Commit c2bc15a7 authored by Lin Jen-Shin's avatar Lin Jen-Shin

Use the authentication_token for finding the user

parent a7f6b75e
...@@ -11,7 +11,6 @@ module Gitlab ...@@ -11,7 +11,6 @@ module Gitlab
def execute def execute
validate_permission!(:create_issue) validate_permission!(:create_issue)
validate_authentication_token!
verify_record( verify_record(
create_issue, create_issue,
...@@ -21,10 +20,7 @@ module Gitlab ...@@ -21,10 +20,7 @@ module Gitlab
end end
def author def author
@author ||= mail.from.find do |email| @author ||= User.find_by(authentication_token: authentication_token)
user = User.find_by_any_email(email)
break user if user
end
end end
def project def project
...@@ -48,11 +44,6 @@ module Gitlab ...@@ -48,11 +44,6 @@ module Gitlab
description: message description: message
).execute ).execute
end end
def validate_authentication_token!
raise UserNotAuthorizedError unless author.authentication_token ==
authentication_token
end
end end
end end
end end
......
...@@ -224,11 +224,11 @@ describe Gitlab::Email::Receiver, lib: true do ...@@ -224,11 +224,11 @@ describe Gitlab::Email::Receiver, lib: true do
end end
end end
context "when the authentication_token token didn't match" do context "when we can't find the authentication_token" do
let!(:email_raw) { fixture_file("emails/wrong_authentication_token.eml") } let!(:email_raw) { fixture_file("emails/wrong_authentication_token.eml") }
it "raises an UserNotAuthorizedError" do it "raises an UserNotFoundError" do
expect { receiver.execute }.to raise_error(Gitlab::Email::UserNotAuthorizedError) expect { receiver.execute }.to raise_error(Gitlab::Email::UserNotFoundError)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment