -189,26 +189,6 @@ describe 'Rack Attack global throttles' do ...@@ -189,26 +189,6 @@ describe 'Rack Attack global throttles' do
end end
end end
describe 'API requests authenticated with private token', :api do
let(:user) { create(:user) }
let(:other_user) { create(:user) }
let(:throttle_setting_prefix) { 'throttle_authenticated_api' }
context 'with the token in the query string' do
let(:get_args) { [api(api_partial_url, user)] }
let(:other_user_get_args) { [api(api_partial_url, other_user)] }
it_behaves_like 'rate-limited token-authenticated requests'
end
context 'with the token in the headers' do
let(:get_args) { api_get_args_with_token_headers(api_partial_url, private_token_headers(user)) }
let(:other_user_get_args) { api_get_args_with_token_headers(api_partial_url, private_token_headers(other_user)) }
it_behaves_like 'rate-limited token-authenticated requests'
end
end
describe 'API requests authenticated with personal access token', :api do describe 'API requests authenticated with personal access token', :api do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:token) { create(:personal_access_token, user: user) } let(:token) { create(:personal_access_token, user: user) }
...@@ -261,13 +241,6 @@ describe 'Rack Attack global throttles' do ...@@ -261,13 +241,6 @@ describe 'Rack Attack global throttles' do
let(:throttle_setting_prefix) { 'throttle_authenticated_web' } let(:throttle_setting_prefix) { 'throttle_authenticated_web' }
context 'with the token in the query string' do context 'with the token in the query string' do
context 'with the atom extension' do
let(:get_args) { [rss_url(user)] }
let(:other_user_get_args) { [rss_url(other_user)] }
it_behaves_like 'rate-limited token-authenticated requests'
end
context 'with the atom format in the Accept header' do context 'with the atom format in the Accept header' do
let(:get_args) { [rss_url(user), nil, { 'HTTP_ACCEPT' => 'application/atom+xml' }] } let(:get_args) { [rss_url(user), nil, { 'HTTP_ACCEPT' => 'application/atom+xml' }] }
let(:other_user_get_args) { [rss_url(other_user), nil, { 'HTTP_ACCEPT' => 'application/atom+xml' }] } let(:other_user_get_args) { [rss_url(other_user), nil, { 'HTTP_ACCEPT' => 'application/atom+xml' }] }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment