BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
374179a9
Commit
374179a9
authored
Nov 08, 2017
by
Francisco Lopez
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Removing private token
parent
41ebd06d
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
16 additions
and
34 deletions
+16
-34
api_guard.rb
lib/api/api_guard.rb
+1
-6
user_auth_finders.rb
lib/gitlab/auth/user_auth_finders.rb
+15
-1
rack_attack_global_spec.rb
spec/requests/rack_attack_global_spec.rb
+0
-27
No files found.
lib/api/api_guard.rb
View file @
374179a9
...
...
@@ -45,6 +45,7 @@ module API
include
Gitlab
::
Utils
::
StrongMemoize
def
find_current_user!
set_raise_unauthorized_error
user
=
find_user_from_access_token
||
find_user_from_warden
return
unless
user
...
...
@@ -74,12 +75,6 @@ module API
private
def
handle_return_value!
(
value
,
&
block
)
raise
UnauthorizedError
unless
value
block_given?
?
yield
(
value
)
:
value
end
def
private_token
params
[
PRIVATE_TOKEN_PARAM
].
presence
||
env
[
PRIVATE_TOKEN_HEADER
].
presence
end
...
...
lib/gitlab/auth/user_auth_finders.rb
View file @
374179a9
...
...
@@ -29,7 +29,9 @@ module Gitlab
private
def
handle_return_value!
(
value
,
&
block
)
return
unless
value
unless
value
raise_unauthorized_error?
?
raise_unauthorized_error!
:
return
end
block_given?
?
yield
(
value
)
:
value
end
...
...
@@ -75,6 +77,18 @@ module Gitlab
ActionDispatch
::
Request
.
new
(
request
.
env
)
end
def
raise_unauthorized_error?
defined?
(
@raise_unauthorized_error
)
?
@raise_unauthorized_error
:
false
end
def
set_raise_unauthorized_error
@raise_unauthorized_error
=
true
end
def
raise_unauthorized_error!
raise
API
::
APIGuard
::
UnauthorizedError
end
end
end
end
spec/requests/rack_attack_global_spec.rb
View file @
374179a9
...
...
@@ -189,26 +189,6 @@ describe 'Rack Attack global throttles' do
end
end
describe
'API requests authenticated with private token'
,
:api
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:other_user
)
{
create
(
:user
)
}
let
(
:throttle_setting_prefix
)
{
'throttle_authenticated_api'
}
context
'with the token in the query string'
do
let
(
:get_args
)
{
[
api
(
api_partial_url
,
user
)]
}
let
(
:other_user_get_args
)
{
[
api
(
api_partial_url
,
other_user
)]
}
it_behaves_like
'rate-limited token-authenticated requests'
end
context
'with the token in the headers'
do
let
(
:get_args
)
{
api_get_args_with_token_headers
(
api_partial_url
,
private_token_headers
(
user
))
}
let
(
:other_user_get_args
)
{
api_get_args_with_token_headers
(
api_partial_url
,
private_token_headers
(
other_user
))
}
it_behaves_like
'rate-limited token-authenticated requests'
end
end
describe
'API requests authenticated with personal access token'
,
:api
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:token
)
{
create
(
:personal_access_token
,
user:
user
)
}
...
...
@@ -261,13 +241,6 @@ describe 'Rack Attack global throttles' do
let
(
:throttle_setting_prefix
)
{
'throttle_authenticated_web'
}
context
'with the token in the query string'
do
context
'with the atom extension'
do
let
(
:get_args
)
{
[
rss_url
(
user
)]
}
let
(
:other_user_get_args
)
{
[
rss_url
(
other_user
)]
}
it_behaves_like
'rate-limited token-authenticated requests'
end
context
'with the atom format in the Accept header'
do
let
(
:get_args
)
{
[
rss_url
(
user
),
nil
,
{
'HTTP_ACCEPT'
=>
'application/atom+xml'
}]
}
let
(
:other_user_get_args
)
{
[
rss_url
(
other_user
),
nil
,
{
'HTTP_ACCEPT'
=>
'application/atom+xml'
}]
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment