Commit c2bc15a7 authored by Lin Jen-Shin's avatar Lin Jen-Shin

Use the authentication_token for finding the user

parent a7f6b75e
......@@ -11,7 +11,6 @@ module Gitlab
def execute
validate_permission!(:create_issue)
validate_authentication_token!
verify_record(
create_issue,
......@@ -21,10 +20,7 @@ module Gitlab
end
def author
@author ||= mail.from.find do |email|
user = User.find_by_any_email(email)
break user if user
end
@author ||= User.find_by(authentication_token: authentication_token)
end
def project
......@@ -48,11 +44,6 @@ module Gitlab
description: message
).execute
end
def validate_authentication_token!
raise UserNotAuthorizedError unless author.authentication_token ==
authentication_token
end
end
end
end
......
......@@ -224,11 +224,11 @@ describe Gitlab::Email::Receiver, lib: true do
end
end
context "when the authentication_token token didn't match" do
context "when we can't find the authentication_token" do
let!(:email_raw) { fixture_file("emails/wrong_authentication_token.eml") }
it "raises an UserNotAuthorizedError" do
expect { receiver.execute }.to raise_error(Gitlab::Email::UserNotAuthorizedError)
it "raises an UserNotFoundError" do
expect { receiver.execute }.to raise_error(Gitlab::Email::UserNotFoundError)
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment