Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
a72d6879
Commit
a72d6879
authored
Oct 12, 2017
by
Douwe Maan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove Session API
parent
4b93429a
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
0 additions
and
184 deletions
+0
-184
doc/api/README.md
doc/api/README.md
+0
-1
doc/api/session.md
doc/api/session.md
+0
-55
lib/api/api.rb
lib/api/api.rb
+0
-1
lib/api/session.rb
lib/api/session.rb
+0
-20
spec/requests/api/session_spec.rb
spec/requests/api/session_spec.rb
+0
-107
No files found.
doc/api/README.md
View file @
a72d6879
...
...
@@ -50,7 +50,6 @@ following locations:
-
[
Repository Files
](
repository_files.md
)
-
[
Runners
](
runners.md
)
-
[
Services
](
services.md
)
-
[
Session
](
session.md
)
-
[
Settings
](
settings.md
)
-
[
Sidekiq metrics
](
sidekiq_metrics.md
)
-
[
System Hooks
](
system_hooks.md
)
...
...
doc/api/session.md
deleted
100644 → 0
View file @
4b93429a
# Session API
>**Deprecation notice:**
Starting in GitLab 8.11, this feature has been
**disabled**
for users with
[
two-factor authentication
][
2fa
]
turned on. These users can access the API
using [personal access tokens] instead.
You can login with both GitLab and LDAP credentials in order to obtain the
private token.
```
POST /session
```
| Attribute | Type | Required | Description |
| ---------- | ------- | -------- | -------- |
|
`login`
| string | yes | The username of the user|
|
`email`
| string | yes if login is not provided | The email of the user |
|
`password`
| string | yes | The password of the user |
```
bash
curl
--request
POST
"https://gitlab.example.com/api/v4/session?login=john_smith&password=strongpassw0rd"
```
Example response:
```
json
{
"name"
:
"John Smith"
,
"username"
:
"john_smith"
,
"id"
:
32
,
"state"
:
"active"
,
"avatar_url"
:
null
,
"created_at"
:
"2015-01-29T21:07:19.440Z"
,
"is_admin"
:
true
,
"bio"
:
null
,
"skype"
:
""
,
"linkedin"
:
""
,
"twitter"
:
""
,
"website_url"
:
""
,
"email"
:
"john@example.com"
,
"theme_id"
:
1
,
"color_scheme_id"
:
1
,
"projects_limit"
:
10
,
"current_sign_in_at"
:
"2015-07-07T07:10:58.392Z"
,
"identities"
:
[],
"can_create_group"
:
true
,
"can_create_project"
:
true
,
"two_factor_enabled"
:
false
,
"private_token"
:
"9koXpg98eAheJpvBs5tK"
}
```
[
2fa
]:
../user/profile/account/two_factor_authentication.md
[
personal access tokens
]:
../user/profile/personal_access_tokens.md
lib/api/api.rb
View file @
a72d6879
...
...
@@ -142,7 +142,6 @@ module API
mount
::
API
::
Runner
mount
::
API
::
Runners
mount
::
API
::
Services
mount
::
API
::
Session
mount
::
API
::
Settings
mount
::
API
::
SidekiqMetrics
mount
::
API
::
Snippets
...
...
lib/api/session.rb
deleted
100644 → 0
View file @
4b93429a
module
API
class
Session
<
Grape
::
API
desc
'Login to get token'
do
success
Entities
::
UserWithPrivateDetails
end
params
do
optional
:login
,
type:
String
,
desc:
'The username'
optional
:email
,
type:
String
,
desc:
'The email of the user'
requires
:password
,
type:
String
,
desc:
'The password of the user'
at_least_one_of
:login
,
:email
end
post
"/session"
do
user
=
Gitlab
::
Auth
.
find_with_user_password
(
params
[
:email
]
||
params
[
:login
],
params
[
:password
])
return
unauthorized!
unless
user
return
render_api_error!
(
'401 Unauthorized. You have 2FA enabled. Please use a personal access token to access the API'
,
401
)
if
user
.
two_factor_enabled?
present
user
,
with:
Entities
::
UserWithPrivateDetails
end
end
end
spec/requests/api/session_spec.rb
deleted
100644 → 0
View file @
4b93429a
require
'spec_helper'
describe
API
::
Session
do
let
(
:user
)
{
create
(
:user
)
}
describe
"POST /session"
do
context
"when valid password"
do
it
"returns private token"
do
post
api
(
"/session"
),
email:
user
.
email
,
password:
'12345678'
expect
(
response
).
to
have_gitlab_http_status
(
201
)
expect
(
json_response
[
'email'
]).
to
eq
(
user
.
email
)
expect
(
json_response
[
'private_token'
]).
to
eq
(
user
.
private_token
)
expect
(
json_response
[
'is_admin'
]).
to
eq
(
user
.
admin?
)
expect
(
json_response
[
'can_create_project'
]).
to
eq
(
user
.
can_create_project?
)
expect
(
json_response
[
'can_create_group'
]).
to
eq
(
user
.
can_create_group?
)
end
context
'with 2FA enabled'
do
it
'rejects sign in attempts'
do
user
=
create
(
:user
,
:two_factor
)
post
api
(
'/session'
),
email:
user
.
email
,
password:
user
.
password
expect
(
response
).
to
have_gitlab_http_status
(
401
)
expect
(
response
.
body
).
to
include
(
'You have 2FA enabled.'
)
end
end
end
context
'when email has case-typo and password is valid'
do
it
'returns private token'
do
post
api
(
'/session'
),
email:
user
.
email
.
upcase
,
password:
'12345678'
expect
(
response
.
status
).
to
eq
201
expect
(
json_response
[
'email'
]).
to
eq
user
.
email
expect
(
json_response
[
'private_token'
]).
to
eq
user
.
private_token
expect
(
json_response
[
'is_admin'
]).
to
eq
user
.
admin?
expect
(
json_response
[
'can_create_project'
]).
to
eq
user
.
can_create_project?
expect
(
json_response
[
'can_create_group'
]).
to
eq
user
.
can_create_group?
end
end
context
'when login has case-typo and password is valid'
do
it
'returns private token'
do
post
api
(
'/session'
),
login:
user
.
username
.
upcase
,
password:
'12345678'
expect
(
response
.
status
).
to
eq
201
expect
(
json_response
[
'email'
]).
to
eq
user
.
email
expect
(
json_response
[
'private_token'
]).
to
eq
user
.
private_token
expect
(
json_response
[
'is_admin'
]).
to
eq
user
.
admin?
expect
(
json_response
[
'can_create_project'
]).
to
eq
user
.
can_create_project?
expect
(
json_response
[
'can_create_group'
]).
to
eq
user
.
can_create_group?
end
end
context
"when invalid password"
do
it
"returns authentication error"
do
post
api
(
"/session"
),
email:
user
.
email
,
password:
'123'
expect
(
response
).
to
have_gitlab_http_status
(
401
)
expect
(
json_response
[
'email'
]).
to
be_nil
expect
(
json_response
[
'private_token'
]).
to
be_nil
end
end
context
"when empty password"
do
it
"returns authentication error with email"
do
post
api
(
"/session"
),
email:
user
.
email
expect
(
response
).
to
have_gitlab_http_status
(
400
)
end
it
"returns authentication error with username"
do
post
api
(
"/session"
),
email:
user
.
username
expect
(
response
).
to
have_gitlab_http_status
(
400
)
end
end
context
"when empty name"
do
it
"returns authentication error"
do
post
api
(
"/session"
),
password:
user
.
password
expect
(
response
).
to
have_gitlab_http_status
(
400
)
end
end
context
"when user is blocked"
do
it
"returns authentication error"
do
user
.
block
post
api
(
"/session"
),
email:
user
.
username
,
password:
user
.
password
expect
(
response
).
to
have_gitlab_http_status
(
401
)
end
end
context
"when user is ldap_blocked"
do
it
"returns authentication error"
do
user
.
ldap_block
post
api
(
"/session"
),
email:
user
.
username
,
password:
user
.
password
expect
(
response
).
to
have_gitlab_http_status
(
401
)
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment