Commit 64779a74 authored by Shinya Maeda's avatar Shinya Maeda

Merge branch '28978-fix-assets-redirect-to-login' into 'master'

Add archive as valid web access format

See merge request gitlab-org/gitlab!64471
parents 9643798a b321324e
---
name: allow_archive_as_web_access_format
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/64471
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/334944
milestone: '14.1'
type: development
group: group::release
default_enabled: false
...@@ -89,9 +89,11 @@ module Gitlab ...@@ -89,9 +89,11 @@ module Gitlab
job.user job.user
end end
# We only allow Private Access Tokens with `api` scope to be used by web # We allow Private Access Tokens with `api` scope to be used by web
# requests on RSS feeds or ICS files for backwards compatibility. # requests on RSS feeds or ICS files for backwards compatibility.
# It is also used by GraphQL/API requests. # It is also used by GraphQL/API requests.
# And to allow accessing /archive programatically as it was a big pain point
# for users https://gitlab.com/gitlab-org/gitlab/-/issues/28978.
def find_user_from_web_access_token(request_format, scopes: [:api]) def find_user_from_web_access_token(request_format, scopes: [:api])
return unless access_token && valid_web_access_format?(request_format) return unless access_token && valid_web_access_format?(request_format)
...@@ -269,6 +271,8 @@ module Gitlab ...@@ -269,6 +271,8 @@ module Gitlab
ics_request? ics_request?
when :api when :api
api_request? api_request?
when :archive
archive_request? if Feature.enabled?(:allow_archive_as_web_access_format, default_enabled: :yaml)
end end
end end
......
...@@ -460,7 +460,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do ...@@ -460,7 +460,7 @@ RSpec.describe Gitlab::Auth::AuthFinders do
expect { find_user_from_access_token }.to raise_error(Gitlab::Auth::UnauthorizedError) expect { find_user_from_access_token }.to raise_error(Gitlab::Auth::UnauthorizedError)
end end
context 'no feed or API requests' do context 'no feed, API or archive requests' do
it 'returns nil if the request is not RSS' do it 'returns nil if the request is not RSS' do
expect(find_user_from_web_access_token(:rss)).to be_nil expect(find_user_from_web_access_token(:rss)).to be_nil
end end
...@@ -472,6 +472,10 @@ RSpec.describe Gitlab::Auth::AuthFinders do ...@@ -472,6 +472,10 @@ RSpec.describe Gitlab::Auth::AuthFinders do
it 'returns nil if the request is not API' do it 'returns nil if the request is not API' do
expect(find_user_from_web_access_token(:api)).to be_nil expect(find_user_from_web_access_token(:api)).to be_nil
end end
it 'returns nil if the request is not ARCHIVE' do
expect(find_user_from_web_access_token(:archive)).to be_nil
end
end end
it 'returns the user for RSS requests' do it 'returns the user for RSS requests' do
...@@ -486,6 +490,24 @@ RSpec.describe Gitlab::Auth::AuthFinders do ...@@ -486,6 +490,24 @@ RSpec.describe Gitlab::Auth::AuthFinders do
expect(find_user_from_web_access_token(:ics)).to eq(user) expect(find_user_from_web_access_token(:ics)).to eq(user)
end end
it 'returns the user for ARCHIVE requests' do
set_header('SCRIPT_NAME', '/-/archive/main.zip')
expect(find_user_from_web_access_token(:archive)).to eq(user)
end
context 'when allow_archive_as_web_access_format feature flag is disabled' do
before do
stub_feature_flags(allow_archive_as_web_access_format: false)
end
it 'returns nil for ARCHIVE requests' do
set_header('SCRIPT_NAME', '/-/archive/main.zip')
expect(find_user_from_web_access_token(:archive)).to be_nil
end
end
context 'for API requests' do context 'for API requests' do
it 'returns the user' do it 'returns the user' do
set_header('SCRIPT_NAME', '/api/endpoint') set_header('SCRIPT_NAME', '/api/endpoint')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment