Commit cb3b5278 authored by Thong Kuah's avatar Thong Kuah

Merge branch '250580-fix-graphql-api-token-authentication' into 'master'

Fix GraphQL token auth with relative_url_root

See merge request gitlab-org/gitlab!42706
parents dbb4abc3 cddc83bd
---
title: Fix GraphQL token authentication when installed under a relative URL
merge_request: 42706
author:
type: fixed
......@@ -290,7 +290,7 @@ module Gitlab
end
def api_request?
current_request.path.starts_with?('/api/')
current_request.path.starts_with?(Gitlab::Utils.append_path(Gitlab.config.gitlab.relative_url_root, '/api/'))
end
def archive_request?
......
......@@ -419,11 +419,31 @@ RSpec.describe Gitlab::Auth::AuthFinders do
expect(find_user_from_web_access_token(:ics)).to eq(user)
end
it 'returns the user for API requests' do
context 'for API requests' do
it 'returns the user' do
set_header('SCRIPT_NAME', '/api/endpoint')
expect(find_user_from_web_access_token(:api)).to eq(user)
end
it 'returns nil if URL does not start with /api/' do
set_header('SCRIPT_NAME', '/relative_root/api/endpoint')
expect(find_user_from_web_access_token(:api)).to be_nil
end
context 'when relative_url_root is set' do
before do
stub_config_setting(relative_url_root: '/relative_root')
end
it 'returns the user' do
set_header('SCRIPT_NAME', '/relative_root/api/endpoint')
expect(find_user_from_web_access_token(:api)).to eq(user)
end
end
end
end
describe '#find_personal_access_token' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment