Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
374179a9
Commit
374179a9
authored
Nov 08, 2017
by
Francisco Lopez
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Removing private token
parent
41ebd06d
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
16 additions
and
34 deletions
+16
-34
lib/api/api_guard.rb
lib/api/api_guard.rb
+1
-6
lib/gitlab/auth/user_auth_finders.rb
lib/gitlab/auth/user_auth_finders.rb
+15
-1
spec/requests/rack_attack_global_spec.rb
spec/requests/rack_attack_global_spec.rb
+0
-27
No files found.
lib/api/api_guard.rb
View file @
374179a9
...
...
@@ -45,6 +45,7 @@ module API
include
Gitlab
::
Utils
::
StrongMemoize
def
find_current_user!
set_raise_unauthorized_error
user
=
find_user_from_access_token
||
find_user_from_warden
return
unless
user
...
...
@@ -74,12 +75,6 @@ module API
private
def
handle_return_value!
(
value
,
&
block
)
raise
UnauthorizedError
unless
value
block_given?
?
yield
(
value
)
:
value
end
def
private_token
params
[
PRIVATE_TOKEN_PARAM
].
presence
||
env
[
PRIVATE_TOKEN_HEADER
].
presence
end
...
...
lib/gitlab/auth/user_auth_finders.rb
View file @
374179a9
...
...
@@ -29,7 +29,9 @@ module Gitlab
private
def
handle_return_value!
(
value
,
&
block
)
return
unless
value
unless
value
raise_unauthorized_error?
?
raise_unauthorized_error!
:
return
end
block_given?
?
yield
(
value
)
:
value
end
...
...
@@ -75,6 +77,18 @@ module Gitlab
ActionDispatch
::
Request
.
new
(
request
.
env
)
end
def
raise_unauthorized_error?
defined?
(
@raise_unauthorized_error
)
?
@raise_unauthorized_error
:
false
end
def
set_raise_unauthorized_error
@raise_unauthorized_error
=
true
end
def
raise_unauthorized_error!
raise
API
::
APIGuard
::
UnauthorizedError
end
end
end
end
spec/requests/rack_attack_global_spec.rb
View file @
374179a9
...
...
@@ -189,26 +189,6 @@ describe 'Rack Attack global throttles' do
end
end
describe
'API requests authenticated with private token'
,
:api
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:other_user
)
{
create
(
:user
)
}
let
(
:throttle_setting_prefix
)
{
'throttle_authenticated_api'
}
context
'with the token in the query string'
do
let
(
:get_args
)
{
[
api
(
api_partial_url
,
user
)]
}
let
(
:other_user_get_args
)
{
[
api
(
api_partial_url
,
other_user
)]
}
it_behaves_like
'rate-limited token-authenticated requests'
end
context
'with the token in the headers'
do
let
(
:get_args
)
{
api_get_args_with_token_headers
(
api_partial_url
,
private_token_headers
(
user
))
}
let
(
:other_user_get_args
)
{
api_get_args_with_token_headers
(
api_partial_url
,
private_token_headers
(
other_user
))
}
it_behaves_like
'rate-limited token-authenticated requests'
end
end
describe
'API requests authenticated with personal access token'
,
:api
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:token
)
{
create
(
:personal_access_token
,
user:
user
)
}
...
...
@@ -261,13 +241,6 @@ describe 'Rack Attack global throttles' do
let
(
:throttle_setting_prefix
)
{
'throttle_authenticated_web'
}
context
'with the token in the query string'
do
context
'with the atom extension'
do
let
(
:get_args
)
{
[
rss_url
(
user
)]
}
let
(
:other_user_get_args
)
{
[
rss_url
(
other_user
)]
}
it_behaves_like
'rate-limited token-authenticated requests'
end
context
'with the atom format in the Accept header'
do
let
(
:get_args
)
{
[
rss_url
(
user
),
nil
,
{
'HTTP_ACCEPT'
=>
'application/atom+xml'
}]
}
let
(
:other_user_get_args
)
{
[
rss_url
(
other_user
),
nil
,
{
'HTTP_ACCEPT'
=>
'application/atom+xml'
}]
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment